Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SGX certificate extension parsing on Icelake platform fails #3134

Closed
yentsanglee opened this issue Jun 16, 2020 · 3 comments · Fixed by #3204
Closed

SGX certificate extension parsing on Icelake platform fails #3134

yentsanglee opened this issue Jun 16, 2020 · 3 comments · Fixed by #3204
Assignees
@qiucwang
Labels
attestation Related to attestation SGX Tag indicating associated with Intel SGX triaged This label classifies an issue/PR as having been triaged.
Milestone
Backlog

Comments

@yentsanglee
Copy link
Contributor

Remote attestation fails on Icelake platform from parsing SGX certificate extension. Error OE_INVALID_SGX_CERTIFICATE_EXTENSIONS in function ParseSGXExtensions() in
openenclave\common\sgx\sgxcertextensions.c.

Current code in ParseSGXExtensions() only parses up to extension OPT_CACHED_KEYS_OID (1.2.840.113741.1.13.1.7) while more optional extension OIDs (up to 1.2.840.113741.1.13.1.7.3) are defined in SGX Spec.
@yentsanglee yentsanglee added the attestation Related to attestation label Jun 16, 2020
@yentsanglee yentsanglee self-assigned this Jun 16, 2020
@yentsanglee yentsanglee added the SGX Tag indicating associated with Intel SGX label Jun 16, 2020
@anakrish
Copy link
Contributor

@yentsanglee Do those optional extensions only apply to Icelake or do they apply to pre-Icelake systems as well?

@yentsanglee
Copy link
Contributor Author

@yentsanglee Do those optional extensions only apply to Icelake or do they apply to pre-Icelake systems as well?

According to the spec, the optional extensions apply to pre-icelake systems but Intel PCCS just never specified them.

@CodeMonkeyLeet CodeMonkeyLeet mentioned this issue Jun 18, 2020
Merged
@johnvenn johnvenn mentioned this issue Jun 19, 2020
Merged
bors bot pushed a commit that referenced this issue Jun 19, 2020
@oeciteam
Merge #3153
263442f 
3153: Add uniqueness check for oesign .conf values r=radhikaj a=CodeMonkeyLeet

- Enforce during oesign parsing of .conf files that each attribute may only be specified once.
- Fix oesign to allow overwriting the `debug` attribute at sign time.
- Add tests for duplicate attribute checks in .conf files.
- Add tests for overwriting SGX enclave properties defined at build time.

Fixes #3134

Signed-off-by: Simon Leet <simon.leet@microsoft.com>

Co-authored-by: Simon Leet <simon.leet@microsoft.com>
@bors bors bot closed this as completed in c739ba1 Jun 19, 2020
@yentsanglee
Copy link
Contributor Author

Wrong pull request. This issue has not been resolved.

@yentsanglee yentsanglee reopened this Jun 21, 2020
@radhikaj radhikaj added this to the Backlog milestone Jun 22, 2020
@radhikaj radhikaj added the triaged This label classifies an issue/PR as having been triaged. label Jun 22, 2020
@yentsanglee yentsanglee assigned qiucwang and unassigned yentsanglee and jvega10 Jun 27, 2020
qiucwang added a commit to qiucwang/openenclave that referenced this issue Jun 30, 2020
@qiucwang
Fixes openenclave#3134, update ParseSGXExtensions.
afcdb08 
Signed-off-by: Qiucheng Wang <qiucwang@microsoft.com>
@qiucwang qiucwang mentioned this issue Jun 30, 2020
Merged
bors bot pushed a commit that referenced this issue Jul 1, 2020
@oeciteam @qiucwang
Merge #3204
b3050fc 
3204: Fixes #3134, update ParseSGXExtensions. r=mingweishih a=qiucwang

Fixes #3134 
Intel has updated their SGX custom x.509 extensions for PCK Certificates defined [here](https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_PCK_Certificate_CRL_Spec-1.4.pdf)(Page 12-14). But the `ParseSGXExtensions()` hasn't been updated yet.
The SGX extensions only changed optional fields which are normally not contained in certificates. That's why current parser didn't crash. On Icelake platform, the certificate extensions contain those optional fields and led to issue#3134.

SGX extension field updates:
```
1.2.840.113741.1.13.1.(1 - 5) unchanged.
Old:
1.2.840.113741.1.13.1.6: Dynamic Platform (boolean, optional)
1.2.840.113741.1.13.1.7: Cached Keys (boolean, optional)
New:
1.2.840.113741.1.13.1.6: Platform Instance ID (string, optional)
1.2.840.113741.1.13.1.7: Configuration (sequence, optional)
1.2.840.113741.1.13.1.7.1: Dynamic Platform (string, optional)
1.2.840.113741.1.13.1.7.2: Cached Keys (string, optional)
1.2.840.113741.1.13.1.7.3: SMT enabled (string, optional)
```
A sample of updated parsing result:
```
// SGX Extension:
            1.2.840.113741.1.13.1: 
    0:d=0  hl=4 l= 550 cons: SEQUENCE          
    4:d=1  hl=2 l=  30 cons:  SEQUENCE          
    6:d=2  hl=2 l=  10 prim:   OBJECT            :1.2.840.113741.1.13.1.1
   18:d=2  hl=2 l=  16 prim:   OCTET STRING      
      0000 - 6d ff cf 33 8e bf 41 d8-4c f9 51 cc 4a 84 17 70   m..3..A.L.Q.J..p
   36:d=1  hl=4 l= 355 cons:  SEQUENCE          
   40:d=2  hl=2 l=  10 prim:   OBJECT            :1.2.840.113741.1.13.1.2
   52:d=2  hl=4 l= 339 cons:   SEQUENCE          
   56:d=3  hl=2 l=  16 cons:    SEQUENCE          
   58:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.1
   71:d=4  hl=2 l=   1 prim:     INTEGER           :01
   74:d=3  hl=2 l=  16 cons:    SEQUENCE          
   76:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.2
   89:d=4  hl=2 l=   1 prim:     INTEGER           :01
   92:d=3  hl=2 l=  16 cons:    SEQUENCE          
   94:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.3
  107:d=4  hl=2 l=   1 prim:     INTEGER           :00
  110:d=3  hl=2 l=  16 cons:    SEQUENCE          
  112:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.4
  125:d=4  hl=2 l=   1 prim:     INTEGER           :00
  128:d=3  hl=2 l=  16 cons:    SEQUENCE          
  130:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.5
  143:d=4  hl=2 l=   1 prim:     INTEGER           :00
  146:d=3  hl=2 l=  16 cons:    SEQUENCE          
  148:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.6
  161:d=4  hl=2 l=   1 prim:     INTEGER           :00
  164:d=3  hl=2 l=  16 cons:    SEQUENCE          
  166:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.7
  179:d=4  hl=2 l=   1 prim:     INTEGER           :00
  182:d=3  hl=2 l=  16 cons:    SEQUENCE          
  184:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.8
  197:d=4  hl=2 l=   1 prim:     INTEGER           :00
  200:d=3  hl=2 l=  16 cons:    SEQUENCE          
  202:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.9
  215:d=4  hl=2 l=   1 prim:     INTEGER           :00
  218:d=3  hl=2 l=  16 cons:    SEQUENCE          
  220:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.10
  233:d=4  hl=2 l=   1 prim:     INTEGER           :00
  236:d=3  hl=2 l=  16 cons:    SEQUENCE          
  238:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.11
  251:d=4  hl=2 l=   1 prim:     INTEGER           :00
  254:d=3  hl=2 l=  16 cons:    SEQUENCE          
  256:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.12
  269:d=4  hl=2 l=   1 prim:     INTEGER           :00
  272:d=3  hl=2 l=  16 cons:    SEQUENCE          
  274:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.13
  287:d=4  hl=2 l=   1 prim:     INTEGER           :00
  290:d=3  hl=2 l=  16 cons:    SEQUENCE          
  292:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.14
  305:d=4  hl=2 l=   1 prim:     INTEGER           :00
  308:d=3  hl=2 l=  16 cons:    SEQUENCE          
  310:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.15
  323:d=4  hl=2 l=   1 prim:     INTEGER           :00
  326:d=3  hl=2 l=  16 cons:    SEQUENCE          
  328:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.16
  341:d=4  hl=2 l=   1 prim:     INTEGER           :00
  344:d=3  hl=2 l=  16 cons:    SEQUENCE          
  346:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.17
  359:d=4  hl=2 l=   1 prim:     INTEGER           :09
  362:d=3  hl=2 l=  31 cons:    SEQUENCE          
  364:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.18
  377:d=4  hl=2 l=  16 prim:     OCTET STRING      
      0000 - 01 01 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................
  395:d=1  hl=2 l=  16 cons:  SEQUENCE          
  397:d=2  hl=2 l=  10 prim:   OBJECT            :1.2.840.113741.1.13.1.3
  409:d=2  hl=2 l=   2 prim:   OCTET STRING      
      0000 - 00 00                                             ..
  413:d=1  hl=2 l=  20 cons:  SEQUENCE          
  415:d=2  hl=2 l=  10 prim:   OBJECT            :1.2.840.113741.1.13.1.4
  427:d=2  hl=2 l=   6 prim:   OCTET STRING      
      0000 - 00 60 6a 00 00 00                                 .`j...
  435:d=1  hl=2 l=  15 cons:  SEQUENCE          
  437:d=2  hl=2 l=  10 prim:   OBJECT            :1.2.840.113741.1.13.1.5
  449:d=2  hl=2 l=   1 prim:   ENUMERATED        :01
  452:d=1  hl=2 l=  30 cons:  SEQUENCE          
  454:d=2  hl=2 l=  10 prim:   OBJECT            :1.2.840.113741.1.13.1.6
  466:d=2  hl=2 l=  16 prim:   OCTET STRING      
      0000 - 84 c0 0e 98 eb 61 be da-99 9d f9 9d d0 18 01 ef   .....a..........
  484:d=1  hl=2 l=  68 cons:  SEQUENCE          
  486:d=2  hl=2 l=  10 prim:   OBJECT            :1.2.840.113741.1.13.1.7
  498:d=2  hl=2 l=  54 cons:   SEQUENCE          
  500:d=3  hl=2 l=  16 cons:    SEQUENCE          
  502:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.7.1
  515:d=4  hl=2 l=   1 prim:     BOOLEAN           :255
  518:d=3  hl=2 l=  16 cons:    SEQUENCE          
  520:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.7.2
  533:d=4  hl=2 l=   1 prim:     BOOLEAN           :255
  536:d=3  hl=2 l=  16 cons:    SEQUENCE          
  538:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.7.3
  551:d=4  hl=2 l=   1 prim:     BOOLEAN           :255

    Signature Algorithm: ecdsa-with-SHA256
         30:45:02:20:2a:6d:e2:91:e5:ea:55:54:a8:fb:34:1e:67:77:
         d2:dc:67:45:7e:d9:64:f2:57:16:8e:5f:23:ff:f9:74:c9:1f:
         02:21:00:cc:bd:e1:5e:19:4d:30:f0:a9:e6:3b:09:2d:5a:2f:
         49:c9:9d:29:39:dd:8d:97:87:7d:39:34:5b:aa:8d:dc:f4

    parsed qe certificate extension (1.2.840.113741.1.13.1) {
        ppid (hex): 6dffcf338ebf41d84cf951cc4a841770
        comp_svn (hex): 01010000000000000000000000000000
        pce_svn: 0x9
        cpu_svn (hex): 01010000000000000000000000000000
        pce_id (hex): 0000
        fmspc (hex): 00606a000000
        sgx_type: 1
        opt_platform_instance_id (hex): 84c00e98eb61beda999df99dd01801ef
        opt_dynamic_platform: true
        opt_cached_keys: true
        opt_smt_enabled: true
    } qe cert extension 
```

Signed-off-by: Qiucheng Wang <qiucwang@microsoft.com>

Co-authored-by: Qiucheng Wang <qiucwang@microsoft.com>
Co-authored-by: qiucwang <61811412+qiucwang@users.noreply.github.com>
bors bot pushed a commit that referenced this issue Jul 1, 2020
@oeciteam @qiucwang
Merge #3204
25a5511 
3204: Fixes #3134, update ParseSGXExtensions. r=mingweishih a=qiucwang

Fixes #3134 
Intel has updated their SGX custom x.509 extensions for PCK Certificates defined [here](https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_PCK_Certificate_CRL_Spec-1.4.pdf)(Page 12-14). But the `ParseSGXExtensions()` hasn't been updated yet.
The SGX extensions only changed optional fields which are normally not contained in certificates. That's why current parser didn't crash. On Icelake platform, the certificate extensions contain those optional fields and led to issue#3134.

SGX extension field updates:
```
1.2.840.113741.1.13.1.(1 - 5) unchanged.
Old:
1.2.840.113741.1.13.1.6: Dynamic Platform (boolean, optional)
1.2.840.113741.1.13.1.7: Cached Keys (boolean, optional)
New:
1.2.840.113741.1.13.1.6: Platform Instance ID (string, optional)
1.2.840.113741.1.13.1.7: Configuration (sequence, optional)
1.2.840.113741.1.13.1.7.1: Dynamic Platform (string, optional)
1.2.840.113741.1.13.1.7.2: Cached Keys (string, optional)
1.2.840.113741.1.13.1.7.3: SMT enabled (string, optional)
```
A sample of updated parsing result:
```
// SGX Extension:
            1.2.840.113741.1.13.1: 
    0:d=0  hl=4 l= 550 cons: SEQUENCE          
    4:d=1  hl=2 l=  30 cons:  SEQUENCE          
    6:d=2  hl=2 l=  10 prim:   OBJECT            :1.2.840.113741.1.13.1.1
   18:d=2  hl=2 l=  16 prim:   OCTET STRING      
      0000 - 6d ff cf 33 8e bf 41 d8-4c f9 51 cc 4a 84 17 70   m..3..A.L.Q.J..p
   36:d=1  hl=4 l= 355 cons:  SEQUENCE          
   40:d=2  hl=2 l=  10 prim:   OBJECT            :1.2.840.113741.1.13.1.2
   52:d=2  hl=4 l= 339 cons:   SEQUENCE          
   56:d=3  hl=2 l=  16 cons:    SEQUENCE          
   58:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.1
   71:d=4  hl=2 l=   1 prim:     INTEGER           :01
   74:d=3  hl=2 l=  16 cons:    SEQUENCE          
   76:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.2
   89:d=4  hl=2 l=   1 prim:     INTEGER           :01
   92:d=3  hl=2 l=  16 cons:    SEQUENCE          
   94:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.3
  107:d=4  hl=2 l=   1 prim:     INTEGER           :00
  110:d=3  hl=2 l=  16 cons:    SEQUENCE          
  112:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.4
  125:d=4  hl=2 l=   1 prim:     INTEGER           :00
  128:d=3  hl=2 l=  16 cons:    SEQUENCE          
  130:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.5
  143:d=4  hl=2 l=   1 prim:     INTEGER           :00
  146:d=3  hl=2 l=  16 cons:    SEQUENCE          
  148:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.6
  161:d=4  hl=2 l=   1 prim:     INTEGER           :00
  164:d=3  hl=2 l=  16 cons:    SEQUENCE          
  166:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.7
  179:d=4  hl=2 l=   1 prim:     INTEGER           :00
  182:d=3  hl=2 l=  16 cons:    SEQUENCE          
  184:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.8
  197:d=4  hl=2 l=   1 prim:     INTEGER           :00
  200:d=3  hl=2 l=  16 cons:    SEQUENCE          
  202:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.9
  215:d=4  hl=2 l=   1 prim:     INTEGER           :00
  218:d=3  hl=2 l=  16 cons:    SEQUENCE          
  220:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.10
  233:d=4  hl=2 l=   1 prim:     INTEGER           :00
  236:d=3  hl=2 l=  16 cons:    SEQUENCE          
  238:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.11
  251:d=4  hl=2 l=   1 prim:     INTEGER           :00
  254:d=3  hl=2 l=  16 cons:    SEQUENCE          
  256:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.12
  269:d=4  hl=2 l=   1 prim:     INTEGER           :00
  272:d=3  hl=2 l=  16 cons:    SEQUENCE          
  274:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.13
  287:d=4  hl=2 l=   1 prim:     INTEGER           :00
  290:d=3  hl=2 l=  16 cons:    SEQUENCE          
  292:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.14
  305:d=4  hl=2 l=   1 prim:     INTEGER           :00
  308:d=3  hl=2 l=  16 cons:    SEQUENCE          
  310:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.15
  323:d=4  hl=2 l=   1 prim:     INTEGER           :00
  326:d=3  hl=2 l=  16 cons:    SEQUENCE          
  328:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.16
  341:d=4  hl=2 l=   1 prim:     INTEGER           :00
  344:d=3  hl=2 l=  16 cons:    SEQUENCE          
  346:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.17
  359:d=4  hl=2 l=   1 prim:     INTEGER           :09
  362:d=3  hl=2 l=  31 cons:    SEQUENCE          
  364:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.2.18
  377:d=4  hl=2 l=  16 prim:     OCTET STRING      
      0000 - 01 01 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................
  395:d=1  hl=2 l=  16 cons:  SEQUENCE          
  397:d=2  hl=2 l=  10 prim:   OBJECT            :1.2.840.113741.1.13.1.3
  409:d=2  hl=2 l=   2 prim:   OCTET STRING      
      0000 - 00 00                                             ..
  413:d=1  hl=2 l=  20 cons:  SEQUENCE          
  415:d=2  hl=2 l=  10 prim:   OBJECT            :1.2.840.113741.1.13.1.4
  427:d=2  hl=2 l=   6 prim:   OCTET STRING      
      0000 - 00 60 6a 00 00 00                                 .`j...
  435:d=1  hl=2 l=  15 cons:  SEQUENCE          
  437:d=2  hl=2 l=  10 prim:   OBJECT            :1.2.840.113741.1.13.1.5
  449:d=2  hl=2 l=   1 prim:   ENUMERATED        :01
  452:d=1  hl=2 l=  30 cons:  SEQUENCE          
  454:d=2  hl=2 l=  10 prim:   OBJECT            :1.2.840.113741.1.13.1.6
  466:d=2  hl=2 l=  16 prim:   OCTET STRING      
      0000 - 84 c0 0e 98 eb 61 be da-99 9d f9 9d d0 18 01 ef   .....a..........
  484:d=1  hl=2 l=  68 cons:  SEQUENCE          
  486:d=2  hl=2 l=  10 prim:   OBJECT            :1.2.840.113741.1.13.1.7
  498:d=2  hl=2 l=  54 cons:   SEQUENCE          
  500:d=3  hl=2 l=  16 cons:    SEQUENCE          
  502:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.7.1
  515:d=4  hl=2 l=   1 prim:     BOOLEAN           :255
  518:d=3  hl=2 l=  16 cons:    SEQUENCE          
  520:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.7.2
  533:d=4  hl=2 l=   1 prim:     BOOLEAN           :255
  536:d=3  hl=2 l=  16 cons:    SEQUENCE          
  538:d=4  hl=2 l=  11 prim:     OBJECT            :1.2.840.113741.1.13.1.7.3
  551:d=4  hl=2 l=   1 prim:     BOOLEAN           :255

    Signature Algorithm: ecdsa-with-SHA256
         30:45:02:20:2a:6d:e2:91:e5:ea:55:54:a8:fb:34:1e:67:77:
         d2:dc:67:45:7e:d9:64:f2:57:16:8e:5f:23:ff:f9:74:c9:1f:
         02:21:00:cc:bd:e1:5e:19:4d:30:f0:a9:e6:3b:09:2d:5a:2f:
         49:c9:9d:29:39:dd:8d:97:87:7d:39:34:5b:aa:8d:dc:f4

    parsed qe certificate extension (1.2.840.113741.1.13.1) {
        ppid (hex): 6dffcf338ebf41d84cf951cc4a841770
        comp_svn (hex): 01010000000000000000000000000000
        pce_svn: 0x9
        cpu_svn (hex): 01010000000000000000000000000000
        pce_id (hex): 0000
        fmspc (hex): 00606a000000
        sgx_type: 1
        opt_platform_instance_id (hex): 84c00e98eb61beda999df99dd01801ef
        opt_dynamic_platform: true
        opt_cached_keys: true
        opt_smt_enabled: true
    } qe cert extension 
```

Signed-off-by: Qiucheng Wang <qiucwang@microsoft.com>

Co-authored-by: Qiucheng Wang <qiucwang@microsoft.com>
Co-authored-by: qiucwang <61811412+qiucwang@users.noreply.github.com>
@bors bors bot closed this as completed in b77a07a Jul 1, 2020
rs-- pushed a commit to rs--/openenclave that referenced this issue Aug 4, 2020
Add uniqueness check for oesign .conf values
a189ace 
- Enforce during oesign parsing of .conf files that each attribute
  may only be specified once.
- Fix oesign to allow overwriting the `debug` attribute at sign time.
- Add tests for duplicate attribute checks in .conf files.
- Add tests for overwriting SGX enclave properties defined at build time.

Fixes openenclave#3134

Signed-off-by: Simon Leet <simon.leet@microsoft.com>
rs-- pushed a commit to rs--/openenclave that referenced this issue Aug 4, 2020
@qiucwang
Fixes openenclave#3134, update ParseSGXExtensions.
619bc5c 
Signed-off-by: Qiucheng Wang <qiucwang@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@qiucwang qiucwang

Labels
attestation Related to attestation SGX Tag indicating associated with Intel SGX triaged This label classifies an issue/PR as having been triaged.
Projects
None yet
Milestone
Backlog
Development

Successfully merging a pull request may close this issue.

Fixes #3134, update ParseSGXExtensions. qiucwang/openenclave
5 participants
@radhikaj @yentsanglee @anakrish @jvega10 @qiucwang