mirror of
https://github.com/clearlinux/graphene.git
synced 2026-04-28 11:13:41 +00:00
f2f83aa2b5
Previously, the SGX-signing Python script had a hard-coded value of 1 page. However, the Linux-SGX runtime calculated the SSA frame size based on the information from CPUID and XFRM. The SSA frame size is a total of XSAVE area size + GPRs + MISC region, and on feature-rich CPUs may exceed 1 page. Thus, the SSA frame size in the SIGSTRUCT (during SGX signing) and in the SECS (during runtime) may mismatch on such CPUs, and EINIT fails with SGX_INVALID_MEASUREMENT. This commit simply hard-codes SSA frame size to overapproximated value of 4 pages. Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii@intel.com>