On Thu, 2025-07-24 at 11:02 +0300, Reshetova, Elena wrote: > == Background == > > ENCLS[EUPDATESVN] is a new SGX instruction [1] which allows enclave > attestation to include information about updated microcode SVN without a > reboot. Before an EUPDATESVN operation can be successful, all SGX memory > (aka. EPC) must be marked as “unused” in the SGX hardware metadata > (aka.EPCM). This requirement ensures that no compromised enclave can > survive the EUPDATESVN procedure and provides an opportunity to generate > new cryptographic assets. > > == Patch Contents ==
Nit: you can use "Solution" instead of "Patch Contents". > > Attempt to execute ENCLS[EUPDATESVN] every time the first file descriptor > is obtained via sgx_(vepc_)open(). In the most common case the microcode > SVN is already up-to-date, and the operation succeeds without updating SVN. (Sorry I forgot to say this in the previous versions): If I read the pseudo code correctly, when the SVN is already up-to-date, the EUPDATESVN doesn't update SVN but it re-generates crypto assets anyway. This is no harm per the pseudo code, since the "crypto assets" is actually the CR_BASE_KEY which is only used by EWB/ELDU flow per the SDM. In other words, it doesn't impact other enclave visible keys (those from EGETKEY) such as sealing key. I think this is important. Because if enclave visible keys such as sealing key are lost on EUPDATESVN when SVN is already up-to-date (which is the most common case), it will bring significant visible impact to enclave. E.g., one enclave could find its secret encrypted by sealing key could never be retrieved after it restarts. Assuming I didn't miss anything, can we also mention this in the changelog?
