Enum teaclave_attestation::report::SgxQuoteStatus

source · []
pub enum SgxQuoteStatus {

Show 14 variants    OK,
    SignatureInvalid,
    GroupRevoked,
    SignatureRevoked,
    KeyRevoked,
    SigrlVersionMismatch,
    GroupOutOfDate,
    ConfigurationNeeded,
    SwHardeningNeeded,
    ConfigurationAndSwHardeningNeeded,
    OutOfDate,
    OutOfDateConfigurationNeeded,
    InvalidSignature,
    UnknownBadStatus,

}
Expand description

SGX Quote status

Variants

OK

EPID signature of the ISV enclave QUOTE was verified correctly and the TCB level of the SGX platform is up-to-date.

SignatureInvalid

EPID signature of the ISV enclave QUOTE was invalid. The content of the QUOTE is not trustworthy.

For DCAP, the signature over the application report is invalid.

GroupRevoked

The EPID group has been revoked. When this value is returned, the revocation Reason field of the Attestation Verification Report will contain revocation reason code for this EPID group as reported in the EPID Group CRL. The content of the QUOTE is not trustworthy.

SignatureRevoked

The EPID private key used to sign the QUOTE has been revoked by signature. The content of the QUOTE is not trustworthy.

KeyRevoked

The EPID private key used to sign the QUOTE has been directly revoked (not by signature). The content of the QUOTE is not trustworthy.

For DCAP, the attestation key or platform has been revoked.

SigrlVersionMismatch

SigRL version in ISV enclave QUOTE does not match the most recent version of the SigRL. In rare situations, after SP retrieved the SigRL from IAS and provided it to the platform, a newer version of the SigRL is madeavailable. As a result, the Attestation Verification Report will indicate SIGRL_VERSION_MISMATCH. SP can retrieve the most recent version of SigRL from the IAS and request the platform to perform remote attestation again with the most recent version of SigRL. If the platform keeps failing to provide a valid QUOTE matching with the most recent version of the SigRL, the content of the QUOTE is not trustworthy.

GroupOutOfDate

The EPID signature of the ISV enclave QUOTE has been verified correctly, but the TCB level of SGX platform is outdated (for further details see Advisory IDs). The platform has not been identified as compromised and thus it is not revoked. It is up to the Service Provider to decide whether or not to trust the content of the QUOTE, andwhether or not to trust the platform performing the attestation to protect specific sensitive information.

ConfigurationNeeded

The EPID signature of the ISV enclave QUOTE has been verified correctly, but additional configuration of SGX platform may beneeded(for further details see Advisory IDs). The platform has not been identified as compromised and thus it is not revoked. It is up to the Service Provider to decide whether or not to trust the content of the QUOTE, and whether or not to trust the platform performing the attestation to protect specific sensitive information.

For DCAP, The Quote verification passed and the platform is patched to the latest TCB level but additional configuration of the SGX platform may be needed.

SwHardeningNeeded

The EPID signature of the ISV enclave QUOTE has been verified correctly but due to certain issues affecting the platform, additional SW Hardening in the attesting SGX enclaves may be needed.The relying party should evaluate the potential risk of an attack leveraging the relevant issues on the attesting enclave, and whether the attesting enclave employs adequate software hardening to mitigate the risk.

ConfigurationAndSwHardeningNeeded

The EPID signature of the ISV enclave QUOTE has been verified correctly but additional configuration for the platform and SW Hardening in the attesting SGX enclaves may be needed. The platform has not been identified as compromised and thus it is not revoked. It is up to the Service Provider to decide whether or not to trust the content of the QUOTE. The relying party should also evaluate the potential risk of an attack leveraging the relevant issues on the attestation enclave, and whether the attesting enclave employs adequate software hardening to mitigate the risk.

OutOfDate

DCAP specific quote status. The Quote is good but TCB level of the platform is out of date. The platform needs patching to be at the latest TCB level.

OutOfDateConfigurationNeeded

DCAP specific quote status. The Quote is good but the TCB level of the platform is out of date and additional configuration of the SGX Platform at its current patching level may be needed. The platform needs patching to be at the latest TCB level.

InvalidSignature

DCAP specific quote status. The signature over the application report is invalid.

UnknownBadStatus

Other unknown bad status.

Trait Implementations

Formats the value using the given formatter. Read more

Convert from str status from the report to enum.

This method tests for self and other values to be equal, and is used by ==. Read more
This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason. Read more

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Instruments this type with the current Span, returning an Instrumented wrapper. Read more

Calls U::from(self).

That is, this conversion is whatever the implementation of [From]<T> for U chooses to do.

Wrap the input message T in a tonic::Request
The type returned in the event of a conversion error.
Performs the conversion.
The type returned in the event of a conversion error.
Performs the conversion.
Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more