pub enum SgxQuoteStatus {
Show 14 variants
OK,
SignatureInvalid,
GroupRevoked,
SignatureRevoked,
KeyRevoked,
SigrlVersionMismatch,
GroupOutOfDate,
ConfigurationNeeded,
SwHardeningNeeded,
ConfigurationAndSwHardeningNeeded,
OutOfDate,
OutOfDateConfigurationNeeded,
InvalidSignature,
UnknownBadStatus,
}
Expand description
SGX Quote status
Variants
OK
EPID signature of the ISV enclave QUOTE was verified correctly and the TCB level of the SGX platform is up-to-date.
SignatureInvalid
EPID signature of the ISV enclave QUOTE was invalid. The content of the QUOTE is not trustworthy.
For DCAP, the signature over the application report is invalid.
GroupRevoked
The EPID group has been revoked. When this value is returned, the revocation Reason field of the Attestation Verification Report will contain revocation reason code for this EPID group as reported in the EPID Group CRL. The content of the QUOTE is not trustworthy.
SignatureRevoked
The EPID private key used to sign the QUOTE has been revoked by signature. The content of the QUOTE is not trustworthy.
KeyRevoked
The EPID private key used to sign the QUOTE has been directly revoked (not by signature). The content of the QUOTE is not trustworthy.
For DCAP, the attestation key or platform has been revoked.
SigrlVersionMismatch
SigRL version in ISV enclave QUOTE does not match the most recent version of the SigRL. In rare situations, after SP retrieved the SigRL from IAS and provided it to the platform, a newer version of the SigRL is madeavailable. As a result, the Attestation Verification Report will indicate SIGRL_VERSION_MISMATCH. SP can retrieve the most recent version of SigRL from the IAS and request the platform to perform remote attestation again with the most recent version of SigRL. If the platform keeps failing to provide a valid QUOTE matching with the most recent version of the SigRL, the content of the QUOTE is not trustworthy.
GroupOutOfDate
The EPID signature of the ISV enclave QUOTE has been verified correctly, but the TCB level of SGX platform is outdated (for further details see Advisory IDs). The platform has not been identified as compromised and thus it is not revoked. It is up to the Service Provider to decide whether or not to trust the content of the QUOTE, andwhether or not to trust the platform performing the attestation to protect specific sensitive information.
ConfigurationNeeded
The EPID signature of the ISV enclave QUOTE has been verified correctly, but additional configuration of SGX platform may beneeded(for further details see Advisory IDs). The platform has not been identified as compromised and thus it is not revoked. It is up to the Service Provider to decide whether or not to trust the content of the QUOTE, and whether or not to trust the platform performing the attestation to protect specific sensitive information.
For DCAP, The Quote verification passed and the platform is patched to the latest TCB level but additional configuration of the SGX platform may be needed.
SwHardeningNeeded
The EPID signature of the ISV enclave QUOTE has been verified correctly but due to certain issues affecting the platform, additional SW Hardening in the attesting SGX enclaves may be needed.The relying party should evaluate the potential risk of an attack leveraging the relevant issues on the attesting enclave, and whether the attesting enclave employs adequate software hardening to mitigate the risk.
ConfigurationAndSwHardeningNeeded
The EPID signature of the ISV enclave QUOTE has been verified correctly but additional configuration for the platform and SW Hardening in the attesting SGX enclaves may be needed. The platform has not been identified as compromised and thus it is not revoked. It is up to the Service Provider to decide whether or not to trust the content of the QUOTE. The relying party should also evaluate the potential risk of an attack leveraging the relevant issues on the attestation enclave, and whether the attesting enclave employs adequate software hardening to mitigate the risk.
OutOfDate
DCAP specific quote status. The Quote is good but TCB level of the platform is out of date. The platform needs patching to be at the latest TCB level.
OutOfDateConfigurationNeeded
DCAP specific quote status. The Quote is good but the TCB level of the platform is out of date and additional configuration of the SGX Platform at its current patching level may be needed. The platform needs patching to be at the latest TCB level.
InvalidSignature
DCAP specific quote status. The signature over the application report is invalid.
UnknownBadStatus
Other unknown bad status.
Trait Implementations
sourceimpl Debug for SgxQuoteStatus
impl Debug for SgxQuoteStatus
sourceimpl From<&str> for SgxQuoteStatus
impl From<&str> for SgxQuoteStatus
sourceimpl PartialEq<SgxQuoteStatus> for SgxQuoteStatus
impl PartialEq<SgxQuoteStatus> for SgxQuoteStatus
sourcefn eq(&self, other: &SgxQuoteStatus) -> bool
fn eq(&self, other: &SgxQuoteStatus) -> bool
impl StructuralPartialEq for SgxQuoteStatus
Auto Trait Implementations
impl RefUnwindSafe for SgxQuoteStatus
impl Send for SgxQuoteStatus
impl Sync for SgxQuoteStatus
impl Unpin for SgxQuoteStatus
impl UnwindSafe for SgxQuoteStatus
Blanket Implementations
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
const: unstablefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
sourceimpl<T> Instrument for T
impl<T> Instrument for T
sourcefn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
sourcefn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
sourceimpl<T> IntoRequest<T> for T
impl<T> IntoRequest<T> for T
sourcefn into_request(self) -> Request<T>
fn into_request(self) -> Request<T>
T
in a tonic::Request