From 8ced0efcbac57f118b202785c783f2a7d39bf700 Mon Sep 17 00:00:00 2001
From: Valentyn Faychuk <valy@detee.ltd>
Date: Tue, 21 Jan 2025 22:15:37 +0200
Subject: [PATCH] patch vulnerabilities

---
 src/quote.rs | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/quote.rs b/src/quote.rs
index c35060c..2b66e2e 100644
--- a/src/quote.rs
+++ b/src/quote.rs
@@ -198,12 +198,13 @@ impl VerifyResult {
 
     pub fn is_negligible(&self) -> bool {
         match self {
+            // We are not allowing ConfigNeeded, OutOfDate, OutOfDateConfigNeeded,
+            // ConfigAndSwHardeningNeeded since they are considered vulnerable
+            // However, SwHardeningNeeded is very difficult to patch and can be
+            // avoided on some platforms by running the latest SGX drivers
+            // https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
             VerifyResult::Ok => true,
-            VerifyResult::ConfigNeeded => true,
-            VerifyResult::OutOfDate => true,
-            VerifyResult::OutOfDateConfigNeeded => true,
             VerifyResult::SwHardeningNeeded => true,
-            VerifyResult::ConfigAndSwHardeningNeeded => true,
             _ => false,
         }
     }