general/detee-sgx
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

patch vulnerabilities

Browse Source
This commit is contained in:
Valentyn Faychuk 2025-01-21 22:15:37 +02:00
parent c093b6b088
commit 8ced0efcba
Signed by: valy
GPG Key ID: F1AB995E20FEADC5
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/quote.rs
View File

@ -198,12 +198,13 @@ impl VerifyResult {
pub fn is_negligible(&self) -> bool { pub fn is_negligible(&self) -> bool {
match self { match self {
// We are not allowing ConfigNeeded, OutOfDate, OutOfDateConfigNeeded,
// ConfigAndSwHardeningNeeded since they are considered vulnerable
// However, SwHardeningNeeded is very difficult to patch and can be
// avoided on some platforms by running the latest SGX drivers
// https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
VerifyResult::Ok => true, VerifyResult::Ok => true,
VerifyResult::ConfigNeeded => true,
VerifyResult::OutOfDate => true,
VerifyResult::OutOfDateConfigNeeded => true,
VerifyResult::SwHardeningNeeded => true, VerifyResult::SwHardeningNeeded => true,
VerifyResult::ConfigAndSwHardeningNeeded => true,
_ => false, _ => false,
} }
} }