I've been looking at a variety of things with SGX, and while looking into the EGETKEY description, I think I've found an inconsistency in the October 2014 spec. Specifically:
- Table 5-43 says that the Provisioning Key and the Provisioning Seal Key both derive from the owner epoch; however, the algorithmic description of both says that the owner epoch is 0 for derivation purposes. White papers on provisioning make it sound like the owner epoch can be changed to make provisioned secrets inaccessible, so I expected the owner epoch to be used, at least for the provisioning seal key (which is sealed to the fuses in the machine). I could see it not being used for the provisioning key, however, since that's not dependent on the machine itself. Is there an errata for the document that clarifies this?
- For clarify, it might help to add to table 5-43 that the provisioning key isn't derived from the fuses but the provisioning seal key is, since this seems to be the main difference between them.
Thank you for your diligence. You are correct this is an inconsistency in the document. The instruction algorithm is correct and table is incorrect wrt to the treatment of the ownerepoch field in the derivation of the Provisioning Key. We will look to correct this in a future publication.