[Pal/Linux-SGX] Rework SGX types to be identical to the SGX SDK ones

Adopt public type definitions from the SGX SDK when possible. This will help
share code with SDK-using tools in the future when needed.

Pal/src/host/Linux-SGX/db_exception.c

@@ -72,7 +72,7 @@ _DkGenericSignalHandle (int event_num, PAL_NUM arg, struct pal_frame * frame,
 #define ADDR_IN_PAL(addr)  \
         ((void*)(addr) > TEXT_START && (void*)(addr) < TEXT_END)
 
-static struct pal_frame * get_frame (sgx_context_t * uc)
+static struct pal_frame * get_frame (sgx_cpu_context_t * uc)
 {
     unsigned long rbp;
 
@@ -161,7 +161,7 @@ void _DkExceptionRealHandler (int event, PAL_NUM arg, struct pal_frame * frame,
  *  false: #UD is not handled.
  *         the exception needs to be raised up to LibOS or user application.
  */
-static bool handle_ud(sgx_context_t * uc)
+static bool handle_ud(sgx_cpu_context_t * uc)
 {
     uint8_t * instr = (uint8_t *) uc->rip;
     if (instr[0] == 0xcc) { /* skip int 3 */
@@ -193,10 +193,10 @@ static bool handle_ud(sgx_context_t * uc)
     return false;
 }
 
-void _DkExceptionHandler (unsigned int exit_info, sgx_context_t * uc)
+void _DkExceptionHandler (unsigned int exit_info, sgx_cpu_context_t * uc)
 {
     union {
-        sgx_arch_exitinfo_t info;
+        sgx_arch_exit_info_t info;
         unsigned int intval;
     } ei = { .intval = exit_info };
 
@@ -245,7 +245,7 @@ void _DkExceptionHandler (unsigned int exit_info, sgx_context_t * uc)
                "r8 : 0x%08lx r9 : 0x%08lx r10: 0x%08lx r11: 0x%08lx\n"
                "r12: 0x%08lx r13: 0x%08lx r14: 0x%08lx r15: 0x%08lx\n"
                "rflags: 0x%08lx rip: 0x%08lx\n",
-               ei.info.vector, ei.info.type, ei.info.valid,
+               ei.info.vector, ei.info.exit_type, ei.info.valid,
                uc->rip - (uintptr_t) TEXT_START,
                uc->rax, uc->rcx, uc->rdx, uc->rbx,
                uc->rsp, uc->rbp, uc->rsi, uc->rdi,
@@ -336,10 +336,10 @@ void _DkExceptionReturn (void * event)
                       "retq\r\n" ::: "memory");
     }
 
-    // Allocate sgx_context_t just below the "normal" stack (honoring the red
+    // Allocate sgx_cpu_context_t just below the "normal" stack (honoring the red
     // zone) and then copy the content of ctx there. This is needed by
     // restore_sgx_context.
-    sgx_context_t * uc = (void *)ctx->rsp - sizeof(sgx_context_t) - RED_ZONE_SIZE;
+    sgx_cpu_context_t * uc = (void *)ctx->rsp - sizeof(sgx_cpu_context_t) - RED_ZONE_SIZE;
     uc->rax = ctx->rax;
     uc->rbx = ctx->rbx;
     uc->rcx = ctx->rcx;
@@ -362,7 +362,7 @@ void _DkExceptionReturn (void * event)
     restore_sgx_context(uc);
 }
 
-void _DkHandleExternalEvent (PAL_NUM event, sgx_context_t * uc)
+void _DkHandleExternalEvent (PAL_NUM event, sgx_cpu_context_t * uc)
 {
     struct pal_frame * frame = get_frame(uc);
 

Pal/src/host/Linux-SGX/db_process.c

@@ -46,7 +46,7 @@ typedef __kernel_pid_t pid_t;
 DEFINE_LIST(trusted_child);
 struct trusted_child {
     LIST_TYPE(trusted_child) list;
-    sgx_arch_hash_t mrenclave;
+    sgx_measurement_t mr_enclave;
     char uri[];
 };
 
@@ -54,7 +54,7 @@ DEFINE_LISTP(trusted_child);
 static LISTP_TYPE(trusted_child) trusted_children = LISTP_INIT;
 static struct spinlock trusted_children_lock = LOCK_INIT;
 
-int register_trusted_child(const char * uri, const char * mrenclave_str)
+int register_trusted_child(const char * uri, const char * mr_enclave_str)
 {
     struct trusted_child * tc = NULL, * new;
     int uri_len = strlen(uri);
@@ -76,11 +76,11 @@ int register_trusted_child(const char * uri, const char * mrenclave_str)
     INIT_LIST_HEAD(new, list);
     memcpy(new->uri, uri, uri_len + 1);
 
-    char mrenclave_text[sizeof(sgx_arch_hash_t) * 2 + 1] = "\0";
+    char mr_enclave_text[sizeof(sgx_measurement_t) * 2 + 1] = "\0";
     size_t nbytes = 0;
-    for (; nbytes < sizeof(sgx_arch_hash_t) ; nbytes++) {
-        char byte1 = mrenclave_str[nbytes * 2];
-        char byte2 = mrenclave_str[nbytes * 2 + 1];
+    for (; nbytes < sizeof(sgx_measurement_t) ; nbytes++) {
+        char byte1 = mr_enclave_str[nbytes * 2];
+        char byte2 = mr_enclave_str[nbytes * 2 + 1];
         unsigned char val = 0;
 
         if (byte1 == 0 || byte2 == 0) {
@@ -105,16 +105,16 @@ int register_trusted_child(const char * uri, const char * mrenclave_str)
         if (byte2 >= 'a' && byte2 <= 'f')
             val += byte2 - 'a' + 10;
 
-        new->mrenclave[nbytes] = val;
-        snprintf(mrenclave_text + nbytes * 2, 3, "%02x", val);
+        new->mr_enclave.m[nbytes] = val;
+        snprintf(mr_enclave_text + nbytes * 2, 3, "%02x", val);
     }
 
-    if (nbytes < sizeof(sgx_arch_hash_t)) {
+    if (nbytes < sizeof(sgx_measurement_t)) {
         free(new);
         return -PAL_ERROR_INVAL;
     }
 
-    SGX_DBG(DBG_S, "trusted: %s %s\n", mrenclave_text, new->uri);
+    SGX_DBG(DBG_S, "trusted: %s %s\n", mr_enclave_text, new->uri);
 
     _DkSpinLock(&trusted_children_lock);
 
@@ -164,27 +164,27 @@ int register_trusted_child(const char * uri, const char * mrenclave_str)
  *
  * (3) Both the parent and child enclaves need to have a white-listed measurement.
  *
- *       See the implementation in check_child_mrenclave() and check_parent_mrenclave().
- *       For a child process, we check if the child's mrenclave is listed as
+ *       See the implementation in check_child_mr_enclave() and check_parent_mr_enclave().
+ *       For a child process, we check if the child's mr_enclave is listed as
  *       "sgx.trusted_children.xxx = ..." in the manifest.
- *       For a parent process, we currently don't check its mrenclave in the child.
- *       This is a limitation because listing the parent's mrenclave in the child's
- *       manifest will change the child's mrenclave, which then needs to be updated
+ *       For a parent process, we currently don't check its mr_enclave in the child.
+ *       This is a limitation because listing the parent's mr_enclave in the child's
+ *       manifest will change the child's mr_enclave, which then needs to be updated
  *       in the parent's manifest, and eventually falls into a loop of updating both
  *       manifest files.
  *
  * (4) The two parties who create the session key need to be the ones proven by the CPU
  *     (for preventing man-in-the-middle attacks).
  *
- *       See the implementation in check_child_mrenclave() and check_parent_mrenclave().
+ *       See the implementation in check_child_mr_enclave() and check_parent_mr_enclave().
  *       The local reports from both sides will contain a MAC, generated by hashing
  *       the unique enclave ID (a 64-bit integer) using AES-CMAC with the session key.
  *       Because both the enclave ID and the session key are randomly created for each
- *       enclave, no report can be reused even from an enclave with the same mrenclave.
+ *       enclave, no report can be reused even from an enclave with the same mr_enclave.
  */
 
 struct proc_data {
-    sgx_arch_mac_t eid_mac;
+    sgx_mac_t eid_mac;
 };
 
 static int generate_sign_data(const PAL_SESSION_KEY* session_key, uint64_t enclave_id,
@@ -206,8 +206,8 @@ static int generate_sign_data(const PAL_SESSION_KEY* session_key, uint64_t encla
     return 0;
 }
 
-static int check_child_mrenclave(PAL_HANDLE child, sgx_arch_hash_t* mrenclave,
-                                 struct pal_enclave_state* remote_state) {
+static int check_child_mr_enclave(PAL_HANDLE child, sgx_measurement_t* mr_enclave,
+                                  struct pal_enclave_state* remote_state) {
     /* the process must be a clean process */
     if (remote_state->enclave_flags & PAL_ENCLAVE_INITIALIZED)
         return 1;
@@ -223,8 +223,8 @@ static int check_child_mrenclave(PAL_HANDLE child, sgx_arch_hash_t* mrenclave,
     if (memcmp(&remote_state->enclave_data, &sign_data, sizeof(sign_data)))
         return 1;
 
-    /* Always accept the same mrenclave as child process */
-    if (!memcmp(mrenclave, pal_sec.mrenclave, sizeof(sgx_arch_hash_t))) {
+    /* Always accept the same mr_enclave as child process */
+    if (!memcmp(mr_enclave, &pal_sec.mr_enclave, sizeof(sgx_measurement_t))) {
         SGX_DBG(DBG_S, "trusted child: <forked>\n");
         return 0;
     }
@@ -232,9 +232,9 @@ static int check_child_mrenclave(PAL_HANDLE child, sgx_arch_hash_t* mrenclave,
     struct trusted_child * tc;
     _DkSpinLock(&trusted_children_lock);
 
-    /* Try to find a matching mrenclave from the manifest */
+    /* Try to find a matching mr_enclave from the manifest */
     LISTP_FOR_EACH_ENTRY(tc, &trusted_children, list) {
-        if (!memcmp(mrenclave, tc->mrenclave, sizeof(sgx_arch_hash_t))) {
+        if (!memcmp(mr_enclave, &tc->mr_enclave, sizeof(sgx_measurement_t))) {
             _DkSpinUnlock(&trusted_children_lock);
             SGX_DBG(DBG_S, "trusted child: %s\n", tc->uri);
             return 0;
@@ -282,7 +282,7 @@ int _DkProcessCreate (PAL_HANDLE * handle, const char * uri, const char ** args)
     if (ret < 0)
         goto failed;
 
-    ret = _DkStreamReportRequest(child, &sign_data, &check_child_mrenclave);
+    ret = _DkStreamReportRequest(child, &sign_data, &check_child_mr_enclave);
     if (ret < 0)
         goto failed;
 
@@ -294,9 +294,9 @@ failed:
     return ret;
 }
 
-static int check_parent_mrenclave(PAL_HANDLE parent, sgx_arch_hash_t* mrenclave,
-                                  struct pal_enclave_state* remote_state) {
-    __UNUSED(mrenclave);
+static int check_parent_mr_enclave(PAL_HANDLE parent, sgx_measurement_t* mr_enclave,
+                                   struct pal_enclave_state* remote_state) {
+    __UNUSED(mr_enclave);
     sgx_sign_data_t sign_data;
     int ret = generate_sign_data(&parent->process.session_key, remote_state->enclave_id,
                                  &sign_data);
@@ -332,7 +332,7 @@ int init_child_process (PAL_HANDLE * parent_handle)
     if (ret < 0)
         return ret;
 
-    ret = _DkStreamReportRespond(parent, &sign_data, &check_parent_mrenclave);
+    ret = _DkStreamReportRespond(parent, &sign_data, &check_parent_mr_enclave);
     if (ret < 0)
         return ret;
 

Pal/src/host/Linux-SGX/debugger/sgx_gdb.c

@@ -82,7 +82,7 @@ static char* str_ptrace_request(enum __ptrace_request request) {
 }
 #endif
 
-static void fill_regs(struct user_regs_struct* regs, const sgx_arch_gpr_t* gpr) {
+static void fill_regs(struct user_regs_struct* regs, const sgx_pal_gpr_t* gpr) {
     regs->orig_rax = gpr->rax;
     regs->rax      = gpr->rax;
     regs->rcx      = gpr->rcx;
@@ -113,7 +113,7 @@ static void fill_regs(struct user_regs_struct* regs, const sgx_arch_gpr_t* gpr)
     regs->gs = 0;
 }
 
-static void fill_gpr(sgx_arch_gpr_t* gpr, const struct user_regs_struct* regs) {
+static void fill_gpr(sgx_pal_gpr_t* gpr, const struct user_regs_struct* regs) {
     gpr->rax    = regs->rax;
     gpr->rcx    = regs->rcx;
     gpr->rdx    = regs->rdx;
@@ -229,18 +229,18 @@ static void* get_gpr_addr(int memdev, pid_t tid, struct enclave_dbginfo* ei) {
     assert(tcs_part.cssa > 0);
 
     return (void*)ei->base + tcs_part.ossa + ei->ssaframesize * tcs_part.cssa -
-           sizeof(sgx_arch_gpr_t);
+           sizeof(sgx_pal_gpr_t);
 }
 
-static int peek_gpr(int memdev, pid_t tid, struct enclave_dbginfo* ei, sgx_arch_gpr_t* gpr) {
+static int peek_gpr(int memdev, pid_t tid, struct enclave_dbginfo* ei, sgx_pal_gpr_t* gpr) {
     int ret;
 
     void* gpr_addr = get_gpr_addr(memdev, tid, ei);
     if (!gpr_addr)
         return -1;
 
-    ret = pread(memdev, gpr, sizeof(sgx_arch_gpr_t), (off_t)gpr_addr);
-    if (ret < sizeof(sgx_arch_gpr_t)) {
+    ret = pread(memdev, gpr, sizeof(sgx_pal_gpr_t), (off_t)gpr_addr);
+    if (ret < sizeof(sgx_pal_gpr_t)) {
         DEBUG("Cannot read GPR data (%p) of enclave thread %d\n", gpr_addr, tid);
         return -1;
     }
@@ -249,15 +249,15 @@ static int peek_gpr(int memdev, pid_t tid, struct enclave_dbginfo* ei, sgx_arch_
     return 0;
 }
 
-static int poke_gpr(int memdev, pid_t tid, struct enclave_dbginfo* ei, const sgx_arch_gpr_t* gpr) {
+static int poke_gpr(int memdev, pid_t tid, struct enclave_dbginfo* ei, const sgx_pal_gpr_t* gpr) {
     int ret;
 
     void* gpr_addr = get_gpr_addr(memdev, tid, ei);
     if (!gpr_addr)
         return -1;
 
-    ret = pwrite(memdev, gpr, sizeof(sgx_arch_gpr_t), (off_t)gpr_addr);
-    if (ret < sizeof(sgx_arch_gpr_t)) {
+    ret = pwrite(memdev, gpr, sizeof(sgx_pal_gpr_t), (off_t)gpr_addr);
+    if (ret < sizeof(sgx_pal_gpr_t)) {
         DEBUG("Cannot write GPR data (%p) of enclave thread %d\n", (void*)gpr_addr, tid);
         return -1;
     }
@@ -268,7 +268,7 @@ static int poke_gpr(int memdev, pid_t tid, struct enclave_dbginfo* ei, const sgx
 
 static int peek_user(int memdev, pid_t tid, struct enclave_dbginfo* ei, struct user* ud) {
     int ret;
-    sgx_arch_gpr_t gpr;
+    sgx_pal_gpr_t gpr;
 
     ret = peek_gpr(memdev, tid, ei, &gpr);
     if (ret < 0)
@@ -280,7 +280,7 @@ static int peek_user(int memdev, pid_t tid, struct enclave_dbginfo* ei, struct u
 
 static int poke_user(int memdev, pid_t tid, struct enclave_dbginfo* ei, const struct user* ud) {
     int ret;
-    sgx_arch_gpr_t gpr;
+    sgx_pal_gpr_t gpr;
 
     ret = peek_gpr(memdev, tid, ei, &gpr);
     if (ret < 0)
@@ -293,7 +293,7 @@ static int poke_user(int memdev, pid_t tid, struct enclave_dbginfo* ei, const st
 static int peek_regs(int memdev, pid_t tid, struct enclave_dbginfo* ei,
                      struct user_regs_struct* regdata) {
     int ret;
-    sgx_arch_gpr_t gpr;
+    sgx_pal_gpr_t gpr;
 
     ret = peek_gpr(memdev, tid, ei, &gpr);
     if (ret < 0)
@@ -306,7 +306,7 @@ static int peek_regs(int memdev, pid_t tid, struct enclave_dbginfo* ei,
 static int poke_regs(int memdev, pid_t tid, struct enclave_dbginfo* ei,
                      const struct user_regs_struct* regdata) {
     int ret;
-    sgx_arch_gpr_t gpr;
+    sgx_pal_gpr_t gpr;
 
     ret = peek_gpr(memdev, tid, ei, &gpr);
     if (ret < 0)
@@ -609,7 +609,7 @@ pid_t waitpid(pid_t tid, int* status, int options) {
     int memdev;
     pid_t wait_res;
     struct enclave_dbginfo* ei;
-    sgx_arch_gpr_t gpr;
+    sgx_pal_gpr_t gpr;
     uint8_t code;
     int wait_errno;
 

Pal/src/host/Linux-SGX/enclave_entry.S

@@ -341,51 +341,51 @@ enclave_entry:
 4:
 
 	movq SGX_GPR_RSP(%rbx), %rsi
-	subq $(SGX_CONTEXT_SIZE + RED_ZONE_SIZE), %rsi
+	subq $(SGX_CPU_CONTEXT_SIZE + RED_ZONE_SIZE), %rsi
 
 	# we have exitinfo in RDI, swap with the one on GPR
 	# and dump into the context
 	xchgq %rdi, SGX_GPR_RDI(%rbx)
-	movq %rdi, SGX_CONTEXT_RDI(%rsi)
+	movq %rdi, SGX_CPU_CONTEXT_RDI(%rsi)
 
 	# dump the rest of context
 	movq SGX_GPR_RAX(%rbx), %rdi
-	movq %rdi, SGX_CONTEXT_RAX(%rsi)
+	movq %rdi, SGX_CPU_CONTEXT_RAX(%rsi)
 	movq SGX_GPR_RCX(%rbx), %rdi
-	movq %rdi, SGX_CONTEXT_RCX(%rsi)
+	movq %rdi, SGX_CPU_CONTEXT_RCX(%rsi)
 	movq SGX_GPR_RDX(%rbx), %rdi
-	movq %rdi, SGX_CONTEXT_RDX(%rsi)
+	movq %rdi, SGX_CPU_CONTEXT_RDX(%rsi)
 	movq SGX_GPR_RBX(%rbx), %rdi
-	movq %rdi, SGX_CONTEXT_RBX(%rsi)
+	movq %rdi, SGX_CPU_CONTEXT_RBX(%rsi)
 	movq SGX_GPR_RSP(%rbx), %rdi
-	movq %rdi, SGX_CONTEXT_RSP(%rsi)
+	movq %rdi, SGX_CPU_CONTEXT_RSP(%rsi)
 	movq SGX_GPR_RBP(%rbx), %rdi
-	movq %rdi, SGX_CONTEXT_RBP(%rsi)
+	movq %rdi, SGX_CPU_CONTEXT_RBP(%rsi)
 	movq SGX_GPR_RSI(%rbx), %rdi
-	movq %rdi, SGX_CONTEXT_RSI(%rsi)
+	movq %rdi, SGX_CPU_CONTEXT_RSI(%rsi)
 	/* rdi is saved above */
 	movq SGX_GPR_R8(%rbx), %rdi
-	movq %rdi, SGX_CONTEXT_R8(%rsi)
+	movq %rdi, SGX_CPU_CONTEXT_R8(%rsi)
 	movq SGX_GPR_R9(%rbx), %rdi
-	movq %rdi, SGX_CONTEXT_R9(%rsi)
+	movq %rdi, SGX_CPU_CONTEXT_R9(%rsi)
 	movq SGX_GPR_R10(%rbx), %rdi
-	movq %rdi, SGX_CONTEXT_R10(%rsi)
+	movq %rdi, SGX_CPU_CONTEXT_R10(%rsi)
 	movq SGX_GPR_R11(%rbx), %rdi
-	movq %rdi, SGX_CONTEXT_R11(%rsi)
+	movq %rdi, SGX_CPU_CONTEXT_R11(%rsi)
 	movq SGX_GPR_R12(%rbx), %rdi
-	movq %rdi, SGX_CONTEXT_R12(%rsi)
+	movq %rdi, SGX_CPU_CONTEXT_R12(%rsi)
 	movq SGX_GPR_R13(%rbx), %rdi
-	movq %rdi, SGX_CONTEXT_R13(%rsi)
+	movq %rdi, SGX_CPU_CONTEXT_R13(%rsi)
 	movq SGX_GPR_R14(%rbx), %rdi
-	movq %rdi, SGX_CONTEXT_R14(%rsi)
+	movq %rdi, SGX_CPU_CONTEXT_R14(%rsi)
 	movq SGX_GPR_R15(%rbx), %rdi
-	movq %rdi, SGX_CONTEXT_R15(%rsi)
+	movq %rdi, SGX_CPU_CONTEXT_R15(%rsi)
 	movq SGX_GPR_RFLAGS(%rbx), %rdi
-	movq %rdi, SGX_CONTEXT_RFLAGS(%rsi)
+	movq %rdi, SGX_CPU_CONTEXT_RFLAGS(%rsi)
 	movq SGX_GPR_RIP(%rbx), %rdi
-	movq %rdi, SGX_CONTEXT_RIP(%rsi)
+	movq %rdi, SGX_CPU_CONTEXT_RIP(%rsi)
 
-	# Pass pointer to sgx_context_t to _DkExceptionHandler
+	# Pass pointer to sgx_cpu_context_t to _DkExceptionHandler
 	movq %rsi, SGX_GPR_RSI(%rbx)
 
 	# x86-64 sysv abi requires 16B alignment of stack before call instruction
@@ -454,7 +454,7 @@ sgx_ocall:
 	movq %rsp, %rbp
 
 	# CFA shifted away from RBP=RSP by the size of GPR context except RAX
-	.cfi_adjust_cfa_offset SGX_CONTEXT_SIZE - 8
+	.cfi_adjust_cfa_offset SGX_CPU_CONTEXT_SIZE - 8
 
 	subq $XSAVE_SIZE,  %rsp
 	andq $XSAVE_ALIGN, %rsp
@@ -519,7 +519,7 @@ __morestack:
 
 	.cfi_startproc
 	# CFA is away from RBP by ret_addr + saved_rbp + GPR context except RAX
-	.cfi_def_cfa %rbp, SGX_CONTEXT_SIZE - 8 + 16
+	.cfi_def_cfa %rbp, SGX_CPU_CONTEXT_SIZE - 8 + 16
 	.cfi_offset %rbp, -16
 
 	# Clear "extended" state (FPU aka x87, SSE, AVX, ...).
@@ -528,7 +528,7 @@ __morestack:
 	# pal_sec.enclave_attributes.xfrm will always be zero before
 	# init_enclave has been called by pal_linux_main. So during early init
 	# nothing should use features not covered by fxrstor, like AVX.
-	movq (pal_sec + PAL_SEC_ENCLAVE_ATTRIBUTES + SGX_ARCH_ATTRIBUTES_XFRM)(%rip), %rax
+	movq (pal_sec + PAL_SEC_ENCLAVE_ATTRIBUTES + SGX_ATTRIBUTES_XFRM)(%rip), %rax
 	testq $XSAVE_NON_FX_MASK, %rax
 	je 1f
 	mov $0xffffffff, %edx
@@ -649,12 +649,12 @@ __morestack:
 	retq
 
 /*
- * Restore an sgx_context_t as generated by .Lhandle_exception. Execution will
+ * Restore an sgx_cpu_context_t as generated by .Lhandle_exception. Execution will
  * continue as specified by the rip in the context.
  *
  * It is required that:
  *
- *     %rdi == *(%rdi + SGX_CONTEXT_RSP) - (SGX_CONTEXT_SIZE + RED_ZONE_SIZE)
+ *     %rdi == *(%rdi + SGX_CPU_CONTEXT_RSP) - (SGX_CPU_CONTEXT_SIZE + RED_ZONE_SIZE)
  *
  * This holds for the original sgx_context allocated by .Lhandle_exception.
  * restore_sgx_context is a safe wrapper which checks this.
@@ -663,37 +663,37 @@ __morestack:
 	.type _restore_sgx_context, @function
 
 _restore_sgx_context:
-	movq SGX_CONTEXT_RAX(%rdi), %rax
-	movq SGX_CONTEXT_RCX(%rdi), %rcx
-	movq SGX_CONTEXT_RDX(%rdi), %rdx
-	movq SGX_CONTEXT_RBX(%rdi), %rbx
+	movq SGX_CPU_CONTEXT_RAX(%rdi), %rax
+	movq SGX_CPU_CONTEXT_RCX(%rdi), %rcx
+	movq SGX_CPU_CONTEXT_RDX(%rdi), %rdx
+	movq SGX_CPU_CONTEXT_RBX(%rdi), %rbx
 	# For %rsp see below.
-	movq SGX_CONTEXT_RBP(%rdi), %rbp
-	movq SGX_CONTEXT_RSI(%rdi), %rsi
+	movq SGX_CPU_CONTEXT_RBP(%rdi), %rbp
+	movq SGX_CPU_CONTEXT_RSI(%rdi), %rsi
 	# For %rdi see below.
-	movq SGX_CONTEXT_R8(%rdi), %r8
-	movq SGX_CONTEXT_R9(%rdi), %r9
-	movq SGX_CONTEXT_R10(%rdi), %r10
-	movq SGX_CONTEXT_R11(%rdi), %r11
-	movq SGX_CONTEXT_R12(%rdi), %r12
-	movq SGX_CONTEXT_R13(%rdi), %r13
-	movq SGX_CONTEXT_R14(%rdi), %r14
-	movq SGX_CONTEXT_R15(%rdi), %r15
+	movq SGX_CPU_CONTEXT_R8(%rdi), %r8
+	movq SGX_CPU_CONTEXT_R9(%rdi), %r9
+	movq SGX_CPU_CONTEXT_R10(%rdi), %r10
+	movq SGX_CPU_CONTEXT_R11(%rdi), %r11
+	movq SGX_CPU_CONTEXT_R12(%rdi), %r12
+	movq SGX_CPU_CONTEXT_R13(%rdi), %r13
+	movq SGX_CPU_CONTEXT_R14(%rdi), %r14
+	movq SGX_CPU_CONTEXT_R15(%rdi), %r15
 
 	# We need to make sure that %rsp - RED_ZONE_SIZE never points above
 	# anything we still need. Otherwise .Lhandle_exception might mess with
-	# it. SGX_CONTEXT_RDI - SGX_CONTEXT_RFLAGS <= RED_ZONE_SIZE, see
+	# it. SGX_CPU_CONTEXT_RDI - SGX_CPU_CONTEXT_RFLAGS <= RED_ZONE_SIZE, see
 	# sgx_arch.h.
-	leaq SGX_CONTEXT_RFLAGS(%rdi), %rsp
+	leaq SGX_CPU_CONTEXT_RFLAGS(%rdi), %rsp
 	popfq # remember to not touch any flags after here
 
-	movq SGX_CONTEXT_RDI(%rdi), %rdi
+	movq SGX_CPU_CONTEXT_RDI(%rdi), %rdi
 	# Now %rdi is restored so we need to use the stack to access the
 	# context.
 
 	# Now pop %rip and fix stack pointer in one operation (to avoid
-	# problems with nesting, see comment above). SGX_CONTEXT_RIP is
-	# directly after SGX_CONTEXT_RFLAGS, see sgx_arch.h. Note that retq
+	# problems with nesting, see comment above). SGX_CPU_CONTEXT_RIP is
+	# directly after SGX_CPU_CONTEXT_RFLAGS, see sgx_arch.h. Note that retq
 	# decreases %rsp by 8 for the popped %rip additionally to the passed
 	# offset.
-	retq $(SGX_CONTEXT_SIZE + RED_ZONE_SIZE - SGX_CONTEXT_RIP - 8)
+	retq $(SGX_CPU_CONTEXT_SIZE + RED_ZONE_SIZE - SGX_CPU_CONTEXT_RIP - 8)

Pal/src/host/Linux-SGX/enclave_framework.c

@@ -11,7 +11,7 @@
 
 #include "enclave_pages.h"
 
-struct pal_enclave_state pal_enclave_state;
+__sgx_mem_aligned struct pal_enclave_state pal_enclave_state;
 
 void * enclave_base, * enclave_top;
 
@@ -88,22 +88,22 @@ uint64_t sgx_copy_to_enclave(const void* ptr, uint64_t maxsize, const void* uptr
     return usize;
 }
 
-static void print_report(sgx_arch_report_t* r) {
-    SGX_DBG(DBG_S, "  cpusvn:     %08lx %08lx\n", r->body.cpusvn[0], r->body.cpusvn[1]);
-    SGX_DBG(DBG_S, "  mrenclave:  %s\n",        ALLOCA_BYTES2HEXSTR(r->body.mrenclave));
-    SGX_DBG(DBG_S, "  mrsigner:   %s\n",        ALLOCA_BYTES2HEXSTR(r->body.mrsigner));
-    SGX_DBG(DBG_S, "  attr.flags: %016lx\n",    r->body.attributes.flags);
-    SGX_DBG(DBG_S, "  attr.xfrm:  %016lx\n",    r->body.attributes.xfrm);
-    SGX_DBG(DBG_S, "  isvprodid:  %02x\n",      r->body.isvprodid);
-    SGX_DBG(DBG_S, "  isvsvn:     %02x\n",      r->body.isvsvn);
-    SGX_DBG(DBG_S, "  reportdata: %s\n",        ALLOCA_BYTES2HEXSTR(r->body.report_data));
-    SGX_DBG(DBG_S, "  keyid:      %s\n",        ALLOCA_BYTES2HEXSTR(r->keyid));
-    SGX_DBG(DBG_S, "  mac:        %s\n",        ALLOCA_BYTES2HEXSTR(r->mac));
+static void print_report(sgx_report_t* r) {
+    SGX_DBG(DBG_S, "  cpu_svn:     %s\n",     ALLOCA_BYTES2HEXSTR(r->body.cpu_svn.svn));
+    SGX_DBG(DBG_S, "  mr_enclave:  %s\n",     ALLOCA_BYTES2HEXSTR(r->body.mr_enclave.m));
+    SGX_DBG(DBG_S, "  mr_signer:   %s\n",     ALLOCA_BYTES2HEXSTR(r->body.mr_signer.m));
+    SGX_DBG(DBG_S, "  attr.flags:  %016lx\n", r->body.attributes.flags);
+    SGX_DBG(DBG_S, "  attr.xfrm:   %016lx\n", r->body.attributes.xfrm);
+    SGX_DBG(DBG_S, "  isv_prod_id: %02x\n",   r->body.isv_prod_id);
+    SGX_DBG(DBG_S, "  isv_svn:     %02x\n",   r->body.isv_svn);
+    SGX_DBG(DBG_S, "  report_data: %s\n",     ALLOCA_BYTES2HEXSTR(r->body.report_data.d));
+    SGX_DBG(DBG_S, "  key_id:      %s\n",     ALLOCA_BYTES2HEXSTR(r->key_id.id));
+    SGX_DBG(DBG_S, "  mac:         %s\n",     ALLOCA_BYTES2HEXSTR(r->mac));
 }
 
-static sgx_arch_key128_t enclave_key;
+static sgx_key_128bit_t enclave_key;
 
-#define KEYBUF_SIZE ((sizeof(sgx_arch_key128_t) * 2) + 1)
+#define KEYBUF_SIZE ((sizeof(sgx_key_128bit_t) * 2) + 1)
 
 /*
  * sgx_get_report() obtains a CPU-signed report for local attestation
@@ -111,9 +111,9 @@ static sgx_arch_key128_t enclave_key;
  * @data:         the data to be included and signed in the report
  * @report:       a buffer for storing the report
  */
-static int sgx_get_report(sgx_arch_targetinfo_t* target_info, sgx_sign_data_t* data,
-                          sgx_arch_report_t* report) {
-    struct pal_enclave_state state;
+static int sgx_get_report(sgx_target_info_t* target_info, sgx_sign_data_t* data,
+                          sgx_report_t* report) {
+    __sgx_mem_aligned struct pal_enclave_state state;
     memcpy(&state, &pal_enclave_state, sizeof(state));
     memcpy(&state.enclave_data, data, sizeof(*data));
 
@@ -127,15 +127,14 @@ static int sgx_get_report(sgx_arch_targetinfo_t* target_info, sgx_sign_data_t* d
     return 0;
 }
 
-
-int sgx_verify_report (sgx_arch_report_t * report)
+int sgx_verify_report (sgx_report_t* report)
 {
-    sgx_arch_keyrequest_t keyrequest __sgx_mem_aligned;
-    memset(&keyrequest, 0, sizeof(sgx_arch_keyrequest_t));
-    keyrequest.keyname = REPORT_KEY;
-    memcpy(keyrequest.keyid, report->keyid, sizeof(keyrequest.keyid));
+    __sgx_mem_aligned sgx_key_request_t keyrequest;
+    memset(&keyrequest, 0, sizeof(sgx_key_request_t));
+    keyrequest.key_name = REPORT_KEY;
+    memcpy(&keyrequest.key_id, &report->key_id, sizeof(keyrequest.key_id));
 
-    sgx_arch_key128_t report_key __attribute__((aligned(sizeof(sgx_arch_key128_t))));
+    sgx_key_128bit_t report_key __attribute__((aligned(sizeof(sgx_key_128bit_t))));
     memset(&report_key, 0, sizeof(report_key));
 
     int ret = sgx_getkey(&keyrequest, &report_key);
@@ -146,14 +145,14 @@ int sgx_verify_report (sgx_arch_report_t * report)
 
     SGX_DBG(DBG_S, "Get report key for verification: %s\n", ALLOCA_BYTES2HEXSTR(report_key));
 
-    sgx_arch_mac_t check_mac;
+    sgx_mac_t check_mac;
     memset(&check_mac, 0, sizeof(check_mac));
 
     // Generating the MAC with AES-CMAC using the report key. Only hash the part of the report
     // BEFORE the keyid field (hence the offsetof(...) trick). ENCLU[EREPORT] does not include
     // the MAC and the keyid fields when generating the MAC.
     lib_AESCMAC((uint8_t*)&report_key, sizeof(report_key),
-                (uint8_t*)report, offsetof(sgx_arch_report_t, keyid),
+                (uint8_t*)report, offsetof(sgx_report_t, key_id),
                 (uint8_t*)&check_mac, sizeof(check_mac));
 
     // Clear the report key for security
@@ -173,9 +172,9 @@ int sgx_verify_report (sgx_arch_report_t * report)
 
 int init_enclave_key (void)
 {
-    sgx_arch_keyrequest_t keyrequest __sgx_mem_aligned;
-    memset(&keyrequest, 0, sizeof(sgx_arch_keyrequest_t));
-    keyrequest.keyname = SEAL_KEY;
+    __sgx_mem_aligned sgx_key_request_t keyrequest;
+    memset(&keyrequest, 0, sizeof(sgx_key_request_t));
+    keyrequest.key_name = SEAL_KEY;
 
     int ret = sgx_getkey(&keyrequest, &enclave_key);
     if (ret) {
@@ -852,7 +851,7 @@ int init_trusted_children (void)
     struct config_store * store = pal_state.root_config;
 
     char key[CONFIG_MAX], mrkey[CONFIG_MAX];
-    char uri[CONFIG_MAX], mrenclave[CONFIG_MAX];
+    char uri[CONFIG_MAX], mr_enclave[CONFIG_MAX];
 
     char * tmp1 = strcpy_static(key, "sgx.trusted_children.", CONFIG_MAX);
     char * tmp2 = strcpy_static(mrkey, "sgx.trusted_mrenclave.", CONFIG_MAX);
@@ -879,9 +878,9 @@ int init_trusted_children (void)
             if (ret < 0)
                 continue;
 
-            ret = get_config(store, mrkey, mrenclave, CONFIG_MAX);
+            ret = get_config(store, mrkey, mr_enclave, CONFIG_MAX);
             if (ret > 0)
-                register_trusted_child(uri, mrenclave);
+                register_trusted_child(uri, mr_enclave);
         }
     }
     free(cfgbuf);
@@ -951,21 +950,24 @@ void test_dh (void)
 
 int init_enclave (void)
 {
-    // Get report to initialize info (MRENCLAVE, etc.) about this enclave from
+    // Get report to initialize info (MR_ENCLAVE, etc.) about this enclave from
     // a trusted source.
 
     // Since this report is only read by ourselves we can
     // leave targetinfo zeroed.
-    sgx_arch_targetinfo_t targetinfo __sgx_mem_aligned = {0};
-    struct pal_enclave_state reportdata = {0};
-    sgx_arch_report_t report __sgx_mem_aligned;
+    __sgx_mem_aligned sgx_target_info_t targetinfo = {0};
+    __sgx_mem_aligned struct pal_enclave_state reportdata = {0};
+    __sgx_mem_aligned sgx_report_t report;
 
-    int ret = sgx_report(&targetinfo, &reportdata, &report);
-    if (ret)
+    assert(sizeof(reportdata) == sizeof(sgx_report_data_t));
+    int ret = sgx_report(&targetinfo, (sgx_report_data_t*)&reportdata, &report);
+    if (ret) {
+        SGX_DBG(DBG_E, "failed to get self report: %d\n", ret);
         return -PAL_ERROR_INVAL;
+    }
 
-    memcpy(pal_sec.mrenclave, report.body.mrenclave, sizeof(pal_sec.mrenclave));
-    memcpy(pal_sec.mrsigner,  report.body.mrsigner,  sizeof(pal_sec.mrsigner));
+    memcpy(&pal_sec.mr_enclave, &report.body.mr_enclave, sizeof(pal_sec.mr_enclave));
+    memcpy(&pal_sec.mr_signer, &report.body.mr_signer, sizeof(pal_sec.mr_signer));
     pal_sec.enclave_attributes = report.body.attributes;
 
 #if 0
@@ -1099,17 +1101,16 @@ out_no_final:
  * see comments in db_process.c).
  */
 int _DkStreamReportRequest(PAL_HANDLE stream, sgx_sign_data_t* data,
-                           check_mrenclave_t check_mrenclave) {
-    sgx_arch_targetinfo_t target_info __sgx_mem_aligned;
-    sgx_arch_report_t report __sgx_mem_aligned;
+                           check_mr_enclave_t check_mr_enclave) {
+    __sgx_mem_aligned sgx_target_info_t target_info;
+    __sgx_mem_aligned sgx_report_t report;
     uint64_t bytes;
     int64_t ret;
 
     /* A -> B: targetinfo[A] */
     memset(&target_info, 0, sizeof(target_info));
-    memcpy(&target_info.mrenclave,  &pal_sec.mrenclave, sizeof(sgx_arch_hash_t));
-    memcpy(&target_info.attributes, &pal_sec.enclave_attributes,
-           sizeof(sgx_arch_attributes_t));
+    memcpy(&target_info.mr_enclave,  &pal_sec.mr_enclave, sizeof(sgx_measurement_t));
+    memcpy(&target_info.attributes, &pal_sec.enclave_attributes, sizeof(sgx_attributes_t));
 
     for (bytes = 0, ret = 0; bytes < SGX_TARGETINFO_FILLED_SIZE; bytes += ret) {
         ret = _DkStreamWrite(stream, 0, SGX_TARGETINFO_FILLED_SIZE - bytes,
@@ -1138,8 +1139,8 @@ int _DkStreamReportRequest(PAL_HANDLE stream, sgx_sign_data_t* data,
         }
     }
 
-    SGX_DBG(DBG_S, "Received local report (mrenclave = %s)\n",
-            ALLOCA_BYTES2HEXSTR(report.body.mrenclave));
+    SGX_DBG(DBG_S, "Received local report (mr_enclave = %s)\n",
+            ALLOCA_BYTES2HEXSTR(report.body.mr_enclave.m));
 
     /* Verify report[B -> A] */
     ret = sgx_verify_report(&report);
@@ -1149,15 +1150,15 @@ int _DkStreamReportRequest(PAL_HANDLE stream, sgx_sign_data_t* data,
     }
 
     struct pal_enclave_state* remote_state = (void*)&report.body.report_data;
-    ret = check_mrenclave(stream, &report.body.mrenclave, remote_state);
+    ret = check_mr_enclave(stream, &report.body.mr_enclave, remote_state);
     if (ret < 0) {
         SGX_DBG(DBG_E, "Failed to check local report: %ld\n", ret);
         goto out;
     }
 
     if (ret == 1) {
-        SGX_DBG(DBG_E, "Not an allowed enclave (mrenclave = %s). Maybe missing 'sgx.trusted_children' in the manifest file?\n",
-                ALLOCA_BYTES2HEXSTR(report.body.mrenclave));
+        SGX_DBG(DBG_E, "Not an allowed enclave (mr_enclave = %s). Maybe missing 'sgx.trusted_children' in the manifest file?\n",
+                ALLOCA_BYTES2HEXSTR(report.body.mr_enclave.m));
         ret = -PAL_ERROR_DENIED;
         goto out;
     }
@@ -1165,8 +1166,8 @@ int _DkStreamReportRequest(PAL_HANDLE stream, sgx_sign_data_t* data,
     SGX_DBG(DBG_S, "Local attestation succeeded!\n");
 
     /* A -> B: report[A -> B] */
-    memcpy(&target_info.mrenclave , &report.body.mrenclave,  sizeof(sgx_arch_hash_t));
-    memcpy(&target_info.attributes, &report.body.attributes, sizeof(sgx_arch_attributes_t));
+    memcpy(&target_info.mr_enclave , &report.body.mr_enclave,  sizeof(sgx_measurement_t));
+    memcpy(&target_info.attributes, &report.body.attributes, sizeof(sgx_attributes_t));
 
     ret = sgx_get_report(&target_info, data, &report);
     if (ret < 0) {
@@ -1202,9 +1203,9 @@ out:
  * see comments in db_process.c).
  */
 int _DkStreamReportRespond(PAL_HANDLE stream, sgx_sign_data_t* data,
-                           check_mrenclave_t check_mrenclave) {
-    sgx_arch_targetinfo_t target_info __sgx_mem_aligned;
-    sgx_arch_report_t report __sgx_mem_aligned;
+                           check_mr_enclave_t check_mr_enclave) {
+    __sgx_mem_aligned sgx_target_info_t target_info;
+    __sgx_mem_aligned sgx_report_t report;
     uint64_t bytes;
     int64_t ret;
     memset(&target_info, 0, sizeof(target_info));
@@ -1257,8 +1258,8 @@ int _DkStreamReportRespond(PAL_HANDLE stream, sgx_sign_data_t* data,
         }
     }
 
-    SGX_DBG(DBG_S, "Received local report (mrenclave = %s)\n",
-            ALLOCA_BYTES2HEXSTR(report.body.mrenclave));
+    SGX_DBG(DBG_S, "Received local report (mr_enclave = %s)\n",
+            ALLOCA_BYTES2HEXSTR(report.body.mr_enclave.m));
 
     /* Verify report[A -> B] */
     ret = sgx_verify_report(&report);
@@ -1268,15 +1269,15 @@ int _DkStreamReportRespond(PAL_HANDLE stream, sgx_sign_data_t* data,
     }
 
     struct pal_enclave_state* remote_state = (void*)&report.body.report_data;
-    ret = check_mrenclave(stream, &report.body.mrenclave, remote_state);
+    ret = check_mr_enclave(stream, &report.body.mr_enclave, remote_state);
     if (ret < 0) {
-        SGX_DBG(DBG_E, "Failed to check mrenclave: %ld\n", ret);
+        SGX_DBG(DBG_E, "Failed to check mr_enclave: %ld\n", ret);
         goto out;
     }
 
     if (ret == 1) {
-        SGX_DBG(DBG_E, "Not an allowed enclave (mrenclave = %s). Maybe missing 'sgx.trusted_children' in the manifest file?\n",
-                ALLOCA_BYTES2HEXSTR(report.body.mrenclave));
+        SGX_DBG(DBG_E, "Not an allowed enclave (mr_enclave = %s). Maybe missing 'sgx.trusted_children' in the manifest file?\n",
+                ALLOCA_BYTES2HEXSTR(report.body.mr_enclave.m));
         ret = -PAL_ERROR_DENIED;
         goto out;
     }
@@ -1290,24 +1291,24 @@ out:
 }
 
 /*
- * Restore an sgx_context_t as generated by .Lhandle_exception. Execution will
+ * Restore an sgx_cpu_context_t as generated by .Lhandle_exception. Execution will
  * continue as specified by the rip in the context.
  *
  * It is required that:
  *
- *     ctx == ctx->rsp - (sizeof(sgx_context_t) + RED_ZONE_SIZE)
+ *     ctx == ctx->rsp - (sizeof(sgx_cpu_context_t) + RED_ZONE_SIZE)
  *
  * This means that the ctx is allocated directly below the "normal" stack
  * (honoring its red zone). This is needed to properly restore the old state
  * (see _restore_sgx_context for details).
  *
- * For the original sgx_context_t allocated by .Lhandle_exception this is true.
+ * For the original sgx_cpu_context_t allocated by .Lhandle_exception this is true.
  * This is a safe wrapper around _restore_sgx_context, which checks this
  * preconditon.
  */
-void restore_sgx_context(sgx_context_t *ctx) {
-    if (((uint64_t) ctx) != ctx->rsp - (sizeof(sgx_context_t) + RED_ZONE_SIZE)) {
-        SGX_DBG(DBG_E, "Invalid sgx_context_t pointer passed to restore_sgx_context!\n");
+void restore_sgx_context(sgx_cpu_context_t *ctx) {
+    if (((uint64_t) ctx) != ctx->rsp - (sizeof(sgx_cpu_context_t) + RED_ZONE_SIZE)) {
+        SGX_DBG(DBG_E, "Invalid sgx_cpu_context_t pointer passed to restore_sgx_context!\n");
         ocall_exit(1, /*is_exitgroup=*/false);
     }
 

Pal/src/host/Linux-SGX/enclave_ocalls.c

@@ -1159,7 +1159,7 @@ int ocall_load_debug(const char * command)
  *               and certificate chain).
  */
 int ocall_get_attestation (const sgx_spid_t* spid, const char* subkey, bool linkable,
-                           const sgx_arch_report_t* report, const sgx_quote_nonce_t* nonce,
+                           const sgx_report_t* report, const sgx_quote_nonce_t* nonce,
                            sgx_attestation_t* attestation) {
 
     ms_ocall_get_attestation_t * ms;
@@ -1171,7 +1171,7 @@ int ocall_get_attestation (const sgx_spid_t* spid, const char* subkey, bool link
 
     memcpy(&ms->ms_spid,   spid,   sizeof(sgx_spid_t));
     ms->ms_subkey = sgx_copy_to_ustack(subkey, strlen(subkey) + 1);
-    memcpy(&ms->ms_report, report, sizeof(sgx_arch_report_t));
+    memcpy(&ms->ms_report, report, sizeof(sgx_report_t));
     memcpy(&ms->ms_nonce,  nonce,  sizeof(sgx_quote_nonce_t));
     ms->ms_linkable = linkable;
 

Pal/src/host/Linux-SGX/enclave_ocalls.h

@@ -102,5 +102,5 @@ int ocall_delete (const char * pathname);
 int ocall_load_debug (const char * command);
 
 int ocall_get_attestation(const sgx_spid_t* spid, const char* subkey, bool linkable,
-                          const sgx_arch_report_t* report, const sgx_quote_nonce_t* nonce,
+                          const sgx_report_t* report, const sgx_quote_nonce_t* nonce,
                           sgx_attestation_t* attestation);

Pal/src/host/Linux-SGX/enclave_platform.c

@@ -104,7 +104,7 @@
  *    - The report from the PSW enclave needs to be verified. This will establish the mutual
  *      trust between the enclave PAL and the PSW enclave.
  *    - The HTTPS response from the IAS needs to contain the same quote generated from the
- *      PSW enclave, the same mrenclave, attributes, and 64-byte report data.
+ *      PSW enclave, the same mr_enclave, attributes, and 64-byte report data.
  *    - The HTTPS response needs to have an acceptable status, which is "OK" by default, or
  *      "GROUP_OUT_OF_DATE" if "sgx.ra_accept_group_out_of_date = 1" is in the manifest.
  *      If you obtain a status besides OK, please see the SECURITY ADVISORIES in README.md.
@@ -161,7 +161,7 @@ int init_trusted_platform(void) {
 
     char* status;
     char* timestamp;
-    ret = sgx_verify_platform(&spid, subkey, &nonce, (sgx_arch_report_data_t*)&pal_enclave_state,
+    ret = sgx_verify_platform(&spid, subkey, &nonce, (sgx_report_data_t*)&pal_enclave_state,
                               linkable, accept_group_out_of_date, NULL, &status, &timestamp);
     if (ret < 0)
         return ret;
@@ -401,7 +401,7 @@ static int parse_x509_pem(char* cert, char** cert_end, uint8_t** body, size_t* b
  *                     Timestamp format: %Y-%m-%dT%H:%M:%S.%f (Ex: 2019-08-01T12:30:00.123456)
  */
 int sgx_verify_platform(sgx_spid_t* spid, const char* subkey, sgx_quote_nonce_t* nonce,
-                        sgx_arch_report_data_t* report_data, bool linkable,
+                        sgx_report_data_t* report_data, bool linkable,
                         bool accept_group_out_of_date, sgx_attestation_t* ret_attestation,
                         char** ret_ias_status, char** ret_ias_timestamp) {
 
@@ -410,8 +410,8 @@ int sgx_verify_platform(sgx_spid_t* spid, const char* subkey, sgx_quote_nonce_t*
     SGX_DBG(DBG_S, "  type:  %s\n", linkable ? "linkable" : "unlinkable");
     SGX_DBG(DBG_S, "  nonce: %s\n", ALLOCA_BYTES2HEXSTR(*nonce));
 
-    sgx_arch_report_t report __sgx_mem_aligned;
-    sgx_arch_targetinfo_t targetinfo __sgx_mem_aligned = pal_sec.aesm_targetinfo;
+    __sgx_mem_aligned sgx_report_t report;
+    __sgx_mem_aligned sgx_target_info_t targetinfo = pal_sec.aesm_targetinfo;
 
     int ret = sgx_report(&targetinfo, report_data, &report);
     if (ret) {
@@ -609,13 +609,13 @@ int sgx_verify_platform(sgx_spid_t* spid, const char* subkey, sgx_quote_nonce_t*
 
     // Check if the quote matches the IAS report
     if (memcmp(&ias_quote->body, &attestation.quote->body, sizeof(sgx_quote_body_t)) ||
-        memcmp(&ias_quote->report_body, &report.body, sizeof(sgx_arch_report_body_t))) {
+        memcmp(&ias_quote->report_body, &report.body, sizeof(sgx_report_body_t))) {
         SGX_DBG(DBG_E, "IAS returned the wrong quote\n");
         goto failed;
     }
 
     // Check if the quote has the right enclave report
-    if (memcmp(&attestation.quote->report_body, &report.body, sizeof(sgx_arch_report_body_t))) {
+    if (memcmp(&attestation.quote->report_body, &report.body, sizeof(sgx_report_body_t))) {
         SGX_DBG(DBG_E, "The returned quote contains the wrong enclave report\n");
         goto failed;
     }

Pal/src/host/Linux-SGX/generated-offsets.c

@@ -21,55 +21,53 @@ void dummy(void)
     DEFINE(SGX_XFRM_MPX, SGX_XFRM_MPX);
     DEFINE(SGX_XFRM_AVX512, SGX_XFRM_AVX512);
     DEFINE(SGX_MISCSELECT_EXINFO, SGX_MISCSELECT_EXINFO);
-
-    /* sgx_arch_key_t */
-    DEFINE(SGX_ARCH_KEY_SIZE, sizeof(sgx_arch_key_t));
-
-    /* sgx_arch_hash_t */
-    DEFINE(SGX_ARCH_HASH_SIZE, sizeof(sgx_arch_hash_t));
-
-    /* sgx_arch_gpr_t */
-    OFFSET_T(SGX_GPR_RAX, sgx_arch_gpr_t, rax);
-    OFFSET_T(SGX_GPR_RCX, sgx_arch_gpr_t, rcx);
-    OFFSET_T(SGX_GPR_RDX, sgx_arch_gpr_t, rdx);
-    OFFSET_T(SGX_GPR_RBX, sgx_arch_gpr_t, rbx);
-    OFFSET_T(SGX_GPR_RSP, sgx_arch_gpr_t, rsp);
-    OFFSET_T(SGX_GPR_RBP, sgx_arch_gpr_t, rbp);
-    OFFSET_T(SGX_GPR_RSI, sgx_arch_gpr_t, rsi);
-    OFFSET_T(SGX_GPR_RDI, sgx_arch_gpr_t, rdi);
-    OFFSET_T(SGX_GPR_R8, sgx_arch_gpr_t, r8);
-    OFFSET_T(SGX_GPR_R9, sgx_arch_gpr_t, r9);
-    OFFSET_T(SGX_GPR_R10, sgx_arch_gpr_t, r10);
-    OFFSET_T(SGX_GPR_R11, sgx_arch_gpr_t, r11);
-    OFFSET_T(SGX_GPR_R12, sgx_arch_gpr_t, r12);
-    OFFSET_T(SGX_GPR_R13, sgx_arch_gpr_t, r13);
-    OFFSET_T(SGX_GPR_R14, sgx_arch_gpr_t, r14);
-    OFFSET_T(SGX_GPR_R15, sgx_arch_gpr_t, r15);
-    OFFSET_T(SGX_GPR_RFLAGS, sgx_arch_gpr_t, rflags);
-    OFFSET_T(SGX_GPR_RIP, sgx_arch_gpr_t, rip);
-    OFFSET_T(SGX_GPR_EXITINFO, sgx_arch_gpr_t, exitinfo);
-    DEFINE(SGX_GPR_SIZE, sizeof(sgx_arch_gpr_t));
-
-    /* sgx_context_t */
-    OFFSET_T(SGX_CONTEXT_RAX, sgx_context_t, rax);
-    OFFSET_T(SGX_CONTEXT_RCX, sgx_context_t, rcx);
-    OFFSET_T(SGX_CONTEXT_RDX, sgx_context_t, rdx);
-    OFFSET_T(SGX_CONTEXT_RBX, sgx_context_t, rbx);
-    OFFSET_T(SGX_CONTEXT_RSP, sgx_context_t, rsp);
-    OFFSET_T(SGX_CONTEXT_RBP, sgx_context_t, rbp);
-    OFFSET_T(SGX_CONTEXT_RSI, sgx_context_t, rsi);
-    OFFSET_T(SGX_CONTEXT_RDI, sgx_context_t, rdi);
-    OFFSET_T(SGX_CONTEXT_R8, sgx_context_t, r8);
-    OFFSET_T(SGX_CONTEXT_R9, sgx_context_t, r9);
-    OFFSET_T(SGX_CONTEXT_R10, sgx_context_t, r10);
-    OFFSET_T(SGX_CONTEXT_R11, sgx_context_t, r11);
-    OFFSET_T(SGX_CONTEXT_R12, sgx_context_t, r12);
-    OFFSET_T(SGX_CONTEXT_R13, sgx_context_t, r13);
-    OFFSET_T(SGX_CONTEXT_R14, sgx_context_t, r14);
-    OFFSET_T(SGX_CONTEXT_R15, sgx_context_t, r15);
-    OFFSET_T(SGX_CONTEXT_RFLAGS, sgx_context_t, rflags);
-    OFFSET_T(SGX_CONTEXT_RIP, sgx_context_t, rip);
-    DEFINE(SGX_CONTEXT_SIZE, sizeof(sgx_context_t));
+    DEFINE(SE_KEY_SIZE, SE_KEY_SIZE);
+
+    /* sgx_measurement_t */
+    DEFINE(SGX_HASH_SIZE, sizeof(sgx_measurement_t));
+
+    /* sgx_pal_gpr_t */
+    OFFSET_T(SGX_GPR_RAX, sgx_pal_gpr_t, rax);
+    OFFSET_T(SGX_GPR_RCX, sgx_pal_gpr_t, rcx);
+    OFFSET_T(SGX_GPR_RDX, sgx_pal_gpr_t, rdx);
+    OFFSET_T(SGX_GPR_RBX, sgx_pal_gpr_t, rbx);
+    OFFSET_T(SGX_GPR_RSP, sgx_pal_gpr_t, rsp);
+    OFFSET_T(SGX_GPR_RBP, sgx_pal_gpr_t, rbp);
+    OFFSET_T(SGX_GPR_RSI, sgx_pal_gpr_t, rsi);
+    OFFSET_T(SGX_GPR_RDI, sgx_pal_gpr_t, rdi);
+    OFFSET_T(SGX_GPR_R8, sgx_pal_gpr_t, r8);
+    OFFSET_T(SGX_GPR_R9, sgx_pal_gpr_t, r9);
+    OFFSET_T(SGX_GPR_R10, sgx_pal_gpr_t, r10);
+    OFFSET_T(SGX_GPR_R11, sgx_pal_gpr_t, r11);
+    OFFSET_T(SGX_GPR_R12, sgx_pal_gpr_t, r12);
+    OFFSET_T(SGX_GPR_R13, sgx_pal_gpr_t, r13);
+    OFFSET_T(SGX_GPR_R14, sgx_pal_gpr_t, r14);
+    OFFSET_T(SGX_GPR_R15, sgx_pal_gpr_t, r15);
+    OFFSET_T(SGX_GPR_RFLAGS, sgx_pal_gpr_t, rflags);
+    OFFSET_T(SGX_GPR_RIP, sgx_pal_gpr_t, rip);
+    OFFSET_T(SGX_GPR_EXITINFO, sgx_pal_gpr_t, exitinfo);
+    DEFINE(SGX_GPR_SIZE, sizeof(sgx_pal_gpr_t));
+
+    /* sgx_cpu_context_t */
+    OFFSET_T(SGX_CPU_CONTEXT_RAX, sgx_cpu_context_t, rax);
+    OFFSET_T(SGX_CPU_CONTEXT_RCX, sgx_cpu_context_t, rcx);
+    OFFSET_T(SGX_CPU_CONTEXT_RDX, sgx_cpu_context_t, rdx);
+    OFFSET_T(SGX_CPU_CONTEXT_RBX, sgx_cpu_context_t, rbx);
+    OFFSET_T(SGX_CPU_CONTEXT_RSP, sgx_cpu_context_t, rsp);
+    OFFSET_T(SGX_CPU_CONTEXT_RBP, sgx_cpu_context_t, rbp);
+    OFFSET_T(SGX_CPU_CONTEXT_RSI, sgx_cpu_context_t, rsi);
+    OFFSET_T(SGX_CPU_CONTEXT_RDI, sgx_cpu_context_t, rdi);
+    OFFSET_T(SGX_CPU_CONTEXT_R8, sgx_cpu_context_t, r8);
+    OFFSET_T(SGX_CPU_CONTEXT_R9, sgx_cpu_context_t, r9);
+    OFFSET_T(SGX_CPU_CONTEXT_R10, sgx_cpu_context_t, r10);
+    OFFSET_T(SGX_CPU_CONTEXT_R11, sgx_cpu_context_t, r11);
+    OFFSET_T(SGX_CPU_CONTEXT_R12, sgx_cpu_context_t, r12);
+    OFFSET_T(SGX_CPU_CONTEXT_R13, sgx_cpu_context_t, r13);
+    OFFSET_T(SGX_CPU_CONTEXT_R14, sgx_cpu_context_t, r14);
+    OFFSET_T(SGX_CPU_CONTEXT_R15, sgx_cpu_context_t, r15);
+    OFFSET_T(SGX_CPU_CONTEXT_RFLAGS, sgx_cpu_context_t, rflags);
+    OFFSET_T(SGX_CPU_CONTEXT_RIP, sgx_cpu_context_t, rip);
+    DEFINE(SGX_CPU_CONTEXT_SIZE, sizeof(sgx_cpu_context_t));
 
     /* struct enclave_tls */
     OFFSET(SGX_COMMON_SELF, enclave_tls, common.self);
@@ -95,36 +93,42 @@ void dummy(void)
     OFFSET(SGX_EXEC_SIZE, enclave_tls, exec_size);
 
     /* sgx_arch_tcs_t */
+    OFFSET_T(TCS_FLAGS, sgx_arch_tcs_t, flags);
     OFFSET_T(TCS_OSSA, sgx_arch_tcs_t, ossa);
+    OFFSET_T(TCS_CSSA, sgx_arch_tcs_t, cssa);
     OFFSET_T(TCS_NSSA, sgx_arch_tcs_t, nssa);
     OFFSET_T(TCS_OENTRY, sgx_arch_tcs_t, oentry);
-    OFFSET_T(TCS_OGSBASGX, sgx_arch_tcs_t, ogsbasgx);
-    OFFSET_T(TCS_FSLIMIT, sgx_arch_tcs_t, fslimit);
-    OFFSET_T(TCS_GSLIMIT, sgx_arch_tcs_t, gslimit);
+    OFFSET_T(TCS_OFS_BASE, sgx_arch_tcs_t, ofs_base);
+    OFFSET_T(TCS_OGS_BASE, sgx_arch_tcs_t, ogs_base);
+    OFFSET_T(TCS_OFS_LIMIT, sgx_arch_tcs_t, ofs_limit);
+    OFFSET_T(TCS_OGS_LIMIT, sgx_arch_tcs_t, ogs_limit);
     DEFINE(TCS_SIZE, sizeof(sgx_arch_tcs_t));
 
-    /* sgx_arch_attributes_t */
-    OFFSET_T(SGX_ARCH_ATTRIBUTES_XFRM, sgx_arch_attributes_t, xfrm);
-
-    /* sgx_arch_sigstruct_t */
-    OFFSET_T(SGX_ARCH_SIGSTRUCT_HEADER, sgx_arch_sigstruct_t, header);
-    OFFSET_T(SGX_ARCH_SIGSTRUCT_VENDOR, sgx_arch_sigstruct_t, vendor);
-    OFFSET_T(SGX_ARCH_SIGSTRUCT_DATE, sgx_arch_sigstruct_t, date);
-    OFFSET_T(SGX_ARCH_SIGSTRUCT_HEADER2, sgx_arch_sigstruct_t, header2);
-    OFFSET_T(SGX_ARCH_SIGSTRUCT_SWDEFINED, sgx_arch_sigstruct_t, swdefined);
-    OFFSET_T(SGX_ARCH_SIGSTRUCT_MODULUS, sgx_arch_sigstruct_t, modulus);
-    OFFSET_T(SGX_ARCH_SIGSTRUCT_EXPONENT, sgx_arch_sigstruct_t, exponent);
-    OFFSET_T(SGX_ARCH_SIGSTRUCT_SIGNATURE, sgx_arch_sigstruct_t, signature);
-    OFFSET_T(SGX_ARCH_SIGSTRUCT_MISCSELECT, sgx_arch_sigstruct_t, miscselect);
-    OFFSET_T(SGX_ARCH_SIGSTRUCT_MISCSELECT_MASK, sgx_arch_sigstruct_t, miscselect_mask);
-    OFFSET_T(SGX_ARCH_SIGSTRUCT_ATTRIBUTES, sgx_arch_sigstruct_t, attributes);
-    OFFSET_T(SGX_ARCH_SIGSTRUCT_ATTRIBUTES_MASK, sgx_arch_sigstruct_t, attribute_mask);
-    OFFSET_T(SGX_ARCH_SIGSTRUCT_ENCLAVE_HASH, sgx_arch_sigstruct_t, enclave_hash);
-    OFFSET_T(SGX_ARCH_SIGSTRUCT_ISVPRODID, sgx_arch_sigstruct_t, isvprodid);
-    OFFSET_T(SGX_ARCH_SIGSTRUCT_ISVSVN, sgx_arch_sigstruct_t, isvsvn);
-    OFFSET_T(SGX_ARCH_SIGSTRUCT_Q1, sgx_arch_sigstruct_t, q1);
-    OFFSET_T(SGX_ARCH_SIGSTRUCT_Q2, sgx_arch_sigstruct_t, q2);
-    DEFINE(SGX_ARCH_SIGSTRUCT_SIZE, sizeof(sgx_arch_sigstruct_t));
+    /* sgx_attributes_t */
+    OFFSET_T(SGX_ATTRIBUTES_XFRM, sgx_attributes_t, xfrm);
+
+    /* sgx_arch_enclave_css_t */
+    OFFSET_T(SGX_ARCH_ENCLAVE_CSS_HEADER, sgx_arch_enclave_css_t, header.header);
+    OFFSET_T(SGX_ARCH_ENCLAVE_CSS_TYPE, sgx_arch_enclave_css_t, header.type);
+    OFFSET_T(SGX_ARCH_ENCLAVE_CSS_MODULE_VENDOR, sgx_arch_enclave_css_t, header.module_vendor);
+    OFFSET_T(SGX_ARCH_ENCLAVE_CSS_DATE, sgx_arch_enclave_css_t, header.date);
+    OFFSET_T(SGX_ARCH_ENCLAVE_CSS_HEADER2, sgx_arch_enclave_css_t, header.header2);
+    OFFSET_T(SGX_ARCH_ENCLAVE_CSS_HW_VERSION, sgx_arch_enclave_css_t, header.hw_version);
+    OFFSET_T(SGX_ARCH_ENCLAVE_CSS_MODULUS, sgx_arch_enclave_css_t, key.modulus);
+    OFFSET_T(SGX_ARCH_ENCLAVE_CSS_EXPONENT, sgx_arch_enclave_css_t, key.exponent);
+    OFFSET_T(SGX_ARCH_ENCLAVE_CSS_SIGNATURE, sgx_arch_enclave_css_t, key.signature);
+    OFFSET_T(SGX_ARCH_ENCLAVE_CSS_MISC_SELECT, sgx_arch_enclave_css_t, body.misc_select);
+    OFFSET_T(SGX_ARCH_ENCLAVE_CSS_MISC_MASK, sgx_arch_enclave_css_t, body.misc_mask);
+    OFFSET_T(SGX_ARCH_ENCLAVE_CSS_ISV_FAMILY_ID, sgx_arch_enclave_css_t, body.isv_family_id);
+    OFFSET_T(SGX_ARCH_ENCLAVE_CSS_ATTRIBUTES, sgx_arch_enclave_css_t, body.attributes);
+    OFFSET_T(SGX_ARCH_ENCLAVE_CSS_ATTRIBUTE_MASK, sgx_arch_enclave_css_t, body.attribute_mask);
+    OFFSET_T(SGX_ARCH_ENCLAVE_CSS_ENCLAVE_HASH, sgx_arch_enclave_css_t, body.enclave_hash);
+    OFFSET_T(SGX_ARCH_ENCLAVE_CSS_ISVEXT_PROD_ID, sgx_arch_enclave_css_t, body.isvext_prod_id);
+    OFFSET_T(SGX_ARCH_ENCLAVE_CSS_ISV_PROD_ID, sgx_arch_enclave_css_t, body.isv_prod_id);
+    OFFSET_T(SGX_ARCH_ENCLAVE_CSS_ISV_SVN, sgx_arch_enclave_css_t, body.isv_svn);
+    OFFSET_T(SGX_ARCH_ENCLAVE_CSS_Q1, sgx_arch_enclave_css_t, buffer.q1);
+    OFFSET_T(SGX_ARCH_ENCLAVE_CSS_Q2, sgx_arch_enclave_css_t, buffer.q2);
+    DEFINE(SGX_ARCH_ENCLAVE_CSS_SIZE, sizeof(sgx_arch_enclave_css_t));
 
     /* struct pal_sec */
     OFFSET(PAL_SEC_ENCLAVE_ATTRIBUTES, pal_sec, enclave_attributes);

Pal/src/host/Linux-SGX/ocall_types.h

@@ -281,7 +281,7 @@ typedef struct {
     sgx_spid_t        ms_spid;
     const char*       ms_subkey;
     bool              ms_linkable;
-    sgx_arch_report_t ms_report;
+    sgx_report_t      ms_report;
     sgx_quote_nonce_t ms_nonce;
     sgx_attestation_t ms_attestation;
 } ms_ocall_get_attestation_t;

Pal/src/host/Linux-SGX/pal_linux.h

@@ -134,7 +134,7 @@ int copy_and_verify_trusted_file (const char * path, const void * umem,
                     sgx_stub_t * stubs, uint64_t total_size);
 
 int init_trusted_children (void);
-int register_trusted_child (const char * uri, const char * mrenclave_str);
+int register_trusted_child (const char * uri, const char * mr_enclave_str);
 
 /* exchange and establish a 256-bit session key */
 int _DkStreamKeyExchange(PAL_HANDLE stream, PAL_SESSION_KEY* key);
@@ -146,37 +146,37 @@ extern struct pal_enclave_state {
     uint64_t        enclave_flags;      // Reserved for flags
     uint64_t        enclave_id;         // Unique identifier for authentication
     sgx_sign_data_t enclave_data;       // Reserved for signing other data
-} __attribute__((packed, aligned (128))) pal_enclave_state;
+} __attribute__((packed)) pal_enclave_state;
 
 /*
  * sgx_verify_report: verify a CPU-signed report from another local enclave
  * @report: the buffer storing the report to verify
  */
-int sgx_verify_report(sgx_arch_report_t* report);
+int sgx_verify_report(sgx_report_t* report);
 
-typedef int (*check_mrenclave_t)(PAL_HANDLE, sgx_arch_hash_t*, struct pal_enclave_state*);
+typedef int (*check_mr_enclave_t)(PAL_HANDLE, sgx_measurement_t*, struct pal_enclave_state*);
 
 /*
  * _DkStreamReportRequest, _DkStreamReportRespond:
  * Request and respond a local report on an RPC stream
  *
- * @stream:          stream handle for sending and receiving messages
- * @data:            data to sign in the outbound message
- * @check_mrenclave: callback function for checking the measurement of the other end
+ * @stream:           stream handle for sending and receiving messages
+ * @data:             data to sign in the outbound message
+ * @check_mr_enclave: callback function for checking the measurement of the other end
  */
 int _DkStreamReportRequest(PAL_HANDLE stream, sgx_sign_data_t* data,
-                           check_mrenclave_t check_mrenclave);
+                           check_mr_enclave_t check_mr_enclave);
 int _DkStreamReportRespond(PAL_HANDLE stream, sgx_sign_data_t* data,
-                           check_mrenclave_t check_mrenclave);
+                           check_mr_enclave_t check_mr_enclave);
 
 #include "sgx_arch.h"
 
 #define PAL_ENCLAVE_INITIALIZED     0x0001ULL
 
 extern struct pal_enclave_config {
-    sgx_arch_hash_t        mrenclave;
-    sgx_arch_attributes_t  enclave_attributes;
-    void *                 enclave_key;
+    sgx_measurement_t mr_enclave;
+    sgx_attributes_t  enclave_attributes;
+    void *            enclave_key;
 } pal_enclave_config;
 
 #include <hex.h>

Pal/src/host/Linux-SGX/pal_security.h

@@ -28,10 +28,10 @@ struct pal_sec {
     PAL_IDX         ppid, pid, uid, gid;
 
     /* enclave information */
-    sgx_arch_targetinfo_t   aesm_targetinfo;
-    sgx_arch_hash_t         mrenclave;
-    sgx_arch_hash_t         mrsigner;
-    sgx_arch_attributes_t   enclave_attributes;
+    sgx_target_info_t  aesm_targetinfo;
+    sgx_measurement_t  mr_enclave;
+    sgx_measurement_t  mr_signer;
+    sgx_attributes_t   enclave_attributes;
 
     /* remaining heap usable by application */
     PAL_PTR         heap_min, heap_max;

Pal/src/host/Linux-SGX/sgx_api.h

@@ -36,8 +36,8 @@ uint64_t sgx_copy_to_enclave(const void* ptr, uint64_t maxsize, const void* uptr
  * sgx_report:
  * Generate SGX hardware signed report.
  */
-static inline int sgx_report (sgx_arch_targetinfo_t * targetinfo,
-                               void * reportdata, sgx_arch_report_t * report)
+static inline int sgx_report (sgx_target_info_t * targetinfo,
+                              void * reportdata, sgx_report_t * report)
 {
     __asm__ volatile(
         ENCLU "\n"
@@ -50,8 +50,8 @@ static inline int sgx_report (sgx_arch_targetinfo_t * targetinfo,
  * sgx_getkey:
  * Retrieve SGX hardware enclave cryptography key.
  */
-static inline int64_t sgx_getkey (sgx_arch_keyrequest_t * keyrequest,
-                                  sgx_arch_key128_t * key)
+static inline int64_t sgx_getkey (sgx_key_request_t * keyrequest,
+                                  sgx_key_128bit_t * key)
 {
     int64_t rax = EGETKEY;
     __asm__ volatile(
@@ -101,7 +101,7 @@ static inline void wrfsbase (uint64_t addr)
         :: "D"(addr));
 }
 
-void restore_sgx_context(sgx_context_t *ctx);
-void _restore_sgx_context(sgx_context_t *ctx);
+void restore_sgx_context(sgx_cpu_context_t *ctx);
+void _restore_sgx_context(sgx_cpu_context_t *ctx);
 
 #endif /* SGX_API_H */

Pal/src/host/Linux-SGX/sgx_arch.h

@@ -24,59 +24,97 @@
 #include "assert.h"
 #include <stdint.h>
 
-typedef uint8_t sgx_arch_key_t [384];
-typedef uint8_t sgx_arch_hash_t[32];
-typedef uint8_t sgx_arch_mac_t [16];
+#pragma pack(push, 1)
+
+#define SE_KEY_SIZE      384
+#define SE_EXPONENT_SIZE 4
+
+#define SGX_HASH_SIZE 32
+#define SGX_MAC_SIZE  16
+
+typedef struct _sgx_measurement_t {
+    uint8_t m[SGX_HASH_SIZE];
+} sgx_measurement_t;
+
+typedef uint8_t sgx_mac_t[SGX_MAC_SIZE];
+
 // This if for passing a mac to hex2str
-#define MACBUF_SIZE ((sizeof(sgx_arch_mac_t) * 2) + 1)
+#define MACBUF_SIZE ((sizeof(sgx_mac_t) * 2) + 1)
 
-typedef struct {
-    uint64_t flags, xfrm;
-} sgx_arch_attributes_t;
+typedef struct _sgx_attributes_t {
+    uint64_t flags;
+    uint64_t xfrm;
+} sgx_attributes_t;
+
+#define SGX_CPUSVN_SIZE      16
+#define SGX_CONFIGID_SIZE    64
+#define SGX_KEYID_SIZE       32
+#define SGX_REPORT_DATA_SIZE 64
+
+typedef struct _sgx_cpu_svn_t {
+    uint8_t svn[SGX_CPUSVN_SIZE];
+} sgx_cpu_svn_t;
+
+typedef uint32_t sgx_misc_select_t;
+typedef uint16_t sgx_prod_id_t;
+typedef uint16_t sgx_isv_svn_t;
+typedef uint16_t sgx_config_svn_t;
+typedef uint8_t  sgx_config_id_t[SGX_CONFIGID_SIZE];
+
+#define SGX_ISVEXT_PROD_ID_SIZE 16
+#define SGX_ISV_FAMILY_ID_SIZE  16
 
-#define SGX_FLAGS_INITIALIZED    0x01ULL
-#define SGX_FLAGS_DEBUG          0x02ULL
-#define SGX_FLAGS_MODE64BIT      0x04ULL
-#define SGX_FLAGS_PROVISION_KEY  0x10ULL
-#define SGX_FLAGS_LICENSE_KEY    0x20ULL
+typedef uint8_t sgx_isvext_prod_id_t[SGX_ISVEXT_PROD_ID_SIZE];
+typedef uint8_t sgx_isvfamily_id_t[SGX_ISV_FAMILY_ID_SIZE];
 
-#define SGX_XFRM_LEGACY          0x03ULL
-#define SGX_XFRM_AVX             0x06ULL
-#define SGX_XFRM_MPX             0x18ULL
-#define SGX_XFRM_AVX512          0xe6ULL
+#define SGX_FLAGS_INITIALIZED   0x01ULL
+#define SGX_FLAGS_DEBUG         0x02ULL
+#define SGX_FLAGS_MODE64BIT     0x04ULL
+#define SGX_FLAGS_PROVISION_KEY 0x10ULL
+#define SGX_FLAGS_LICENSE_KEY   0x20ULL
 
-#define SGX_MISCSELECT_EXINFO    0x01UL
+#define SGX_XFRM_LEGACY         0x03ULL
+#define SGX_XFRM_AVX            0x06ULL
+#define SGX_XFRM_MPX            0x18ULL
+#define SGX_XFRM_AVX512         0xe6ULL
+
+#define SGX_MISCSELECT_EXINFO   0x01UL
 
 typedef struct {
-    uint64_t size, baseaddr;
-    uint32_t ssaframesize;
-    uint32_t miscselect;
-    uint8_t  reserved[24];
-    sgx_arch_attributes_t attributes;
-    sgx_arch_hash_t mrenclave;
-    uint8_t  reserved2[32];
-    sgx_arch_hash_t mrsigner;
-    uint8_t  reserved3[96];
-    uint16_t isvprodid, isvsvn;
-    uint8_t  reserved4[3836];
+    uint64_t          size;
+    uint64_t          base;
+    uint32_t          ssa_frame_size;
+    sgx_misc_select_t misc_select;
+    uint8_t           reserved1[24];
+    sgx_attributes_t  attributes;
+    sgx_measurement_t mr_enclave;
+    uint8_t           reserved2[32];
+    sgx_measurement_t mr_signer;
+    uint8_t           reserved3[32];
+    sgx_config_id_t   config_id;
+    sgx_prod_id_t     isv_prod_id;
+    sgx_isv_svn_t     isv_svn;
+    sgx_config_svn_t  config_svn;
+    uint8_t           reserved4[3834];
 } sgx_arch_secs_t;
 
 typedef struct {
-    uint64_t reserved;
+    uint64_t reserved0;
     uint64_t flags;
     uint64_t ossa;
     uint32_t cssa;
     uint32_t nssa;
     uint64_t oentry;
-    uint64_t reserved2;
-    uint64_t ofsbasgx;
-    uint64_t ogsbasgx;
-    uint32_t fslimit;
-    uint32_t gslimit;
+    uint64_t reserved1;
+    uint64_t ofs_base;
+    uint64_t ogs_base;
+    uint32_t ofs_limit;
+    uint32_t ogs_limit;
     uint8_t  reserved3[4024];
 } sgx_arch_tcs_t;
+static_assert(sizeof(sgx_arch_tcs_t) == 4096, "incorrect struct size");
 
-#define TCS_FLAGS_DBGOPTIN   (01ULL)
+#define TCS_FLAGS_DBGOPTIN (01ULL)
 
 typedef struct {
     uint64_t rax;
@@ -103,7 +141,7 @@ typedef struct {
     uint32_t reserved;
     uint64_t fsbase;
     uint64_t gsbase;
-} sgx_arch_gpr_t;
+} sgx_pal_gpr_t;
 
 typedef struct {
     uint64_t rax;
@@ -124,21 +162,21 @@ typedef struct {
     uint64_t r15;
     uint64_t rflags;
     uint64_t rip;
-} sgx_context_t;
+} sgx_cpu_context_t;
 
 // Required by _restore_sgx_context, see enclave_entry.S.
-static_assert(offsetof(sgx_context_t, rip) - offsetof(sgx_context_t, rflags) ==
-              sizeof(((sgx_context_t) {0}).rflags),
-              "rip must be directly after rflags in sgx_context_t");
-static_assert(offsetof(sgx_context_t, rflags) - offsetof(sgx_context_t, rdi) <= RED_ZONE_SIZE,
-              "rdi needs to be within red zone distance from rflags");
+static_assert(offsetof(sgx_cpu_context_t, rip) - offsetof(sgx_cpu_context_t, rflags) ==
+               sizeof(((sgx_cpu_context_t) {0}).rflags),
+               "rip must be directly after rflags in sgx_cpu_context_t");
+static_assert(offsetof(sgx_cpu_context_t, rflags) - offsetof(sgx_cpu_context_t, rdi) <= RED_ZONE_SIZE,
+               "rdi needs to be within red zone distance from rflags");
 
 typedef struct {
     uint32_t vector:8;
-    uint32_t type:3;
+    uint32_t exit_type:3;
     uint32_t reserved:20;
     uint32_t valid:1;
-} sgx_arch_exitinfo_t;
+} sgx_arch_exit_info_t;
 
 #define SGX_EXCEPTION_HARDWARE      3UL
 #define SGX_EXCEPTION_SOFTWARE      6UL
@@ -153,16 +191,16 @@ typedef struct {
 #define SGX_EXCEPTION_VECTOR_XM    19UL  /* Any SIMD floating-point exceptions */
 
 typedef struct {
-    uint64_t linaddr;
-    uint64_t srcpge;
-    uint64_t secinfo;
+    uint64_t lin_addr;
+    uint64_t src_pge;
+    uint64_t sec_info;
     uint64_t secs;
-} sgx_arch_pageinfo_t;
+} sgx_arch_page_info_t;
 
 typedef struct {
     uint64_t flags;
-    uint8_t  reserved[56];
-} sgx_arch_secinfo_t;
+    uint64_t reserved[7];
+} sgx_arch_sec_info_t;
 
 #define SGX_SECINFO_FLAGS_R             0x001
 #define SGX_SECINFO_FLAGS_W             0x002
@@ -171,100 +209,141 @@ typedef struct {
 #define SGX_SECINFO_FLAGS_TCS           0x100
 #define SGX_SECINFO_FLAGS_REG           0x200
 
-typedef struct {
-    /* header part (signed) */
-    uint32_t header[4], vendor;
+typedef struct _css_header_t {
+    uint8_t  header[12];
+    uint32_t type;
+    uint32_t module_vendor;
     uint32_t date;
-    uint32_t header2[4];
-    uint32_t swdefined;
-    uint8_t  reserved1[84];
-
-    /* key part (unsigned) */
-    sgx_arch_key_t modulus;
-    uint32_t exponent;
-    sgx_arch_key_t signature;
-
-    /* body part (signed) */
-    uint32_t miscselect, miscselect_mask;
-    uint8_t  reserved2[20];
-    sgx_arch_attributes_t attributes, attribute_mask;
-    sgx_arch_hash_t enclave_hash;
-    uint8_t  reserved3[32];
-    uint16_t isvprodid, isvsvn;
-
-    /* tail part (unsigned) */
-    uint8_t  reserved4[12];
-    sgx_arch_key_t q1, q2;
-} __attribute__((packed)) sgx_arch_sigstruct_t;
-
-typedef struct {
-    uint32_t valid;
-    uint8_t  reserved[44];
-    sgx_arch_attributes_t attributes;
-    sgx_arch_hash_t mrenclave;
-    uint8_t  reserved2[32];
-    sgx_arch_hash_t mrsigner;
-    uint8_t  reserved3[32];
-    uint64_t cpusvnle[2];
-    uint16_t isvprodidle, isvsvnle;
-    uint8_t  reserved4[24];
-    uint32_t miscselect_mask;
-    sgx_arch_attributes_t attribute_mask;
-    sgx_arch_hash_t keyid;
-    sgx_arch_mac_t mac;
-} __attribute__((packed)) sgx_arch_token_t;
-
-typedef uint8_t sgx_arch_report_data_t[64];
-
-#define __sgx_mem_aligned __attribute__((aligned(512)))
+    uint8_t  header2[16];
+    uint32_t hw_version;
+    uint8_t  reserved[84];
+} css_header_t;
+static_assert(sizeof(css_header_t) == 128, "incorrect struct size");
+
+typedef struct _css_key_t {
+    uint8_t modulus[SE_KEY_SIZE];
+    uint8_t exponent[SE_EXPONENT_SIZE];
+    uint8_t signature[SE_KEY_SIZE];
+} css_key_t;
+static_assert(sizeof(css_key_t) == 772, "incorrect struct size");
+
+typedef struct _css_body_t {
+    sgx_misc_select_t    misc_select;
+    sgx_misc_select_t    misc_mask;
+    uint8_t              reserved[4];
+    sgx_isvfamily_id_t   isv_family_id;
+    sgx_attributes_t     attributes;
+    sgx_attributes_t     attribute_mask;
+    sgx_measurement_t    enclave_hash;
+    uint8_t              reserved2[16];
+    sgx_isvext_prod_id_t isvext_prod_id;
+    uint16_t             isv_prod_id;
+    uint16_t             isv_svn;
+} css_body_t;
+static_assert(sizeof(css_body_t) == 128, "incorrect struct size");
+
+typedef struct _css_buffer_t {
+    uint8_t reserved[12];
+    uint8_t q1[SE_KEY_SIZE];
+    uint8_t q2[SE_KEY_SIZE];
+} css_buffer_t;
+static_assert(sizeof(css_buffer_t) == 780, "incorrect struct size");
+
+typedef struct _enclave_css_t {
+    css_header_t header;
+    css_key_t    key;
+    css_body_t   body;
+    css_buffer_t buffer;
+} sgx_arch_enclave_css_t;
+static_assert(sizeof(sgx_arch_enclave_css_t) == 1808, "incorrect struct size");
+
+typedef struct _sgx_key_id_t {
+    uint8_t id[SGX_KEYID_SIZE];
+} sgx_key_id_t;
 
 typedef struct {
-    uint64_t cpusvn[2];
-    uint32_t miscselect;
-    uint8_t  reserved[28];
-    sgx_arch_attributes_t attributes;
-    sgx_arch_hash_t mrenclave;
-    uint8_t  reserved2[32];
-    sgx_arch_hash_t mrsigner;
-    uint8_t  reserved3[96];
-    uint16_t isvprodid, isvsvn;
-    uint8_t  reserved4[60];
-    sgx_arch_report_data_t report_data;
-} __attribute__((packed)) sgx_arch_report_body_t;
+    uint32_t          valid;
+    uint32_t          reserved1[11];
+    sgx_attributes_t  attributes;
+    sgx_measurement_t mr_enclave;
+    uint8_t           reserved2[32];
+    sgx_measurement_t mr_signer;
+    uint8_t           reserved3[32];
+} launch_body_t;
 
 typedef struct {
-    sgx_arch_report_body_t body;
-    uint8_t  keyid[32];
-    sgx_arch_mac_t mac;
-} __attribute__((packed)) sgx_arch_report_t;
+    launch_body_t     body;
+    sgx_cpu_svn_t     cpu_svn_le;
+    sgx_prod_id_t     isv_prod_id_le;
+    sgx_isv_svn_t     isv_svn_le;
+    uint8_t           reserved2[24];
+    sgx_misc_select_t masked_misc_select_le;
+    sgx_attributes_t  attributes_le;
+    sgx_key_id_t      key_id;
+    sgx_mac_t         mac;
+} sgx_arch_token_t;
+
+typedef struct _sgx_report_data_t {
+    uint8_t d[SGX_REPORT_DATA_SIZE];
+} sgx_report_data_t;
 
-#define SGX_REPORT_SIGNED_SIZE  384
-#define SGX_REPORT_ACTUAL_SIZE  432
-
-typedef struct {
-    sgx_arch_hash_t mrenclave;
-    sgx_arch_attributes_t attributes;
-    uint8_t  reserved[4];
-    uint32_t miscselect;
-    uint8_t  reserved2[456];
-} __attribute__((packed)) sgx_arch_targetinfo_t;
-
-#define SGX_TARGETINFO_FILLED_SIZE  (sizeof(sgx_arch_hash_t) + \
-                                     sizeof(sgx_arch_attributes_t))
+#define __sgx_mem_aligned __attribute__((aligned(512)))
 
-typedef struct {
-    uint16_t keyname;
-    uint16_t keypolicy;
-    uint16_t isvsvn;
-    uint8_t  reserved[2];
-    uint64_t cpusvn[2];
-    sgx_arch_attributes_t attributes_mask;
-    uint8_t  keyid[32];
-    uint32_t miscmask;
-    uint8_t  reserved2[436];
-} __attribute__((packed)) sgx_arch_keyrequest_t;
-
-typedef uint8_t sgx_arch_key128_t[16];
+typedef struct _report_body_t {
+    sgx_cpu_svn_t     cpu_svn;
+    sgx_misc_select_t misc_select;
+    uint8_t           reserved1[28];
+    sgx_attributes_t  attributes;
+    sgx_measurement_t mr_enclave;
+    uint8_t           reserved2[32];
+    sgx_measurement_t mr_signer;
+    uint8_t           reserved3[96];
+    sgx_prod_id_t     isv_prod_id;
+    sgx_isv_svn_t     isv_svn;
+    uint8_t           reserved4[60];
+    sgx_report_data_t report_data;
+} sgx_report_body_t;
+
+typedef struct _report_t {
+    sgx_report_body_t body;
+    sgx_key_id_t      key_id;
+    sgx_mac_t         mac;
+} sgx_report_t;
+
+#define SGX_REPORT_SIGNED_SIZE 384
+#define SGX_REPORT_ACTUAL_SIZE 432
+
+typedef struct _target_info_t {
+    sgx_measurement_t mr_enclave;
+    sgx_attributes_t  attributes;
+    uint8_t           reserved1[2];
+    sgx_config_svn_t  config_svn;
+    sgx_misc_select_t misc_select;
+    uint8_t           reserved2[8];
+    sgx_config_id_t   config_id;
+    uint8_t           reserved3[384];
+} sgx_target_info_t;
+static_assert(sizeof(sgx_target_info_t) == 512, "incorrect struct size");
+
+typedef struct _key_request_t {
+    uint16_t          key_name;
+    uint16_t          key_policy;
+    sgx_isv_svn_t     isv_svn;
+    uint16_t          reserved1;
+    sgx_cpu_svn_t     cpu_svn;
+    sgx_attributes_t  attribute_mask;
+    sgx_key_id_t      key_id;
+    sgx_misc_select_t misc_mask;
+    sgx_config_svn_t  config_svn;
+    uint8_t           reserved2[434];
+    // struct is 512-bytes in size, alignment is required for EGETKEY
+} sgx_key_request_t;
+static_assert(sizeof(sgx_key_request_t) == 512, "incorrect struct size");
+
+#define SGX_TARGETINFO_FILLED_SIZE (sizeof(sgx_measurement_t) + \
+                                    sizeof(sgx_attributes_t))
+
+typedef uint8_t sgx_key_128bit_t[16];
 
 #define ENCLU ".byte 0x0f, 0x01, 0xd7"
 
@@ -305,4 +384,5 @@ typedef uint8_t sgx_arch_key128_t[16];
 
 #define RFLAGS_DF (1<<10)
 
+#pragma pack(pop)
 #endif /* SGX_ARCH_H */

Pal/src/host/Linux-SGX/sgx_attest.h

@@ -33,9 +33,9 @@ typedef struct {
 } __attribute__((packed)) sgx_quote_body_t;
 
 typedef struct {
-    sgx_quote_body_t       body;
-    sgx_arch_report_body_t report_body;
-    uint32_t               sig_len;
+    sgx_quote_body_t  body;
+    sgx_report_body_t report_body;
+    uint32_t          sig_len;
 } __attribute__((packed)) sgx_quote_t;
 
 typedef uint8_t sgx_spid_t[16];
@@ -54,19 +54,19 @@ enum {
 int init_trusted_platform(void);
 
 typedef struct {
-    sgx_arch_report_t qe_report;
-    sgx_quote_t*      quote;
-    size_t            quote_len;
-    char*             ias_report;
-    size_t            ias_report_len;
-    uint8_t*          ias_sig;
-    size_t            ias_sig_len;
-    char*             ias_certs;
-    size_t            ias_certs_len;
+    sgx_report_t qe_report;
+    sgx_quote_t* quote;
+    size_t       quote_len;
+    char*        ias_report;
+    size_t       ias_report_len;
+    uint8_t*     ias_sig;
+    size_t       ias_sig_len;
+    char*        ias_certs;
+    size_t       ias_certs_len;
 } __attribute__((packed)) sgx_attestation_t;
 
 int sgx_verify_platform(sgx_spid_t* spid, const char* subkey, sgx_quote_nonce_t* nonce,
-                        sgx_arch_report_data_t* report_data, bool linkable,
+                        sgx_report_data_t* report_data, bool linkable,
                         bool accept_group_out_of_date, sgx_attestation_t* ret_attestation,
                         char** ret_ias_status, char** ret_ias_timestamp);
 

Pal/src/host/Linux-SGX/sgx_framework.c

@@ -1,3 +1,4 @@
+#include <hex.h>
 #include <pal_linux.h>
 #include <pal_rtld.h>
 #include "sgx_internal.h"
@@ -52,17 +53,22 @@ int read_enclave_token(int token_file, sgx_arch_token_t * token)
         return -ERRNO(bytes);
 
     SGX_DBG(DBG_I, "read token:\n");
-    SGX_DBG(DBG_I, "    valid:        0x%08x\n", token->valid);
-    SGX_DBG(DBG_I, "    attr:         0x%016lx\n", token->attributes.flags);
-    SGX_DBG(DBG_I, "    xfrm:         0x%016lx\n", token->attributes.xfrm);
-    SGX_DBG(DBG_I, "    miscmask:     0x%08x\n",   token->miscselect_mask);
-    SGX_DBG(DBG_I, "    attr_mask:    0x%016lx\n", token->attribute_mask.flags);
-    SGX_DBG(DBG_I, "    xfrm_mask:    0x%016lx\n", token->attribute_mask.xfrm);
+    SGX_DBG(DBG_I, "    valid:                 0x%08x\n",   token->body.valid);
+    SGX_DBG(DBG_I, "    attr.flags:            0x%016lx\n", token->body.attributes.flags);
+    SGX_DBG(DBG_I, "    attr.xfrm:             0x%016lx\n", token->body.attributes.xfrm);
+    SGX_DBG(DBG_I, "    mr_enclave:            %s\n", ALLOCA_BYTES2HEXSTR(token->body.mr_enclave.m));
+    SGX_DBG(DBG_I, "    mr_signer:             %s\n", ALLOCA_BYTES2HEXSTR(token->body.mr_signer.m));
+    SGX_DBG(DBG_I, "    LE cpu_svn:            %s\n", ALLOCA_BYTES2HEXSTR(token->cpu_svn_le.svn));
+    SGX_DBG(DBG_I, "    LE isv_prod_id:        %02x\n", token->isv_prod_id_le);
+    SGX_DBG(DBG_I, "    LE isv_svn:            %02x\n", token->isv_svn_le);
+    SGX_DBG(DBG_I, "    LE masked_misc_select: 0x%08x\n",   token->masked_misc_select_le);
+    SGX_DBG(DBG_I, "    LE attr.flags:         0x%016lx\n", token->attributes_le.flags);
+    SGX_DBG(DBG_I, "    LE attr.xfrm:          0x%016lx\n", token->attributes_le.xfrm);
 
     return 0;
 }
 
-int read_enclave_sigstruct(int sigfile, sgx_arch_sigstruct_t * sig)
+int read_enclave_sigstruct(int sigfile, sgx_arch_enclave_css_t * sig)
 {
     struct stat stat;
     int ret;
@@ -70,12 +76,12 @@ int read_enclave_sigstruct(int sigfile, sgx_arch_sigstruct_t * sig)
     if (IS_ERR(ret))
         return -ERRNO(ret);
 
-    if ((size_t)stat.st_size != sizeof(sgx_arch_sigstruct_t)) {
+    if ((size_t)stat.st_size != sizeof(sgx_arch_enclave_css_t)) {
         SGX_DBG(DBG_I, "size of sigstruct size does not match\n");
         return -EINVAL;
     }
 
-    int bytes = INLINE_SYSCALL(read, 3, sigfile, sig, sizeof(sgx_arch_sigstruct_t));
+    int bytes = INLINE_SYSCALL(read, 3, sigfile, sig, sizeof(sgx_arch_enclave_css_t));
     if (IS_ERR(bytes))
         return -ERRNO(bytes);
 
@@ -111,7 +117,7 @@ static size_t get_ssaframesize (uint64_t xfrm)
                 xsave_size = cpuinfo[0] + cpuinfo[1];
         }
 
-    return ALLOC_ALIGNUP(xsave_size + sizeof(sgx_arch_gpr_t) + 1);
+    return ALLOC_ALIGNUP(xsave_size + sizeof(sgx_pal_gpr_t) + 1);
 }
 
 bool is_wrfsbase_supported (void)
@@ -149,29 +155,28 @@ int create_enclave(sgx_arch_secs_t * secs,
     secs->size = pagesize;
     while (secs->size < size)
         secs->size <<= 1;
-    secs->ssaframesize = get_ssaframesize(token->attributes.xfrm) / pagesize;
-    secs->miscselect = token->miscselect_mask;
-    memcpy(&secs->attributes, &token->attributes,
-           sizeof(sgx_arch_attributes_t));
+    secs->ssa_frame_size = get_ssaframesize(token->body.attributes.xfrm) / pagesize;
+    secs->misc_select = token->masked_misc_select_le;
+    memcpy(&secs->attributes, &token->body.attributes, sizeof(sgx_attributes_t));
 
     // Enable AVX and AVX512
     // [2019-09-18] TODO(dep): This alone is not enough to get the fully optional behavior we will want.
     // Leave this here for future work in another PR
     // secs->attributes.xfrm |= SGX_XFRM_AVX;
 
-    /* Do not initialize secs->mrsigner and secs->mrenclave here as they are
-     * not used by ECREATE to populate the internal SECS. SECS's mrenclave is
-     * computed dynamically and SECS's mrsigner is populated based on the
+    /* Do not initialize secs->mr_signer and secs->mr_enclave here as they are
+     * not used by ECREATE to populate the internal SECS. SECS's mr_enclave is
+     * computed dynamically and SECS's mr_signer is populated based on the
      * SIGSTRUCT during EINIT (see pp21 for ECREATE and pp34 for
      * EINIT in https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf). */
 
     if (baseaddr) {
-        secs->baseaddr = (uint64_t) baseaddr & ~(secs->size - 1);
+        secs->base = (uint64_t) baseaddr & ~(secs->size - 1);
     } else {
-        secs->baseaddr = ENCLAVE_HIGH_ADDRESS;
+        secs->base = ENCLAVE_HIGH_ADDRESS;
     }
 
-    uint64_t addr = INLINE_SYSCALL(mmap, 6, secs->baseaddr, secs->size,
+    uint64_t addr = INLINE_SYSCALL(mmap, 6, secs->base, secs->size,
                                    PROT_READ|PROT_WRITE|PROT_EXEC,
                                    flags|MAP_FIXED, isgx_device, 0);
 
@@ -185,7 +190,7 @@ int create_enclave(sgx_arch_secs_t * secs,
         return -ENOMEM;
     }
 
-    secs->baseaddr = addr;
+    secs->base = addr;
 
 #if SDK_DRIVER_VERSION >= KERNEL_VERSION(1, 8, 0)
     struct sgx_enclave_create param = {
@@ -214,14 +219,14 @@ int create_enclave(sgx_arch_secs_t * secs,
     secs->attributes.flags |= SGX_FLAGS_INITIALIZED;
 
     SGX_DBG(DBG_I, "enclave created:\n");
-    SGX_DBG(DBG_I, "    base:         0x%016lx\n", secs->baseaddr);
-    SGX_DBG(DBG_I, "    size:         0x%016lx\n", secs->size);
-    SGX_DBG(DBG_I, "    miscselect:   0x%08x\n",   secs->miscselect);
-    SGX_DBG(DBG_I, "    attr:         0x%016lx\n", secs->attributes.flags);
-    SGX_DBG(DBG_I, "    xfrm:         0x%016lx\n", secs->attributes.xfrm);
-    SGX_DBG(DBG_I, "    ssaframesize: %d\n",       secs->ssaframesize);
-    SGX_DBG(DBG_I, "    isvprodid:    0x%08x\n",   secs->isvprodid);
-    SGX_DBG(DBG_I, "    isvsvn:       0x%08x\n",   secs->isvsvn);
+    SGX_DBG(DBG_I, "    base:           0x%016lx\n", secs->base);
+    SGX_DBG(DBG_I, "    size:           0x%016lx\n", secs->size);
+    SGX_DBG(DBG_I, "    misc_select:    0x%08x\n",   secs->misc_select);
+    SGX_DBG(DBG_I, "    attr.flags:     0x%016lx\n", secs->attributes.flags);
+    SGX_DBG(DBG_I, "    attr.xfrm:      0x%016lx\n", secs->attributes.xfrm);
+    SGX_DBG(DBG_I, "    ssa_frame_size: %d\n",       secs->ssa_frame_size);
+    SGX_DBG(DBG_I, "    isv_prod_id:    0x%08x\n",   secs->isv_prod_id);
+    SGX_DBG(DBG_I, "    isv_svn:        0x%08x\n",   secs->isv_svn);
 
     return 0;
 }
@@ -233,10 +238,10 @@ int add_pages_to_enclave(sgx_arch_secs_t * secs,
                          bool skip_eextend,
                          const char * comment)
 {
-    sgx_arch_secinfo_t secinfo;
+    sgx_arch_sec_info_t secinfo;
     int ret;
 
-    memset(&secinfo, 0, sizeof(sgx_arch_secinfo_t));
+    memset(&secinfo, 0, sizeof(sgx_arch_sec_info_t));
 
     switch (type) {
         case SGX_PAGE_SECS:
@@ -278,7 +283,7 @@ int add_pages_to_enclave(sgx_arch_secs_t * secs,
 
 #if SDK_DRIVER_VERSION >= KERNEL_VERSION(1, 8, 0)
     struct sgx_enclave_add_page param = {
-        .addr       = secs->baseaddr + (uint64_t) addr,
+        .addr       = secs->base + (uint64_t) addr,
         .src        = (uint64_t) (user_addr ? : zero_page),
         .secinfo    = (uint64_t) &secinfo,
         .mrmask     = skip_eextend ? 0 : (uint16_t) -1,
@@ -324,17 +329,17 @@ int add_pages_to_enclave(sgx_arch_secs_t * secs,
 }
 
 int init_enclave(sgx_arch_secs_t * secs,
-                 sgx_arch_sigstruct_t * sigstruct,
+                 sgx_arch_enclave_css_t * sigstruct,
                  sgx_arch_token_t * token)
 {
     unsigned long enclave_valid_addr =
-                secs->baseaddr + secs->size - pagesize;
+                secs->base + secs->size - pagesize;
 
     SGX_DBG(DBG_I, "enclave initializing:\n");
     SGX_DBG(DBG_I, "    enclave id:   0x%016lx\n", enclave_valid_addr);
     SGX_DBG(DBG_I, "    enclave hash:");
-    for (size_t i = 0 ; i < sizeof(sgx_arch_hash_t) ; i++)
-        SGX_DBG(DBG_I, " %02x", sigstruct->enclave_hash[i]);
+    for (size_t i = 0 ; i < sizeof(sgx_measurement_t) ; i++)
+        SGX_DBG(DBG_I, " %02x", sigstruct->body.enclave_hash.m[i]);
     SGX_DBG(DBG_I, "\n");
 
 #if SDK_DRIVER_VERSION >= KERNEL_VERSION(1, 8, 0)

Pal/src/host/Linux-SGX/sgx_internal.h

@@ -83,7 +83,7 @@ int open_gsgx (void);
 bool is_wrfsbase_supported (void);
 
 int read_enclave_token (int token_file, sgx_arch_token_t * token);
-int read_enclave_sigstruct (int sigfile, sgx_arch_sigstruct_t * sig);
+int read_enclave_sigstruct (int sigfile, sgx_arch_enclave_css_t * sig);
 
 int create_enclave(sgx_arch_secs_t * secs,
                    unsigned long base,
@@ -98,14 +98,14 @@ int add_pages_to_enclave(sgx_arch_secs_t * secs,
                          bool skip_eextend,
                          const char * comment);
 
-int init_aesm_targetinfo(sgx_arch_targetinfo_t* aesm_targetinfo);
+int init_aesm_targetinfo(sgx_target_info_t* aesm_targetinfo);
 
 int retrieve_verified_quote(const sgx_spid_t* spid, const char* subkey, bool linkable,
-                            const sgx_arch_report_t* report, const sgx_quote_nonce_t* nonce,
+                            const sgx_report_t* report, const sgx_quote_nonce_t* nonce,
                             sgx_attestation_t* attestation);
 
 int init_enclave(sgx_arch_secs_t * secs,
-                 sgx_arch_sigstruct_t * sigstruct,
+                 sgx_arch_enclave_css_t * sigstruct,
                  sgx_arch_token_t * token);
 
 int destroy_enclave(void * base_addr, size_t length);

Pal/src/host/Linux-SGX/sgx_main.c

@@ -229,13 +229,13 @@ int initialize_enclave (struct pal_enclave * enclave)
 {
     int ret = 0;
 
-    int                  enclave_image = -1;
-    sgx_arch_token_t     enclave_token;
-    sgx_arch_sigstruct_t enclave_sigstruct;
-    sgx_arch_secs_t      enclave_secs;
-    unsigned long        enclave_entry_addr;
-    void *               tcs_addrs[MAX_DBG_THREADS];
-    unsigned long        heap_min = DEFAULT_HEAP_MIN;
+    int                    enclave_image = -1;
+    sgx_arch_token_t       enclave_token;
+    sgx_arch_enclave_css_t enclave_sigstruct;
+    sgx_arch_secs_t        enclave_secs;
+    unsigned long          enclave_entry_addr;
+    void*                  tcs_addrs[MAX_DBG_THREADS];
+    unsigned long          heap_min = DEFAULT_HEAP_MIN;
 
     enclave_image = INLINE_SYSCALL(open, 3, ENCLAVE_FILENAME, O_RDONLY, 0);
     if (IS_ERR(enclave_image)) {
@@ -297,9 +297,9 @@ int initialize_enclave (struct pal_enclave * enclave)
         goto out;
     }
 
-    enclave->baseaddr = enclave_secs.baseaddr;
+    enclave->baseaddr = enclave_secs.base;
     enclave->size = enclave_secs.size;
-    enclave->ssaframesize = enclave_secs.ssaframesize * pagesize;
+    enclave->ssaframesize = enclave_secs.ssa_frame_size * pagesize;
 
     struct stat stat;
     ret = INLINE_SYSCALL(fstat, 2, enclave->manifest, &stat);
@@ -465,21 +465,21 @@ int initialize_enclave (struct pal_enclave * enclave)
                 memset(gs, 0, pagesize);
                 assert(sizeof(*gs) <= pagesize);
                 gs->common.self = (PAL_TCB *)(
-                    tls_area->addr + pagesize * t + enclave_secs.baseaddr);
+                    tls_area->addr + pagesize * t + enclave_secs.base);
                 gs->enclave_size = enclave->size;
                 gs->tcs_offset = tcs_area->addr + pagesize * t;
                 gs->initial_stack_offset =
                     stack_areas[t].addr + ENCLAVE_STACK_SIZE;
                 gs->ssa = (void *) ssa_area->addr +
                     enclave->ssaframesize * SSAFRAMENUM * t +
-                    enclave_secs.baseaddr;
+                    enclave_secs.base;
                 gs->gpr = gs->ssa +
-                    enclave->ssaframesize - sizeof(sgx_arch_gpr_t);
+                    enclave->ssaframesize - sizeof(sgx_pal_gpr_t);
                 gs->manifest_size = manifest_size;
-                gs->heap_min = (void *) enclave_secs.baseaddr + heap_min;
-                gs->heap_max = (void *) enclave_secs.baseaddr + pal_area->addr - MEMORY_GAP;
+                gs->heap_min = (void *) enclave_secs.base + heap_min;
+                gs->heap_max = (void *) enclave_secs.base + pal_area->addr - MEMORY_GAP;
                 if (exec_area) {
-                    gs->exec_addr = (void *) enclave_secs.baseaddr + exec_area->addr;
+                    gs->exec_addr = (void *) enclave_secs.base + exec_area->addr;
                     gs->exec_size = exec_area->size;
                 }
                 gs->thread = NULL;
@@ -501,12 +501,11 @@ int initialize_enclave (struct pal_enclave * enclave)
                     enclave->ssaframesize * SSAFRAMENUM * t;
                 tcs->nssa = SSAFRAMENUM;
                 tcs->oentry = enclave_entry_addr;
-                tcs->ofsbasgx = 0;
-                tcs->ogsbasgx = tls_area->addr + t * pagesize;
-                tcs->fslimit = 0xfff;
-                tcs->gslimit = 0xfff;
-                tcs_addrs[t] = (void *) enclave_secs.baseaddr + tcs_area->addr
-                    + pagesize * t;
+                tcs->ofs_base = 0;
+                tcs->ogs_base = tls_area->addr + t * pagesize;
+                tcs->ofs_limit = 0xfff;
+                tcs->ogs_limit = 0xfff;
+                tcs_addrs[t] = (void *) enclave_secs.base + tcs_area->addr + pagesize * t;
             }
         } else if (areas[i].fd != -1) {
             data = (void *) INLINE_SYSCALL(mmap, 6, NULL, areas[i].size,
@@ -538,8 +537,7 @@ int initialize_enclave (struct pal_enclave * enclave)
         goto out;
     }
 
-    create_tcs_mapper((void *) enclave_secs.baseaddr + tcs_area->addr,
-                      enclave->thread_num);
+    create_tcs_mapper((void *) enclave_secs.base + tcs_area->addr, enclave->thread_num);
 
     struct enclave_dbginfo * dbg = (void *)
             INLINE_SYSCALL(mmap, 6, DBGINFO_ADDR,

Pal/src/host/Linux-SGX/sgx_platform.c

@@ -110,7 +110,7 @@ err:
 }
 
 // Retrieve the targetinfo for the AESM enclave for generating the local attestation report.
-int init_aesm_targetinfo(sgx_arch_targetinfo_t* aesm_targetinfo) {
+int init_aesm_targetinfo(sgx_target_info_t* aesm_targetinfo) {
 
     Request req = REQUEST__INIT;
     Request__InitQuoteRequest initreq = REQUEST__INIT_QUOTE_REQUEST__INIT;
@@ -407,7 +407,7 @@ failed:
  * @attestation: A structure for storing the response from the AESM service and the IAS.
  */
 int retrieve_verified_quote(const sgx_spid_t* spid, const char* subkey, bool linkable,
-                            const sgx_arch_report_t* report, const sgx_quote_nonce_t* nonce,
+                            const sgx_report_t* report, const sgx_quote_nonce_t* nonce,
                             sgx_attestation_t* attestation) {
 
     int ret = connect_aesm_service();
@@ -469,7 +469,7 @@ int retrieve_verified_quote(const sgx_spid_t* spid, const char* subkey, bool lin
         goto failed;
     }
 
-    memcpy(&attestation->qe_report, r->qe_report.data, sizeof(sgx_arch_report_t));
+    memcpy(&attestation->qe_report, r->qe_report.data, sizeof(sgx_report_t));
     response__free_unpacked(res, NULL);
     return 0;
 

Pal/src/host/Linux-SGX/sgx_tls.h

@@ -18,7 +18,7 @@ struct enclave_tls {
         uint64_t initial_stack_offset;
         void*    ecall_return_addr;
         void*    ssa;
-        sgx_arch_gpr_t* gpr;
+        sgx_pal_gpr_t* gpr;
         void*    exit_target;
         void*    fsbase;
         void*    stack;

Pal/src/host/Linux-SGX/signer/pal-sgx-get-token

@@ -15,21 +15,20 @@ from generated_offsets import *
 def read_sigstruct(sig):
     """Reading Sigstruct."""
     # field format: (offset, type, value)
-    # SGX_ARCH_SIGSTRUCT_
+    # SGX_ARCH_ENCLAVE_CSS_
     fields = {
-        'date': (SGX_ARCH_SIGSTRUCT_DATE, "<HBB", 'year', 'month', 'day'),
-        'modulus': (SGX_ARCH_SIGSTRUCT_MODULUS, "384s", 'modulus'),
-        'exponent': (SGX_ARCH_SIGSTRUCT_EXPONENT, "<L", 'exponent'),
-        'signature': (SGX_ARCH_SIGSTRUCT_SIGNATURE, "384s", 'signature'),
-
-        'miscs': (SGX_ARCH_SIGSTRUCT_MISCSELECT, "4s", 'miscs'),
-        'miscmask': (SGX_ARCH_SIGSTRUCT_MISCSELECT_MASK, "4s", 'miscmask'),
-        'attrs': (SGX_ARCH_SIGSTRUCT_ATTRIBUTES, "8s8s", 'flags', 'xfrms'),
-        'attrmask': (SGX_ARCH_SIGSTRUCT_ATTRIBUTES_MASK,
-                     "8s8s", 'flagmask', 'xfrmmask'),
-        'mrenclave': (SGX_ARCH_SIGSTRUCT_ENCLAVE_HASH, "32s", 'mrenclave'),
-        'isvprodid': (SGX_ARCH_SIGSTRUCT_ISVPRODID, "<H", 'isvprodid'),
-        'isvsvn': (SGX_ARCH_SIGSTRUCT_ISVSVN, "<H", 'isvsvn'),
+        'date': (SGX_ARCH_ENCLAVE_CSS_DATE, "<HBB", 'year', 'month', 'day'),
+        'modulus': (SGX_ARCH_ENCLAVE_CSS_MODULUS, "384s", 'modulus'),
+        'exponent': (SGX_ARCH_ENCLAVE_CSS_EXPONENT, "<L", 'exponent'),
+        'signature': (SGX_ARCH_ENCLAVE_CSS_SIGNATURE, "384s", 'signature'),
+
+        'misc_select': (SGX_ARCH_ENCLAVE_CSS_MISC_SELECT, "4s", 'misc_select'),
+        'misc_mask': (SGX_ARCH_ENCLAVE_CSS_MISC_MASK, "4s", 'misc_mask'),
+        'attributes': (SGX_ARCH_ENCLAVE_CSS_ATTRIBUTES, "8s8s", 'flags', 'xfrms'),
+        'attribute_mask': (SGX_ARCH_ENCLAVE_CSS_ATTRIBUTE_MASK, "8s8s", 'flag_mask', 'xfrm_mask'),
+        'enclave_hash': (SGX_ARCH_ENCLAVE_CSS_ENCLAVE_HASH, "32s", 'enclave_hash'),
+        'isv_prod_id': (SGX_ARCH_ENCLAVE_CSS_ISV_PROD_ID, "<H", 'isv_prod_id'),
+        'isv_svn': (SGX_ARCH_ENCLAVE_CSS_ISV_SVN, "<H", 'isv_svn'),
     }
 
     attr = dict()
@@ -46,7 +45,7 @@ def connect_aesmd(attr):
     """Connect with AESMD."""
 
     req_msg = aesm_pb2.GetTokenReq()
-    req_msg.req.signature = attr['mrenclave']
+    req_msg.req.signature = attr['enclave_hash']
     req_msg.req.key = attr['modulus']
     req_msg.req.attributes = attr['flags'] + attr['xfrms']
     req_msg.req.timeout = 10000
@@ -100,22 +99,17 @@ def main(args=None):
     attr = read_sigstruct(args.sig.read())
 
     print("Attributes:")
-    print("    mrenclave: %s" % attr['mrenclave'].hex())
-    print("    isvprodid: %d" % attr['isvprodid'])
-    print("    isvsvn:    %d" % attr['isvsvn'])
-    print("    flags:     %016x" % int.from_bytes(attr['flags'],
-                                                  byteorder='big'))
-    print("    xfrms:     %016x" % int.from_bytes(attr['xfrms'],
-                                                  byteorder='big'))
-    print("    miscs:     %08x" % int.from_bytes(attr['miscs'],
-                                                 byteorder='big'))
-    print("    miscmask:  %08x" % int.from_bytes(attr['miscmask'],
-                                                 byteorder='big'))
-    print("    modulus:   %s..." % attr['modulus'].hex()[:32])
-    print("    exponent:  %d" % attr['exponent'])
-    print("    signature: %s..." % attr['signature'].hex()[:32])
-    print("    date:      %d-%02d-%02d" % (attr['year'], attr['month'],
-                                           attr['day']))
+    print("    mr_enclave:  %s" % attr['enclave_hash'].hex())
+    print("    isv_prod_id: %d" % attr['isv_prod_id'])
+    print("    isv_svn:     %d" % attr['isv_svn'])
+    print("    attr.flags:  %016x" % int.from_bytes(attr['flags'], byteorder='big'))
+    print("    attr.xfrm:   %016x" % int.from_bytes(attr['xfrms'], byteorder='big'))
+    print("    misc_select: %08x" % int.from_bytes(attr['misc_select'], byteorder='big'))
+    print("    misc_mask:   %08x" % int.from_bytes(attr['misc_mask'], byteorder='big'))
+    print("    modulus:     %s..." % attr['modulus'].hex()[:32])
+    print("    exponent:    %d" % attr['exponent'])
+    print("    signature:   %s..." % attr['signature'].hex()[:32])
+    print("    date:        %d-%02d-%02d" % (attr['year'], attr['month'], attr['day']))
 
     token = connect_aesmd(attr)
     args.output.write(token)

Pal/src/host/Linux-SGX/signer/pal-sgx-sign

@@ -268,8 +268,8 @@ def get_trusted_children(manifest, check_exist=True, do_checksum=True):
             target += '.sig'
         if do_checksum:
             sig = open(target, 'rb').read()[
-                SGX_ARCH_SIGSTRUCT_ENCLAVE_HASH:
-                SGX_ARCH_SIGSTRUCT_ENCLAVE_HASH + SGX_ARCH_HASH_SIZE].hex()
+                SGX_ARCH_ENCLAVE_CSS_ENCLAVE_HASH:
+                SGX_ARCH_ENCLAVE_CSS_ENCLAVE_HASH + SGX_HASH_SIZE].hex()
             targets[key] = (val, target, sig)
         else:
             targets[key] = (val, target)
@@ -455,9 +455,9 @@ def gen_area_content(attr, areas):
         set_tcs_field(t, TCS_NSSA, '<L', SSAFRAMENUM)
         set_tcs_field(t, TCS_OENTRY, '<Q',
                       pal_area.addr + entry_point(pal_area.file))
-        set_tcs_field(t, TCS_OGSBASGX, '<Q', tls_area.addr + PAGESIZE * t)
-        set_tcs_field(t, TCS_FSLIMIT, '<L', 0xfff)
-        set_tcs_field(t, TCS_GSLIMIT, '<L', 0xfff)
+        set_tcs_field(t, TCS_OGS_BASE, '<Q', tls_area.addr + PAGESIZE * t)
+        set_tcs_field(t, TCS_OFS_LIMIT, '<L', 0xfff)
+        set_tcs_field(t, TCS_OGS_LIMIT, '<L', 0xfff)
 
         set_tls_field(t, SGX_COMMON_SELF,
                       tls_area.addr + PAGESIZE * t + baseaddr())
@@ -653,32 +653,29 @@ def generate_sigstruct(attr, args, mrenclave):
     """Generate Sigstruct."""
     # field format: (offset, type, value)
     fields = {
-        'header': (SGX_ARCH_SIGSTRUCT_HEADER,
+        'header': (SGX_ARCH_ENCLAVE_CSS_HEADER,
                    "<4L", 0x00000006, 0x000000e1, 0x00010000, 0x00000000),
-        'vendor': (SGX_ARCH_SIGSTRUCT_VENDOR, "<L", 0x00000000),
-        'date': (SGX_ARCH_SIGSTRUCT_DATE,
-                 "<HBB", attr['year'], attr['month'], attr['day']),
-        'header2': (SGX_ARCH_SIGSTRUCT_HEADER2,
+        'module_vendor': (SGX_ARCH_ENCLAVE_CSS_MODULE_VENDOR, "<L", 0x00000000),
+        'date': (SGX_ARCH_ENCLAVE_CSS_DATE, "<HBB", attr['year'], attr['month'], attr['day']),
+        'header2': (SGX_ARCH_ENCLAVE_CSS_HEADER2,
                     "<4L", 0x00000101, 0x00000060, 0x00000060, 0x00000001),
-        'swdefined': (SGX_ARCH_SIGSTRUCT_SWDEFINED, "<L", 0x00000000),
-
-        'miscs': (SGX_ARCH_SIGSTRUCT_MISCSELECT, "4s", attr['miscs']),
-        'miscmask': (SGX_ARCH_SIGSTRUCT_MISCSELECT_MASK, "4s", attr['miscs']),
-        'attrs': (SGX_ARCH_SIGSTRUCT_ATTRIBUTES,
-                  "8s8s", attr['flags'], attr['xfrms']),
-        'attrmask': (SGX_ARCH_SIGSTRUCT_ATTRIBUTES_MASK,
-                     "8s8s", attr['flags'], attr['xfrms']),
-        'mrenclave': (SGX_ARCH_SIGSTRUCT_ENCLAVE_HASH, "32s", mrenclave),
-        'isvprodid': (SGX_ARCH_SIGSTRUCT_ISVPRODID, "<H", attr['isvprodid']),
-        'isvsvn': (SGX_ARCH_SIGSTRUCT_ISVSVN, "<H", attr['isvsvn']),
+        'hw_version': (SGX_ARCH_ENCLAVE_CSS_HW_VERSION, "<L", 0x00000000),
+        'misc_select': (SGX_ARCH_ENCLAVE_CSS_MISC_SELECT, "4s", attr['misc_select']),
+        'misc_mask': (SGX_ARCH_ENCLAVE_CSS_MISC_MASK, "4s", attr['misc_select']),
+        'attributes': (SGX_ARCH_ENCLAVE_CSS_ATTRIBUTES, "8s8s", attr['flags'], attr['xfrms']),
+        'attribute_mask': (SGX_ARCH_ENCLAVE_CSS_ATTRIBUTE_MASK,
+                           "8s8s", attr['flags'], attr['xfrms']),
+        'enclave_hash': (SGX_ARCH_ENCLAVE_CSS_ENCLAVE_HASH, "32s", mrenclave),
+        'isv_prod_id': (SGX_ARCH_ENCLAVE_CSS_ISV_PROD_ID, "<H", attr['isv_prod_id']),
+        'isv_svn': (SGX_ARCH_ENCLAVE_CSS_ISV_SVN, "<H", attr['isv_svn']),
     }
 
     sign_buffer = bytearray(128 + 128)
 
     for field in fields.values():
-        if field[0] >= SGX_ARCH_SIGSTRUCT_MISCSELECT:
+        if field[0] >= SGX_ARCH_ENCLAVE_CSS_MISC_SELECT:
             struct.pack_into(field[1], sign_buffer,
-                             field[0] - SGX_ARCH_SIGSTRUCT_MISCSELECT + 128,
+                             field[0] - SGX_ARCH_ENCLAVE_CSS_MISC_SELECT + 128,
                              *field[2:])
         else:
             struct.pack_into(field[1], sign_buffer, field[0], *field[2:])
@@ -687,7 +684,7 @@ def generate_sigstruct(attr, args, mrenclave):
         ['openssl', 'rsa', '-modulus', '-in', args['key'], '-noout'],
         stdout=subprocess.PIPE)
     modulus_out = p.communicate()[0]
-    modulus = bytes.fromhex(modulus_out[8:8+SGX_ARCH_KEY_SIZE*2].decode())
+    modulus = bytes.fromhex(modulus_out[8:8+SE_KEY_SIZE*2].decode())
     modulus = bytes(reversed(modulus))
 
     p = subprocess.Popen(
@@ -708,15 +705,15 @@ def generate_sigstruct(attr, args, mrenclave):
     q2 = q2_int.to_bytes(384, byteorder='little')
 
     fields.update({
-        'modulus': (SGX_ARCH_SIGSTRUCT_MODULUS, "384s", modulus),
-        'exponent': (SGX_ARCH_SIGSTRUCT_EXPONENT, "<L", 3),
-        'signature': (SGX_ARCH_SIGSTRUCT_SIGNATURE, "384s", signature),
+        'modulus': (SGX_ARCH_ENCLAVE_CSS_MODULUS, "384s", modulus),
+        'exponent': (SGX_ARCH_ENCLAVE_CSS_EXPONENT, "<L", 3),
+        'signature': (SGX_ARCH_ENCLAVE_CSS_SIGNATURE, "384s", signature),
 
-        'q1': (SGX_ARCH_SIGSTRUCT_Q1, "384s", q1),
-        'q2': (SGX_ARCH_SIGSTRUCT_Q2, "384s", q2),
+        'q1': (SGX_ARCH_ENCLAVE_CSS_Q1, "384s", q1),
+        'q2': (SGX_ARCH_ENCLAVE_CSS_Q2, "384s", q2),
     })
 
-    buffer = bytearray(SGX_ARCH_SIGSTRUCT_SIZE)
+    buffer = bytearray(SGX_ARCH_ENCLAVE_CSS_SIZE)
 
     for field in fields.values():
         struct.pack_into(field[1], buffer, field[0], *field[2:])
@@ -785,16 +782,15 @@ def main_sign(args):
     def parse_int(s):
         return int(s, 0)
 
-    for key, default, parse in [
-            ('enclave_size', DEFAULT_ENCLAVE_SIZE, parse_size),
-            ('thread_num', str(DEFAULT_THREAD_NUM), parse_int),
-            ('isvprodid', '0', parse_int),
-            ('isvsvn', '0', parse_int),
+    for key, default, parse, attr_key in [
+            ('enclave_size', DEFAULT_ENCLAVE_SIZE, parse_size, 'enclave_size'),
+            ('thread_num', str(DEFAULT_THREAD_NUM), parse_int, 'thread_num'),
+            ('isvprodid', '0', parse_int, 'isv_prod_id'),
+            ('isvsvn', '0', parse_int, 'isv_svn'),
     ]:
-        attr[key] = parse(manifest.setdefault('sgx.' + key, default))
+        attr[attr_key] = parse(manifest.setdefault('sgx.' + key, default))
 
-    (attr['flags'], attr['xfrms'], attr['miscs']) = get_enclave_attributes(
-        manifest)
+    (attr['flags'], attr['xfrms'], attr['misc_select']) = get_enclave_attributes(manifest)
 
     today = datetime.date.today()
     attr['year'] = today.year
@@ -802,18 +798,14 @@ def main_sign(args):
     attr['day'] = today.day
 
     print("Attributes:")
-    print("    size:      %d" % attr['enclave_size'])
-    print("    threadnum: %d" % attr['thread_num'])
-    print("    isvprodid: %d" % attr['isvprodid'])
-    print("    isvsvn:    %d" % attr['isvsvn'])
-    print("    flags:     %016x" % int.from_bytes(attr['flags'],
-                                                  byteorder='big'))
-    print("    xfrms:     %016x" % int.from_bytes(attr['xfrms'],
-                                                  byteorder='big'))
-    print("    miscs:     %08x" % int.from_bytes(attr['miscs'],
-                                                 byteorder='big'))
-    print("    date:      %d-%02d-%02d" % (attr['year'], attr['month'],
-                                           attr['day']))
+    print("    size:        %d" % attr['enclave_size'])
+    print("    thread_num:  %d" % attr['thread_num'])
+    print("    isv_prod_id: %d" % attr['isv_prod_id'])
+    print("    isv_svn:     %d" % attr['isv_svn'])
+    print("    attr.flags:  %016x" % int.from_bytes(attr['flags'], byteorder='big'))
+    print("    attr.xfrm:   %016x" % int.from_bytes(attr['xfrms'], byteorder='big'))
+    print("    misc_select: %08x" % int.from_bytes(attr['misc_select'], byteorder='big'))
+    print("    date:        %d-%02d-%02d" % (attr['year'], attr['month'], attr['day']))
 
     # Check client info for remote attestation
     # (if sgx.ra_client.spid is provided)