DCAP attestation - bail on non-up-to-date TCB status#46
Open
ameba23 wants to merge 3 commits into
Open
Conversation
ameba23
commented
Jun 1, 2026
| verifier.verify(&input, &collateral, now)?; | ||
| let verified_report = | ||
| verifier | ||
| .dangerous_verify_with_tcb_override(&input, &collateral, now, |tcb_info| tcb_info)?; |
Collaborator
Author
There was a problem hiding this comment.
This change is not strictly relevant to the PR, but just to ensure that the mock verifier uses the exact same method as the non-mock verifier.
Ruteri
approved these changes
Jun 2, 2026
| Ok(measurements) | ||
| } | ||
|
|
||
| fn ensure_up_to_date_tcb( |
There was a problem hiding this comment.
I'd drop a comment here that "revoked" status is rejected by qvl so this only removes the other two non-up-to-date statuses
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
During DCAP attestation verification, TCB status can have the following possible values:
dcap-qvl's verify function will reject an attestation if the status is 'Revoked' and succeed otherwise, giving us the status information and possible advisory IDs in theVerifiedReport.Out current policy is to log a warning if the status is not 'UpToDate' and proceed with success anyway.
This PR changes that behavior to bail with an error if the status is not 'UpToDate'.
This is the most conservative approach, but it could possibly mean that configurations are rejected which are considered safe by the cloud provider.
A possible alternative approach to this would be to check TCB status in our PCCS implementation, so out of date collateral is rejected before the point of attestation verification. But i think keeping it part of the attestation verifier is best, because it means it is not dependent on using our internal PCCS.
Note: It has been suggested to have a minimum time window for rejecting out of date TCB, so that providers have time to update before attestations are rejected. But i can't see a way we can get the date on which the TCB expired, without observing ourselves when attestations with the TCB are no longer accepted, which we could do as part of the PCCS implementation.
We do have access to various dates associated with collateral - but as far as i can see, none of these necessarily tell us when collateral became out of date:
tcbDate- is the date associated with the TCB level, not the expiry dateissueDateandnextUpdate- are the freshness window of the collateral document, not the TCB - so collateral with OutOfDate TCB status may still have anextUpdatedate in the future.