diff --git a/QuoteGeneration/quote_wrapper/servtd_attest/inc/servtd_com.h b/QuoteGeneration/quote_wrapper/servtd_attest/inc/servtd_com.h index 4e5f4aab..3edd5b98 100644 --- a/QuoteGeneration/quote_wrapper/servtd_attest/inc/servtd_com.h +++ b/QuoteGeneration/quote_wrapper/servtd_attest/inc/servtd_com.h @@ -82,8 +82,11 @@ struct servtd_tdx_quote_suppl_data { sgx_measurement_t mr_signer; /* 698 32 */ sgx_prod_id_t isv_prod_id; /* 730 2 */ sgx_isv_svn_t isv_svn; /* 732 2 */ - time_t tcb_date; /* 734 64 */ + time_t tcb_date; /* 734 64 */ /* Represents the effective TCB date, calculated as: min(platform_tcb_date, qe_tcb_date) */ char tcb_status[TCB_STATUS_LEN]; /* 798 32 */ + time_t platform_tcb_date; /* 830 64 */ + time_t qe_tcb_date; /* 894 64 */ + char qe_tcb_status[TCB_STATUS_LEN]; /* 958 32 */ }; static const unsigned SERVTD_HEADER_SIZE = 4; diff --git a/QuoteVerification/QvE/Enclave/qve.cpp b/QuoteVerification/QvE/Enclave/qve.cpp index eebabeb6..449a6879 100644 --- a/QuoteVerification/QvE/Enclave/qve.cpp +++ b/QuoteVerification/QvE/Enclave/qve.cpp @@ -62,6 +62,8 @@ #ifdef SERVTD_ATTEST #ifndef SGX_TRUSTED #define SGX_TRUSTED +#include "TimeUtils.h" +#include #endif #include "servtd_utils.h" #include "servtd_qve_utils.h" @@ -957,6 +959,18 @@ static quote3_error_t qve_get_collateral_dates(const CertificateChain* p_cert_ch } #ifdef SERVTD_ATTEST +constexpr const char* tcbStatusToString(TcbStatus status) +{ + switch (status) { + case TcbStatus::UpToDate: return "UpToDate"; + case TcbStatus::ConfigurationNeeded: return "ConfigurationNeeded"; + case TcbStatus::OutOfDate: return "OutOfDate"; + case TcbStatus::OutOfDateConfigurationNeeded: return "OutOfDateConfigurationNeeded"; + case TcbStatus::Revoked: return "Revoked"; + default: return "Unknown"; + } +} + /** * @brief Get the matching QE TCB level based on ISVSVN * @param enclaveIdentity The QE identity @@ -1050,7 +1064,7 @@ static quote3_error_t servtd_set_quote_supplemental_data( p_fmspc_size) != 0) { return SGX_QL_ERROR_UNEXPECTED; } - // get TCB date of TCB level in TCB Info + // get platform TCB date and TCB level in TCB Info // auto tcb = getMatchingTcbLevel(tcb_info_obj, pckCert, quote); auto tdx_svn = tcb.getTdxTcbComponents(); @@ -1067,16 +1081,38 @@ static quote3_error_t servtd_set_quote_supplemental_data( } } - p_servtd_suppl_data->tcb_date = tcb.getTcbDate(); + p_servtd_suppl_data->platform_tcb_date = tcb.getTcbDate(); auto st = tcb.getStatus(); - uint32_t len = st.length() + 1; + size_t len = st.length(); + + if (len > TCB_STATUS_LEN - 1) + return SGX_QL_ERROR_UNEXPECTED; + + std::copy_n(st.c_str(), len, p_servtd_suppl_data->tcb_status); + p_servtd_suppl_data->tcb_status[len] = '\0'; - if (len > TCB_STATUS_LEN) + // Get QE TCB date and TCB status + struct tm qe_date = qe_tcb_info.getTcbDate(); + p_servtd_suppl_data->qe_tcb_date = ::mktime(&qe_date); + if (p_servtd_suppl_data->qe_tcb_date == -1) { return SGX_QL_ERROR_UNEXPECTED; + } + + auto qe_st = qe_tcb_info.getTcbStatus(); + const char* qe_status_str = tcbStatusToString(qe_st); + size_t qe_status_len = strlen(qe_status_str); + + if (qe_status_len > TCB_STATUS_LEN - 1) { + return SGX_QL_ERROR_UNEXPECTED; + } + + std::copy_n(qe_status_str, qe_status_len, p_servtd_suppl_data->qe_tcb_status); + + p_servtd_suppl_data->qe_tcb_status[qe_status_len] = '\0'; - strncpy(p_servtd_suppl_data->tcb_status, st.c_str(), st.length()); - p_servtd_suppl_data->tcb_status[st.length()] = '\0'; + p_servtd_suppl_data->tcb_date = (p_servtd_suppl_data->platform_tcb_date < p_servtd_suppl_data->qe_tcb_date) ? + p_servtd_suppl_data->platform_tcb_date : p_servtd_suppl_data->qe_tcb_date; // Get Tdx Module major version p_servtd_suppl_data->tdx_module_major_ver = quote.getTeeTcbSvn()[1];