Skip to content

fix(verify): offline DCAP TDX quote verification (cmcp#370)#387

Draft
imran-siddique wants to merge 1 commit into
mainfrom
fix/verify-tdx-quote-370
Draft

fix(verify): offline DCAP TDX quote verification (cmcp#370)#387
imran-siddique wants to merge 1 commit into
mainfrom
fix/verify-tdx-quote-370

Conversation

@imran-siddique

Copy link
Copy Markdown
Contributor

Draft. TDX counterpart to the SNP work in #386, ready to validate the moment an Azure TDX quote fixture lands.

What this does (offline, fail-closed)

verify_tdx_quote() verifies: quote signature over header+body by the attestation key; the attestation key is bound into the QE report_data; the QE report is signed by the PCK leaf; and the PCK chain verifies to a caller-pinned Intel SGX root. PCK chain travels inside the quote, so no network at verify time. verify_tdx_measurement gains optional raw_quote + trusted_intel_root_pem and fails closed when they are supplied.

Honestly not done here

Tests

tests/unit/test_tdx_quote_verify.py: 4 pass (valid verifies; tampered quote sig fails closed; wrong pinned root fails closed; report_data mismatch fails), 1 skipped pending the real Azure TDX fixture.

Adds fail-closed, offline verification of an Intel TDX ECDSA v4 quote:
  1. quote signature over header+TD-report-body by the attestation key,
  2. attestation key bound into the QE report_data (SHA-256),
  3. QE report signed by the PCK leaf,
  4. PCK chain verified to a caller-pinned Intel SGX root.
The PCK chain travels inside the quote, so no network at verify time. TCB status
and QE identity need Intel PCS collateral by FMSPC and are left in
unverified_fields (this is not a full TCB appraisal).

verify_tdx_measurement gains optional raw_quote + trusted_intel_root_pem params;
when supplied it runs verify_tdx_quote and fails closed. Quote-layout offsets are
per the DCAP v4 spec and are exercised end to end by a synthetic-quote test;
a skipped test pins them (and the report_data offset for #371) against a real
Azure TDX fixture (capture-tdx-azure.sh).

Wiring the quote + pinned root through verify_trace_claim is deferred to avoid
colliding with the SNP PR (#386) signature change; done once #386 and the real
fixture land.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant