Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to verify TCB info #37

Closed
pegahnikbakht opened this issue Jan 22, 2024 · 2 comments
Closed

Failed to verify TCB info #37

pegahnikbakht opened this issue Jan 22, 2024 · 2 comments

Comments

@pegahnikbakht
Copy link

Hi,

I extracted an attestation report from googel TDX VM and tried to verified it with the following command:

./check -in report -inform textproto -get_collateral true -check_crl true

But I get the following error:
FATAL: could not verify the TDX Quote: TDX TCB info reported by Intel PCS failed TCB status check: SVN at index 1(0) in Tcb.TdxTcbcomponents is not equal to TD Quote Body's index 1(1) TEE TCB svn value

Do I miss anything?

If I remove -get_collateral true -check_crl true from the check command it works fine.
@jrjatin
Copy link
Collaborator

jrjatin commented Jan 22, 2024

It appears that TCB Info is not supported. When the get_collateral flag is set to true, it uses Intel's PCS API service to further verify quote data. You can refer to Intel's doc for more information: https://api.portal.trustedservices.intel.com/content/documentation.html#pcs-tcb-info-tdx-v4

@jrjatin
Copy link
Collaborator

jrjatin commented Feb 19, 2024
edited
Loading

#38
Please verify with these changes. This should fix the issue.

@jrjatin jrjatin closed this as completed Feb 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pegahnikbakht @jrjatin