search

canonical / tdx

Intel confidential computing - TDX
GNU General Public License v3.0
103 stars 41 forks source link

Add script to dump the attestation token #257

Closed hector-cao closed 3 weeks ago

hector-cao commented 3 weeks ago

Example of usage:

echo eyJhbGciOiJQUzM4NCIsImprdSI6Imh0dHBzOi8vcG9ydGFsLnRydXN0YXV0aG9yaXR5LmludGVsLmNvbS9jZXJ0cyIsImtpZCI6ImM2OGU1YTdiM2FlYzUxYTNmZjM4NGZlMzA3OTlkNDY1ZDU1YjE2ZDU3ZWY4OGQwNWY2MDY3NTU5ZDkxNTZjZDNkNTMwMmY4OWZlNjY1ZDFmYjlhNmJlNDYwMmJlMTFkOCIsInR5cCI6IkpXVCJ9.eyJhdHRlc3Rlcl90Y2JfZGF0ZSI6IjIwMjQtMDMtMTNUMDA6MDA6MDBaIiwiYXR0ZXN0ZXJfdGNiX3N0YXR1cyI6IlVwVG9EYXRlIiwiYXR0ZXN0ZXJfdHlwZSI6IlREWCIsImRiZ3N0YXQiOiJkaXNhYmxlZCIsImVhdF9wcm9maWxlIjoiaHR0cHM6Ly9wb3J0YWwudHJ1c3RhdXRob3JpdHkuaW50ZWwuY29tL2VhdF9wcm9maWxlLmh0bWwiLCJpbnR1c2UiOiJnZW5lcmljIiwicG9saWN5X2RlZmluZWRfY2xhaW1zIjpudWxsLCJwb2xpY3lfaWRzX21hdGNoZWQiOm51bGwsInBvbGljeV9pZHNfdW5tYXRjaGVkIjpudWxsLCJ0ZHhfY29sbGF0ZXJhbCI6eyJxZWlkY2VydGhhc2giOiJiMmNhNzFiOGU4NDlkNWU3OTk0NTFiNGJmZTQzMTU5YTBlZTU0ODAzMmNlY2IyYzBlNDc5YmY2ZWUzZjM5ZmQxIiwicWVpZGNybGhhc2giOiJjYTY4NWZmMWZhNTcyYjVmZDViMGQxMGMxZTA2ZmNlNDBmMjU1NDQ3MjliNjA1MjY4OTU4M2FhMTcxNjZhYjg1IiwicWVpZGhhc2giOiIwNGNhODhjN2E0NDJkYzc5Nzg0YmUzZGMxMjExYzJmOGJkZjRiNzUwMzk3ODUyN2Y5Zjg4ZDBhNGI2Yjk0ZjdmIiwicXVvdGVoYXNoIjoiMmNhZGI3ZjQzYTRmODgwZWQzMDQ1OWJkMWU5OWJkNzk5MmVjZTYyZGM3ZDdmMGU4NTY1ZWM4NWY0NGQ5MmZjMyIsInRjYmluZm9jZXJ0aGFzaCI6ImIyY2E3MWI4ZTg0OWQ1ZTc5OTQ1MWI0YmZlNDMxNTlhMGVlNTQ4MDMyY2VjYjJjMGU0NzliZjZlZTNmMzlmZDEiLCJ0Y2JpbmZvY3JsaGFzaCI6ImNhNjg1ZmYxZmE1NzJiNWZkNWIwZDEwYzFlMDZmY2U0MGYyNTU0NDcyOWI2MDUyNjg5NTgzYWExNzE2NmFiODUiLCJ0Y2JpbmZvaGFzaCI6ImRkYTM5ZDU0NzI5ZDEwMWNhMTVkZDQzZTRkMDJkNjZmZGQzMjc2NzBhNmVkYjcwNjdhNjMyZWZlY2RlYWM3OGMifSwidGR4X2lzX2RlYnVnZ2FibGUiOmZhbHNlLCJ0ZHhfbXJjb25maWdpZCI6IjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCIsInRkeF9tcm93bmVyIjoiMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIiwidGR4X21yb3duZXJjb25maWciOiIwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLCJ0ZHhfbXJzZWFtIjoiMWNjNmExN2FiNzk5ZTlhNjkzZmFjNzUzNmJlNjFjMTJlZTFlMGZhYmFkYTgyZDBjOTk5ZTA4Y2NlZTJhYTg2ZGU3N2IwODcwZjU1OGM1NzBlN2ZmZTU1ZDZkNDdmYTA0IiwidGR4X21yc2lnbmVyc2VhbSI6IjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCIsInRkeF9tcnRkIjoiOTFlYjJiNDRkMTQxZDRlY2UwOWYwYzc1YzJjNTNkMjQ3YTNjNjhlZGQ3ZmFmZThhMzUyMGM5NDJhNjA0YTQwN2RlMDNhZTZkYzVmODdmMjc0MjhiMjUzODg3MzExOGI3IiwidGR4X3JlcG9ydF9kYXRhIjoiYzYxYjY3OGRiNjAyYzM2NzIxMDJiZTU2YWMzOTMzOTY2MjA0YWU3MjM0ZDYxMDFiZDI5M2IwM2E4NmQ1N2U1OGNjNDU1NGI5ZjE0ZGNhNmE0NWU0MGE3ZTg4OTBmYTFjOWM4MWZjNTIyYTFmZDEzNTA0MzJiOTVjNjUzZjM1MzMiLCJ0ZHhfcnRtcjAiOiJjYzkyODVjNWVkYTY3ZDA0NGYxMmRjYTg3NzYxZDZmZDg5ZTIwZjZkOWMyMjg4MWRlOTdiYTg1ZTRjN2U5NTdiNjMzODRiYTE2OGI1NDAwMTc4OTU0M2U5ODQzYjJlNTAiLCJ0ZHhfcnRtcjEiOiI2YWUyY2VkZTE3MDRhNDVkODhjYmYzMzIwZGZiMGZhYzVmZmE3NWNlN2JiZGYyMDQ4ZDVhMzU5NTdlOTM5YTliNjY3NmFhNTc2OTVhMTM5OTM3YjdmYzgxYTY5MmQ3NDIiLCJ0ZHhfcnRtcjIiOiIyOTI3ZTA0NzUwZGZiNDU2ZWFkMGQ4YTkwYjRkZWM4YjE1M2JiMWEzYjIxZTBjNjhhYjhhNWFiYWE4ODhkZmY0YWJmNTUwZjkwMTYxMjY1YmJmMGFlMWViYjUxN2JmNmQiLCJ0ZHhfcnRtcjMiOiIwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLCJ0ZHhfc2VhbV9hdHRyaWJ1dGVzIjoiMDAwMDAwMDAwMDAwMDAwMCIsInRkeF9zZWFtc3ZuIjo1LCJ0ZHhfdGRfYXR0cmlidXRlcyI6IjAwMDAwMDEwMDAwMDAwMDAiLCJ0ZHhfdGRfYXR0cmlidXRlc19kZWJ1ZyI6ZmFsc2UsInRkeF90ZF9hdHRyaWJ1dGVzX2tleV9sb2NrZXIiOmZhbHNlLCJ0ZHhfdGRfYXR0cmlidXRlc19wZXJmbW9uIjpmYWxzZSwidGR4X3RkX2F0dHJpYnV0ZXNfcHJvdGVjdGlvbl9rZXlzIjpmYWxzZSwidGR4X3RkX2F0dHJpYnV0ZXNfc2VwdHZlX2Rpc2FibGUiOnRydWUsInRkeF90ZWVfdGNiX3N2biI6IjA1MDEwNzAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIiwidGR4X3hmYW0iOiJlNzAyMDYwMDAwMDAwMDAwIiwidmVyIjoiMS4wLjAiLCJ2ZXJpZmllcl9pbnN0YW5jZV9pZHMiOlsiOTk1MjU1ODctYjQ0Ny00MmJjLWIyNGMtMGFmNjkyMmVmOGExIiwiNjFlOTE1NGMtNGU0ZC00OTUzLWJlNWMtNTI1NzUxMDVjMjhmIiwiMTk4YzkwMzItMzg5ZS00NjY2LWE5OGYtOWJmMzAxNzQ5M2YxIiwiYjJiZjMyMTgtNmYwZS00NjU0LWJiNDAtZTdhNDlmM2I4NzJlIiwiMjE4Y2Y2NzAtNzQ5ZC00NzUyLWEzNGItNmEwMDAwNmNlM2E3IiwiMzhmZGE5ZTgtYmE3Ny00ZjlmLWI2MGUtNmI3ZjAyZDMyMTk2Il0sInZlcmlmaWVyX25vbmNlIjp7ImlhdCI6Ik1qQXlOQzB4TUMwek1DQXhNam96TWpvek5DQXJNREF3TUNCVlZFTT0iLCJzaWduYXR1cmUiOiJjQUtHZEdlUUZma1c1c1lremtYNFFPc1dMK21mUHhTTjEvNzJMYUF3NlRXbHlYTXF3YTFwRUdoZjNyOXVVSFpSTGNxUmY5eXRmbFJXU3BNV3p3bjhGWExTTzRKN3FsSFlCQ25CdVVYdjY0SVdsY0t4MGo5L01mNWhTaU0xN1FBV0YrUWZwcmtVWC9kaVNZUkUvUlJVaXZQdWFUdzNyNkIvWVlrc05jZE5pZUMzSU1BMnlManJ5eG5ZdWFETVVudlN2b2xleFdZYXh0QXZWUDUyV3c2bEVGWjNhU21qMkZHMG9ZT1lZRStaS3pRb29mdHVkM0pTRWVMN1dybnk1MzdxNXptUTV4L2ZGNUxoc25RZTZWdjB0dy9oblJ0dzZvZTFoZW1HeSsvNEpxTUUzclEzY1FheVlHejVVN2lldjJrWUZqeXpldTgya2NFL2RKakJoTUV0Vy9tRWhaQy9lVkowMU1GSE5uNi9Gaytibk40L1IxZXF4NFg3cVpOOEZmWE9TNU5TOUo5MjhuajFSaVpHZ3UwUGJRTGlmYzNRZVRDSkxmSnpvbnlNdzdpOERqa0JsZEFKMEJ1R2ttVy9yUjQ3VkNvTkJiYmtXRm9UWlFudU1kWG9VNmN5OWtkUmNpa2ZJOHRwTVFEYTRqeVVneGZKd3ZuYWhLV0VFYUFlTmpHZiIsInZhbCI6ImFYUkpTWEJXWmpGSVQzWnlOSE5MVDFKeWRrcFNPV1JNTVZoMFVqVnFZMHBpZURaUllUYzNWakI1TTNWbGR6ZG1TV05CVXpGUlRFOXJjMHhRUlRSMlJUVmhLM0JKTm5kYU1sUnpXbkZKWTNGTU9VY3dkSGM5UFE9PSJ9LCJleHAiOjE3MzAyOTE4NTQsImp0aSI6IjdmNzU1ODlkLTMyZDktNGIzNy04ODBmLTFmNTU1NzMzNTE4MCIsImlhdCI6MTczMDI5MTU1NCwiaXNzIjoiaHR0cHM6Ly9wb3J0YWwudHJ1c3RhdXRob3JpdHkuaW50ZWwuY29tIiwibmJmIjoxNzMwMjkxNTU0fQ.rD-_655UT8ExKpsHUQKNlZhTBUmNPOiLMxj8iEdbX6fMv1ioeIRh6eNxpiXSffzch3TARJYrfFw6mE18PX2csBoVRkyAOMylNUMuZ5CFheWKx13-8VicRDkXCUFiAR80cuRcUQZAWpKuiOxghSoIG4H8ZaABLTZYTyxvDSt_j6odQEm2av7UGXarUH2kVXFae9d3BjXDCX6XGBd-NZXx8EbiJ7tk4HOdA2Ogx_O7Wtk2Rq4DClweaWrNDq0BTnEWv1C5I2u-QwRvIdHSTzAemq_uyoQBdzU0DMzsP74oEoEv4yUx2KQZW5RQqF7zghzze1GR0wgBzfapu1ZW8p6YZ0bq6H37N1UsD0VcySVJclZDipQ4P331W_tcz4GcqImWSzhVunPQUsQbMENE6Xs2TG7uWC9kGh86U6py3UEhZP8gBaToa98MaTtAn85vctlLvNbn8ThRXOtqlBMjWh-fov_8UtYXyIGG_RTnGzYZ-3JrYWjRxWZ5_8871LFUVIq0 | ./attestation/scripts/jwt-decode.sh

Output:

{
  "alg": "PS384",
  "jku": "https://portal.trustauthority.intel.com/certs",
  "kid": "c68e5a7b3aec51a3ff384fe30799d465d55b16d57ef88d05f6067559d9156cd3d5302f89fe665d1fb9a6be4602be11d8",
  "typ": "JWT"
}
{
  "attester_tcb_date": "2024-03-13T00:00:00Z",
  "attester_tcb_status": "UpToDate",
  "attester_type": "TDX",
  "dbgstat": "disabled",
  "eat_profile": "https://portal.trustauthority.intel.com/eat_profile.html",
  "intuse": "generic",
  "policy_defined_claims": null,
  "policy_ids_matched": null,
  "policy_ids_unmatched": null,
  "tdx_collateral": {
    "qeidcerthash": "b2ca71b8e849d5e799451b4bfe43159a0ee548032cecb2c0e479bf6ee3f39fd1",
    "qeidcrlhash": "ca685ff1fa572b5fd5b0d10c1e06fce40f25544729b6052689583aa17166ab85",
    "qeidhash": "04ca88c7a442dc79784be3dc1211c2f8bdf4b7503978527f9f88d0a4b6b94f7f",
    "quotehash": "2cadb7f43a4f880ed30459bd1e99bd7992ece62dc7d7f0e8565ec85f44d92fc3",
    "tcbinfocerthash": "b2ca71b8e849d5e799451b4bfe43159a0ee548032cecb2c0e479bf6ee3f39fd1",
    "tcbinfocrlhash": "ca685ff1fa572b5fd5b0d10c1e06fce40f25544729b6052689583aa17166ab85",
    "tcbinfohash": "dda39d54729d101ca15dd43e4d02d66fdd327670a6edb7067a632efecdeac78c"
  },
  "tdx_is_debuggable": false,
  "tdx_mrconfigid": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
  "tdx_mrowner": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
  "tdx_mrownerconfig": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
  "tdx_mrseam": "1cc6a17ab799e9a693fac7536be61c12ee1e0fabada82d0c999e08ccee2aa86de77b0870f558c570e7ffe55d6d47fa04",
  "tdx_mrsignerseam": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
  "tdx_mrtd": "91eb2b44d141d4ece09f0c75c2c53d247a3c68edd7fafe8a3520c942a604a407de03ae6dc5f87f27428b2538873118b7",
  "tdx_report_data": "c61b678db602c3672102be56ac3933966204ae7234d6101bd293b03a86d57e58cc4554b9f14dca6a45e40a7e8890fa1c9c81fc522a1fd1350432b95c653f3533",
  "tdx_rtmr0": "cc9285c5eda67d044f12dca87761d6fd89e20f6d9c22881de97ba85e4c7e957b63384ba168b54001789543e9843b2e50",
  "tdx_rtmr1": "6ae2cede1704a45d88cbf3320dfb0fac5ffa75ce7bbdf2048d5a35957e939a9b6676aa57695a139937b7fc81a692d742",
  "tdx_rtmr2": "2927e04750dfb456ead0d8a90b4dec8b153bb1a3b21e0c68ab8a5abaa888dff4abf550f90161265bbf0ae1ebb517bf6d",
  "tdx_rtmr3": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
  "tdx_seam_attributes": "0000000000000000",
  "tdx_seamsvn": 5,
  "tdx_td_attributes": "0000001000000000",
  "tdx_td_attributes_debug": false,
  "tdx_td_attributes_key_locker": false,
  "tdx_td_attributes_perfmon": false,
  "tdx_td_attributes_protection_keys": false,
  "tdx_td_attributes_septve_disable": true,
  "tdx_tee_tcb_svn": "05010700000000000000000000000000",
  "tdx_xfam": "e702060000000000",
  "ver": "1.0.0",
  "verifier_instance_ids": [
    "99525587-b447-42bc-b24c-0af6922ef8a1",
    "61e9154c-4e4d-4953-be5c-52575105c28f",
    "198c9032-389e-4666-a98f-9bf3017493f1",
    "b2bf3218-6f0e-4654-bb40-e7a49f3b872e",
    "218cf670-749d-4752-a34b-6a00006ce3a7",
    "38fda9e8-ba77-4f9f-b60e-6b7f02d32196"
  ],
  "verifier_nonce": {
    "iat": "MjAyNC0xMC0zMCAxMjozMjozNCArMDAwMCBVVEM=",
    "signature": "cAKGdGeQFfkW5sYkzkX4QOsWL+mfPxSN1/72LaAw6TWlyXMqwa1pEGhf3r9uUHZRLcqRf9ytflRWSpMWzwn8FXLSO4J7qlHYBCnBuUXv64IWlcKx0j9/Mf5hSiM17QAWF+QfprkUX/diSYRE/RRUivPuaTw3r6B/YYksNcdNieC3IMA2yLjryxnYuaDMUnvSvolexWYaxtAvVP52Ww6lEFZ3aSmj2FG0oYOYYE+ZKzQooftud3JSEeL7Wrny537q5zmQ5x/fF5LhsnQe6Vv0tw/hnRtw6oe1hemGy+/4JqME3rQ3cQayYGz5U7iev2kYFjyzeu82kcE/dJjBhMEtW/mEhZC/eVJ01MFHNn6/Fk+bnN4/R1eqx4X7qZN8FfXOS5NS9J928nj1RiZGgu0PbQLifc3QeTCJLfJzonyMw7i8DjkBldAJ0BuGkmW/rR47VCoNBbbkWFoTZQnuMdXoU6cy9kdRcikfI8tpMQDa4jyUgxfJwvnahKWEEaAeNjGf",
    "val": "aXRJSXBWZjFIT3ZyNHNLT1JydkpSOWRMMVh0UjVqY0pieDZRYTc3VjB5M3VldzdmSWNBUzFRTE9rc0xQRTR2RTVhK3BJNndaMlRzWnFJY3FMOUcwdHc9PQ=="
  },
  "exp": 1730291854,
  "jti": "7f75589d-32d9-4b37-880f-1f5557335180",
  "iat": 1730291554,
  "iss": "https://portal.trustauthority.intel.com",
  "nbf": 1730291554
}