Xynnn007
commented
1 month ago I am diving into this.
Closed mkulke closed 2 weeks ago
Xynnn007
commented
1 month ago I am diving into this.
Xynnn007
commented
4 weeks ago Well. This quote is generated on Alibaba cloud. GHA should connect to the PCCS of aliyun https://sgx-dcap-server.cn-beijing.aliyuncs.com/sgx/certification/v4/ to get proper collaterals.
mkulke
commented
3 weeks ago ok, this is what I assumed. Is there a way to store the response of PCCS as a fixture and make the unit tests use that (after refactoring the verification a bit to be able to use use output of tee_qv_get_collateral(quote) as a fixture? (e.g. change ecdsa_quote_verification(quote) signature to ecdsa_quote_verification(quote, signature))
mythi
commented
3 weeks ago I have requested a DCAP feature to be able to configure the PC(C)S settings more easily. With that, the test case can create a config file with the necessary {collateral_service=...} under, e.g., /tmp and use that so that the test passes. https://github.com/intel/SGXDataCenterAttestationPrimitives/issues/409
Xynnn007
commented
3 weeks ago @mkulke Yes. I thought I walked a big circle and finally got you at the beginning. Let me try to fix this in both ways -- I prefer to try changing pccs address first
there is a tdx quote verification unit test that fails atm. the test is disabled by default, most likely because you need a PCCS configured on the test system.
We should either remove that test or maybe consider rewriting the logic slightly so that we can store all external dependencies as fixtures for the unit test and cover real verification in an e2e test