Closed brenzi closed 1 year ago
brenzi
commented
1 year ago @Niederb Can you remember how you obtained the certificate chain for TCB info submission?
This seems not to work for all fmspc's, so I guess there are other certificates somewhere, but Intel docs are a mess
Niederb
commented
1 year ago This certificate chain can be obtained with (and it depends indeed on the fmspc):
curl -v -X GET "https://api.trustedservices.intel.com/sgx/certification/v4/tcb?fmspc=00906EA10000"
The certificate chain is typically returned in the header section of HTTP so you have to check the headers.
In general I found this site quite useful: https://api.portal.trustedservices.intel.com/documentation It describes the API that intel provides. Checkout the section "Get SGX TCB Info" for this particular case. Hope that helps.
brenzi
commented
1 year ago thank you. so the header is the trick
brenzi
commented
1 year ago the integritee-cli now fetches everything automatically. supplying the PEM is the more robust solution for now, as certificates could change
this just bloats the chain.
implement separate extrinsic to store certificate chain
we'll need to investigate how many certificates there are: guess we obtain them like here: https://api.portal.trustedservices.intel.com/documentation#pcs-certificate-v4