Skip to content

feat(tee): Intel TDX attestation verifier (Tier 3)#27

Merged
imran-siddique merged 1 commit into
mainfrom
feat/tdx-attestation
Jul 1, 2026
Merged

feat(tee): Intel TDX attestation verifier (Tier 3)#27
imran-siddique merged 1 commit into
mainfrom
feat/tdx-attestation

Conversation

@imran-siddique

Copy link
Copy Markdown
Contributor

What

The second attestation backend: a real, fail-closed Intel TDX verifier (DCAP, ECDSA-256).

  • ca2a_runtime.tee.tdx: parses a TDX v4 quote (header, TD report body → MRTD + report data, and the ECDSA signature section: quote signature, attestation key, QE report, PCK chain). TdxProvider.attest fails closed off hardware.
  • ca2a_verify.tdx.verify_tdx_quote: PCK chain → trusted Intel root; QE report signature by the PCK; attestation-key binding (the QE report data commits to the key); quote signature by the attestation key; MRTD / report-data binding.

Validation (real vectors + synthetic fallback)

  • Real: the chain path accepts the genuine self-signed Intel SGX Root CA (committed under tests/fixtures/tdx/) and rejects an untrusted root.
  • Synthetic: the multi-level signature path (PCK → QE report → attestation key → quote) is exercised end to end with a synthetic self-consistent quote, since a genuine quote needs a TDX guest.

Byte offsets follow the Intel DCAP Quote v4 layout; end-to-end validation against a real hardware quote remains open. TPM backend remains Tier 3 (#4). Suite: 113 passed, 98% coverage.

Closes #3

🤖 Generated with Claude Code

Add TDX (DCAP, ECDSA-256) attestation appraisal, all fail-closed:
- ca2a_runtime.tee.tdx: Quote v4 parsing (header, TD report body -> MRTD +
  report data, ECDSA signature section: quote signature, attestation key, QE
  report, PCK chain) and TdxProvider (attest requires a real TDX guest).
- ca2a_verify.tdx: PCK chain to a trusted Intel root, QE report signature by
  the PCK, attestation-key binding (QE report data commits to the key), quote
  signature by the attestation key, and MRTD / report-data binding.

Validation: the chain path accepts the genuine self-signed Intel SGX Root CA
(tests/fixtures/tdx/) and rejects an untrusted root; the multi-level signature
path is exercised end to end with a synthetic self-consistent quote, since a
genuine quote requires a TDX guest. TPM backend remains Tier 3. Suite: 113
passed, 98% coverage.

Closes #3

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@imran-siddique imran-siddique merged commit 2710a8c into main Jul 1, 2026
11 checks passed
@imran-siddique imran-siddique deleted the feat/tdx-attestation branch July 1, 2026 18:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

feat(tee): Intel TDX attestation backend (quote via QVL/PCS)

1 participant