Update TCB Info verification logic.

[vbalain]

Verifier fails to verify TCB on TDX 1.5. TCB info shows error when attempting to use the Intel PCS API service to verify the TDX quote when COLLATERAL is enabled.
Updated logic as per the latest documentation -
https://api.portal.trustedservices.intel.com/content/documentation.html#pcs-tcb-info-tdx-v4

[vbalain]

As per documentation, if TeeTcbSvn[1] value is >= 1 then comparison should be done starting index 2 instead of 0.

[ivishwesh]

As per your comment you should be using teeTcbSvn[1] but in the code you have used teeTcbSvn[0] for the check.

[vbalain]

Good catch!

[jrjatin]

Can you add a testcase for this?
We have some sample API responses in testing/testdata which are failing collateral verification due to OutofDate status, you can add new API response and your changes should give UpToDate status.

[jrjatin]

But you'll need to add a new TDX quote. Will a quote generated on one of our machines be suitable? @ivishwesh

[vbalain]

Can you add a testcase for this? We have some sample API responses in testing/testdata which are failing collateral verification due to OutofDate status, you can add new API response and your changes should give UpToDate status.

I didn't see any failure in tests. How did you confirm the failure, can you elaborate on it?

[jrjatin]

While writing tests earlier we were having a quote(testing/testdata/tdx_prod_quote_SPR_E4.dat) which was OutofDate acc. to TcbInfo API response so I added a testcase which expects failure. Now you can add a new quote and a new sample API response(in testdata) and your changes should return status as UpToDate.
(@ivishwesh can confirm whether we can add a new TDX quote in testdata generated from our mach)

go-tdx-guest/verify/verify_test.go

Line 676 in 686ff34

wantErr = `TCB Status is not "UpToDate", found "OutOfDate"`

[ivishwesh]

We discussed we will add new quote and unit tests in a following PR.