You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The signature is over the tcbinfo contents so need to strip off the {tcbinfo: from the string.
We will want a JSON parser that doesn't walk down past the initial tcbInfo when looking for the signature.
Think the signing key comes from the request can see the chain with curl -v
TCB Test cases
duplicate tcbInfo fields. Simulates a malicious actor appending another tcbInfo field to the json hoping the first tcbInfo get's verified
{
tcbInfo: {},
signature: "",tcbInfo: {}}
tcbInfo doesn't contain valid json. Ensures the parser that is looking for the root signature field errors properly and verification does not happen
tcbInfo contains a signature field. Ensures that the root signature is used by the verification logic. Simulates a malicious actor nesting signed tcbInfo inside of the root tcbInfo
The advisories are provided in json format via https://api.portal.trustedservices.intel.com/documentation#pcs-tcb-info-v4
for example
curl "https://api.trustedservices.intel.com/sgx/certification/v4/tcb?fmspc=00906ED50000"
The TCB format is specified in https://api.portal.trustedservices.intel.com/documentation#pcs-tcb-info-model-v3
The signature is over the tcbinfo contents so need to strip off the
{tcbinfo:
from the string.We will want a JSON parser that doesn't walk down past the initial
tcbInfo
when looking for the signature.Think the signing key comes from the request can see the chain with
curl -v
TCB Test cases
tcbInfo
fields. Simulates a malicious actor appending anothertcbInfo
field to the json hoping the firsttcbInfo
get's verifiedtcbInfo
doesn't contain valid json. Ensures the parser that is looking for the rootsignature
field errors properly and verification does not happentcbInfo
contains asignature
field. Ensures that the root signature is used by the verification logic. Simulates a malicious actor nesting signedtcbInfo
inside of the roottcbInfo
PRs
tcbInfo
inner field #84The text was updated successfully, but these errors were encountered: