Merge pull request #5704 from oasisprotocol/jberci/feat/tcb-reorder

Reverse TCB fetch order
oasisprotocol · May 27, 2024 · be002a0 · be002a0
2 parents 7f4cb9a + 09a2c65
commit be002a0
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 6 deletions.
diff --git a/.changelog/5704.internal.md b/.changelog/5704.internal.md
@@ -0,0 +1,5 @@
+go: Reverse order of TCB update fetching
+
+Early TCB updates are now tried first when updating TCB info. If
+validation for an early update fails, the mechanism falls back to the
+standard update.
diff --git a/go/runtime/host/sgx/ecdsa.go b/go/runtime/host/sgx/ecdsa.go
@@ -193,7 +193,7 @@ func (ec *teeStateECDSA) Update(ctx context.Context, sp *sgxProvisioner, conn pr
 		return fresh, nil
 	}
 	var tcbBundle *pcs.TCBBundle
-	for _, update := range []pcs.UpdateType{pcs.UpdateStandard, pcs.UpdateEarly} {
+	for _, update := range []pcs.UpdateType{pcs.UpdateEarly, pcs.UpdateStandard} {
 		if tcbBundle, err = getTcbBundle(update); err == nil {
 			break
 		}

diff --git a/go/runtime/host/sgx/epid.go b/go/runtime/host/sgx/epid.go
@@ -124,22 +124,24 @@ func (ep *teeStateEPID) update(
 		RuntimeID:                  ep.runtimeID,
 		Quote:                      quote,
 		Nonce:                      nonce,
+		EarlyTCBUpdate:             true,
 		MinTCBEvaluationDataNumber: quotePolicy.MinTCBEvaluationDataNumber,
 	}
 
+	// First try with early updating. If that fails, fall back to normal.
 	avrBundle, err := iasClient.VerifyEvidence(ctx, &evidence)
 	if err != nil {
-		return nil, fmt.Errorf("error while verifying attestation evidence: %w", err)
+		return nil, fmt.Errorf("error while verifying attestation evidence with early update: %w", err)
 	}
 
 	// Decode the AVR so we can do further checks.
 	avr, decErr := cmnIAS.UnsafeDecodeAVR(avrBundle.Body)
-	if decErr == nil && avr.TCBEvaluationDataNumber < quotePolicy.MinTCBEvaluationDataNumber {
-		// Retry again with early updating.
-		evidence.EarlyTCBUpdate = true
+	if decErr == nil && avr.ISVEnclaveQuoteStatus != cmnIAS.QuoteOK && avr.ISVEnclaveQuoteStatus != cmnIAS.QuoteSwHardeningNeeded {
+		// Retry again without early updating.
+		evidence.EarlyTCBUpdate = false
 		avrBundle, err = iasClient.VerifyEvidence(ctx, &evidence)
 		if err != nil {
-			return nil, fmt.Errorf("error while verifying attestation evidence with early update: %w", err)
+			return nil, fmt.Errorf("error while verifying attestation evidence with normal update: %w", err)
 		}
 		avr, decErr = cmnIAS.UnsafeDecodeAVR(avrBundle.Body)
 	}