Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add verbose logging in verify.go #26

Merged
merged 3 commits into from
Oct 25, 2023
Merged

Add verbose logging in verify.go #26

merged 3 commits into from
Oct 25, 2023

Conversation

jrjatin
Copy link
Collaborator

@jrjatin jrjatin commented Oct 13, 2023
edited
Loading

Added more verbose logs for verbosity level=1 and verbosity level=2 in verify.go

@jrjatin jrjatin changed the title Validate changes Add verbose logging in verify.go Oct 13, 2023
@jrjatin
Copy link
Collaborator Author

jrjatin commented Oct 13, 2023
edited
Loading

Sample output for verbosity level = 1

~/Desktop/go-tdx-guest$ ./tools/check/check -in=testing/testdata/tdx_prod_quote_SPR_E4.dat -verbosity=1 -get_collateral=true -check_crl=true
INFO : 2023/10/13 05:06:30.193004 logger.go:344: Info verbosity set to 1
INFO : 2023/10/13 05:06:30.193099 check.go:374: Parsing input parameters
INFO : 2023/10/13 05:06:30.193182 check.go:390: TDX Quote parsed successfully
INFO : 2023/10/13 05:06:30.193200 check.go:396: Input parameters parsed successfully
INFO : 2023/10/13 05:06:30.193207 check.go:409: Verifying the TDX Quote from input
INFO : 2023/10/13 05:06:30.193216 verify.go:1224: Checking that the quote parameters meet the required size
INFO : 2023/10/13 05:06:30.193226 verify.go:1230: Quote parameters meet the required size
INFO : 2023/10/13 05:06:30.193235 verify.go:1232: Extracting PCK certificate chain from the quote
INFO : 2023/10/13 05:06:30.193276 verify.go:620: PCK Leaf certificate has been extracted from the certificate chain
INFO : 2023/10/13 05:06:30.193315 verify.go:630: Intermediate certificate has been extracted from the certificate chain
INFO : 2023/10/13 05:06:30.193340 verify.go:641: Root CA certificate has been extracted from the certificate chain
INFO : 2023/10/13 05:06:30.193445 verify.go:1244: PCK Certificate Chain extracted successfully
INFO : 2023/10/13 05:06:30.193460 verify.go:1249: Obtaining collaterals using APIs from the Intel PCS
INFO : 2023/10/13 05:06:30.193470 verify.go:472: Getting TCB Info API response from the Intel PCS
INFO : 2023/10/13 05:06:31.136911 verify.go:476: Successfully received TCB Info API response from the Intel PCS
INFO : 2023/10/13 05:06:31.136948 verify.go:478: Getting QE Identity API response from the Intel PCS
INFO : 2023/10/13 05:06:31.359152 verify.go:482: Successfully received QE Identity API response from the Intel PCS
INFO : 2023/10/13 05:06:31.359191 verify.go:485: Getting PCK CRL from the Intel PCS
INFO : 2023/10/13 05:06:31.581001 verify.go:489: Successfully received PCK CRL from the Intel PCS
INFO : 2023/10/13 05:06:31.581041 verify.go:490: Getting Root CA CRL from the Intel PCS
INFO : 2023/10/13 05:06:32.695326 verify.go:494: Successfully received Root CA CRL from the Intel PCS
INFO : 2023/10/13 05:06:32.695363 verify.go:1258: Collaterals successfully obtained using the APIs from the Intel PCS
INFO : 2023/10/13 05:06:32.695373 verify.go:1187: Verifying the PCK Certificate Chain in the quote
INFO : 2023/10/13 05:06:32.695380 verify.go:760: Verifying the Root CA Certificate
INFO : 2023/10/13 05:06:32.695565 verify.go:705: Certificate's signature verified using parent certificate
INFO : 2023/10/13 05:06:32.695579 verify.go:765: Root CA Certificate verified successfully
INFO : 2023/10/13 05:06:32.695584 verify.go:767: Verifying Intermediate CA certificate
INFO : 2023/10/13 05:06:32.695695 verify.go:705: Certificate's signature verified using parent certificate
INFO : 2023/10/13 05:06:32.695707 verify.go:771: Intermediate CA Certificate verified successfully
INFO : 2023/10/13 05:06:32.695719 verify.go:773: Verifying PCK Leaf certificate
INFO : 2023/10/13 05:06:32.695842 verify.go:705: Certificate's signature verified using parent certificate
INFO : 2023/10/13 05:06:32.695853 verify.go:777: PCK Leaf Certificate verified successfully
WARN : 2023/10/13 05:06:32.695859 verify.go:824: Using embedded Intel certificate for TDX attestation root of trust
INFO : 2023/10/13 05:06:32.696069 verify.go:782: PCK Certificate Chain verified successfully
INFO : 2023/10/13 05:06:32.696080 verify.go:786: Verifying Root CA CRL
INFO : 2023/10/13 05:06:32.696208 verify.go:725: CRL signature verified using trusted certificate
INFO : 2023/10/13 05:06:32.696218 verify.go:790: Root CA CRL verified successfully
INFO : 2023/10/13 05:06:32.696226 verify.go:792: Verifying PCK CRL
INFO : 2023/10/13 05:06:32.696344 verify.go:725: CRL signature verified using trusted certificate
INFO : 2023/10/13 05:06:32.696353 verify.go:796: PCK CRL verified successfully
INFO : 2023/10/13 05:06:32.696381 verify.go:806: Intermediate Certificate is not revoked by Root CA CRL
INFO : 2023/10/13 05:06:32.696398 verify.go:813: PCK Leaf Certificate is not revoked by PCK CRL
INFO : 2023/10/13 05:06:32.696407 verify.go:544: Checking expiration status of certificates
INFO : 2023/10/13 05:06:32.696413 verify.go:554: Certificates have not expired
INFO : 2023/10/13 05:06:32.696422 verify.go:1191: PCK Certificate Chain successfully verified
INFO : 2023/10/13 05:06:32.696436 verify.go:1194: Verifying the collaterals obtained from the Intel PCS
INFO : 2023/10/13 05:06:32.696452 verify.go:502: Checking expiration status of collaterals
INFO : 2023/10/13 05:06:32.696461 verify.go:538: Collaterals not expired
INFO : 2023/10/13 05:06:32.696469 verify.go:1199: Verifying the TCB Info API response
INFO : 2023/10/13 05:06:32.696479 verify.go:1147: Verifying TCB Info response
INFO : 2023/10/13 05:06:32.696487 verify.go:1075: Verifying root certificate in the issuer chain
INFO : 2023/10/13 05:06:32.696598 verify.go:705: Certificate's signature verified using parent certificate
INFO : 2023/10/13 05:06:32.696627 verify.go:1079: Root certificate verified successfully in the issuer chain
INFO : 2023/10/13 05:06:32.696639 verify.go:1081: Verifiying signing certificate in the issuer chain
INFO : 2023/10/13 05:06:32.696750 verify.go:705: Certificate's signature verified using parent certificate
INFO : 2023/10/13 05:06:32.696762 verify.go:1085: Signing certificate verified successfully in the issuer chain
WARN : 2023/10/13 05:06:32.696769 verify.go:824: Using embedded Intel certificate for TDX attestation root of trust
INFO : 2023/10/13 05:06:32.696878 verify.go:1089: Signing certificate successfully verified using trusted roots
INFO : 2023/10/13 05:06:32.696893 verify.go:1101: Verifying response body using signing certificate
INFO : 2023/10/13 05:06:32.697015 verify.go:1105: Response body verified successfully using signing certificate
INFO : 2023/10/13 05:06:32.697027 verify.go:1109: Verifying Root CA CRL using root certificate in the issuer's chain
INFO : 2023/10/13 05:06:32.697130 verify.go:725: CRL signature verified using trusted certificate
INFO : 2023/10/13 05:06:32.697141 verify.go:1113: Root CA CRL verified successfully using root certificate in the issuer's chain
INFO : 2023/10/13 05:06:32.697151 verify.go:1120: Root certificate is not revoked by the signing certificate
INFO : 2023/10/13 05:06:32.697161 verify.go:1203: TCB Info API response verified successfully
INFO : 2023/10/13 05:06:32.697170 verify.go:1205: Verifying the QE Identity API response
INFO : 2023/10/13 05:06:32.697179 verify.go:1173: Verifying QE Identity response
INFO : 2023/10/13 05:06:32.697188 verify.go:1075: Verifying root certificate in the issuer chain
INFO : 2023/10/13 05:06:32.697298 verify.go:705: Certificate's signature verified using parent certificate
INFO : 2023/10/13 05:06:32.697313 verify.go:1079: Root certificate verified successfully in the issuer chain
INFO : 2023/10/13 05:06:32.697322 verify.go:1081: Verifiying signing certificate in the issuer chain
INFO : 2023/10/13 05:06:32.697429 verify.go:705: Certificate's signature verified using parent certificate
INFO : 2023/10/13 05:06:32.697438 verify.go:1085: Signing certificate verified successfully in the issuer chain
WARN : 2023/10/13 05:06:32.697446 verify.go:824: Using embedded Intel certificate for TDX attestation root of trust
INFO : 2023/10/13 05:06:32.697543 verify.go:1089: Signing certificate successfully verified using trusted roots
INFO : 2023/10/13 05:06:32.697557 verify.go:1101: Verifying response body using signing certificate
INFO : 2023/10/13 05:06:32.697656 verify.go:1105: Response body verified successfully using signing certificate
INFO : 2023/10/13 05:06:32.697666 verify.go:1109: Verifying Root CA CRL using root certificate in the issuer's chain
INFO : 2023/10/13 05:06:32.697786 verify.go:725: CRL signature verified using trusted certificate
INFO : 2023/10/13 05:06:32.697795 verify.go:1113: Root CA CRL verified successfully using root certificate in the issuer's chain
INFO : 2023/10/13 05:06:32.697805 verify.go:1120: Root certificate is not revoked by the signing certificate
INFO : 2023/10/13 05:06:32.697817 verify.go:1209: QE Identity API response verified successfully
INFO : 2023/10/13 05:06:32.697826 verify.go:1211: Collaterals verified successfully
INFO : 2023/10/13 05:06:32.697835 verify.go:984: Extracting attestation key from the quote
INFO : 2023/10/13 05:06:32.697849 verify.go:989: Attestation key extracted succesfully from the quote
INFO : 2023/10/13 05:06:32.697857 verify.go:991: Extracting signature present in the quote
INFO : 2023/10/13 05:06:32.697867 verify.go:997: Signature extracted successfully from the quote
INFO : 2023/10/13 05:06:32.697877 verify.go:999: Verifying Header and TD Quote Body using attestation key and signature present in the quote
INFO : 2023/10/13 05:06:32.697980 verify.go:1012: Header and TD Quote Body verified successfully
INFO : 2023/10/13 05:06:32.697993 verify.go:1016: Verifying the QE Report signature using PCK Leaf certificate
INFO : 2023/10/13 05:06:32.698094 verify.go:1068: QE Report's signature verified using PCK Leaf Certificate
INFO : 2023/10/13 05:06:32.698103 verify.go:1020: QE Report signature verified successfully
INFO : 2023/10/13 05:06:32.698110 verify.go:1022: Verifying QE Report Data
INFO : 2023/10/13 05:06:32.698126 verify.go:1026: QE Report Data verified successfully
INFO : 2023/10/13 05:06:32.698138 verify.go:1029: Verifying TD Quote Body using TCB Info API response
FATAL: could not verify the TDX Quote: PCS's reported TDX TCB info failed TCB status check: no matching TCB level found

Sample output for verbosity=2

~/Desktop/go-tdx-guest$ ./tools/check/check -in=testing/testdata/tdx_prod_quote_SPR_E4.dat -verbosity=2 -get_collateral=true -check_crl=true
INFO : 2023/10/13 05:07:38.016211 logger.go:344: Info verbosity set to 2
INFO : 2023/10/13 05:07:38.016331 check.go:374: Parsing input parameters
INFO : 2023/10/13 05:07:38.016450 check.go:390: TDX Quote parsed successfully
INFO : 2023/10/13 05:07:38.016478 check.go:396: Input parameters parsed successfully
INFO : 2023/10/13 05:07:38.016493 check.go:409: Verifying the TDX Quote from input
INFO : 2023/10/13 05:07:38.016529 verify.go:1224: Checking that the quote parameters meet the required size
INFO : 2023/10/13 05:07:38.016551 verify.go:1228: Quote Version found: 4
INFO : 2023/10/13 05:07:38.016570 verify.go:1229: Quote TeeType found: 0x81
INFO : 2023/10/13 05:07:38.016588 verify.go:1230: Quote parameters meet the required size
INFO : 2023/10/13 05:07:38.016631 verify.go:1232: Extracting PCK certificate chain from the quote
INFO : 2023/10/13 05:07:38.016699 verify.go:620: PCK Leaf certificate has been extracted from the certificate chain
INFO : 2023/10/13 05:07:38.016743 verify.go:630: Intermediate certificate has been extracted from the certificate chain
INFO : 2023/10/13 05:07:38.016785 verify.go:641: Root CA certificate has been extracted from the certificate chain
INFO : 2023/10/13 05:07:38.016939 verify.go:1241: PCK Leaf Certificate Issuer organization: [Intel Corporation]
INFO : 2023/10/13 05:07:38.016961 verify.go:1242: PCK Leaf Certificate FMSPC value: 50806f000000
INFO : 2023/10/13 05:07:38.016976 verify.go:1244: PCK Certificate Chain extracted successfully
INFO : 2023/10/13 05:07:38.016992 verify.go:1249: Obtaining collaterals using APIs from the Intel PCS
INFO : 2023/10/13 05:07:38.017003 verify.go:472: Getting TCB Info API response from the Intel PCS
INFO : 2023/10/13 05:07:38.017013 verify.go:372: Getting TCB Info: https://api.trustedservices.intel.com/tdx/certification/v4/tcb?fmspc=50806f000000
INFO : 2023/10/13 05:07:39.182489 verify.go:476: Successfully received TCB Info API response from the Intel PCS
INFO : 2023/10/13 05:07:39.182557 verify.go:478: Getting QE Identity API response from the Intel PCS
INFO : 2023/10/13 05:07:39.182574 verify.go:408: Getting QE Identity: https://api.trustedservices.intel.com/tdx/certification/v4/qe/identity
INFO : 2023/10/13 05:07:39.407188 verify.go:482: Successfully received QE Identity API response from the Intel PCS
INFO : 2023/10/13 05:07:39.407271 verify.go:485: Getting PCK CRL from the Intel PCS
INFO : 2023/10/13 05:07:39.407288 verify.go:350: Getting PCK CRL:https://api.trustedservices.intel.com/sgx/certification/v4/pckcrl?ca=platform&encoding=der
INFO : 2023/10/13 05:07:39.631548 verify.go:489: Successfully received PCK CRL from the Intel PCS
INFO : 2023/10/13 05:07:39.631585 verify.go:490: Getting Root CA CRL from the Intel PCS
INFO : 2023/10/13 05:07:39.631603 verify.go:446: Getting Root CA CRL: [https://certificates.trustedservices.intel.com/IntelSGXRootCA.der]
INFO : 2023/10/13 05:07:39.654654 verify.go:494: Successfully received Root CA CRL from the Intel PCS
INFO : 2023/10/13 05:07:39.654697 verify.go:1258: Collaterals successfully obtained using the APIs from the Intel PCS
INFO : 2023/10/13 05:07:39.654715 verify.go:1187: Verifying the PCK Certificate Chain in the quote
INFO : 2023/10/13 05:07:39.654727 verify.go:760: Verifying the Root CA Certificate
INFO : 2023/10/13 05:07:39.654735 verify.go:652: Certificate version found: 3
INFO : 2023/10/13 05:07:39.654747 verify.go:657: Certicate's signature algorithm found: ECDSA-SHA256
INFO : 2023/10/13 05:07:39.654760 verify.go:662: Certicate's public key algorithm found: ECDSA
INFO : 2023/10/13 05:07:39.654771 verify.go:670: Certificate's public key curve found: P-256
INFO : 2023/10/13 05:07:39.654782 verify.go:695: Certificate's subject name found: Intel SGX Root CA
INFO : 2023/10/13 05:07:39.654813 verify.go:700: Certificate's issuer name found: CN=Intel SGX Root CA,O=Intel Corporation,L=Santa Clara,ST=CA,C=US
INFO : 2023/10/13 05:07:39.654973 verify.go:705: Certificate's signature verified using parent certificate
INFO : 2023/10/13 05:07:39.654985 verify.go:765: Root CA Certificate verified successfully
INFO : 2023/10/13 05:07:39.654995 verify.go:767: Verifying Intermediate CA certificate
INFO : 2023/10/13 05:07:39.655004 verify.go:652: Certificate version found: 3
INFO : 2023/10/13 05:07:39.655012 verify.go:657: Certicate's signature algorithm found: ECDSA-SHA256
INFO : 2023/10/13 05:07:39.655020 verify.go:662: Certicate's public key algorithm found: ECDSA
INFO : 2023/10/13 05:07:39.655030 verify.go:670: Certificate's public key curve found: P-256
INFO : 2023/10/13 05:07:39.655041 verify.go:695: Certificate's subject name found: Intel SGX PCK Platform CA
INFO : 2023/10/13 05:07:39.655071 verify.go:700: Certificate's issuer name found: CN=Intel SGX Root CA,O=Intel Corporation,L=Santa Clara,ST=CA,C=US
INFO : 2023/10/13 05:07:39.655170 verify.go:705: Certificate's signature verified using parent certificate
INFO : 2023/10/13 05:07:39.655179 verify.go:771: Intermediate CA Certificate verified successfully
INFO : 2023/10/13 05:07:39.655189 verify.go:773: Verifying PCK Leaf certificate
INFO : 2023/10/13 05:07:39.655197 verify.go:652: Certificate version found: 3
INFO : 2023/10/13 05:07:39.655205 verify.go:657: Certicate's signature algorithm found: ECDSA-SHA256
INFO : 2023/10/13 05:07:39.655212 verify.go:662: Certicate's public key algorithm found: ECDSA
INFO : 2023/10/13 05:07:39.655221 verify.go:670: Certificate's public key curve found: P-256
INFO : 2023/10/13 05:07:39.655229 verify.go:695: Certificate's subject name found: Intel SGX PCK Certificate
INFO : 2023/10/13 05:07:39.655252 verify.go:700: Certificate's issuer name found: CN=Intel SGX PCK Platform CA,O=Intel Corporation,L=Santa Clara,ST=CA,C=US
INFO : 2023/10/13 05:07:39.655371 verify.go:705: Certificate's signature verified using parent certificate
INFO : 2023/10/13 05:07:39.655381 verify.go:777: PCK Leaf Certificate verified successfully
WARN : 2023/10/13 05:07:39.655399 verify.go:824: Using embedded Intel certificate for TDX attestation root of trust
INFO : 2023/10/13 05:07:39.655618 verify.go:782: PCK Certificate Chain verified successfully
INFO : 2023/10/13 05:07:39.655628 verify.go:786: Verifying Root CA CRL
INFO : 2023/10/13 05:07:39.655652 verify.go:720: CRL issuer's name found: CN=Intel SGX Root CA,O=Intel Corporation,L=Santa Clara,ST=CA,C=US
INFO : 2023/10/13 05:07:39.655748 verify.go:725: CRL signature verified using trusted certificate
INFO : 2023/10/13 05:07:39.655757 verify.go:790: Root CA CRL verified successfully
INFO : 2023/10/13 05:07:39.655785 verify.go:792: Verifying PCK CRL
INFO : 2023/10/13 05:07:39.655812 verify.go:720: CRL issuer's name found: CN=Intel SGX PCK Platform CA,O=Intel Corporation,L=Santa Clara,ST=CA,C=US
INFO : 2023/10/13 05:07:39.655919 verify.go:725: CRL signature verified using trusted certificate
INFO : 2023/10/13 05:07:39.655928 verify.go:796: PCK CRL verified successfully
INFO : 2023/10/13 05:07:39.655947 verify.go:806: Intermediate Certificate is not revoked by Root CA CRL
INFO : 2023/10/13 05:07:39.655961 verify.go:813: PCK Leaf Certificate is not revoked by PCK CRL
INFO : 2023/10/13 05:07:39.655969 verify.go:544: Checking expiration status of certificates
INFO : 2023/10/13 05:07:39.655974 verify.go:554: Certificates have not expired
INFO : 2023/10/13 05:07:39.655980 verify.go:1191: PCK Certificate Chain successfully verified
INFO : 2023/10/13 05:07:39.655997 verify.go:1194: Verifying the collaterals obtained from the Intel PCS
INFO : 2023/10/13 05:07:39.656012 verify.go:502: Checking expiration status of collaterals
INFO : 2023/10/13 05:07:39.656021 verify.go:538: Collaterals not expired
INFO : 2023/10/13 05:07:39.656027 verify.go:1199: Verifying the TCB Info API response
INFO : 2023/10/13 05:07:39.656039 verify.go:1137: TcbInfo ID "TDX" matches with expected ID "TDX"
INFO : 2023/10/13 05:07:39.656056 verify.go:1142: TcbInfo version 3 matches with expected version 3
INFO : 2023/10/13 05:07:39.656064 verify.go:1147: Verifying TCB Info response
INFO : 2023/10/13 05:07:39.656073 verify.go:1075: Verifying root certificate in the issuer chain
INFO : 2023/10/13 05:07:39.656081 verify.go:652: Certificate version found: 3
INFO : 2023/10/13 05:07:39.656089 verify.go:657: Certicate's signature algorithm found: ECDSA-SHA256
INFO : 2023/10/13 05:07:39.656097 verify.go:662: Certicate's public key algorithm found: ECDSA
INFO : 2023/10/13 05:07:39.656105 verify.go:670: Certificate's public key curve found: P-256
INFO : 2023/10/13 05:07:39.656126 verify.go:695: Certificate's subject name found: Intel SGX Root CA
INFO : 2023/10/13 05:07:39.656149 verify.go:700: Certificate's issuer name found: CN=Intel SGX Root CA,O=Intel Corporation,L=Santa Clara,ST=CA,C=US
INFO : 2023/10/13 05:07:39.656251 verify.go:705: Certificate's signature verified using parent certificate
INFO : 2023/10/13 05:07:39.656260 verify.go:1079: Root certificate verified successfully in the issuer chain
INFO : 2023/10/13 05:07:39.656269 verify.go:1081: Verifiying signing certificate in the issuer chain
INFO : 2023/10/13 05:07:39.656277 verify.go:652: Certificate version found: 3
INFO : 2023/10/13 05:07:39.656286 verify.go:657: Certicate's signature algorithm found: ECDSA-SHA256
INFO : 2023/10/13 05:07:39.656294 verify.go:662: Certicate's public key algorithm found: ECDSA
INFO : 2023/10/13 05:07:39.656302 verify.go:670: Certificate's public key curve found: P-256
INFO : 2023/10/13 05:07:39.656311 verify.go:695: Certificate's subject name found: Intel SGX TCB Signing
INFO : 2023/10/13 05:07:39.656332 verify.go:700: Certificate's issuer name found: CN=Intel SGX Root CA,O=Intel Corporation,L=Santa Clara,ST=CA,C=US
INFO : 2023/10/13 05:07:39.656428 verify.go:705: Certificate's signature verified using parent certificate
INFO : 2023/10/13 05:07:39.656438 verify.go:1085: Signing certificate verified successfully in the issuer chain
WARN : 2023/10/13 05:07:39.656445 verify.go:824: Using embedded Intel certificate for TDX attestation root of trust
INFO : 2023/10/13 05:07:39.656554 verify.go:1089: Signing certificate successfully verified using trusted roots
INFO : 2023/10/13 05:07:39.656568 verify.go:1101: Verifying response body using signing certificate
INFO : 2023/10/13 05:07:39.656717 verify.go:1105: Response body verified successfully using signing certificate
INFO : 2023/10/13 05:07:39.656732 verify.go:1109: Verifying Root CA CRL using root certificate in the issuer's chain
INFO : 2023/10/13 05:07:39.656767 verify.go:720: CRL issuer's name found: CN=Intel SGX Root CA,O=Intel Corporation,L=Santa Clara,ST=CA,C=US
INFO : 2023/10/13 05:07:39.656867 verify.go:725: CRL signature verified using trusted certificate
INFO : 2023/10/13 05:07:39.656877 verify.go:1113: Root CA CRL verified successfully using root certificate in the issuer's chain
INFO : 2023/10/13 05:07:39.656889 verify.go:1120: Root certificate is not revoked by the signing certificate
INFO : 2023/10/13 05:07:39.656900 verify.go:1203: TCB Info API response verified successfully
INFO : 2023/10/13 05:07:39.656910 verify.go:1205: Verifying the QE Identity API response
INFO : 2023/10/13 05:07:39.656920 verify.go:1164: QeIdentity ID "TD_QE" matches with expected ID "TD_QE"
INFO : 2023/10/13 05:07:39.656930 verify.go:1169: QeIdentity version 2 matches with expected version 2
INFO : 2023/10/13 05:07:39.656938 verify.go:1173: Verifying QE Identity response
INFO : 2023/10/13 05:07:39.656943 verify.go:1075: Verifying root certificate in the issuer chain
INFO : 2023/10/13 05:07:39.656947 verify.go:652: Certificate version found: 3
INFO : 2023/10/13 05:07:39.656955 verify.go:657: Certicate's signature algorithm found: ECDSA-SHA256
INFO : 2023/10/13 05:07:39.656961 verify.go:662: Certicate's public key algorithm found: ECDSA
INFO : 2023/10/13 05:07:39.656966 verify.go:670: Certificate's public key curve found: P-256
INFO : 2023/10/13 05:07:39.656972 verify.go:695: Certificate's subject name found: Intel SGX Root CA
INFO : 2023/10/13 05:07:39.657003 verify.go:700: Certificate's issuer name found: CN=Intel SGX Root CA,O=Intel Corporation,L=Santa Clara,ST=CA,C=US
INFO : 2023/10/13 05:07:39.657108 verify.go:705: Certificate's signature verified using parent certificate
INFO : 2023/10/13 05:07:39.657118 verify.go:1079: Root certificate verified successfully in the issuer chain
INFO : 2023/10/13 05:07:39.657125 verify.go:1081: Verifiying signing certificate in the issuer chain
INFO : 2023/10/13 05:07:39.657132 verify.go:652: Certificate version found: 3
INFO : 2023/10/13 05:07:39.657138 verify.go:657: Certicate's signature algorithm found: ECDSA-SHA256
INFO : 2023/10/13 05:07:39.657158 verify.go:662: Certicate's public key algorithm found: ECDSA
INFO : 2023/10/13 05:07:39.657169 verify.go:670: Certificate's public key curve found: P-256
INFO : 2023/10/13 05:07:39.657180 verify.go:695: Certificate's subject name found: Intel SGX TCB Signing
INFO : 2023/10/13 05:07:39.657201 verify.go:700: Certificate's issuer name found: CN=Intel SGX Root CA,O=Intel Corporation,L=Santa Clara,ST=CA,C=US
INFO : 2023/10/13 05:07:39.657292 verify.go:705: Certificate's signature verified using parent certificate
INFO : 2023/10/13 05:07:39.657301 verify.go:1085: Signing certificate verified successfully in the issuer chain
WARN : 2023/10/13 05:07:39.657308 verify.go:824: Using embedded Intel certificate for TDX attestation root of trust
INFO : 2023/10/13 05:07:39.657407 verify.go:1089: Signing certificate successfully verified using trusted roots
INFO : 2023/10/13 05:07:39.657419 verify.go:1101: Verifying response body using signing certificate
INFO : 2023/10/13 05:07:39.657524 verify.go:1105: Response body verified successfully using signing certificate
INFO : 2023/10/13 05:07:39.657534 verify.go:1109: Verifying Root CA CRL using root certificate in the issuer's chain
INFO : 2023/10/13 05:07:39.657566 verify.go:720: CRL issuer's name found: CN=Intel SGX Root CA,O=Intel Corporation,L=Santa Clara,ST=CA,C=US
INFO : 2023/10/13 05:07:39.657658 verify.go:725: CRL signature verified using trusted certificate
INFO : 2023/10/13 05:07:39.657666 verify.go:1113: Root CA CRL verified successfully using root certificate in the issuer's chain
INFO : 2023/10/13 05:07:39.657681 verify.go:1120: Root certificate is not revoked by the signing certificate
INFO : 2023/10/13 05:07:39.657692 verify.go:1209: QE Identity API response verified successfully
INFO : 2023/10/13 05:07:39.657701 verify.go:1211: Collaterals verified successfully
INFO : 2023/10/13 05:07:39.657711 verify.go:984: Extracting attestation key from the quote
INFO : 2023/10/13 05:07:39.657723 verify.go:277: Public Key is on curve P-256
INFO : 2023/10/13 05:07:39.657732 verify.go:989: Attestation key extracted succesfully from the quote
INFO : 2023/10/13 05:07:39.657741 verify.go:991: Extracting signature present in the quote
INFO : 2023/10/13 05:07:39.657752 verify.go:997: Signature extracted successfully from the quote
INFO : 2023/10/13 05:07:39.657766 verify.go:999: Verifying Header and TD Quote Body using attestation key and signature present in the quote
INFO : 2023/10/13 05:07:39.657882 verify.go:1012: Header and TD Quote Body verified successfully
INFO : 2023/10/13 05:07:39.657895 verify.go:1016: Verifying the QE Report signature using PCK Leaf certificate
INFO : 2023/10/13 05:07:39.657997 verify.go:1068: QE Report's signature verified using PCK Leaf Certificate
INFO : 2023/10/13 05:07:39.658008 verify.go:1020: QE Report signature verified successfully
INFO : 2023/10/13 05:07:39.658018 verify.go:1022: Verifying QE Report Data
INFO : 2023/10/13 05:07:39.658031 verify.go:1026: QE Report Data verified successfully
INFO : 2023/10/13 05:07:39.658043 verify.go:1029: Verifying TD Quote Body using TCB Info API response
INFO : 2023/10/13 05:07:39.658056 verify.go:908: FMSPC from PCK Certificate("50806f000000") is equal to FMSPC value from PCS's reported TDX TCB info("50806f000000")
INFO : 2023/10/13 05:07:39.658065 verify.go:913: PCEID from PCK Certificate("0000") is equal to PCEID from PCS's reported TDX TCB info("0000")
INFO : 2023/10/13 05:07:39.658085 verify.go:918: MRSIGNERSEAM value from TD Quote Body("000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") is equal to TdxModule.Mrsigner field in PCS's reported TDX TCB info("000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
INFO : 2023/10/13 05:07:39.658101 verify.go:928: AttributesMask value("0000000000000000") is equal to TdxModule.Attributes field in PCS's reported TDX TCB info("0000000000000000")
FATAL: could not verify the TDX Quote: PCS's reported TDX TCB info failed TCB status check: no matching TCB level found

panwarsandeep
panwarsandeep approved these changes Oct 13, 2023
View reviewed changes
Copy link
Collaborator

@panwarsandeep panwarsandeep left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jrjatin jrjatin merged commit 60b3ea5 into google:main Oct 25, 2023
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@panwarsandeep panwarsandeep panwarsandeep approved these changes

@ivishwesh ivishwesh Awaiting requested review from ivishwesh

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jrjatin @panwarsandeep