I have a few questions about Intel's Web API's for DCAP attestation: https://api.portal.trustedservices.intel.com/documentation
Question 1: Is the "Get PCK Certificate V2 (pckcert)" API broken? For some hosts it returns the correct certificate, on others it appears to return a certificate for the wrong TCB level. And certs for the wrong TCB level are not able to verify the QE's attestation key. The parameters I pass to the API come from type 3 QE Certificate Data generated on hosts that do not have the libdcap_quoteprov shared library installed.
Question 2: There is a "Get PCK Certificates V2 (pckcerts)" API that returns certificates for all TCB levels, but the documentation does not state if any order can be assumed about the returned certificates or what the algorithm is for picking the correct certificate from the results. Can someone describe the algorithm and also put it in the documentation?
Question 3: The sample data for "Get TCB Info V2" shows an array of advisory ID values for TCB levels that are not "UpToDate". I'm not finding these advisory IDs in live data. When can we expect them to be added?
Thanks! - Dmitry
For question 1: I'm still having issues validating the QE report signature with the PCK certificate only on certain DCAP hosts and only in quotes with type 3 certificate data. (Quotes with type-3 certificate data are created by Intel's libraries when libdcap_quoteprov.so.* is not present.) I'll continue to look into it. It might be something on my end. If someone has seen a similar issue or has ideas, please let me know.
I originally thought the "Get PCK Certificate V2" API might be returning a certificate from the wrong TCB level, but I no longer think that is the case. The certificate I was getting back from the single cert API had a different fingerprint than the one selected by libdcap_quoteprov.so + Intel's PCCS server which use the "Get PCK Certificates V2" API (note the "s"). While the certificates from the 2 different web services had different issue dates and overall fingerprints, the serial numbers and public keys inside the certificates were identical. I had never seen serial numbers reused for different certificates before, so that was another source of confusion when debugging.
First, I'd recommend using the docs at 01.org as opposed to the web based docs... these are currently more complete, especially the Quote Lib Reference: https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/
1. This is by design... you can not always get the PCK cert exactly matching your HW TCB. If you generate a PCK sig using the raw TCB of the platform (CertType = 3), you cannot verify the signature with the mapped down PCK Cert.
2. You should not depend on the order of the returned certs. You should only know that you will get 1 PCK Cert for each TCB Level in that platform's TCBInfo structure. We do provide a Cert Selection Library as part of DCAP that has all cert selection logic, but that is really intended to run as part of the PCCS.
3. The sample data should be treated as just that... a sample. The advisories in there are not real.