Hello everyone,

I am working on a POC to securely expose keys from Azure Key Vault Managed HSM. However, I have encountered several challenges along the way and would appreciate any guidance or advice.

Environment and Setup Details:

• PCCS Service:

  • The latest PCCS code seems to be missing from the Intel repository.
  • I used older code to set up the PCCS service, but I am unsure if it is configured correctly for my use case.

• Development Mode:

  • I am using a single-step signing process in debug mode for this POC.
  • Report and quote generation succeed, but issues arise during attestation with Microsoft Azure Attestation (MAA) service.

Problem Description:

While sending the generated quote to the MAA service, I encounter the following error:

Error Logs:

• Key Error Points:
  • InvalidParameter: SuppliedRuntimeDataDigest does not match RuntimeData Digest in quote.
  • Quote validation fails due to mismatches in runtime data digest.
  • The error occurs when using the validatequotes.core sample from the Azure SGX repository.

Request for Help:

I would appreciate assistance with the following:

1. Correct Steps for PCCS Setup:

   • Are there updated resources or repositories for setting up PCCS service correctly for both development and production environments?
   • Is it recommended to continue with the older PCCS code, or should I adopt a different approach?

2. MAA Service Integration:

   • How can I resolve the runtime data digest mismatch issue during attestation?
   • Are there best practices for correctly signing and verifying quotes with the MAA service?

I am following the SKR documentation from Microsoft: Secure Key Release Documentation.

Any insights or guidance on how to complete this POC successfully for both dev and prod environments would be greatly appreciated.

Thank you in advance!

Best regards,
Vinothkumar S