Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1405 Discussions

There is no advisoryIDs in the Get TCB Info API's Response

Toshi_O
Beginner
‎06-19-2022 07:49 PM
827 Views
Solved Jump to solution

For example, when using Remote Attestation with DCAP for Quote verification, TCBInfo is obtained from the following URL.
https://api.trustedservices.intel.com/sgx/certification/v3/tcb?fmspc=00906ed50000

The tcbStatus in the response returned by this API has a ConfirmationAndSWHardeningNeeded
status. But why is there no AdvisoryId associated with this Status in the response?

https://api.portal.trustedservices.intel.com/documentation#pcs-tcb-info-v3
The advisoryId is present in this reference.
If there is a vulnerability related to tcbLevel, I would expect the advisoryId to be included in the API response, but is this understanding incorrect?

Also, if the advisoryId is not currently included in the API response, what is the best way for a verifier to know the relationship between a particular TCBLevel and the advisoryId?

Labels (3)
Labels:
0 Kudos
1 Solution
Sahira_Intel
Moderator
‎07-15-2022 02:33 PM
708 Views
Solved Jump to solution

Hi,

Your understanding is correct, and this feature will actually be released soon.


Sincerely,

Sahira


View solution in original post

0 Kudos
Copy link

Link Copied

4 Replies
Toshi_O
Beginner
‎07-07-2022 01:41 AM
766 Views
Solved Jump to solution

Additional information.

Attestation Report issued by Intel's IAS when the EPID verification was performed on the same machine.

 

{"id":"...","timestamp":"2022-07-07T08:29:08.930675","version":4,"advisoryURL":"https://security-center.intel.com","advisoryIDs":["INTEL-SA-00334"],"isvEnclaveQuoteStatus":"SW_HARDENING_NEEDED","isvEnclaveQuoteBody":"..."}

 

I think AdvisoryId is a common problem independent of either IAS or DCAP.

Then I am wondering why IAS returns AdvisoryId and Intel's PCS does not return AdvisoryId

 

0 Kudos
Copy link
Sahira_Intel
Moderator
‎07-13-2022 02:22 PM
726 Views
Solved Jump to solution

Hi Toshi,

Apologies for not responding sooner. I am looking into this and will let you know when I have more information

 

Sincerely,

Sahira 

0 Kudos
Copy link
Sahira_Intel
Moderator
‎07-15-2022 02:33 PM
709 Views
Solved Jump to solution

Hi,

Your understanding is correct, and this feature will actually be released soon.


Sincerely,

Sahira


0 Kudos
Copy link
Toshi_O
Beginner
‎07-18-2022 06:01 PM
689 Views
Solved Jump to solution
In response to Sahira_Intel

thanks!

We look forward to your correction.

In response to Sahira_Intel
0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.