support optionally validating PCK configuration

[burgerdev]

No description provided.

[sespiros]

I see there is also a cli tool included under tools/check which you can use to specify expected policy. If we make use of that we should add the SMTEnabled field there as well (as well as in the policy configuration proto).

Regarding the other two fields DynamicPlatform and CachedKeys. I would add them for completeness but they can also be done later. They are both relevant for multi-package/CPUs platforms:

• DynamicPlatform is to express whether you allow your system to be extended with extra CPUs (multi-package platforms). I would be strict. I would add it and expect it to be false unless needed.

• CachedKeys, if we don't have multi-package platforms, I would say we don't care about this. More info on https://cc-enabling.trustedservices.intel.com/intel-dcap-mp-ra/02/overview/#sgx-multi-package-registration-modes. The tl;dr of what happens if the keys are not cached is:

  When you use this method, PCK Certificates cannot be requested using the PPID since the Registration Service does not have the platform keys required to generate PPID. Instead, the platform manifest must be provided to generate the PCK Certificates. You must maintain a copy of the platform manifests.

[burgerdev]

I added the two other configuration items to validate.Options. Regarding the tools/check: this would be required for an upstream PR, but since we don't use it I'd rather not. ptal