update fn pckcerts_with_fallback

New logic will get following PKC certs:
- PCKID CPUSVN
- CPUSVN all 1's
- For every CPUSVN we try where the late microcode value is higher than the early microcode value, the CPUSVN where the early microcode value is set to the late microcode value.

Author: Taowyoo

intel-sgx/dcap-artifact-retrieval/src/provisioning_client/mod.rs

@@ -596,11 +596,27 @@ pub trait ProvisioningClient {
         let tcb_info = self.tcbinfo(&fmspc, None)?;
         let tcb_data = tcb_info.data()?;
         let mut pcks = HashMap::new();
+        // Getting PCK cert using CPUSVN from PCKID
         {
             let ptcb = pck_cert.platform_tcb()?;
             pcks.insert((ptcb.cpusvn, ptcb.tcb_components.pce_svn()), pck_cert);
         }
-        for (cpu_svn, pce_isvsvn) in tcb_data.iter_tcb_components() {
+        // Getting PCK cert using CPUSVN all 1's
+        {
+            let pck_cert = self.pckcert(
+                Some(&pck_id.enc_ppid),
+                &pck_id.pce_id,
+                &[u8::MAX; 16],
+                pck_id.pce_isvsvn,
+                Some(&pck_id.qe_id),
+            )?;
+            let ptcb = pck_cert.platform_tcb()?;
+            pcks.insert((ptcb.cpusvn, ptcb.tcb_components.pce_svn()), pck_cert);
+        }
+        // For every CPUSVN we try where the late microcode value is higher
+        // than the early microcode value, the CPUSVN where the early
+        // microcode value is set to the late microcode value
+        for (cpu_svn, pce_isvsvn) in tcb_data.iter_tcb_components_with_late_tcb_override() {
             let p = match self.pckcert(
                 Some(&pck_id.enc_ppid),
                 &pck_id.pce_id,

intel-sgx/pcs/src/pckcrt.rs

@@ -158,6 +158,43 @@ impl TcbComponents {
         }
         out
     }
+
+    /// The CPUSVN where the early microcode value is set to the late microcode
+    /// value when the late microcode value is higher than the early microcode
+    /// value. For example:
+    /// ```json
+    /// [{
+    ///   "svn": 7,
+    ///   "category": "BIOS",
+    ///   "type": "Early Microcode Update"
+    /// },
+    /// {
+    ///   "svn": 9,
+    ///   "category": "OS/VMM",
+    ///   "type": "SGX Late Microcode Update"
+    /// }]
+    /// ```
+    /// Here 7 will be set to 9.
+    pub fn cpu_svn_late_override_early(&self) -> CpuSvn {
+        // NOTE: to support older stable compilers (pre 1.77) we are avoiding
+        // the obvious implementation:
+        //
+        // self.0.sgxtcbcomponents.each_ref().map(|c| c.svn)
+        let mut out: CpuSvn = [0u8; 16];
+        let tcb_components = &self.0.sgxtcbcomponents;
+        out[15] = tcb_components[15].svn;
+        for i in 0..15 {
+            if tcb_components[i].comp_type.as_str() == "Early Microcode Update"
+               && tcb_components[i+1].comp_type.as_str() == "SGX Late Microcode Update"
+               && tcb_components[i+1].svn > tcb_components[i].svn
+            {
+                out[i] = tcb_components[i+1].svn
+            } else {
+                out[i] = tcb_components[i].svn;
+            }
+        }
+        out
+    }
 }
 
 impl PartialOrd for TcbComponents {

intel-sgx/pcs/src/tcb_info.rs

@@ -326,6 +326,21 @@ impl<V: VerificationType> TcbData<V> {
     pub fn iter_tcb_components(&self) -> impl Iterator<Item = (CpuSvn, PceIsvsvn)> + '_ {
         self.tcb_levels.iter().map(|tcb_level| (tcb_level.tcb.cpu_svn(), tcb_level.tcb.pce_svn()))
     }
+
+    /// For every CPUSVN where the late microcode value is higher
+    /// than the early microcode value, the CPUSVN where the early
+    /// microcode value is set to the late microcode value
+    pub fn iter_tcb_components_with_late_tcb_override(&self) -> impl Iterator<Item = (CpuSvn, PceIsvsvn)> + '_ {
+        self.tcb_levels.iter().map(|tcb_level| {
+            let overridden_svn = tcb_level.tcb.cpu_svn_late_override_early();
+            let cpu_svn = tcb_level.tcb.cpu_svn();
+            if cpu_svn != overridden_svn{
+                (overridden_svn, tcb_level.tcb.pce_svn())
+            } else {
+                (cpu_svn, tcb_level.tcb.pce_svn())
+            }
+        })
+    }
 }
 
 #[derive(Clone, Serialize, Deserialize, Debug, Eq, PartialEq)]