Skip to content

MAL-9769 Include latest pckcert in fallback pckcerts request #801

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Sep 15, 2025
Merged

MAL-9769 Include latest pckcert in fallback pckcerts request #801

merged 6 commits into from
Sep 15, 2025

Conversation

@dzil123
Copy link
Contributor

@dzil123 dzil123 commented Aug 19, 2025

No description provided.

Taowyoo
Taowyoo previously approved these changes Aug 19, 2025
View reviewed changes
@jethrogb
Copy link
Member

jethrogb commented Aug 19, 2025

Let's get additional certs from:

  • PCKID CPUSVN (this is what this PR currently does)
  • CPUSVN all 1's
  • For every CPUSVN we try where the late microcode value is higher than the early microcode value, the CPUSVN where the early microcode value is set to the late microcode value:
            {
              "svn": 7,
              "category": "BIOS",
              "type": "Early Microcode Update"
            },
            {
              "svn": 9,
              "category": "OS/VMM",
              "type": "SGX Late Microcode Update"
            },

@Taowyoo Taowyoo self-requested a review August 20, 2025 21:09
@Taowyoo
Copy link
Collaborator

Taowyoo commented Aug 25, 2025

Let's get additional certs from:

* PCKID CPUSVN (this is what this PR currently does)

* CPUSVN all 1's

* For every CPUSVN we try where the late microcode value is higher than the early microcode value, the CPUSVN where the early microcode value is set to the late microcode value:

            {
              "svn": 7,
              "category": "BIOS",
              "type": "Early Microcode Update"
            },
            {
              "svn": 9,
              "category": "OS/VMM",
              "type": "SGX Late Microcode Update"
            },

HI @jethrogb , why the 3rd option is needed ?

@jethrogb
Copy link
Member

jethrogb commented Aug 25, 2025

I want to capture the specific edge case we've identified for our cert iteration logic.

jethrogb
jethrogb reviewed Aug 25, 2025
View reviewed changes
intel-sgx/pcs/src/tcb_info.rs Outdated
(overridden_svn, tcb_level.tcb.pce_svn())
} else {
(cpu_svn, tcb_level.tcb.pce_svn())
}
Copy link
Member

@jethrogb jethrogb Aug 25, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For cpu_svn != overridden_svn, I was expecting this iterator yields two items: (overridden_svn, tcb_level.tcb.pce_svn()) and (cpu_svn, tcb_level.tcb.pce_svn())

Copy link
Contributor

@raoulstrackx raoulstrackx Sep 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment above hasn't been resolved yet. This is also highly specific to the pckcerts_with_fallback function in the dcap-artifact-retrieval crate. It's highly unlikely that there will be other users of this function. Can we move it to that crate/function? By adding it very close to the chaining of the iterators, without a dedicated function, there won't be an expectation anymore that this specific part yields two items.

Copy link
Collaborator

@Taowyoo Taowyoo Sep 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The problem is self.tcb_levels is private. So I cannot move any logic specific to it to other crates.

Copy link
Collaborator

@Taowyoo Taowyoo Sep 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @jethrogb , my current approach is chaining the iterators from iter_tcb_components and iter_tcb_components_with_late_tcb_override_only in pckcerts_with_fallback.
Do you mean you want to change it to one iterator that always return overridden_svn and cpu_svn and PceIsvsvn ?
Do you also means, in pckcerts_with_fallback, we do not need to get pckcert with cpu_svn is overridden_svn` is higher?

Copy link
Contributor

@raoulstrackx raoulstrackx Sep 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The problem is self.tcb_levels is private. So I cannot move any logic specific to it to other crates.

We can easily make tcb_level public for TcbData<Verified>

@Taowyoo Taowyoo force-pushed the dz/MAL-9769 branch 2 times, most recently from bc08090 to b5185cf Compare August 25, 2025 21:58
jethrogb
jethrogb reviewed Aug 25, 2025
View reviewed changes
@Taowyoo Taowyoo requested a review from jethrogb August 27, 2025 20:05
raoulstrackx
raoulstrackx reviewed Sep 3, 2025
View reviewed changes
intel-sgx/pcs/src/pckcrt.rs Outdated
.position(|comp| comp.comp_type == "Early Microcode Update");
let late_idx = tcb_components
.iter()
.position(|comp| comp.comp_type == "SGX Late Microcode Update");
Copy link
Contributor

@raoulstrackx raoulstrackx Sep 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This likely will go well, but I'm hesitant to rely on the exact string matches here. I think it's more likely that we re-use this code for other platforms/technologies (e.g., PCS v5, TDX, ...) where the descriptions have changed, than that the meaning of cpu svn components change. We could just have take position 0 and 1 in the cpusvn, instead of searching for exact strings. (see also comment below)

Copy link
Member

@jethrogb jethrogb Sep 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We definitely can't rely on the specific ordering of SVN components. Intel makes no guarantees about that.

Copy link
Member

@jethrogb jethrogb Oct 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@raoulstrackx This PR was approved but this comment wasn't addressed.

Copy link
Contributor

@raoulstrackx raoulstrackx Oct 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Created #821 for this

intel-sgx/pcs/src/tcb_info.rs Outdated
(overridden_svn, tcb_level.tcb.pce_svn())
} else {
(cpu_svn, tcb_level.tcb.pce_svn())
}
Copy link
Contributor

@raoulstrackx raoulstrackx Sep 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment above hasn't been resolved yet. This is also highly specific to the pckcerts_with_fallback function in the dcap-artifact-retrieval crate. It's highly unlikely that there will be other users of this function. Can we move it to that crate/function? By adding it very close to the chaining of the iterators, without a dedicated function, there won't be an expectation anymore that this specific part yields two items.

@Taowyoo Taowyoo requested a review from raoulstrackx September 4, 2025 18:58
dzil123 and others added 5 commits September 12, 2025 10:22
@dzil123 @Taowyoo
MAL-9769 Include latest pckcert in fallback pckcerts request
51a7bf4
@Taowyoo
update azure pckid for tests
591df15
@Taowyoo
update fn pckcerts_with_fallback
a98eaf8 
New logic will get following PCK certs:
- PCKID CPUSVN
- CPUSVN all 1's
- For every CPUSVN we try where the late microcode
  value is higher than the early microcode value,
  the CPUSVN where the early microcode value is
  set to the late microcode value.
@raoulstrackx @Taowyoo
Address reviewer comments
8a476b6
@Taowyoo
fix compile
7b20901
Taowyoo
Taowyoo previously approved these changes Sep 12, 2025
View reviewed changes
@raoulstrackx
Copy link
Contributor

raoulstrackx commented Sep 15, 2025

I've tested the different ways to get the "problematic" PckCert when the early and late stage microcode code update versions differ, and they all work. I've approved the PR, but I feel someone else should take another look as I wrote large parts myself

Taowyoo
Taowyoo approved these changes Sep 15, 2025
View reviewed changes
Copy link
Collaborator

@Taowyoo Taowyoo left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@raoulstrackx changed part looks good to me

@Taowyoo Taowyoo added this pull request to the merge queue Sep 15, 2025
Merged via the queue into master with commit 89af311 Sep 15, 2025
1 check passed
@Taowyoo Taowyoo deleted the dz/MAL-9769 branch September 15, 2025 20:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@raoulstrackx raoulstrackx raoulstrackx approved these changes

@Taowyoo Taowyoo Taowyoo approved these changes

@aditijannu aditijannu Awaiting requested review from aditijannu

@jethrogb jethrogb Awaiting requested review from jethrogb

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@dzil123 @jethrogb @Taowyoo @raoulstrackx