diff --git a/.changelog/5704.internal.md b/.changelog/5704.internal.md new file mode 100644 index 00000000000..673ce22b71c --- /dev/null +++ b/.changelog/5704.internal.md @@ -0,0 +1,5 @@ +go: Reverse order of TCB update fetching + +Early TCB updates are now tried first when updating TCB info. If +validation for an early update fails, the mechanism falls back to the +standard update. diff --git a/go/runtime/host/sgx/ecdsa.go b/go/runtime/host/sgx/ecdsa.go index aab6e492449..1a4a940ac3d 100644 --- a/go/runtime/host/sgx/ecdsa.go +++ b/go/runtime/host/sgx/ecdsa.go @@ -193,7 +193,7 @@ func (ec *teeStateECDSA) Update(ctx context.Context, sp *sgxProvisioner, conn pr return fresh, nil } var tcbBundle *pcs.TCBBundle - for _, update := range []pcs.UpdateType{pcs.UpdateStandard, pcs.UpdateEarly} { + for _, update := range []pcs.UpdateType{pcs.UpdateEarly, pcs.UpdateStandard} { if tcbBundle, err = getTcbBundle(update); err == nil { break } diff --git a/go/runtime/host/sgx/epid.go b/go/runtime/host/sgx/epid.go index 2a9e8f50380..4bd323f6d11 100644 --- a/go/runtime/host/sgx/epid.go +++ b/go/runtime/host/sgx/epid.go @@ -124,22 +124,24 @@ func (ep *teeStateEPID) update( RuntimeID: ep.runtimeID, Quote: quote, Nonce: nonce, + EarlyTCBUpdate: true, MinTCBEvaluationDataNumber: quotePolicy.MinTCBEvaluationDataNumber, } + // First try with early updating. If that fails, fall back to normal. avrBundle, err := iasClient.VerifyEvidence(ctx, &evidence) if err != nil { - return nil, fmt.Errorf("error while verifying attestation evidence: %w", err) + return nil, fmt.Errorf("error while verifying attestation evidence with early update: %w", err) } // Decode the AVR so we can do further checks. avr, decErr := cmnIAS.UnsafeDecodeAVR(avrBundle.Body) - if decErr == nil && avr.TCBEvaluationDataNumber < quotePolicy.MinTCBEvaluationDataNumber { - // Retry again with early updating. - evidence.EarlyTCBUpdate = true + if decErr == nil && avr.ISVEnclaveQuoteStatus != cmnIAS.QuoteOK && avr.ISVEnclaveQuoteStatus != cmnIAS.QuoteSwHardeningNeeded { + // Retry again without early updating. + evidence.EarlyTCBUpdate = false avrBundle, err = iasClient.VerifyEvidence(ctx, &evidence) if err != nil { - return nil, fmt.Errorf("error while verifying attestation evidence with early update: %w", err) + return nil, fmt.Errorf("error while verifying attestation evidence with normal update: %w", err) } avr, decErr = cmnIAS.UnsafeDecodeAVR(avrBundle.Body) }