Merge pull request #33 from oasisprotocol/kostko/feature/attestation-…

…tool-early-tcb attestation-tool: Use early TCB updates
oasisprotocol · Mar 4, 2024 · c37cfc5 · c37cfc5
2 parents f66c6fa + 6e67085
commit c37cfc5
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 5 deletions.
diff --git a/attestation-tool/Cargo.lock b/attestation-tool/Cargo.lock
diff --git a/attestation-tool/Cargo.toml b/attestation-tool/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "attestation-tool"
-version = "0.2.0"
+version = "0.3.1"
 authors = ["Oasis Protocol Foundation", "Fortanix, Inc."]
 license = "MPL-2.0"
 edition = "2018"

diff --git a/attestation-tool/src/ecdsa.rs b/attestation-tool/src/ecdsa.rs
@@ -303,7 +303,7 @@ pub fn try_ecdsa(aesm_client: &AesmClient, loader: &mut IsgxDevice) -> Result<TC
 
     // Fetch TCB info from PCS.
     let url = format!(
-        "{TCB_URL}?fmspc={fmspc_hex}",
+        "{TCB_URL}?fmspc={fmspc_hex}&update=early",
         fmspc_hex = hex::encode(&fmspc)
     );
     println!("Using PCCS URL: {:?}", url);
@@ -354,8 +354,9 @@ pub fn try_ecdsa(aesm_client: &AesmClient, loader: &mut IsgxDevice) -> Result<TC
     let report = Report::try_copy_from(&report).ok_or(anyhow!("could not construct QE3 report"))?;
 
     // Fetch QE identity from PCS.
-    println!("Using PCCS URL: {:?}", QE_IDENTITY_URL);
-    let response = ureq::get(QE_IDENTITY_URL).call()?;
+    let url = format!("{QE_IDENTITY_URL}?update=early");
+    println!("Using PCCS URL: {:?}", url);
+    let response = ureq::get(&url).call()?;
     let qe_identity: QEIdentityResponse = serde_json::from_str(&response.into_string()?)
         .map_err(|err| anyhow!("error parsing QE identity: {}", err))?;
     let qe_identity = qe_identity.enclave_identity;