From 1463f95a8a8848439b4b925395acace5bb603c77 Mon Sep 17 00:00:00 2001 From: Thomas Tendyck Date: Wed, 18 Sep 2024 12:31:34 +0200 Subject: [PATCH] expose TCB level index as claim Signed-off-by: Thomas Tendyck --- 3rdparty/openenclave/ert.patch | 71 +++++++++++++++++++++++++++++++++- 1 file changed, 69 insertions(+), 2 deletions(-) diff --git a/3rdparty/openenclave/ert.patch b/3rdparty/openenclave/ert.patch index bbeb2974d..189f9789a 100644 --- a/3rdparty/openenclave/ert.patch +++ b/3rdparty/openenclave/ert.patch @@ -168,10 +168,19 @@ index 0f97c1c6f..fd5ad7d6c 100644 # Do not use, for example, `-std=gnu++14`. set(CMAKE_CXX_EXTENSIONS OFF) diff --git a/common/sgx/tcbinfo.c b/common/sgx/tcbinfo.c -index 127f313ad..9b4bcd984 100644 +index 127f313ad..da070fc2e 100644 --- a/common/sgx/tcbinfo.c +++ b/common/sgx/tcbinfo.c -@@ -1715,26 +1715,41 @@ oe_result_t oe_parse_qe_identity_info_json( +@@ -781,6 +781,8 @@ static oe_result_t _read_tcb_info_tcb_level_v2_or_v3( + if (*itr < end && **itr == ']') + break; + OE_CHECK(_read(',', itr, end)); ++ ++ ++platform_tcb_level->index; // EDG: remember the index within the array + } + + OE_CHECK(_read(']', itr, end)); +@@ -1715,26 +1717,41 @@ oe_result_t oe_parse_qe_identity_info_json( itr = _skip_ws(itr, end); OE_CHECK(_read('{', &itr, end)); @@ -219,6 +228,39 @@ index 127f313ad..9b4bcd984 100644 OE_CHECK(_read('}', &itr, end)); if (itr == end) +diff --git a/common/sgx/tcbinfo.h b/common/sgx/tcbinfo.h +index ae1508d45..38e6b62b7 100644 +--- a/common/sgx/tcbinfo.h ++++ b/common/sgx/tcbinfo.h +@@ -89,6 +89,9 @@ typedef struct _oe_tcb_info_tcb_level + + //! Total size of all the advisoryIDs. + size_t advisory_ids_size; ++ ++ // EDG: index of this TCB level in the array within the TCB info JSON ++ uint32_t index; + } oe_tcb_info_tcb_level_t; + + #define OE_SGX_FMSPC_SIZE 6 +diff --git a/common/sgx/verifier.c b/common/sgx/verifier.c +index ae4e42357..af7389642 100644 +--- a/common/sgx/verifier.c ++++ b/common/sgx/verifier.c +@@ -476,6 +476,14 @@ static oe_result_t _fill_with_known_claims( + sgx_endorsements->items[OE_SGX_ENDORSEMENT_FIELD_TCB_INFO] + .size)); + ++ // EDG: TCB info index ++ OE_CHECK(oe_sgx_add_claim( ++ &claims[claims_index++], ++ OE_CLAIM_SGX_TCB_INFO_INDEX, ++ sizeof(OE_CLAIM_SGX_TCB_INFO_INDEX), ++ &local_platform_tcb_level.index, ++ sizeof(local_platform_tcb_level.index))); ++ + // TCB issuer chain + OE_CHECK(oe_sgx_add_claim( + &claims[claims_index++], diff --git a/debugger/gdb-extension/load_symbol_cmd.py b/debugger/gdb-extension/load_symbol_cmd.py index ca0e0f893..ea04aa53b 100644 --- a/debugger/gdb-extension/load_symbol_cmd.py @@ -1215,6 +1257,31 @@ index 2471fe6f1..f7296ef7d 100644 + return result; } +diff --git a/include/openenclave/attestation/sgx/evidence.h b/include/openenclave/attestation/sgx/evidence.h +index 4a19d4187..f0246300a 100644 +--- a/include/openenclave/attestation/sgx/evidence.h ++++ b/include/openenclave/attestation/sgx/evidence.h +@@ -145,16 +145,18 @@ OE_EXTERNC_BEGIN + */ + // SQX quote verification collaterals. + #define OE_CLAIM_SGX_TCB_INFO "sgx_tcb_info" ++#define OE_CLAIM_SGX_TCB_INFO_INDEX "sgx_tcb_info_index" + #define OE_CLAIM_SGX_TCB_ISSUER_CHAIN "sgx_tcb_issuer_chain" + #define OE_CLAIM_SGX_PCK_CRL "sgx_pck_crl" + #define OE_CLAIM_SGX_ROOT_CA_CRL "sgx_root_ca_crl" + #define OE_CLAIM_SGX_CRL_ISSUER_CHAIN "sgx_crl_issuer_chain" + #define OE_CLAIM_SGX_QE_ID_INFO "sgx_qe_id_info" + #define OE_CLAIM_SGX_QE_ID_ISSUER_CHAIN "sgx_qe_id_issuer_chain" +-#define OE_SGX_OPTIONAL_CLAIMS_SGX_COLLATERALS_COUNT 7 ++#define OE_SGX_OPTIONAL_CLAIMS_SGX_COLLATERALS_COUNT 8 + // SGX PCESVN. + #define OE_CLAIM_SGX_PCE_SVN "sgx_pce_svn" +-#define OE_SGX_OPTIONAL_CLAIMS_COUNT 8 ++#define OE_SGX_OPTIONAL_CLAIMS_COUNT \ ++ (OE_SGX_OPTIONAL_CLAIMS_SGX_COLLATERALS_COUNT + 1) + + // Additional SGX specific claim: for the report data embedded in the SGX quote. + diff --git a/include/openenclave/bits/fs.h b/include/openenclave/bits/fs.h index f7220c44f..d3623bfa1 100644 --- a/include/openenclave/bits/fs.h