Skip to content

Implement PCS fetch function and bump dcap-qvl to 0.4#32

Open
ameba23 wants to merge 4 commits intomainfrom
peg/dcap-qvl-0.4
Open

Implement PCS fetch function and bump dcap-qvl to 0.4#32
ameba23 wants to merge 4 commits intomainfrom
peg/dcap-qvl-0.4

Conversation

@ameba23
Copy link
Copy Markdown
Collaborator

@ameba23 ameba23 commented Apr 23, 2026

dcap-qvl 0.4.0 has some breaking changes meaning we can no longer fetch collateral for a specific fmspc.

The related issue #31 proposes several options for resolving this, one of which is to implement the collateral fetch function ourselves. This PR does that.

I'm not sure this is the best path forwards but i wanted to show that its not so much code and has some big advantages of things we could do as follow-ups:

Comment thread crates/pccs/src/fetch.rs

/// Fetches a PCK certificate chain from PCCS/PCS using encrypted PPID
/// parameters
pub(super) async fn fetch_pck_certificate(
Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is only to handle quotes without an embedded PCK certificate chain - meaning certification data type 2 or 3.

I have never come across one of these, and dcap-qvl also does not have one in their test fixtures. So we can't actually test this code against a real quote.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd suggest to put this as a comment into the code

Comment thread crates/pccs/src/fetch.rs
Comment thread crates/pccs/src/fetch.rs Outdated
#[derive(Debug, serde::Deserialize)]
struct TcbInfoResponse {
#[serde(rename = "tcbInfo")]
tcb_info: serde_json::Value,
Copy link
Copy Markdown
Member

@MoeMahhouk MoeMahhouk Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if serde_json::Value alphabetizes keys on re-serialization, would that cause a fail signature on real intel collateral? Take a look at verify_tcb_info_signature which does collateral.tcb_info.as_bytes()
For example:

INPUT : {"id":"TDX","version":3,"issueDate":"2026-04-23T09:13:04Z","fmspc":"90C06F000000"}
OUTPUT: {"fmspc":"90C06F000000","id":"TDX","issueDate":"2026-04-23T09:13:04Z","version":3}

If you verify it, then you could consider serde_json::value::RawValue to preserve the exact bytes Intel signed

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very good catch. Yes i think you are right.

If this is the case, its an issue for dcap-qvl too because this was lifted from there. and also applies to QeIndentityResponse (below).

We can fix this here but probably should make an issue for dcap-qvl.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah, I think I oversaw something there. They do have this feature "preserve_order" enabled for serde_json in Cargo.toml. See here
This probably avoids such issue without dealing with rawbytes

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm yeah that would help a lot. but it still feels a bit brittle - there are other reasons why it might not serialize back to the exact same bytes. using RawValue feels a lot safer.

Copy link
Copy Markdown
Member

@MoeMahhouk MoeMahhouk Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

indeed, it would be a safer approach to go with raw bytes but it would add code complexity to maintain. Also, if at some point the feature graph shifts in the future, it would potentially break.
However, since this repo is mainly relying on dcap-qvl dependency, it is not a big problem since the feature preserve_order would be pulled transitively for the whole repo.
cargo tree -p pccs -e features --prefix depth | grep serde_json

…gnature checks are not effected by serialization
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants