attestation_verifier
Minimal Rust crate for verifying Intel TDX quotes with DCAP.
It is focused on the one thing you want to publish as a reusable crate:
- verify raw quote bytes
- verify raw quote hex
- verify the common wrapped payload shape
{"tdx":{"quote":"..."}} - verify the hex-encoded form of that wrapped payload, which matches the
quote_hexfield in this repo'sexample.json - extract
report_datafrom a raw quote
The crate fetches Intel collaterals through PCCS using dcap-qvl. By default it reads PCCS_URL from the environment and falls back to PHALA_PCCS_URL.
Install
[]
= "0.1"
Examples
Verify a raw quote hex string:
use verify_quote_hex;
async
Verify a wrapped TDX JSON payload:
use verify_tdx_quote_json;
async
Verify the wrapped hex payload used by example.json:
use verify_tdx_quote_json_hex;
async
Extract report_data as hex:
use ;
Local Example
This repo includes example.json. The relevant field is:
tdx_attestation.quote_hex
That field is not raw quote hex. It is hex-encoded JSON containing a base64 quote, so the matching API is:
use verify_tdx_quote_json_hex;
If you want the report_data from that same field, use:
use ;
Notes
- Verification requires network access to a PCCS endpoint.
- The default test suite stays offline. The live verification test is marked
ignored. - If you want a different PCCS, set
PCCS_URLor createVerifier::new("https://your-pccs").