dcap-qvl 0.3.7

This crate implements the quote verification logic for DCAP (Data Center Attestation Primitives) in pure Rust.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

                         Intel Root CA
                              │
              ┌───────────────┼───────────────┐
              ▼               ▼               ▼
         PCK Cert        TCB Signing      QE Identity
         Issuer CA        Cert Chain       Signing Cert
              │               │               │
              ▼               │               │
         PCK Cert             │               │
              │               │               │
              │          signs│          signs│
              │               ▼               ▼
              │          TCB Info        QE Identity
              │          (JSON)           (JSON)
              │               │               │
         signs│               │               │
              ▼               │               │
         QE Report            │               │
              │               │               │
     ┌────────┴────────┐      │               │
     │                 │      │               │
     │  contains       │      │               │
     ▼                 ▼      │               │
  QE Hash         MRSIGNER    │               │
     ▲            ISVPRODID   │               │
     │            ISVSVN ─────┼───────────────┘
     │            MISCSELECT  │          policy match
     │            ATTRIBUTES  │
  hash of              │      │
     │                 │      │
     ▼                 │      ▼
 Attestation    ◄──────┘  match against
    Key                   ISV Report
     │
signs│
     ▼
 ISV Report ◄─────────────────┐
 (quote body)                 │
     │                        │
     │ contains               │
     ▼                        │
  CPU SVN  ───────────────────┤
  PCE SVN                     │ match against
  FMSPC                       │ TCB Info
     ▲                        │
     │ extracted from         │
     │                        │
 PCK Cert ────────────────────┘