dcap_rs/types/tcbinfo.rs
1use serde::{Deserialize, Serialize};
2
3pub enum TcbInfo {
4 V2(TcbInfoV2),
5 V3(TcbInfoV3)
6}
7
8// TcbInfoV2:
9// type: object
10// description: >-
11// SGX TCB Info encoded as JSON string in case of success (200 HTTP
12// status code)
13// properties:
14// tcbInfo:
15// type: object
16// properties:
17// version:
18// type: integer
19// example: 2
20// description: Version of the structure
21// issueDate:
22// type: string
23// format: date-time
24// description: >-
25// Representation of date and time the TCB information
26// was created. The time shall be in UTC and the
27// encoding shall be compliant to ISO 8601 standard
28// (YYYY-MM-DDThh:mm:ssZ)
29// nextUpdate:
30// type: string
31// format: date-time
32// description: >-
33// Representation of date and time by which next TCB
34// information will be issued. The time shall be in UTC
35// and the encoding shall be compliant to ISO 8601
36// standard (YYYY-MM-DDThh:mm:ssZ)
37// fmspc:
38// type: string
39// pattern: ^[0-9a-fA-F]{12}$
40// example: '000000000000'
41// description: >-
42// Base 16-encoded string representation of FMSPC
43// (Family-Model-Stepping-Platform-CustomSKU)
44// pceId:
45// type: string
46// pattern: ^[0-9a-fA-F]{4}$
47// example: '0000'
48// description: Base 16-encoded string representation of PCE identifier
49// tcbType:
50// type: integer
51// example: 0
52// description: >-
53// Type of TCB level composition that determines TCB
54// level comparison logic
55// tcbEvaluationDataNumber:
56// type: integer
57// example: 2
58// description: >-
59// A monotonically increasing sequence number changed
60// when Intel updates the content of the TCB evaluation data
61// set: TCB Info, QE Idenity and QVE Identity. The tcbEvaluationDataNumber
62// update is synchronized across TCB Info for all flavors of
63// SGX CPUs (Family-Model-Stepping-Platform-CustomSKU) and QE/QVE
64// Identity. This sequence number allows users to easily determine
65// when a particular TCB Info/QE Idenity/QVE Identiy superseedes
66// another TCB Info/QE Identity/QVE Identity (value: current
67// TCB Recovery event number stored in the database).
68// tcbLevels:
69// type: array
70// description: >-
71// Sorted list of supported TCB levels for given FMSPC
72// encoded as a JSON array of TCB level objects
73// items:
74// type: object
75// properties:
76// tcb:
77// type: object
78// properties:
79// pcesvn:
80// type: integer
81// example: 0
82// minimum: 0
83// maximum: 65535
84// sgxtcbcomp01svn:
85// type: integer
86// example: 0
87// minimum: 0
88// maximum: 255
89// sgxtcbcomp02svn:
90// type: integer
91// example: 0
92// minimum: 0
93// maximum: 255
94// sgxtcbcomp03svn:
95// type: integer
96// example: 0
97// minimum: 0
98// maximum: 255
99// sgxtcbcomp04svn:
100// type: integer
101// example: 0
102// minimum: 0
103// maximum: 255
104// sgxtcbcomp05svn:
105// type: integer
106// example: 0
107// minimum: 0
108// maximum: 255
109// sgxtcbcomp06svn:
110// type: integer
111// example: 0
112// minimum: 0
113// maximum: 255
114// sgxtcbcomp07svn:
115// type: integer
116// example: 0
117// minimum: 0
118// maximum: 255
119// sgxtcbcomp08svn:
120// type: integer
121// example: 0
122// minimum: 0
123// maximum: 255
124// sgxtcbcomp09svn:
125// type: integer
126// example: 0
127// minimum: 0
128// maximum: 255
129// sgxtcbcomp10svn:
130// type: integer
131// example: 0
132// minimum: 0
133// maximum: 255
134// sgxtcbcomp11svn:
135// type: integer
136// example: 0
137// minimum: 0
138// maximum: 255
139// sgxtcbcomp12svn:
140// type: integer
141// example: 0
142// minimum: 0
143// maximum: 255
144// sgxtcbcomp13svn:
145// type: integer
146// example: 0
147// minimum: 0
148// maximum: 255
149// sgxtcbcomp14svn:
150// type: integer
151// example: 0
152// minimum: 0
153// maximum: 255
154// sgxtcbcomp15svn:
155// type: integer
156// example: 0
157// minimum: 0
158// maximum: 255
159// sgxtcbcomp16svn:
160// type: integer
161// example: 0
162// minimum: 0
163// maximum: 255
164// tcbDate:
165// type: string
166// format: date-time
167// description: >-
168// If there are security advisories published by Intel after tcbDate
169// that are for issues whose mitigations are currently enforced* by SGX attestation,
170// then the value of tcbStatus for the TCB level will not be UpToDate.
171// Otherwise (i.e., either no advisories after or not currently enforced),
172// the value of tcbStatus for the TCB level will not be OutOfDate.
173//
174// The time shall be in UTC and the encoding shall
175// be compliant to ISO 8601 standard (YYYY-MM-DDThh:mm:ssZ).
176// tcbStatus:
177// type: string
178// enum:
179// - UpToDate
180// - SWHardeningNeeded
181// - ConfigurationNeeded
182// - ConfigurationAndSWHardeningNeeded
183// - OutOfDate
184// - OutOfDateConfigurationNeeded
185// - Revoked
186// description: >-
187// TCB level status. One of the following values:
188//
189// "UpToDate" - TCB level of the SGX platform is up-to-date.
190//
191// "SWHardeningNeeded" - TCB level of the SGX platform
192// is up-to-date but due to certain issues affecting the
193// platform, additional SW Hardening in the attesting
194// SGX enclaves may be needed.
195//
196// "ConfigurationNeeded" - TCB level of the SGX platform
197// is up-to-date but additional configuration of SGX
198// platform may be needed.
199//
200// "ConfigurationAndSWHardeningNeeded" - TCB level of the
201// SGX platform is up-to-date but additional configuration
202// for the platform and SW Hardening in the attesting SGX
203// enclaves may be needed.
204//
205// "OutOfDate" - TCB level of SGX platform is outdated.
206//
207// "OutOfDateConfigurationNeeded" - TCB level of SGX
208// platform is outdated and additional configuration
209// of SGX platform may be needed.
210//
211// "Revoked" - TCB level of SGX platform is revoked.
212// The platform is not trustworthy.
213// ZL: This new field is added for v3, seems like a mistake in Intel's documentation.
214// Going to keep it here for now.
215// advisoryIDs:
216// type: array
217// description: >-
218// Array of Advisory IDs referring to Intel security advisories that
219// provide insight into the reason(s) for the value of tcbStatus for
220// this TCB level when the value is not UpToDate.
221//
222// Note: The value can be different for different
223// FMSPCs.
224//
225// This field is optional. It will be present only
226// if the list of Advisory IDs is not empty.
227// items:
228// type: string
229// signature:
230// type: string
231// description: >-
232// Base 16-encoded string representation of signature calculated over tcbInfo
233// body without whitespaces using TCB Signing Key
234// i.e:
235// {"version":2,"issueDate":"2019-07-30T12:00:00Z","nextUpdate":"2019-08-30T12:00:00Z",...}
236
237#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
238#[serde(rename_all = "camelCase")]
239pub struct TcbInfoV2 {
240 pub tcb_info: TcbInfoV2Inner,
241 pub signature: String,
242}
243
244#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
245#[serde(rename_all = "camelCase")]
246pub struct TcbInfoV2Inner {
247 pub version: u32,
248 pub issue_date: String,
249 pub next_update: String,
250 pub fmspc: String,
251 pub pce_id: String,
252 pub tcb_type: u64,
253 pub tcb_evaluation_data_number: u32,
254 pub tcb_levels: Vec<TcbInfoV2TcbLevelItem>,
255}
256
257#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
258#[serde(rename_all = "camelCase")]
259pub struct TcbInfoV2TcbLevelItem {
260 pub tcb: TcbInfoV2TcbLevel,
261 pub tcb_date: String,
262 pub tcb_status: String,
263}
264
265#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
266#[serde(rename_all = "camelCase")]
267pub struct TcbInfoV2TcbLevel {
268 pub sgxtcbcomp01svn: u8,
269 pub sgxtcbcomp02svn: u8,
270 pub sgxtcbcomp03svn: u8,
271 pub sgxtcbcomp04svn: u8,
272 pub sgxtcbcomp05svn: u8,
273 pub sgxtcbcomp06svn: u8,
274 pub sgxtcbcomp07svn: u8,
275 pub sgxtcbcomp08svn: u8,
276 pub sgxtcbcomp09svn: u8,
277 pub sgxtcbcomp10svn: u8,
278 pub sgxtcbcomp11svn: u8,
279 pub sgxtcbcomp12svn: u8,
280 pub sgxtcbcomp13svn: u8,
281 pub sgxtcbcomp14svn: u8,
282 pub sgxtcbcomp15svn: u8,
283 pub sgxtcbcomp16svn: u8,
284 pub pcesvn: u16,
285}
286// TcbInfoV3:
287// type: object
288// description: >-
289// SGX TCB Info encoded as JSON string in case of success (200 HTTP
290// status code)
291// properties:
292// tcbInfo:
293// type: object
294// properties:
295// id:
296// type: string
297// description: Identifier of the TCB Info issued by Intel. Supported values are SGX or TDX.
298// version:
299// type: integer
300// example: 2
301// description: Version of the structure
302// issueDate:
303// type: string
304// format: date-time
305// description: >-
306// Representation of date and time the TCB information
307// was created. The time shall be in UTC and the
308// encoding shall be compliant to ISO 8601 standard
309// (YYYY-MM-DDThh:mm:ssZ)
310// nextUpdate:
311// type: string
312// format: date-time
313// description: >-
314// Representation of date and time by which next TCB
315// information will be issued. The time shall be in UTC
316// and the encoding shall be compliant to ISO 8601
317// standard (YYYY-MM-DDThh:mm:ssZ)
318// fmspc:
319// type: string
320// pattern: ^[0-9a-fA-F]{12}$
321// example: '000000000000'
322// description: >-
323// Base 16-encoded string representation of FMSPC
324// (Family-Model-Stepping-Platform-CustomSKU)
325// pceId:
326// type: string
327// pattern: ^[0-9a-fA-F]{4}$
328// example: '0000'
329// description: Base 16-encoded string representation of PCE identifier
330// tcbType:
331// type: integer
332// example: 0
333// description: >-
334// Type of TCB level composition that determines TCB
335// level comparison logic
336// tcbEvaluationDataNumber:
337// type: integer
338// example: 2
339// description: >-
340// A monotonically increasing sequence number changed
341// when Intel updates the content of the TCB evaluation data
342// set: TCB Info, QE Idenity and QVE Identity. The tcbEvaluationDataNumber
343// update is synchronized across TCB Info for all flavors of
344// SGX CPUs (Family-Model-Stepping-Platform-CustomSKU) and QE/QVE
345// Identity. This sequence number allows users to easily determine
346// when a particular TCB Info/QE Idenity/QVE Identiy superseedes
347// another TCB Info/QE Identity/QVE Identity (value: current
348// TCB Recovery event number stored in the database).
349// tdxModule:
350// type: object
351// description: >-
352// This field is optional. It will be present only
353// in context of TDX TCB Info.
354// properties:
355// mrsigner:
356// type: string
357// pattern: ^[0-9a-fA-F]{96}$
358// example: '0000000000000000000000000000000000000000000000000000000000000000'
359// description: Base 16-encoded string representation of the measurement of a TDX SEAM module's signer.
360// attributes:
361// type: string
362// pattern: ^[0-9a-fA-F]{16}$
363// example: '0000000000000000'
364// description: Hex-encoded byte array (8 bytes) representing attributes "golden" value (upon applying mask) for TDX SEAM module.
365// attributesMask:
366// type: string
367// pattern: ^[0-9a-fA-F]{16}$
368// example: 'FFFFFFFFFFFFFFFF'
369// description: Hex-encoded byte array (8 bytes) representing mask to be applied to TDX SEAM module's attributes value retrieved from the platform.
370// tdxModuleIdentities:
371// type: array
372// description: >-
373// This field is optional. It will be present only in context of TDX TCB Info when the platform supports more than one TDX SEAM Module.
374// items:
375// type: object
376// properties:
377// id:
378// type: string
379// description: Identifier of TDX Module
380// mrsigner:
381// type: string
382// pattern: ^[0-9a-fA-F]{96}$
383// example: '0000000000000000000000000000000000000000000000000000000000000000'
384// description: Base 16-encoded string representation of the measurement of a TDX SEAM module's signer.
385// attributes:
386// type: string
387// pattern: ^[0-9a-fA-F]{16}$
388// example: '0000000000000000'
389// description: Base 16-encoded string representation of the byte array (8 bytes) representing attributes "golden" value (upon applying mask) for TDX SEAM module.
390// attributesMask:
391// type: string
392// pattern: ^[0-9a-fA-F]{16}$
393// example: 'FFFFFFFFFFFFFFFF'
394// description: Base 16-encoded string representation of the byte array (8 bytes) representing mask to be applied to TDX SEAM module's attributes value retrieved from the platform.
395// tcbLevels:
396// type: array
397// description: >-
398// Sorted list of supported TCB levels for given TDX SEAM module encoded as a JSON array of TCB level objects.
399// items:
400// type: object
401// properties:
402// tcb:
403// type: object
404// properties:
405// isvnsvn:
406// description: TDX SEAM module's ISV SVN
407// type: integer
408// tcbDate:
409// type: string
410// format: date-time
411// description: >-
412// If there are security advisories published by Intel after tcbDate
413// that are for issues whose mitigations are currently enforced* by SGX/TDX attestation,
414// then the value of tcbStatus for the TCB level will not be UpToDate.
415// Otherwise (i.e., either no advisories after or not currently enforced),
416// the value of tcbStatus for the TCB level will not be OutOfDate.
417//
418// The time shall be in UTC and the encoding shall
419// be compliant to ISO 8601 standard (YYYY-MM-DDThh:mm:ssZ).
420// tcbStatus:
421// type: string
422// enum:
423// - UpToDate
424// - OutOfDate
425// - Revoked
426// description: >-
427// TCB level status. One of the following values:
428//
429// "UpToDate" - TCB level of the TDX SEAM Module is up-to-date.
430//
431// "OutOfDate" - TCB level of TDX SEAM Module is outdated.
432//
433// "Revoked" - TCB level of TDX SEAM Module is revoked.
434// The platform is not trustworthy.
435// advisoryIDs:
436// type: array
437// description: >-
438// Array of Advisory IDs referring to Intel security advisories that
439// provide insight into the reason(s) for the value of tcbStatus for
440// this TCB level when the value is not UpToDate.
441//
442// This field is optional. It will be present only
443// if the list of Advisory IDs is not empty.
444// items:
445// type: string
446// tcbLevels:
447// type: array
448// description: >-
449// Sorted list of supported TCB levels for given FMSPC
450// encoded as a JSON array of TCB level objects
451// items:
452// type: object
453// properties:
454// tcb:
455// type: object
456// properties:
457// sgxtcbcomponents:
458// description: >-
459// Array of 16 SGX TCB Components (as in CPUSVN) encoded as a JSON array of TCB Component objects.
460// items:
461// properties:
462// svn:
463// type: "integer"
464// description: SVN of TCB Component. This field is mandatory.
465// category:
466// type: "string"
467// description: Category of TCB Component (e.g. ucode, BIOS, SW). This field is optional and will be present only for selected TCB Components.
468// type:
469// type: "string"
470// description: Type of TCB Component (e.g. Patch@Reset, Late Patch). This field is optional and will be present only for selected TCB Components.
471// pcesvn:
472// type: integer
473// example: 0
474// minimum: 0
475// maximum: 65535
476// tdxtcbcomponents:
477// description: >-
478// Array of 16 TDX TCB Components (as in TEE TCB SVN array in TD Report) encoded as a JSON array of TCB Component objects.
479//
480// This field is optional and only present in TDX TCB Info.
481// items:
482// properties:
483// svn:
484// type: "integer"
485// description: SVN of TCB Component. This field is mandatory.
486// category:
487// type: "string"
488// description: Category of TCB Component (e.g. ucode, BIOS, SW). This field is optional and will be present only for selected TCB Components.
489// type:
490// type: "string"
491// description: Type of TCB Component (e.g. Patch@Reset, Late Patch). This field is optional and will be present only for selected TCB Components.
492// tcbDate:
493// type: string
494// format: date-time
495// description: >-
496// If there are security advisories published by Intel after tcbDate
497// that are for issues whose mitigations are currently enforced* by SGX attestation,
498// then the value of tcbStatus for the TCB level will not be UpToDate.
499// Otherwise (i.e., either no advisories after or not currently enforced),
500// the value of tcbStatus for the TCB level will not be OutOfDate.
501//
502// The time shall be in UTC and the encoding shall
503// be compliant to ISO 8601 standard (YYYY-MM-DDThh:mm:ssZ).
504// tcbStatus:
505// type: string
506// enum:
507// - UpToDate
508// - SWHardeningNeeded
509// - ConfigurationNeeded
510// - ConfigurationAndSWHardeningNeeded
511// - OutOfDate
512// - OutOfDateConfigurationNeeded
513// - Revoked
514// description: >-
515// TCB level status. One of the following values:
516//
517// "UpToDate" - TCB level of the SGX platform is up-to-date.
518//
519// "SWHardeningNeeded" - TCB level of the SGX platform
520// is up-to-date but due to certain issues affecting the
521// platform, additional SW Hardening in the attesting
522// SGX enclaves may be needed.
523//
524// "ConfigurationNeeded" - TCB level of the SGX platform
525// is up-to-date but additional configuration of SGX
526// platform may be needed.
527//
528// "ConfigurationAndSWHardeningNeeded" - TCB level of the
529// SGX platform is up-to-date but additional configuration
530// for the platform and SW Hardening in the attesting SGX
531// enclaves may be needed.
532//
533// "OutOfDate" - TCB level of SGX platform is outdated.
534//
535// "OutOfDateConfigurationNeeded" - TCB level of SGX
536// platform is outdated and additional configuration
537// of SGX platform may be needed.
538//
539// "Revoked" - TCB level of SGX platform is revoked.
540// The platform is not trustworthy.
541// advisoryIDs:
542// type: array
543// description: >-
544// Array of Advisory IDs referring to Intel security advisories that
545// provide insight into the reason(s) for the value of tcbStatus for
546// this TCB level when the value is not UpToDate.
547//
548// Note: The value can be different for different
549// FMSPCs.
550//
551// This field is optional. It will be present only
552// if the list of Advisory IDs is not empty.
553// items:
554// type: string
555// signature:
556// type: string
557// description: >-
558// Base 16-encoded string representation of signature calculated over tcbInfo
559// body without whitespaces using TCB Signing Key
560// i.e:
561// {"version":2,"issueDate":"2019-07-30T12:00:00Z","nextUpdate":"2019-08-30T12:00:00Z",...}
562
563#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
564#[serde(rename_all = "camelCase")]
565pub struct TcbInfoV3 {
566 pub tcb_info: TcbInfoV3Inner,
567 pub signature: String,
568}
569
570#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
571#[serde(rename_all = "camelCase")]
572pub struct TcbInfoV3Inner {
573 pub id: String,
574 pub version: u32,
575 pub issue_date: String,
576 pub next_update: String,
577 pub fmspc: String,
578 pub pce_id: String,
579 pub tcb_type: u64,
580 pub tcb_evaluation_data_number: u32,
581 #[serde(skip_serializing_if = "Option::is_none")]
582 pub tdx_module: Option<TdxModule>,
583 #[serde(skip_serializing_if = "Option::is_none")]
584 pub tdx_module_identities: Option<Vec<TdxModuleIdentities>>,
585 pub tcb_levels: Vec<TcbInfoV3TcbLevelItem>,
586}
587
588#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
589#[serde(rename_all = "camelCase")]
590pub struct TdxModule {
591 pub mrsigner: String, // Base 16-encoded string representation of the measurement of a TDX SEAM module’s signer.
592 pub attributes: String, // Hex-encoded byte array (8 bytes) representing attributes "golden" value.
593 pub attributes_mask: String, // Hex-encoded byte array (8 bytes) representing mask to be applied to TDX SEAM module’s
594 // attributes value retrieved from the platform
595}
596
597#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
598#[serde(rename_all = "camelCase")]
599pub struct TdxModuleIdentities {
600 pub id: String, // Identifier of TDX Module
601 pub mrsigner: String, // Base 16-encoded string representation of the measurement of a TDX SEAM module’s signer.
602 pub attributes: String, // Base 16-encoded string representation of the byte array (8 bytes) representing attributes "golden" value.
603 pub attributes_mask: String, // Base 16-encoded string representation of the byte array (8 bytes) representing mask to be applied to TDX SEAM module’s
604 // attributes value retrieved from the platform
605 pub tcb_levels: Vec<TdxModuleIdentitiesTcbLevelItem>,
606}
607
608#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
609#[serde(rename_all = "camelCase")]
610pub struct TdxModuleIdentitiesTcbLevelItem {
611 pub tcb: TdxModuleIdentitiesTcbLevel,
612 pub tcb_date: String,
613 pub tcb_status: String,
614 #[serde(rename(serialize = "advisoryIDs", deserialize = "advisoryIDs"))]
615 #[serde(skip_serializing_if = "Option::is_none")]
616 pub advisory_ids: Option<Vec<String>>,
617
618}
619
620#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
621#[serde(rename_all = "camelCase")]
622pub struct TdxModuleIdentitiesTcbLevel {
623 pub isvsvn: u8, // TDX SEAM module’s ISV SVN
624}
625
626#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
627#[serde(rename_all = "camelCase")]
628pub struct TcbInfoV3TcbLevelItem {
629 pub tcb: TcbInfoV3TcbLevel,
630 pub tcb_date: String,
631 pub tcb_status: String,
632 #[serde(rename(serialize = "advisoryIDs", deserialize = "advisoryIDs"))]
633 #[serde(skip_serializing_if = "Option::is_none")]
634 pub advisory_ids: Option<Vec<String>>,
635}
636
637#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
638#[serde(rename_all = "camelCase")]
639pub struct TcbInfoV3TcbLevel {
640 pub sgxtcbcomponents: Vec<TcbComponent>,
641 pub pcesvn: u16,
642 #[serde(skip_serializing_if = "Option::is_none")]
643 pub tdxtcbcomponents: Option<Vec<TcbComponent>>,
644}
645
646#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
647#[serde(rename_all = "camelCase")]
648pub struct TcbComponent {
649 pub svn: u8, // SVN of TCB Component.
650 #[serde(skip_serializing_if = "Option::is_none")]
651 pub category: Option<String>, // Category of TCB Component (e.g. BIOS, OS/VMM).
652 #[serde(skip_serializing_if = "Option::is_none")]
653 #[serde(rename(serialize = "type", deserialize = "type"))]
654 pub type_: Option<String>, // Type of TCB Component (e.g. SGX Late Microcode Update, TXT SINIT).
655}