dcap_artifact_retrieval::provisioning_client

Trait ProvisioningClient

pub trait ProvisioningClient {
    // Required methods
    fn pckcerts(
        &self,
        enc_ppid: &EncPpid,
        pce_id: PceId,
    ) -> Result<PckCerts, Error>;
    fn pckcert(
        &self,
        encrypted_ppid: Option<&EncPpid>,
        pce_id: &PceId,
        cpu_svn: &CpuSvn,
        pce_isvsvn: PceIsvsvn,
        qe_id: Option<&QeId>,
    ) -> Result<PckCert<Unverified>, Error>;
    fn tcbinfo(
        &self,
        fmspc: &Fmspc,
        evaluation_data_number: Option<u16>,
    ) -> Result<TcbInfo, Error>;
    fn pckcrl(
        &self,
        ca: DcapArtifactIssuer,
    ) -> Result<PckCrl<Unverified>, Error>;
    fn qe_identity(
        &self,
        evaluation_data_number: Option<u16>,
    ) -> Result<QeIdentitySigned, Error>;
    fn tcb_evaluation_data_numbers(
        &self,
    ) -> Result<RawTcbEvaluationDataNumbers, Error>;

    // Provided method
    fn pckcerts_with_fallback(&self, pck_id: &PckID) -> Result<PckCerts, Error> { ... }
}

Required Methods§

Source

fn pckcerts(&self, enc_ppid: &EncPpid, pce_id: PceId) -> Result<PckCerts, Error>

Source

fn pckcert( &self, encrypted_ppid: Option<&EncPpid>, pce_id: &PceId, cpu_svn: &CpuSvn, pce_isvsvn: PceIsvsvn, qe_id: Option<&QeId>, ) -> Result<PckCert<Unverified>, Error>

Source

fn tcbinfo( &self, fmspc: &Fmspc, evaluation_data_number: Option<u16>, ) -> Result<TcbInfo, Error>

Source

fn pckcrl(&self, ca: DcapArtifactIssuer) -> Result<PckCrl<Unverified>, Error>

Source

fn qe_identity( &self, evaluation_data_number: Option<u16>, ) -> Result<QeIdentitySigned, Error>

Source

fn tcb_evaluation_data_numbers( &self, ) -> Result<RawTcbEvaluationDataNumbers, Error>

Provided Methods§

Source

fn pckcerts_with_fallback(&self, pck_id: &PckID) -> Result<PckCerts, Error>

Retrieve PCK certificates using pckcerts() and fallback to the following method if that’s not supported:

Call pckcert() with PCK ID to get best available PCK cert.
Try to call pckcert() with PCK ID but with CPUSVN all 1’s.
Using the FMSPC value from PCK cert in step 1, call tcbinfo() to get TCB info.
For each TCB level in the result of previous call:
- Call pckcert() to get the best available PCK cert for that TCB level.
- When late microcode value is higher than the early microcode value, also try to get PCK cert with TCB level where the early microcode value is set to the late microcode value.

Note that PCK certs for some TCB levels may be missing.

Implementors§

Source §

ProvisioningClient

Trait ProvisioningClient Copy item path

Required Methods§

fn pckcerts(&self, enc_ppid: &EncPpid, pce_id: PceId) -> Result<PckCerts, Error>

fn pckcert( &self, encrypted_ppid: Option<&EncPpid>, pce_id: &PceId, cpu_svn: &CpuSvn, pce_isvsvn: PceIsvsvn, qe_id: Option<&QeId>, ) -> Result<PckCert<Unverified>, Error>

fn tcbinfo( &self, fmspc: &Fmspc, evaluation_data_number: Option<u16>, ) -> Result<TcbInfo, Error>

fn pckcrl(&self, ca: DcapArtifactIssuer) -> Result<PckCrl<Unverified>, Error>

fn qe_identity( &self, evaluation_data_number: Option<u16>, ) -> Result<QeIdentitySigned, Error>

fn tcb_evaluation_data_numbers( &self, ) -> Result<RawTcbEvaluationDataNumbers, Error>

Provided Methods§

fn pckcerts_with_fallback(&self, pck_id: &PckID) -> Result<PckCerts, Error>

Implementors§

impl<F: for<'a> Fetcher<'a>> ProvisioningClient for Client<F>

Trait ProvisioningClient