Update the SGX quote status verification in python #404
Assignees
Labels
enhancement
New feature or request
Comments
|
this doesn't look like a security check, at best an optimization, may be close this issue? or even remove the code that does the local status check at the eservice. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The quote status verification in python uses hardcoded values to verify the quote (e.g., the "GROUP_OUT_OF_DATE" string).
With the updated IAS APIs, we need to handle additional flags, like those listed in the verify-report module of the crypto library.
This can be necessary particularly when working with Azure VMs.
The verify-report cpp module already implements the verification functions, also providing additional flags to make the verification pass with particular statuses (such as group out date).
Hence, it is appropriate to leverage the available swig layer to call into the cpp module for the verification, so that we have a single place where the verification is performed.
The text was updated successfully, but these errors were encountered: