Skip to content

DCAP attestation: Add GCP provenence check to establish whether the associated PPID is endorsed by Google#54

Open
ameba23 wants to merge 13 commits into
mainfrom
peg/gcp-provenance
Open

DCAP attestation: Add GCP provenence check to establish whether the associated PPID is endorsed by Google#54
ameba23 wants to merge 13 commits into
mainfrom
peg/gcp-provenance

Conversation

@ameba23

@ameba23 ameba23 commented Jun 12, 2026

Copy link
Copy Markdown
Collaborator

This will not yet work, but is in anticipation of GCP publicly publishing PPIDs of their TDX machines. Do not merge until this is available and has been tested in production.

When verifying an attestation which claims to be of type AttestationType::GcpTdx this PR adds an additional check as to whether the PPID from the PCK certificate included in the attestation is present in GCP's [soon to be] public bucket, which indicates that the PPID belongs to them.

To avoid unnecessary network calls on subsequent verifications, known GCP PPIDs are cached for up to one week. We might want to make this cache time shorter.

TODO:

@ameba23 ameba23 marked this pull request as draft June 12, 2026 07:15
@ameba23 ameba23 marked this pull request as ready for review July 6, 2026 09:56
* main:
  Bump reqwest to 0.13.4
  chore(deps): bump openssl from 0.10.79 to 0.10.80
expected_input_data: [u8; 64],
pccs: Option<Pccs>,
) -> Result<MultiMeasurements, DcapVerificationError> {
) -> Result<(MultiMeasurements, Quote), DcapVerificationError> {

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To avoid parsing the quote a second time to extract the PPID after verification, the verifier function now returns the parsed quote.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant