[Quote V5 Support] Determine if relaunch is required for TD

abi/abi.go

@@ -335,7 +335,7 @@ func quoteToProtoV4(b []uint8) (*pb.QuoteV4, error) {
 		quote.ExtraBytes = extraBytes
 	}
 
-	if err := CheckQuoteV4(quote); err != nil {
+	if err := CheckQuote(quote); err != nil {
 		return nil, fmt.Errorf("parsing QuoteV4 failed: %v", err)
 	}
 	return quote, nil
@@ -387,7 +387,7 @@ func quoteToProtoV5(b []uint8) (*pb.QuoteV5, error) {
 	if len(extraBytes) > 0 {
 		quote.ExtraBytes = extraBytes
 	}
-	if err := CheckQuoteV5(quote); err != nil {
+	if err := CheckQuote(quote); err != nil {
 		return nil, fmt.Errorf("parsing QuoteV5 failed: %v", err)
 	}
 	return quote, nil
@@ -892,8 +892,19 @@ func checkEcdsa256BitQuoteV4AuthData(signedData *pb.Ecdsa256BitQuoteV4AuthData)
 	return nil
 }
 
-// CheckQuoteV4  validates a quote protobuf by ensuring all parameters meet their required size
-func CheckQuoteV4(quote *pb.QuoteV4) error {
+// CheckQuote validates a quote protobuf by ensuring all parameters meet their required size
+func CheckQuote(quote any) error {
+	switch q := quote.(type) {
+	case *pb.QuoteV4:
+		return checkQuoteV4(q)
+	case *pb.QuoteV5:
+		return checkQuoteV5(q)
+	default:
+		return fmt.Errorf("unsupported quote type: %T", quote)
+	}
+}
+
+func checkQuoteV4(quote *pb.QuoteV4) error {
 	if quote == nil {
 		return ErrQuoteV4Nil
 	}
@@ -910,8 +921,7 @@ func CheckQuoteV4(quote *pb.QuoteV4) error {
 	return nil
 }
 
-// CheckQuoteV5 validates a QuoteV5 protobuf by ensuring all parameters meet their required size
-func CheckQuoteV5(quote *pb.QuoteV5) error {
+func checkQuoteV5(quote *pb.QuoteV5) error {
 	if quote == nil {
 		return ErrQuoteV5Nil
 	}
@@ -1152,7 +1162,7 @@ func QuoteToAbiBytes(quote any) ([]byte, error) {
 
 // quoteToAbiBytesV4 translates the QuoteV4 back into its little-endian ABI format
 func quoteToAbiBytesV4(quote *pb.QuoteV4) ([]byte, error) {
-	if err := CheckQuoteV4(quote); err != nil {
+	if err := CheckQuote(quote); err != nil {
 		return nil, fmt.Errorf("QuoteV4 invalid: %v", err)
 	}
 	var data []byte
@@ -1186,7 +1196,7 @@ func quoteToAbiBytesV4(quote *pb.QuoteV4) ([]byte, error) {
 }
 
 func quoteToAbiBytesV5(quote *pb.QuoteV5) ([]byte, error) {
-	if err := CheckQuoteV5(quote); err != nil {
+	if err := CheckQuote(quote); err != nil {
 		return nil, fmt.Errorf("quoteV5 invalid: %v", err)
 	}
 	var data []byte

abi/abi_test.go

@@ -129,6 +129,59 @@ func TestQuoteToAbiBytes(t *testing.T) {
 	}
 }
 
+func TestCheckQuote(t *testing.T) {
+	quoteV4, err := QuoteToProto(test.RawQuote)
+	if err != nil {
+		t.Fatalf("failed to parse RawQuote: %v", err)
+	}
+
+	quoteV5, err := QuoteToProto(test.RawQuoteV5)
+	if err != nil {
+		t.Fatalf("failed to parse RawQuoteV5: %v", err)
+	}
+
+	tcs := []struct {
+		name    string
+		quote   any
+		wantErr string
+	}{
+		{
+			name:    "empty quoteV4",
+			quote:   &pb.QuoteV4{},
+			wantErr: "QuoteV4 Header error: header is nil",
+		},
+		{
+			name:    "empty quoteV5",
+			quote:   &pb.QuoteV5{},
+			wantErr: "quoteV5 Header error: header is nil",
+		},
+		{
+			name:    "correct quoteV4",
+			quote:   quoteV4,
+			wantErr: "",
+		},
+		{
+			name:    "correct quoteV5",
+			quote:   quoteV5,
+			wantErr: "",
+		},
+	}
+	for _, tc := range tcs {
+		t.Run(tc.name, func(t *testing.T) {
+			err := CheckQuote(tc.quote)
+			if tc.wantErr == "" {
+				if err != nil {
+					t.Errorf("CheckQuote() returned error %v, want nil", err)
+				}
+				return
+			}
+			if err == nil || err.Error() != tc.wantErr {
+				t.Errorf("CheckQuote() returned error %v, want %v", err, tc.wantErr)
+			}
+		})
+	}
+}
+
 func TestNilToAbiBytesConversions(t *testing.T) {
 	tcs := []struct {
 		name string

pcs/pcs.go

@@ -221,6 +221,8 @@ const (
 	TcbComponentStatusOutOfDateConfigurationNeeded TcbComponentStatus = "OutOfDateConfigurationNeeded"
 	// TcbComponentStatusRevoked denotes tcb status as Revoked
 	TcbComponentStatusRevoked TcbComponentStatus = "Revoked"
+	// TcbComponentStatusRelaunchAdvisedConfigurationNeeded denotes tcb status as RelaunchAdvisedConfigurationNeeded
+	TcbComponentStatusRelaunchAdvisedConfigurationNeeded TcbComponentStatus = "RelaunchAdvisedConfigurationNeeded"
 )
 
 // UnmarshalJSON for TcbComponentStatus maps tcb status to corresponding valid strings

proto/checkconfig.proto

@@ -53,6 +53,8 @@ message TDQuoteBodyPolicy {
   bytes report_data = 10;         // should be 64 bytes
   repeated bytes any_mr_td = 11;  // each should be 48 bytes.
   bool enable_td_debug_check = 12; // if true, check that the DEBUG bit is 0 in TDAttributes.
+  bytes minimum_tee_tcb_svn2 = 13;  // should be 16 bytes
+  bytes mr_service_td = 14;         // should be 48 bytes
 }
 
 // RootOfTrust represents configuration for which hardware root of trust

testing/test_cases.go

@@ -58,6 +58,10 @@ var TestGetter = &Getter{
 			Header: TcbInfoHeader,
 			Body:   testdata.TcbInfoBody,
 		},
+		"https://api.trustedservices.intel.com/tdx/certification/v4/tcb?fmspc=90c06f000000": {
+			Header: TcbInfoHeader,
+			Body:   testdata.TcbInfoV5Body,
+		},
 		"https://api.trustedservices.intel.com/sgx/certification/v4/pckcrl?ca=platform&encoding=der": {
 			Header: PckCrlHeader,
 			Body:   testdata.PckCrlBody,

testing/testdata/sample_tcbinfo_response_v5

@@ -0,0 +1 @@
+{"tcbInfo":{"id":"TDX","version":3,"issueDate":"2026-02-01T14:49:26Z","nextUpdate":"2026-03-03T14:49:26Z","fmspc":"90c06f000000","pceId":"0000","tcbType":0,"tcbEvaluationDataNumber":18,"tdxModule":{"mrsigner":"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","attributes":"0000000000000000","attributesMask":"FFFFFFFFFFFFFFFF"},"tdxModuleIdentities":[{"id":"TDX_03","mrsigner":"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","attributes":"0000000000000000","attributesMask":"FFFFFFFFFFFFFFFF","tcbLevels":[{"tcb":{"isvsvn":3},"tcbDate":"2024-11-13T00:00:00Z","tcbStatus":"UpToDate"}]},{"id":"TDX_01","mrsigner":"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","attributes":"0000000000000000","attributesMask":"FFFFFFFFFFFFFFFF","tcbLevels":[{"tcb":{"isvsvn":6},"tcbDate":"2024-11-13T00:00:00Z","tcbStatus":"UpToDate"},{"tcb":{"isvsvn":4},"tcbDate":"2024-03-13T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-01036","INTEL-SA-01099"]},{"tcb":{"isvsvn":2},"tcbDate":"2023-08-09T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-01036","INTEL-SA-01099"]}]}],"tcbLevels":[{"tcb":{"sgxtcbcomponents":[{"svn":3,"category":"BIOS","type":"Early Microcode Update"},{"svn":3,"category":"OS/VMM","type":"SGX Late Microcode Update"},{"svn":2,"category":"OS/VMM","type":"TXT SINIT"},{"svn":2,"category":"BIOS"},{"svn":4,"category":"BIOS"},{"svn":1,"category":"BIOS"},{"svn":0},{"svn":5,"category":"OS/VMM","type":"SEAMLDR ACM"},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":13,"tdxtcbcomponents":[{"svn":5,"category":"OS/VMM","type":"TDX Module"},{"svn":0,"category":"OS/VMM","type":"TDX Module"},{"svn":3,"category":"OS/VMM","type":"TDX Late Microcode Update"},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}]},"tcbDate":"2024-11-13T00:00:00Z","tcbStatus":"UpToDate"},{"tcb":{"sgxtcbcomponents":[{"svn":2,"category":"BIOS","type":"Early Microcode Update"},{"svn":2,"category":"OS/VMM","type":"SGX Late Microcode Update"},{"svn":2,"category":"OS/VMM","type":"TXT SINIT"},{"svn":2,"category":"BIOS"},{"svn":3,"category":"BIOS"},{"svn":1,"category":"BIOS"},{"svn":0},{"svn":5,"category":"OS/VMM","type":"SEAMLDR ACM"},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":13,"tdxtcbcomponents":[{"svn":5,"category":"OS/VMM","type":"TDX Module"},{"svn":0,"category":"OS/VMM","type":"TDX Module"},{"svn":2,"category":"OS/VMM","type":"TDX Late Microcode Update"},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}]},"tcbDate":"2024-03-13T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-01036","INTEL-SA-01079","INTEL-SA-01099","INTEL-SA-01103","INTEL-SA-01111"]},{"tcb":{"sgxtcbcomponents":[{"svn":2,"category":"BIOS","type":"Early Microcode Update"},{"svn":2,"category":"OS/VMM","type":"SGX Late Microcode Update"},{"svn":2,"category":"OS/VMM","type":"TXT SINIT"},{"svn":2,"category":"BIOS"},{"svn":3,"category":"BIOS"},{"svn":1,"category":"BIOS"},{"svn":0},{"svn":5,"category":"OS/VMM","type":"SEAMLDR ACM"},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":5,"tdxtcbcomponents":[{"svn":5,"category":"OS/VMM","type":"TDX Module"},{"svn":0,"category":"OS/VMM","type":"TDX Module"},{"svn":2,"category":"OS/VMM","type":"TDX Late Microcode Update"},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}]},"tcbDate":"2018-01-04T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00106","INTEL-SA-00115","INTEL-SA-00135","INTEL-SA-00203","INTEL-SA-00220","INTEL-SA-00233","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00837","INTEL-SA-01036","INTEL-SA-01079","INTEL-SA-01099","INTEL-SA-01103","INTEL-SA-01111"]}]},"signature":"1c9386cfaa0393fce88f800f7124b6ba2cee0ab1490702b54ffe95c08757d1a8de3380566a3113837b1b4adeeb58ad8d1b5163f3e765f6def13087fcc945a240"}

testing/testdata/testdata.go

@@ -49,6 +49,11 @@ var RootCrlBody []byte
 //go:embed "sample_tcbInfo_response"
 var TcbInfoBody []byte
 
+// TcbInfoV5Body contains sample TCBInfo response for TDX 1.5. To be used only for testing
+//
+//go:embed "sample_tcbinfo_response_v5"
+var TcbInfoV5Body []byte
+
 // QeIdentityBody  contains sample QeIdentity response. To be used only for testing
 //
 //go:embed "sample_qeIdentity_response"