From 33c8aa4390bb1b87e593497beb15db3befe957b7 Mon Sep 17 00:00:00 2001 From: Tom Binder Date: Mon, 22 Apr 2024 14:55:53 +0000 Subject: [PATCH] Require minimal TCB version to be set. b/330845085 Change-Id: I3bb17d66d178c6bf73349afb7a1bd6708314d901 --- oak_attestation_verification/src/verifier.rs | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/oak_attestation_verification/src/verifier.rs b/oak_attestation_verification/src/verifier.rs index f5a8fe26857..06fb9958f58 100644 --- a/oak_attestation_verification/src/verifier.rs +++ b/oak_attestation_verification/src/verifier.rs @@ -312,17 +312,17 @@ fn compare_oak_restricted_kernel_measurement_digests( ) -> anyhow::Result<()> { compare_root_layer_measurement_digets( values.root_layer.as_ref().context("no root layer evidence values")?, - expected.root_layer.as_ref().context("no root layer expected avlues")?, + expected.root_layer.as_ref().context("no root layer expected values")?, )?; compare_kernel_layer_measurement_digests( values.kernel_layer.as_ref().context("no kernel layer evidence values")?, - expected.kernel_layer.as_ref().context("no kernel layer expected_values")?, + expected.kernel_layer.as_ref().context("no kernel layer expected values")?, )?; compare_application_layer_measurement_digests( values.application_layer.as_ref().context("no applications layer evidence values")?, - expected.application_layer.as_ref().context("no application layer expected_values")?, + expected.application_layer.as_ref().context("no application layer expected values")?, ) .context("application layer verification failed") } @@ -472,8 +472,7 @@ fn verify_amd_sev_attestation_report( ); } (Some(_), None) => anyhow::bail!("no reported TCB version in the attestation report"), - // TODO: b/330845085 - stop accepting missing reference values when all clients are updated. - (None, _) => {} + (None, _) => anyhow::bail!("no min TCB version reference value"), } Ok(())