diff --git a/common/crypto/CMakeLists.txt b/common/crypto/CMakeLists.txt index bab75fd2a..a1dbe75be 100644 --- a/common/crypto/CMakeLists.txt +++ b/common/crypto/CMakeLists.txt @@ -23,6 +23,7 @@ FILE(GLOB PROJECT_SOURCES "pdo-crypto-c-wrapper.cpp" "$ENV{FPC_PATH}/common/base64/base64.cpp" "$ENV{FPC_PATH}/common/json/parson.c" + "$ENV{FPC_PATH}/common/utils.c" #for append_string in parson "attestation-api/evidence/*.cpp" ) diff --git a/common/crypto/attestation-api/evidence/verify-evidence.cpp b/common/crypto/attestation-api/evidence/verify-evidence.cpp index ac49fa17d..86a2c8e68 100644 --- a/common/crypto/attestation-api/evidence/verify-evidence.cpp +++ b/common/crypto/attestation-api/evidence/verify-evidence.cpp @@ -150,9 +150,11 @@ bool verify_ias_evidence( { // verify report status - const int group_out_of_date_ok = 1; - COND2LOGERR(VERIFY_SUCCESS != verify_enclave_quote_status(ias_report.c_str(), - ias_report.length(), group_out_of_date_ok), + const unsigned int flags = QSF_ACCEPT_GROUP_OUT_OF_DATE | QSF_ACCEPT_CONFIGURATION_NEEDED | + QSF_ACCEPT_SW_HARDENING_NEEDED | + QSF_ACCEPT_CONFIGURATION_AND_SW_HARDENING_NEEDED; + COND2LOGERR(VERIFY_SUCCESS != + verify_enclave_quote_status(ias_report.c_str(), ias_report.length(), flags), "invalid quote status"); } diff --git a/common/crypto/pdo b/common/crypto/pdo index 75467684c..ba4896f45 160000 --- a/common/crypto/pdo +++ b/common/crypto/pdo @@ -1 +1 @@ -Subproject commit 75467684cda0ca6abb10154e3f45f97e9784ed54 +Subproject commit ba4896f457de697e43c7f16929a08b19754f90d2 diff --git a/scripts/cpplinter.sh b/scripts/cpplinter.sh index 485985da0..38f4f8c27 100755 --- a/scripts/cpplinter.sh +++ b/scripts/cpplinter.sh @@ -48,7 +48,7 @@ done #if check fails, provide instructions for fixing the format if [[ $RET != 0 ]] then - echo "Format check failed. Run '$0 DO_FORMAT' to fix the format." + echo "Format check failed. Run '$0 DO_FORMAT' to fix the format." fi exit $RET