Automata PCS DAO

Summary

The PcsDao contract is the core contract for managing Intel PCS (Provisioning Certification Service) collateral onchain. It handles essential certificates including the Intel SGX Root CA, intermediate CAs (PCK Platform CA, PCK Processor CA, TCB Signing CA), and their corresponding CRLs (Certificate Revocation Lists). All other DAO contracts depend on this contract to fetch issuer certificates and CRLs for signature verification.

Methods

getCertificateById

function getCertificateById(CA ca) external view returns (bytes memory cert, bytes memory crl)

Gets the certificate and its corresponding CRL for the specified Certificate Authority type.

Parameters:

  • ca (CA): Certificate Authority type - CA.ROOT, CA.SIGNING, CA.PROCESSOR, or CA.PLATFORM

Returns:

  • cert (bytes): DER-encoded certificate

  • crl (bytes): DER-encoded CRL signed by the certificate

upsertPcsCertificates

function upsertPcsCertificates(CA ca, bytes calldata cert) external returns (bytes32 attestationId)

Upserts (inserts or updates) a PCS certificate onchain with signature verification, revocation checking, and rollback protection.

Parameters:

  • ca (CA): Certificate Authority type - CA.ROOT, CA.SIGNING, CA.PROCESSOR, or CA.PLATFORM

  • cert (bytes): DER-encoded certificate

Returns:

  • attestationId (bytes32): The attestation ID returned by the resolver

upsertPckCrl

function upsertPckCrl(CA ca, bytes calldata crl) external returns (bytes32 attestationId)

Upserts (inserts or updates) a PCK Certificate Revocation List onchain with signature verification and rollback protection.

Parameters:

  • ca (CA): Certificate Authority type - CA.PROCESSOR or CA.PLATFORM

  • crl (bytes): DER-encoded CRL

Returns:

  • attestationId (bytes32): The attestation ID returned by the resolver

upsertRootCACrl

function upsertRootCACrl(bytes calldata rootcacrl) external returns (bytes32 attestationId)

Upserts (inserts or updates) the Root CA Certificate Revocation List onchain with signature verification and rollback protection.

Parameters:

  • rootcacrl (bytes): DER-encoded Root CA CRL

Returns:

  • attestationId (bytes32): The attestation ID returned by the resolver

Reverts

Error
Selector
Notes

Missing_Certificate(CA ca)

33247a8a

Certificate not found for the specified CA

Invalid_PCK_CA(CA ca)

9849e774

Invalid CA parameter for PCK CRL operations

Root_Key_Mismatch()

e1406f79

Root CA public key does not match expected Intel key

Certificate_Revoked(CA ca, uint256 serialNum)

291990cd

Certificate has been revoked

Certificate_Expired(CA ca)

5f066611

Certificate has expired

Crl_Expired(CA ca)

6d8932ad

CRL has expired

Invalid_Issuer_Name()

1e7ab599

Certificate/CRL issuer name does not match expected value

Invalid_Subject_Name()

92ec707e

Certificate subject name does not match expected value

Expired_Certificates()

e6612a12

Certificate/CRL timestamps are invalid

TCB_Mismatch()

4a629e24

TCB values do not match

Missing_Issuer()

cd69d374

Issuer certificate not found

Invalid_Signature()

e7ef341f

Signature verification failed

Certificate_Out_Of_Date()

9f4daa9e

Attempting to upsert older certificate/CRL

PreviousContract AddressesNextContract Addresses

Last updated

Was this helpful?