search

Automata TCB Eval DAO

Used exclusively for DCAP v1.1+

hashtag
Summary

The TcbEvalDao contract manages onchain storage and retrieval of Intel TCB Evaluation Data Numbers. This data provides a list of actively supported TCB evaluation data numbers for SGX and TDX platforms, which are used to determine the TCB recovery event dates and support both "early" and "standard" TCB evaluation policies. The contract provides methods to upsert and query TCB evaluation data with signature verification against Intel's TCB Signing Certificate.

Click herearrow-up-right to learn more about Intel TCB Recovery Events.

hashtag
Methods

hashtag
getTcbEvaluationObject

function getTcbEvaluationObject(TcbId id) external view returns (TcbEvalJsonObj memory tcbEvalObj)

Queries the full TCB Evaluation Data JSON Object for the given TEE type.

Parameters:

  • id (TcbId): TCB ID - TcbId.SGX or TcbId.TDX

Returns:

  • tcbEvalObj (TcbEvalJsonObj): The full TCB Evaluation Data JSON Object with signature

hashtag
getTcbEvaluationDataNumbers

function getTcbEvaluationDataNumbers(TcbId id) external view returns (uint256[] memory tcbEvalDataNumbers)

Queries the TCB Evaluation Data Numbers for the given TEE type.

Parameters:

  • id (TcbId): TCB ID - TcbId.SGX or TcbId.TDX

Returns:

  • tcbEvalDataNumbers (uint256[]): Array of actively supported TCB Evaluation Data Numbers

hashtag
early

Returns the "early" TCB Evaluation Data Number, which is the highest (most recent) evaluation number available.

Parameters:

  • id (TcbId): TCB ID - TcbId.SGX or TcbId.TDX

Returns:

  • tcbEvaluationNumber (uint32): The earliest (highest) TCB Evaluation Data Number

hashtag
standard

Returns the "standard" TCB Evaluation Data Number, which is the highest evaluation number that is at least 12 months after the TCB recovery event.

Parameters:

  • id (TcbId): TCB ID - TcbId.SGX or TcbId.TDX

Returns:

  • tcbEvaluationNumber (uint32): The standard TCB Evaluation Data Number (highest number that is at least 12 months after recovery event)

hashtag
upsertTcbEvaluationData

Upserts (inserts or updates) TCB Evaluation Data Numbers on-chain with signature verification and rollback protection.

Parameters:

  • tcbEvalObj (TcbEvalJsonObj): The TCB Evaluation Data JSON string and signature

Returns:

  • attestationId (bytes32): The attestation ID returned by the resolver

hashtag
getTcbEvalIssuerChain

Fetches the certificate chain used to sign TCB Evaluation Data.

Returns:

  • signingCert (bytes): DER encoded Intel TCB Signing Certificate

  • rootCert (bytes): DER encoded Intel SGX Root CA

hashtag
Reverts

Error
Selector
Notes

Missing_TCB_Eval_Cert()

c9220efa

Intel TCB Signing Certificate not found

TCB_Eval_Cert_Expired()

925ca6d8

Intel TCB Signing Certificate has expired

TCB_Eval_Cert_Revoked(uint256 serialNum)

49c53e1e

Intel TCB Signing Certificate has been revoked

Invalid_TCB_Eval_Cert_Signature()

eca8017e

TCB Evaluation Data signature verification failed

TCB_Eval_Expired()

c750d267

TCB Evaluation Data has expired

TCB_Eval_Out_Of_Date()

9ddee474

Attempting to upsert older TCB Evaluation Data

TCB_Eval_Missing(TcbId id)

fe17888f

No TCB Evaluation Data found for the specified TEE type

PreviousTCB Evaluation Data Number 20NextContract Addresses

Last updated