TEE OverviewTEE VerifiersIntel SGX/TDX DCAPAutomata Onchain PCCS

Automata TCB Eval DAO

Used exclusively for DCAP v1.1+

Summary

The TcbEvalDao contract manages onchain storage and retrieval of Intel TCB Evaluation Data Numbers. This data provides a list of actively supported TCB evaluation data numbers for SGX and TDX platforms, which are used to determine the TCB recovery event dates and support both "early" and "standard" TCB evaluation policies. The contract provides methods to upsert and query TCB evaluation data with signature verification against Intel's TCB Signing Certificate.

Click here to learn more about Intel TCB Recovery Events.

Methods

getTcbEvaluationObject

function getTcbEvaluationObject(TcbId id) external view returns (TcbEvalJsonObj memory tcbEvalObj)

Queries the full TCB Evaluation Data JSON Object for the given TEE type.

Parameters:

  • id (TcbId): TCB ID - TcbId.SGX or TcbId.TDX

Returns:

  • tcbEvalObj (TcbEvalJsonObj): The full TCB Evaluation Data JSON Object with signature

getTcbEvaluationDataNumbers

function getTcbEvaluationDataNumbers(TcbId id) external view returns (uint256[] memory tcbEvalDataNumbers)

Queries the TCB Evaluation Data Numbers for the given TEE type.

Parameters:

  • id (TcbId): TCB ID - TcbId.SGX or TcbId.TDX

Returns:

  • tcbEvalDataNumbers (uint256[]): Array of actively supported TCB Evaluation Data Numbers

early

function early(TcbId id) external view returns (uint32 tcbEvaluationNumber)

Returns the "early" TCB Evaluation Data Number, which is the highest (most recent) evaluation number available.

Parameters:

  • id (TcbId): TCB ID - TcbId.SGX or TcbId.TDX

Returns:

  • tcbEvaluationNumber (uint32): The earliest (highest) TCB Evaluation Data Number

standard

function standard(TcbId id) external view returns (uint32 tcbEvaluationNumber)

Returns the "standard" TCB Evaluation Data Number, which is the highest evaluation number that is at least 12 months after the TCB recovery event.

Parameters:

  • id (TcbId): TCB ID - TcbId.SGX or TcbId.TDX

Returns:

  • tcbEvaluationNumber (uint32): The standard TCB Evaluation Data Number (highest number that is at least 12 months after recovery event)

upsertTcbEvaluationData

function upsertTcbEvaluationData(TcbEvalJsonObj calldata tcbEvalObj) external returns (bytes32 attestationId)

Upserts (inserts or updates) TCB Evaluation Data Numbers on-chain with signature verification and rollback protection.

Parameters:

  • tcbEvalObj (TcbEvalJsonObj): The TCB Evaluation Data JSON string and signature

Returns:

  • attestationId (bytes32): The attestation ID returned by the resolver

getTcbEvalIssuerChain

function getTcbEvalIssuerChain() external view returns (bytes memory signingCert, bytes memory rootCert)

Fetches the certificate chain used to sign TCB Evaluation Data.

Returns:

  • signingCert (bytes): DER encoded Intel TCB Signing Certificate
  • rootCert (bytes): DER encoded Intel SGX Root CA

Reverts

ErrorSelectorNotes
Missing_TCB_Eval_Cert()c9220efaIntel TCB Signing Certificate not found
TCB_Eval_Cert_Expired()925ca6d8Intel TCB Signing Certificate has expired
TCB_Eval_Cert_Revoked(uint256 serialNum)49c53e1eIntel TCB Signing Certificate has been revoked
Invalid_TCB_Eval_Cert_Signature()eca8017eTCB Evaluation Data signature verification failed
TCB_Eval_Expired()c750d267TCB Evaluation Data has expired
TCB_Eval_Out_Of_Date()9ddee474Attempting to upsert older TCB Evaluation Data
TCB_Eval_Missing(TcbId id)fe17888fNo TCB Evaluation Data found for the specified TEE type

TCB Evaluation Data Number 20

Previous Page

Contract Addresses

Next Page

On this page

SummaryMethodsgetTcbEvaluationObjectgetTcbEvaluationDataNumbersearlystandardupsertTcbEvaluationDatagetTcbEvalIssuerChainReverts