Automata TCB Eval DAO

Summary

The TcbEvalDao contract manages onchain storage and retrieval of Intel TCB Evaluation Data Numbers. This data provides a list of actively supported TCB evaluation data numbers for SGX and TDX platforms, which are used to determine the TCB recovery event dates and support both "early" and "standard" TCB evaluation policies. The contract provides methods to upsert and query TCB evaluation data with signature verification against Intel's TCB Signing Certificate.

Click here to learn more about Intel TCB Recovery Events.

Methods

getTcbEvaluationObject

function getTcbEvaluationObject(TcbId id) external view returns (TcbEvalJsonObj memory tcbEvalObj)

Queries the full TCB Evaluation Data JSON Object for the given TEE type.

Parameters:

  • id (TcbId): TCB ID - TcbId.SGX or TcbId.TDX

Returns:

  • tcbEvalObj (TcbEvalJsonObj): The full TCB Evaluation Data JSON Object with signature

getTcbEvaluationDataNumbers

function getTcbEvaluationDataNumbers(TcbId id) external view returns (uint256[] memory tcbEvalDataNumbers)

Queries the TCB Evaluation Data Numbers for the given TEE type.

Parameters:

  • id (TcbId): TCB ID - TcbId.SGX or TcbId.TDX

Returns:

  • tcbEvalDataNumbers (uint256[]): Array of actively supported TCB Evaluation Data Numbers

early

function early(TcbId id) external view returns (uint32 tcbEvaluationNumber)

Returns the "early" TCB Evaluation Data Number, which is the highest (most recent) evaluation number available.

Parameters:

  • id (TcbId): TCB ID - TcbId.SGX or TcbId.TDX

Returns:

  • tcbEvaluationNumber (uint32): The earliest (highest) TCB Evaluation Data Number

standard

function standard(TcbId id) external view returns (uint32 tcbEvaluationNumber)

Returns the "standard" TCB Evaluation Data Number, which is the highest evaluation number that is at least 12 months after the TCB recovery event.

Parameters:

  • id (TcbId): TCB ID - TcbId.SGX or TcbId.TDX

Returns:

  • tcbEvaluationNumber (uint32): The standard TCB Evaluation Data Number (highest number that is at least 12 months after recovery event)

upsertTcbEvaluationData

function upsertTcbEvaluationData(TcbEvalJsonObj calldata tcbEvalObj) external returns (bytes32 attestationId)

Upserts (inserts or updates) TCB Evaluation Data Numbers on-chain with signature verification and rollback protection.

Parameters:

  • tcbEvalObj (TcbEvalJsonObj): The TCB Evaluation Data JSON string and signature

Returns:

  • attestationId (bytes32): The attestation ID returned by the resolver

getTcbEvalIssuerChain

function getTcbEvalIssuerChain() external view returns (bytes memory signingCert, bytes memory rootCert)

Fetches the certificate chain used to sign TCB Evaluation Data.

Returns:

  • signingCert (bytes): DER encoded Intel TCB Signing Certificate

  • rootCert (bytes): DER encoded Intel SGX Root CA

Reverts

Error
Selector
Notes

Missing_TCB_Eval_Cert()

c9220efa

Intel TCB Signing Certificate not found

TCB_Eval_Cert_Expired()

925ca6d8

Intel TCB Signing Certificate has expired

TCB_Eval_Cert_Revoked(uint256 serialNum)

49c53e1e

Intel TCB Signing Certificate has been revoked

Invalid_TCB_Eval_Cert_Signature()

eca8017e

TCB Evaluation Data signature verification failed

TCB_Eval_Expired()

c750d267

TCB Evaluation Data has expired

TCB_Eval_Out_Of_Date()

9ddee474

Attempting to upsert older TCB Evaluation Data

TCB_Eval_Missing(TcbId id)

fe17888f

No TCB Evaluation Data found for the specified TEE type

PreviousTCB Evaluation Data Number 20NextContract Addresses

Last updated

Was this helpful?