ERROR: Quote Verification failed: 0xe002

[phelanmi]

Hi,
I have a python function which creates a pointer to the raw bytes of a TDX quote like so:
cdef unsigned char* quote_ptr = tdx_quote.

This pointer is then passed to a C function which expects the quote pointer as a CK_BYTE_PTR object.

This function then performs some other operations like getting the supplemental data size before calling the tdx_qv_verify_quote function:
tdx_qv_verify_quote((uint8_t *)quote_ptr, (uint32_t)quote_size, /*p_quote_collateral=*/NULL, c_time, &collateral_expiration_status, &verification_result, /*p_qve_report_info=*/NULL, supp_data_size, supp_data);
Which results in 'ERROR: Quote Verification failed: 0xe002'. I checked the documentation and this error is SGX_QL_ERROR_INVALID_PARAMETER and indicates the quote should not be null.

I stepped back through the code to check the pointer value and found when it is initialized in the python function the value is '48 130 4 240 48 130 4 150 160 3 2 1 2 2 20 2 123 141 24 240 48' but when I check again in my C function the value is '48' so I guess I am initializing or passing the pointer incorrectly.

I have similar functions for handling of an SGX quote where the pointer is created the same way as TDX:
cdef unsigned char* quote_ptr = sgx_quote and passed as a CK_BYTE_PTR to function which calls sgx_qv_verify_quote.
sgx_qv_verify_quote((uint8_t *)quote_ptr, (uint32_t)quote_size, /*p_quote_collateral=*/NULL, c_time, &collateral_expiration_status, &verification_result, /*p_qve_report_info=*/NULL, supp_data_size, supp_data);
When I checked the value of the SGX pointer I found it was '3' on initilization and '3' again after being passed to my C function. I also do not see 'ERROR: Quote Verification failed: 0xe002' when calling sgx_qv_verify_quote.

Do TDX quotes need to be handled/stored differently compared to SGX quotes?
Thank you!

[vkarpenk]

@lingyuj do you have any advice on how to debug this error? ERROR: Quote Verification failed: 0xe002

[phelanmi]

After looking into this further, I found that the pointer actually is being passed correctly between functions but I still see the 0xe002 error.
I am now thinking that the problem is within the tdx_qv_verify_quote function, but I am not sure how to debug it. Do you know what might cause this issue if the quote and quote size are correct or how I might debug this issue?
I am running these functions on an SBX platform testing with a quote generated on that platform, I'm not sure if that has any effect on quote verification?

[lingyuj]

After looking into this further, I found that the pointer actually is being passed correctly between functions but I still see the 0xe002 error. I am now thinking that the problem is within the tdx_qv_verify_quote function, but I am not sure how to debug it. Do you know what might cause this issue if the quote and quote size are correct or how I might debug this issue? I am running these functions on an SBX platform testing with a quote generated on that platform, I'm not sure if that has any effect on quote verification?

You may need to build the QvL library with pre-production root signing key to pass the verification. You can find the certificate here: https://sbx-certificates.trustedservices.intel.com/Intel_SGX_Provisioning_Certification_RootCA.pem

[phelanmi]

You may need to build the QvL library with pre-production root signing key to pass the verification. You can find the certificate here: https://sbx-certificates.trustedservices.intel.com/Intel_SGX_Provisioning_Certification_RootCA.pem

The QvL library has been built with SBX signing key and the sample App has been able to generate and verify quotes with no issues but I still see the same error when running my scripts.