verifier:tdx: Refactor code to reference the verification issue

Refactor code to reference issue: intel/SGXDataCenterAttestationPrimitives#402 Fixes: confidential-containers#386 -- part II Signed-off-by: ChengyuZhu6 <[email protected]>
ChengyuZhu6 · May 21, 2024 · 42a2ae6 · 42a2ae6
1 parent 0005ddb
commit 42a2ae6
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/attestation-service/verifier/src/tdx/quote.rs b/attestation-service/verifier/src/tdx/quote.rs
@@ -402,8 +402,13 @@ pub async fn ecdsa_quote_verification(quote: &[u8]) -> Result<()> {
         p_data: &mut supp_data as *mut sgx_ql_qv_supplemental_t as *mut u8,
     };
 
-    // Call DCAP quote verify library to set QvE loading policy to multi-thread
-    // We only need to set the policy once; otherwise, it will return the error code 0xe00c (SGX_QL_UNSUPPORTED_LOADING_POLICY)
+    // TODO: There is an issue with the quote verification in qvl from DCAP
+    // which causes serial handling verification requests in AS.
+    // This affects the `tee_verify_quote` function.
+    // Tracking issue: https://github.com/intel/SGXDataCenterAttestationPrimitives/issues/402
+    // Workaround: 
+    //     Call DCAP quote verify library to set QvE loading policy to multi-thread
+    //     We only need to set the policy once; otherwise, it will return the error code 0xe00c (SGX_QL_UNSUPPORTED_LOADING_POLICY)
     static INIT: std::sync::Once = std::sync::Once::new();
     INIT.call_once(|| {
         match sgx_qv_set_enclave_load_policy(