fix: allows dcap empty measurements (#31)

Co-authored-by: fnerdman <[email protected]>
flashbots · Feb 3, 2025 · 24c49a8 · 24c49a8
1 parent e9f5909
commit 24c49a8
Showing 1 changed file with 11 additions and 7 deletions.
diff --git a/tdx/validator.go b/tdx/validator.go
@@ -98,17 +98,21 @@ func (v *Validator) Validate(ctx context.Context, attDocRaw []byte, nonce []byte
 				MrOwner:       hexToBytes("000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"),
 				MrOwnerConfig: hexToBytes("000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"),
 				ReportData:    extraData,
-				MrTd:          v.expected[0].Expected,
-				Rtmrs:         [][]byte{
-							v.expected[1].Expected,
-							v.expected[2].Expected,
-							v.expected[3].Expected,
-							v.expected[4].Expected,
-				},
 			},
 		},
 	}
 
+        // Only add measurement validation if we have valid measurements
+        if v.expected != nil {
+                config.Policy.TdQuoteBodyPolicy.MrTd = v.expected[0].Expected
+                config.Policy.TdQuoteBodyPolicy.Rtmrs = [][]byte{
+                        v.expected[1].Expected,
+                        v.expected[2].Expected,
+                        v.expected[3].Expected,
+                        v.expected[4].Expected,
+                }
+        }
+
 	// config.Policy.TdQuoteBodyPolicy.MinimumTeeTcbSvn="" // skipping MinimumTeeTcbSvn as this is part of tcbinfo
 	// considering skipping MRSEAM, the tdx module can only be provided by intel and there's already trust here. Also the TDX module svn is part of the tcbinfo check
 	// yet still we might want to add a check for it at some point