@@ -625,20 +625,16 @@ pub trait ProvisioningClient {
625625 // also try with highest microcode version of both components. We found cases where
626626 // fetching the PCK Cert that exactly matched the TCB level, did not result in a PCK
627627 // Cert for that level
628- const EARLY_UCODE_IDX : usize = 0 ;
629- const LATE_UCODE_IDX : usize = 1 ;
630- // Unfortunately the TCB Info does not populate the component type (e.g., curl -v -X GET
631- // "https://api.trustedservices.intel.com/sgx/certification/v4/tcb?fmspc=00906ED50000&tcbEvaluationDataNumber=20"
632- // ). We pick a default as backup, and ensure errors fetching these PckCerts are
633- // ignored.
634- let eary_ucode_idx = tcb_data. tcb_component_index ( TcbComponent :: EarlyMicrocodeUpdate ) . unwrap_or ( EARLY_UCODE_IDX ) ;
635- let late_ucode_idx = tcb_data. tcb_component_index ( TcbComponent :: LateMicrocodeUpdate ) . unwrap_or ( LATE_UCODE_IDX ) ;
636- let early_ucode = cpu_svn[ eary_ucode_idx] ;
637- let late_ucode = cpu_svn[ late_ucode_idx] ;
638- if early_ucode < late_ucode {
639- let mut cpu_svn = cpu_svn. clone ( ) ;
640- cpu_svn[ eary_ucode_idx] = late_ucode;
641- let _ign_err = get_and_collect ( & mut pckcerts_map, & cpu_svn, pce_isvsvn) ;
628+ let early_ucode_idx = tcb_data. tcb_component_index ( TcbComponent :: EarlyMicrocodeUpdate ) ;
629+ let late_ucode_idx = tcb_data. tcb_component_index ( TcbComponent :: LateMicrocodeUpdate ) ;
630+ if let ( Some ( early_ucode_idx) , Some ( late_ucode_idx) ) = ( early_ucode_idx, late_ucode_idx) {
631+ let early_ucode = cpu_svn[ early_ucode_idx] ;
632+ let late_ucode = cpu_svn[ late_ucode_idx] ;
633+ if early_ucode < late_ucode {
634+ let mut cpu_svn = cpu_svn. clone ( ) ;
635+ cpu_svn[ early_ucode_idx] = late_ucode;
636+ let _ign_err = get_and_collect ( & mut pckcerts_map, & cpu_svn, pce_isvsvn) ;
637+ }
642638 }
643639 }
644640
0 commit comments