Skip to content

Appendix A: PCS Client Tool

The PCS Client Tool is a Python* script that contains a set of commands to allow users to download and save data from PCS. Given platform information as input, the tool retrieves quote generation and quote verification collateral from the PCS. This data can then be saved to cache files (in which case PCCS is not needed) or used by PCCS Admin Tool to save that data in PCCS.

The PCS Client Tool is particularly useful in scenarios when the PCCS has no connection to the Internet on its own. In such scenarios, the PCCS would typically have its cache filling mode set to OFFLINE and file-based data transfer mechanisms would be used to move the platform registration requests (as well as the resulting quote generation and quote verification collateral) into and out of the air-gapped perimeter. The PCS Client Tool aids in these scenarios, particularly when used together with the PCCS Admin Tool as the file formats of both tools are compatible.

Supported Operations

The following operations of the PCS Client Tool are relevant to PCCS flows:

fetch

Based on a list of platforms provided as an input, fetch quote generation collateral (i.e., PCK Certificates) as well as quote verification collateral data from PCS.

  1. Input: A JSON file containing a list of platforms. The PCCS Admin Tool is able to produce such a list with the get operation. Alternatively, the collect operation of the PCS Client tool can be used.
  2. Output: Quote generation and quote verification collaterals, which are aggregated and saved into a single JSON file. The data from this file can be imported into the PCCS. The PCCS Admin Tool is able to perform this operation with the put operation.

collect

Combine individual CSV files containing platform information, which are generated by the PCK ID Retrieval Tool, into a single JSON file. This file can be used as input of the fetch or cache operations.

  1. Input: One or multiple platform information files created by the PCK ID Retrieval Tool.
  2. Output: A JSON file containing a list of platforms.

Note

The collect operation is not often used in setups where PCCS is available, as the PCK ID Retrieval Tool is typically setup to import the platform registration data directly into the PCCS.

cache

Based on the platform registration data provided as an input, fetch quote generation collateral (i.e., PCK Certificates) from PCS. Then, generate one cache file per target platform containing the retrieved information. These files can be used at the target platforms directly, provided the QCNL is configured in a local-only (air-gap) mode of operation ("local_cache_only": true setting in QCNL config file).

  1. Input: A JSON file containing a list of platforms. The PCCS Admin Tool is able to produce such a list with the get operation. Alternatively, the collect operation of the PCS Client tool can be used.
  2. Output: One binary file per target platform containing the corresponding PCK Certificate.

Note

Since the cache operation bypasses PCCS entirely, this operation is typically used in air-gapped setups where PCCS is not present.

Download information

The PCS Client Tool can be found in the DCAP project on GitHub*. The tool's complete command-line syntax and latest usage information are available in the README located in the same directory.