Test endorsed TCB (#7668)

Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: achamayou <4016369+achamayou@users.noreply.github.com>

Author: achamayou

CMakeLists.txt

@@ -1050,6 +1050,7 @@ if(BUILD_TESTS)
     NAME programmability_and_jwt
     CONSTITUTION ${RBAC_CONSTITUTION_ARGS}
     PYTHON_SCRIPT ${CMAKE_SOURCE_DIR}/tests/programmability.py
+    LABEL snp
   )
 
   # This test uses large requests (so too slow for SAN)

tests/npm_tests.py

@@ -987,6 +987,33 @@ def corrupt_value(value: str):
             for key, value in r.body.json().items():
                 LOG.info(f"{key} : {value}")
 
+            # Test with endorsed_tcb derived from the reported_tcb of the
+            # first call, which also captures the architecture (Milan/Genoa/Turin)
+            endorsed_tcb = report_json["reported_tcb"]
+            LOG.info(f"Testing with endorsed_tcb: {endorsed_tcb}")
+            r = c.post(
+                "/app/verifySnpAttestation",
+                {
+                    "evidence": primary_quote_info["raw"],
+                    "endorsements": primary_quote_info["endorsements"],
+                    "uvm_endorsements": primary_quote_info["uvm_endorsements"],
+                    "endorsed_tcb": endorsed_tcb,
+                },
+            )
+            assert r.status_code == http.HTTPStatus.OK, r.status_code
+
+            # Test with endorsed_tcb of correct size but all zeroes, should be rejected
+            r = c.post(
+                "/app/verifySnpAttestation",
+                {
+                    "evidence": primary_quote_info["raw"],
+                    "endorsements": primary_quote_info["endorsements"],
+                    "uvm_endorsements": primary_quote_info["uvm_endorsements"],
+                    "endorsed_tcb": "0" * len(endorsed_tcb),
+                },
+            )
+            assert r.status_code == http.HTTPStatus.BAD_REQUEST, r.status_code
+
         validate_openapi(c)
         generate_and_verify_jwk(c)