diff --git a/.gitignore b/.gitignore index c5927e4..0d87412 100644 --- a/.gitignore +++ b/.gitignore @@ -1,13 +1,17 @@ -/dcap_1.22_reproducible.tar.gz -/dcap-qvl-1.21.tar.gz -/dcap-qvs-1.1.0-2885.tar.gz -/intel-sgx-ssl-3.0_Rev4.tar.gz -/ippcp_2021.12.1.tar.gz -/jwt-cpp-0.6.0.tar.gz -/libcbor-0.10.2.tar.gz -/linux-sgx-2.25-reproducible.tar.gz -/openssl-3.0.14.tar.gz -/prebuilt_dcap_1.22-repacked.tar.gz -/sgx-emm-1.0.3.tar.gz -/tinyxml2-10.0.0.tar.gz -/wasm-micro-runtime-1.3.3.tar.gz +/dcap-qvl-*.tar.gz +/dcap-qvs-*.tar.gz +/intel-sgx-ssl-*.tar.gz +/ippcp_*.tar.gz +/jwt-cpp-*.tar.gz +/libcbor-*.tar.gz +/linux-sgx-*.tar.gz +/openssl-*.tar.gz +/prebuilt_dcap_*.tar.gz +/sgx-emm-*.tar.gz +/tinyxml2-*.tar.gz +/wasm-micro-runtime-*.tar.gz +/DCAP_*.tar.gz +*~ +/dcap-*-pccs-node-modules.tar.xz +/node-ffi-rs-*-vendor.tar.gz +/node-ffi-rs-*.tar.gz diff --git a/0000-Add-support-for-building-against-host-openssl-crypto.patch b/0000-Add-support-for-building-against-host-openssl-crypto.patch index 1fdfb06..381ce62 100644 --- a/0000-Add-support-for-building-against-host-openssl-crypto.patch +++ b/0000-Add-support-for-building-against-host-openssl-crypto.patch @@ -1,7 +1,7 @@ -From 035a09af5fa31cdc7ab683c8188168623848f033 Mon Sep 17 00:00:00 2001 +From d4f132e1363779aef2c4209789ca364e27f45bb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 13 Feb 2025 14:12:38 +0000 -Subject: [PATCH 00/16] Add support for building against host openssl crypto +Subject: [PATCH 00/15] Add support for building against host openssl crypto lib MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -85,7 +85,7 @@ index a3843bdf..2c9c87b3 100644 ${CMAKE_SOURCE_DIR}/../../../../external/rdrand/src/librdrand.a ) diff --git a/psw/urts/linux/Makefile b/psw/urts/linux/Makefile -index 41797648..4097444c 100644 +index 7e0b6a08..3d08ee5c 100644 --- a/psw/urts/linux/Makefile +++ b/psw/urts/linux/Makefile @@ -43,8 +43,6 @@ CFLAGS += -fPIC -Werror -g @@ -116,7 +116,7 @@ index 41797648..4097444c 100644 INTERNAL_LDFLAGS += -Wl,--version-script=urts_internal.lds -Wl,--gc-sections diff --git a/sdk/sign_tool/SignTool/Makefile b/sdk/sign_tool/SignTool/Makefile -index 3d593972..1eb8d460 100644 +index 1ed9f286..ed177c86 100644 --- a/sdk/sign_tool/SignTool/Makefile +++ b/sdk/sign_tool/SignTool/Makefile @@ -42,9 +42,6 @@ CFLAGS += $(FLAGS) @@ -138,7 +138,7 @@ index 3d593972..1eb8d460 100644 DIR1 := $(LINUX_EXTERNAL_DIR)/tinyxml2/ DIR2 := $(COMMON_DIR)/src/ -@@ -89,7 +86,7 @@ all: sgx_sign | $(BUILD_DIR) +@@ -90,7 +87,7 @@ all: sgx_sign | $(BUILD_DIR) $(BUILD_DIR): @$(MKDIR) $@ @@ -180,7 +180,7 @@ index c66beed2..45ddb576 100644 vpath %.cpp $(LINUX_PSW_DIR)/ae/common \ $(LINUX_SDK_DIR)/simulation/urtssim \ diff --git a/sdk/simulation/urtssim/linux/Makefile b/sdk/simulation/urtssim/linux/Makefile -index dde577ca..505ce8d9 100644 +index e756d468..ea8ca78c 100644 --- a/sdk/simulation/urtssim/linux/Makefile +++ b/sdk/simulation/urtssim/linux/Makefile @@ -42,9 +42,6 @@ endif @@ -202,7 +202,7 @@ index dde577ca..505ce8d9 100644 CPPFLAGS += -I$(COMMON_DIR)/inc/internal \ -I$(LINUX_PSW_DIR)/urts/linux \ -@@ -127,7 +124,7 @@ LDFLAGS += $(COMMON_LDFLAGS) -Wl,--version-script=$(LINUX_PSW_DIR)/urts/linux/ur +@@ -128,7 +125,7 @@ LDFLAGS += $(COMMON_LDFLAGS) -Wl,--version-script=$(LINUX_PSW_DIR)/urts/linux/ur LIBURTSSIM_SHARED := libsgx_urts_sim.so LIBURTS_DEPLOY := libsgx_urts_deploy.so @@ -212,5 +212,5 @@ index dde577ca..505ce8d9 100644 .PHONY: all -- -2.48.1 +2.49.0 diff --git a/0001-Add-support-for-building-against-host-tinyxml2-lib.patch b/0001-Add-support-for-building-against-host-tinyxml2-lib.patch index f905bc0..3bc516f 100644 --- a/0001-Add-support-for-building-against-host-tinyxml2-lib.patch +++ b/0001-Add-support-for-building-against-host-tinyxml2-lib.patch @@ -1,7 +1,7 @@ -From a1ebbd0efeb66f23a02e63946d6f2c8ec9c00c00 Mon Sep 17 00:00:00 2001 +From e372a1a009f1de14ea5ee01ec022633d88f6d234 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 13 Feb 2025 14:01:10 +0000 -Subject: [PATCH 01/16] Add support for building against host tinyxml2 lib +Subject: [PATCH 01/15] Add support for building against host tinyxml2 lib MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -44,7 +44,7 @@ index acae2106..6dac4028 100644 +TINYXML2_DIR = $(LINUX_EXTERNAL_DIR)/tinyxml2/ +endif diff --git a/sdk/sign_tool/SignTool/Makefile b/sdk/sign_tool/SignTool/Makefile -index 1eb8d460..219fb5ad 100644 +index ed177c86..1dcb6f51 100644 --- a/sdk/sign_tool/SignTool/Makefile +++ b/sdk/sign_tool/SignTool/Makefile @@ -49,11 +49,11 @@ INC += -I$(COMMON_DIR)/inc \ @@ -69,8 +69,8 @@ index 1eb8d460..219fb5ad 100644 +OBJ3 := $(TINYXML2_OBJ) OBJ4 := loader.o \ - se_detect.o -@@ -86,7 +86,7 @@ all: sgx_sign | $(BUILD_DIR) + se_detect.o \ +@@ -87,7 +87,7 @@ all: sgx_sign | $(BUILD_DIR) $(BUILD_DIR): @$(MKDIR) $@ @@ -80,5 +80,5 @@ index 1eb8d460..219fb5ad 100644 sgx_sign: $(OBJS) enclaveparser -- -2.48.1 +2.49.0 diff --git a/0002-Add-support-for-building-against-host-CppMicroServic.patch b/0002-Add-support-for-building-against-host-CppMicroServic.patch index d59d742..b7eff37 100644 --- a/0002-Add-support-for-building-against-host-CppMicroServic.patch +++ b/0002-Add-support-for-building-against-host-CppMicroServic.patch @@ -1,7 +1,7 @@ -From 90ec590f9b17b878cfe2e338d55362349d5ad67e Mon Sep 17 00:00:00 2001 +From 02f4535633d317894629f30daf0583fddcdf3f1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 13 Feb 2025 14:01:10 +0000 -Subject: [PATCH 02/16] Add support for building against host CppMicroServices +Subject: [PATCH 02/15] Add support for building against host CppMicroServices lib MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -125,7 +125,7 @@ index bac84292..89a15875 100644 ifeq ($(RDRAND_MAKEFILE), $(wildcard $(RDRAND_MAKEFILE))) @$(MAKE) distclean -C $(RDRAND_LIBDIR) diff --git a/psw/ae/aesm_service/source/CMakeLists.txt b/psw/ae/aesm_service/source/CMakeLists.txt -index 98c724a7..3edd77c7 100644 +index da3e0b77..89b3e3ae 100644 --- a/psw/ae/aesm_service/source/CMakeLists.txt +++ b/psw/ae/aesm_service/source/CMakeLists.txt @@ -46,7 +46,7 @@ else() @@ -138,5 +138,5 @@ index 98c724a7..3edd77c7 100644 cmake_minimum_required(VERSION ${US_CMAKE_MINIMUM_REQUIRED_VERSION}) cmake_policy(VERSION ${US_CMAKE_MINIMUM_REQUIRED_VERSION}) -- -2.48.1 +2.49.0 diff --git a/0003-Improve-make-debuggability.patch b/0003-Improve-make-debuggability.patch index 6680373..13afe6d 100644 --- a/0003-Improve-make-debuggability.patch +++ b/0003-Improve-make-debuggability.patch @@ -1,7 +1,7 @@ -From 50ba5d706d65359514e973175c34f36b6887a1e8 Mon Sep 17 00:00:00 2001 +From e607f7279049d2db090a2bef9c7943cdb55d9de6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 1 Mar 2024 12:53:26 +0000 -Subject: [PATCH 03/16] Improve make debuggability +Subject: [PATCH 03/15] Improve make debuggability MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -17,10 +17,10 @@ Signed-off-by: Daniel P. Berrangé 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/sdk/Makefile.source b/sdk/Makefile.source -index 4bbfd4f3..d3e40036 100644 +index e98776df..dfbca6d4 100644 --- a/sdk/Makefile.source +++ b/sdk/Makefile.source -@@ -78,7 +78,7 @@ tstdc: $(LIBTLIBC) +@@ -77,7 +77,7 @@ tstdc: $(LIBTLIBC) ifndef SERVTD_ATTEST $(LIBTLIBC): tlibthread compiler-rt tsafecrt tsetjmp tmm_rsrv @@ -29,7 +29,7 @@ index 4bbfd4f3..d3e40036 100644 @$(MKDIR) $(BUILD_DIR)/.compiler-rt $(BUILD_DIR)/.tlibthread $(BUILD_DIR)/.tsafecrt $(BUILD_DIR)/.tsetjmp $(BUILD_DIR)/.tmm_rsrv @$(RM) -f $(BUILD_DIR)/.compiler-rt/* && cd $(BUILD_DIR)/.compiler-rt && $(AR) x $(LINUX_SDK_DIR)/compiler-rt/libcompiler-rt.a @$(RM) -f $(BUILD_DIR)/.tlibthread/* && cd $(BUILD_DIR)/.tlibthread && $(AR) x $(LINUX_SDK_DIR)/tlibthread/libtlibthread.a -@@ -96,7 +96,7 @@ $(LIBTLIBC): tlibthread compiler-rt tsafecrt tsetjmp tmm_rsrv +@@ -95,7 +95,7 @@ $(LIBTLIBC): tlibthread compiler-rt tsafecrt tsetjmp tmm_rsrv @$(RM) -rf $(BUILD_DIR)/.tsetjmp $(BUILD_DIR)/.tmm_rsrv else $(LIBTLIBC): tlibthread tsafecrt tsetjmp tmm_rsrv @@ -38,7 +38,7 @@ index 4bbfd4f3..d3e40036 100644 @$(MKDIR) $(BUILD_DIR)/.tlibthread $(BUILD_DIR)/.tsafecrt $(BUILD_DIR)/.tsetjmp $(BUILD_DIR)/.tmm_rsrv @$(RM) -f $(BUILD_DIR)/.tlibthread/* && cd $(BUILD_DIR)/.tlibthread && $(AR) x $(LINUX_SDK_DIR)/tlibthread/libtlibthread.a @$(RM) -f $(BUILD_DIR)/.tsafecrt/* && cd $(BUILD_DIR)/.tsafecrt && $(AR) x $(LINUX_SDK_DIR)/tsafecrt/libsgx_tsafecrt.a -@@ -119,7 +119,7 @@ tsafecrt: +@@ -118,7 +118,7 @@ tsafecrt: .PHONY: compiler-rt compiler-rt: @@ -47,7 +47,7 @@ index 4bbfd4f3..d3e40036 100644 .PHONY: tsetjmp tsetjmp: -@@ -163,7 +163,7 @@ cpprt: +@@ -162,7 +162,7 @@ cpprt: .PHONY: tlibcxx tlibcxx: $(BUILD_DIR) @@ -70,5 +70,5 @@ index d1ac38a1..5fb90c21 100644 .PHONY: clean -- -2.48.1 +2.49.0 diff --git a/0004-Support-disabling-use-of-git-for-ippcp-code.patch b/0004-Support-disabling-use-of-git-for-ippcp-code.patch index 5ccd586..63b8cc1 100644 --- a/0004-Support-disabling-use-of-git-for-ippcp-code.patch +++ b/0004-Support-disabling-use-of-git-for-ippcp-code.patch @@ -1,7 +1,7 @@ -From e9150e028f1d0f567bab4d2c7d5e5fc02cadce06 Mon Sep 17 00:00:00 2001 +From 8d858334aeade0a0063456fa03cdbc3f6a55d51f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 13 Feb 2025 14:37:24 +0000 -Subject: [PATCH 04/16] Support disabling use of git for ippcp code +Subject: [PATCH 04/15] Support disabling use of git for ippcp code MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -16,7 +16,7 @@ Signed-off-by: Daniel P. Berrangé 1 file changed, 4 insertions(+) diff --git a/external/ippcp_internal/Makefile b/external/ippcp_internal/Makefile -index b4108cb8..70718f5e 100644 +index a57c22a9..d78ba90e 100644 --- a/external/ippcp_internal/Makefile +++ b/external/ippcp_internal/Makefile @@ -33,6 +33,8 @@ include ../../buildenv.mk @@ -37,7 +37,7 @@ index b4108cb8..70718f5e 100644 git submodule update -f --init --recursive --remote -- $(IPP_SOURCE) else @@ -92,6 +95,7 @@ else - git clone -b ipp-ipp-crypto_2021_12_1 https://github.com/intel/ipp-crypto.git --depth 1 $(IPP_SOURCE) + git clone -b ipp-crypto_2021_12_1 https://github.com/intel/ipp-crypto.git --depth 1 $(IPP_SOURCE) endif cd $(IPP_SOURCE) && git apply ../0001-IPP-crypto-for-SGX.patch +endif @@ -45,5 +45,5 @@ index b4108cb8..70718f5e 100644 .PHONY: clean -- -2.48.1 +2.49.0 diff --git a/0005-disable-openmp-protobuf-mbedtls-sample_crypto-builds.patch b/0005-disable-openmp-protobuf-sample_crypto-builds.patch similarity index 89% rename from 0005-disable-openmp-protobuf-mbedtls-sample_crypto-builds.patch rename to 0005-disable-openmp-protobuf-sample_crypto-builds.patch index 214668f..94b2deb 100644 --- a/0005-disable-openmp-protobuf-mbedtls-sample_crypto-builds.patch +++ b/0005-disable-openmp-protobuf-sample_crypto-builds.patch @@ -1,8 +1,7 @@ -From bdeff24e929360b5ecfa5b0fe36513607b98daf3 Mon Sep 17 00:00:00 2001 +From e10242ea154af19d527377c9ff885fa0c7e7ce41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 18 Jun 2024 15:57:22 +0100 -Subject: [PATCH 05/16] disable openmp, protobuf, mbedtls & sample_crypto - builds +Subject: [PATCH 05/15] disable openmp, protobuf & sample_crypto builds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -12,15 +11,15 @@ important, so skip them to reduce amount of bundled package code. Signed-off-by: Daniel P. Berrangé --- - linux/installer/common/sdk/BOMs/sdk_base.txt | 335 ------------------ - .../common/sdk/BOMs/sdk_cve_2020_0551_cf.txt | 3 - - .../sdk/BOMs/sdk_cve_2020_0551_load.txt | 3 - - linux/installer/common/sdk/BOMs/sdk_x64.txt | 4 - - sdk/Makefile.source | 30 +- - 5 files changed, 1 insertion(+), 374 deletions(-) + linux/installer/common/sdk/BOMs/sdk_base.txt | 298 ------------------ + .../common/sdk/BOMs/sdk_cve_2020_0551_cf.txt | 2 - + .../sdk/BOMs/sdk_cve_2020_0551_load.txt | 2 - + linux/installer/common/sdk/BOMs/sdk_x64.txt | 3 - + sdk/Makefile.source | 24 +- + 5 files changed, 1 insertion(+), 328 deletions(-) diff --git a/linux/installer/common/sdk/BOMs/sdk_base.txt b/linux/installer/common/sdk/BOMs/sdk_base.txt -index 032479d8..ed585066 100644 +index d26ee825..ed585066 100644 --- a/linux/installer/common/sdk/BOMs/sdk_base.txt +++ b/linux/installer/common/sdk/BOMs/sdk_base.txt @@ -1,5 +1,4 @@ @@ -29,7 +28,7 @@ index 032479d8..ed585066 100644 /common/inc/sgx_attributes.h /package/include/sgx_attributes.h 0 main STP /common/inc/sgx_capable.h /package/include/sgx_capable.h 0 main STP /common/inc/sgx_cpuid.h /package/include/sgx_cpuid.h 0 main STP -@@ -391,26 +390,6 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner +@@ -391,16 +390,6 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner /SampleCode/SealUnseal/Enclave_Unseal/Enclave_Unseal.cpp /package/SampleCode/SealUnseal/Enclave_Unseal/Enclave_Unseal.cpp 0 N/A N/A /SampleCode/SealUnseal/Enclave_Unseal/Enclave_Unseal.edl /package/SampleCode/SealUnseal/Enclave_Unseal/Enclave_Unseal.edl 0 N/A N/A /SampleCode/SealUnseal/Enclave_Unseal/Enclave_Unseal.lds /package/SampleCode/SealUnseal/Enclave_Unseal/Enclave_Unseal.lds 0 N/A N/A @@ -43,20 +42,10 @@ index 032479d8..ed585066 100644 -/SampleCode/ProtobufSGXDemo/Enclave/Enclave.lds /package/SampleCode/ProtobufSGXDemo/Enclave/Enclave.lds 0 N/A N/A -/SampleCode/ProtobufSGXDemo/Enclave/person.proto /package/SampleCode/ProtobufSGXDemo/Enclave/person.proto 0 N/A N/A -/SampleCode/ProtobufSGXDemo/Makefile /package/SampleCode/ProtobufSGXDemo/Makefile 0 N/A N/A --/SampleCode/SampleMbedCrypto/App/App.cpp /package/SampleCode/SampleMbedCrypto/App/App.cpp 0 N/A N/A --/SampleCode/SampleMbedCrypto/App/App.h /package/SampleCode/SampleMbedCrypto/App/App.h 0 N/A N/A --/SampleCode/SampleMbedCrypto/Makefile /package/SampleCode/SampleMbedCrypto/Makefile 0 N/A N/A --/SampleCode/SampleMbedCrypto/Enclave/Enclave.cpp /package/SampleCode/SampleMbedCrypto/Enclave/Enclave.cpp 0 N/A N/A --/SampleCode/SampleMbedCrypto/Enclave/Enclave.lds /package/SampleCode/SampleMbedCrypto/Enclave/Enclave.lds 0 N/A N/A --/SampleCode/SampleMbedCrypto/Enclave/Enclave_debug.lds /package/SampleCode/SampleMbedCrypto/Enclave/Enclave_debug.lds 0 N/A N/A --/SampleCode/SampleMbedCrypto/Enclave/Enclave.h /package/SampleCode/SampleMbedCrypto/Enclave/Enclave.h 0 N/A N/A --/SampleCode/SampleMbedCrypto/Enclave/Enclave.edl /package/SampleCode/SampleMbedCrypto/Enclave/Enclave.edl 0 N/A N/A --/SampleCode/SampleMbedCrypto/Enclave/Enclave.config.xml /package/SampleCode/SampleMbedCrypto/Enclave/Enclave.config.xml 0 N/A N/A --/SampleCode/SampleMbedCrypto/README.txt /package/SampleCode/SampleMbedCrypto/README.txt 0 N/A N/A /SampleCode/SampleAEXNotify/Enclave/Enclave.config.xml /package/SampleCode/SampleAEXNotify/Enclave/Enclave.config.xml 0 N/A N/A /SampleCode/SampleAEXNotify/Enclave/Enclave.cpp /package/SampleCode/SampleAEXNotify/Enclave/Enclave.cpp 0 N/A N/A /SampleCode/SampleAEXNotify/Enclave/Enclave.edl /package/SampleCode/SampleAEXNotify/Enclave/Enclave.edl 0 N/A N/A -@@ -422,7 +401,6 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner +@@ -412,7 +401,6 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner /SampleCode/SampleAEXNotify/Makefile /package/SampleCode/SampleAEXNotify/Makefile 0 N/A N/A /SampleCode/SampleAEXNotify/README.txt /package/SampleCode/SampleAEXNotify/README.txt 0 N/A N/A /build/linux/gdb-sgx-plugin/sgx-gdb /package/bin/sgx-gdb 0 main STP @@ -64,7 +53,7 @@ index 032479d8..ed585066 100644 /sdk/tlibcxx/include/CMakeLists.txt /package/include/libcxx/CMakeLists.txt 0 main STP /sdk/tlibcxx/include/__availability /package/include/libcxx/__availability 0 main STP /sdk/tlibcxx/include/__bit_reference /package/include/libcxx/__bit_reference 0 main STP -@@ -607,317 +585,4 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner +@@ -597,290 +585,4 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner /sdk/tlibcxx/include/variant /package/include/libcxx/variant 0 main STP /sdk/tlibcxx/include/vector /package/include/libcxx/vector 0 main STP /sdk/tlibcxx/include/version /package/include/libcxx/version 0 main STP @@ -354,39 +343,12 @@ index 032479d8..ed585066 100644 -/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/types/span.h /package/include/tprotobuf/absl/types/span.h 0 main STP -/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/types/variant.h /package/include/tprotobuf/absl/types/variant.h 0 main STP -/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/utility/utility.h /package/include/tprotobuf/absl/utility/utility.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/aes.h /package/include/mbedtls/aes.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/bignum.h /package/include/mbedtls/bignum.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/build_info.h /package/include/mbedtls/build_info.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/check_config.h /package/include/mbedtls/check_config.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/cipher.h /package/include/mbedtls/cipher.h 0 main STP -- --/external/mbedtls/mbedtls_code/include/mbedtls/config_psa.h /package/include/mbedtls/config_psa.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/ctr_drbg.h /package/include/mbedtls/ctr_drbg.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/ecdsa.h /package/include/mbedtls/ecdsa.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/ecp.h /package/include/mbedtls/ecp.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/entropy.h /package/include/mbedtls/entropy.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/mbedtls_config.h /package/include/mbedtls/mbedtls_config.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/md.h /package/include/mbedtls/md.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/platform_util.h /package/include/mbedtls/platform_util.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/private_access.h /package/include/mbedtls/private_access.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/sha1.h /package/include/mbedtls/sha1.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/sha256.h /package/include/mbedtls/sha256.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/sha512.h /package/include/mbedtls/sha512.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/threading.h /package/include/mbedtls/threading.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/platform.h /package/include/mbedtls/platform.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/ecdh.h /package/include/mbedtls/ecdh.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/cmac.h /package/include/mbedtls/cmac.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/rsa.h /package/include/mbedtls/rsa.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/gcm.h /package/include/mbedtls/gcm.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/config_adjust_legacy_crypto.h /package/include/mbedtls/config_adjust_legacy_crypto.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/config_adjust_x509.h /package/include/mbedtls/config_adjust_x509.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/config_adjust_ssl.h /package/include/mbedtls/config_adjust_ssl.h 0 main STP /common/buildenv.mk /package/buildenv.mk 0 main STP diff --git a/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_cf.txt b/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_cf.txt -index d494deba..998def35 100644 +index 65d9dca0..086992f9 100644 --- a/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_cf.txt +++ b/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_cf.txt -@@ -9,11 +9,8 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner +@@ -10,9 +10,7 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner /build/linuxCF/libsgx_tswitchless.a /package/lib64/cve_2020_0551_cf/libsgx_tswitchless.a 0 main STP /build/linuxCF/libsgx_tprotected_fs.a /package/lib64/cve_2020_0551_cf/libsgx_tprotected_fs.a 0 main STP /build/linuxCF/libsgx_pcl.a /package/lib64/cve_2020_0551_cf/libsgx_pcl.a 0 main STP @@ -396,13 +358,11 @@ index d494deba..998def35 100644 /build/linuxCF/libsgx_ttls.a /package/lib64/cve_2020_0551_cf/libsgx_ttls.a 0 main STP /build/linuxCF/libtdx_tls.a /package/lib64/cve_2020_0551_cf/libtdx_tls.a 0 main STP /build/linuxCF/libsgx_utls.a /package/lib64/cve_2020_0551_cf/libsgx_utls.a 0 main STP --/build/linuxCF/libsgx_mbedcrypto.a /package/lib64/cve_2020_0551_cf/libsgx_mbedcrypto.a 0 main STP - /external/dcap_source/QuoteGeneration/build/linuxCF/libsgx_dcap_tvl.a /package/lib64/cve_2020_0551_cf/libsgx_dcap_tvl.a 0 main STP diff --git a/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_load.txt b/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_load.txt -index 53c9cfc6..b68b9976 100644 +index 71684b38..c26c9e63 100644 --- a/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_load.txt +++ b/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_load.txt -@@ -9,11 +9,8 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner +@@ -10,9 +10,7 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner /build/linuxLOAD/libsgx_tswitchless.a /package/lib64/cve_2020_0551_load/libsgx_tswitchless.a 0 main STP /build/linuxLOAD/libsgx_tprotected_fs.a /package/lib64/cve_2020_0551_load/libsgx_tprotected_fs.a 0 main STP /build/linuxLOAD/libsgx_pcl.a /package/lib64/cve_2020_0551_load/libsgx_pcl.a 0 main STP @@ -412,13 +372,11 @@ index 53c9cfc6..b68b9976 100644 /build/linuxLOAD/libsgx_ttls.a /package/lib64/cve_2020_0551_load/libsgx_ttls.a 0 main STP /build/linuxLOAD/libtdx_tls.a /package/lib64/cve_2020_0551_load/libtdx_tls.a 0 main STP /build/linuxLOAD/libsgx_utls.a /package/lib64/cve_2020_0551_load/libsgx_utls.a 0 main STP --/build/linuxLOAD/libsgx_mbedcrypto.a /package/lib64/cve_2020_0551_load/libsgx_mbedcrypto.a 0 main STP - /external/dcap_source/QuoteGeneration/build/linuxLOAD/libsgx_dcap_tvl.a /package/lib64/cve_2020_0551_load/libsgx_dcap_tvl.a 0 main STP diff --git a/linux/installer/common/sdk/BOMs/sdk_x64.txt b/linux/installer/common/sdk/BOMs/sdk_x64.txt -index 629492c1..602a804d 100644 +index d713050b..111070ee 100644 --- a/linux/installer/common/sdk/BOMs/sdk_x64.txt +++ b/linux/installer/common/sdk/BOMs/sdk_x64.txt -@@ -39,14 +39,10 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner +@@ -40,10 +40,7 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner /build/linux/sgx_edger8r /package/bin/x64/sgx_edger8r 0 main STP /build/linux/sgx_sign /package/bin/x64/sgx_sign 0 main STP /build/linux/sgx_encrypt /package/bin/x64/sgx_encrypt 0 main STP @@ -429,22 +387,17 @@ index 629492c1..602a804d 100644 /build/linux/libsgx_ttls.a /package/lib64/libsgx_ttls.a 0 main STP /build/linux/libtdx_tls.a /package/lib64/libtdx_tls.a 0 main STP /build/linux/libsgx_utls.a /package/lib64/libsgx_utls.a 0 main STP --/build/linux/libsgx_mbedcrypto.a /package/lib64/libsgx_mbedcrypto.a 0 main STP - /external/dcap_source/QuoteGeneration/build/linux/libsgx_dcap_tvl.a /package/lib64/libsgx_dcap_tvl.a 0 main STP - /linux/installer/common/sdk/installConfig.x64 /scripts/installConfig 0 main STP - /linux/installer/common/sdk/pkgconfig/x64/libsgx_uae_service_sim.pc /package/pkgconfig/libsgx_uae_service_sim.pc 0 main STP diff --git a/sdk/Makefile.source b/sdk/Makefile.source -index d3e40036..3bd08d5c 100644 +index dfbca6d4..3bd08d5c 100644 --- a/sdk/Makefile.source +++ b/sdk/Makefile.source -@@ -41,15 +41,11 @@ +@@ -41,14 +41,11 @@ # - tprotected_fs: libsgx_tprotected_fs.a # - tcmalloc: libsgx_tcmalloc.a # - sgx_pcl: libsgx_pcl.a -# - openmp: libsgx_omp.a -# - protobuf: libsgx_protobuf.a # - ttls: libsgx_ttls.a --# - mbedtls: libsgx_mbedcrypto.a # - Untrtusted libraries # - ukey_exchange: libsgx_ukey_exchange.a # - uprotected_fs: libsgx_uprotected_fs.a @@ -453,16 +406,16 @@ index d3e40036..3bd08d5c 100644 # - utls: libsgx_utls.a # - Standalone, untrusted libraries # - libcapable: libsgx_capable.a libsgx_capable.so -@@ -67,7 +63,7 @@ LIBTCXX := $(BUILD_DIR)/libsgx_tcxx.a +@@ -66,7 +63,7 @@ LIBTCXX := $(BUILD_DIR)/libsgx_tcxx.a LIBTSE := $(BUILD_DIR)/libsgx_tservice.a .PHONY: components --components: tstdc tcxx tservice trts tcrypto tkey_exchange ukey_exchange tprotected_fs uprotected_fs ptrace sample_crypto libcapable simulation signtool edger8r tcmalloc sgx_pcl sgx_encrypt sgx_tswitchless sgx_uswitchless pthread openmp protobuf ttls utls mbedtls +-components: tstdc tcxx tservice trts tcrypto tkey_exchange ukey_exchange tprotected_fs uprotected_fs ptrace sample_crypto libcapable simulation signtool edger8r tcmalloc sgx_pcl sgx_encrypt sgx_tswitchless sgx_uswitchless pthread openmp protobuf ttls utls +components: tstdc tcxx tservice trts tcrypto tkey_exchange ukey_exchange tprotected_fs uprotected_fs ptrace libcapable simulation signtool edger8r tcmalloc sgx_pcl sgx_encrypt sgx_tswitchless sgx_uswitchless pthread ttls utls # --------------------------------------------------- # tstdc -@@ -221,26 +217,10 @@ tprotected_fs: edger8r +@@ -220,18 +217,6 @@ tprotected_fs: edger8r sgx_pcl: $(MAKE) -C protected_code_loader @@ -481,15 +434,7 @@ index d3e40036..3bd08d5c 100644 .PHONY: ttls ttls: edger8r $(MAKE) -C ttls - --.PHONY: mbedtls --mbedtls: -- $(MAKE) -C $(LINUX_EXTERNAL_DIR)/mbedtls -- - # --------------------------------------------------- - # Untrusted libraries - # --------------------------------------------------- -@@ -256,10 +236,6 @@ uprotected_fs: edger8r +@@ -251,10 +236,6 @@ uprotected_fs: edger8r ptrace: $(MAKE) -C debugger_interface/linux/ @@ -500,7 +445,7 @@ index d3e40036..3bd08d5c 100644 .PHONY: utls utls: $(MAKE) -C utls -@@ -329,7 +305,6 @@ clean: +@@ -324,7 +305,6 @@ clean: $(MAKE) -C protected_fs/sgx_tprotected_fs/ clean $(MAKE) -C protected_fs/sgx_uprotected_fs/ clean $(MAKE) -C debugger_interface/linux/ clean @@ -508,7 +453,7 @@ index d3e40036..3bd08d5c 100644 $(MAKE) -C libcapable/linux/ clean $(MAKE) -C simulation/ clean $(MAKE) -C sign_tool/SignTool clean -@@ -340,11 +315,8 @@ clean: +@@ -335,8 +315,6 @@ clean: $(MAKE) -C switchless/sgx_uswitchless clean $(MAKE) -C tmm_rsrv/ clean $(MAKE) -C pthread clean @@ -516,10 +461,7 @@ index d3e40036..3bd08d5c 100644 - $(MAKE) -C $(LINUX_EXTERNAL_DIR)/protobuf clean $(MAKE) -C ttls clean $(MAKE) -C utls clean -- $(MAKE) -C $(LINUX_EXTERNAL_DIR)/mbedtls clean @$(RM) $(LIBTLIBC) $(LIBTCXX) $(LIBTSE) - @$(RM) $(BUILD_DIR)/libc++_Changes_SGX.txt - @$(RM) -rf $(BUILD_DIR)/.compiler-rt -- -2.48.1 +2.49.0 diff --git a/0006-Fix-compat-with-gcc-14.patch b/0006-Fix-compat-with-gcc-14.patch index c70c683..3775e97 100644 --- a/0006-Fix-compat-with-gcc-14.patch +++ b/0006-Fix-compat-with-gcc-14.patch @@ -1,7 +1,7 @@ -From 44c7af2d59a9654009eb1ea6affe771927d24850 Mon Sep 17 00:00:00 2001 +From f257662821800cfe5cdb38639a35361aac0802a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Mon, 24 Jun 2024 17:36:13 +0100 -Subject: [PATCH 06/16] Fix compat with gcc 14 +Subject: [PATCH 06/15] Fix compat with gcc 14 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -14,25 +14,11 @@ that std::enable_if_t is available. Signed-off-by: Daniel P. Berrangé --- - psw/ae/aesm_service/source/CMakeLists.txt | 2 +- psw/enclave_common/sgx_enclave_common.cpp | 1 + - 2 files changed, 2 insertions(+), 1 deletion(-) + 1 file changed, 1 insertion(+) -diff --git a/psw/ae/aesm_service/source/CMakeLists.txt b/psw/ae/aesm_service/source/CMakeLists.txt -index 3edd77c7..89b3e3ae 100644 ---- a/psw/ae/aesm_service/source/CMakeLists.txt -+++ b/psw/ae/aesm_service/source/CMakeLists.txt -@@ -61,7 +61,7 @@ if(REF_LE) - endif() - - set(CMAKE_CXX_STANDARD_REQUIRED 1) --set(CMAKE_CXX_STANDARD 11) -+set(CMAKE_CXX_STANDARD 14) - set(CMAKE_SKIP_BUILD_RPATH true) - - ########## SGX SDK Settings ########## diff --git a/psw/enclave_common/sgx_enclave_common.cpp b/psw/enclave_common/sgx_enclave_common.cpp -index 9867ecc8..46fcf873 100644 +index 9a335c81..399d63b2 100644 --- a/psw/enclave_common/sgx_enclave_common.cpp +++ b/psw/enclave_common/sgx_enclave_common.cpp @@ -35,6 +35,7 @@ @@ -44,5 +30,5 @@ index 9867ecc8..46fcf873 100644 #include "sgx_urts.h" #include "arch.h" -- -2.48.1 +2.49.0 diff --git a/0007-Fix-escaping-of-regexes-in-sgx-asm-pp.patch b/0007-Fix-escaping-of-regexes-in-sgx-asm-pp.patch index 22dd9c5..5e85e52 100644 --- a/0007-Fix-escaping-of-regexes-in-sgx-asm-pp.patch +++ b/0007-Fix-escaping-of-regexes-in-sgx-asm-pp.patch @@ -1,7 +1,7 @@ -From b613bffdce4d035dab354887539828906920a69e Mon Sep 17 00:00:00 2001 +From 089dddf45cda329896d5d94202780209567fed9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Mon, 2 Sep 2024 16:49:18 +0100 -Subject: [PATCH 07/16] Fix escaping of regexes in sgx-asm-pp +Subject: [PATCH 07/15] Fix escaping of regexes in sgx-asm-pp MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -278,5 +278,5 @@ index 2b02396b..0df3fc47 100644 # # File Operations - read/write -- -2.48.1 +2.49.0 diff --git a/0008-Disable-use-of-bogus-DEF_WEAK-macro.patch b/0008-Disable-use-of-bogus-DEF_WEAK-macro.patch deleted file mode 100644 index 8503d3e..0000000 --- a/0008-Disable-use-of-bogus-DEF_WEAK-macro.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 7e6f75bfc9c364a26be6efb0704fb6f58318e59b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= -Date: Tue, 1 Oct 2024 18:53:17 +0100 -Subject: [PATCH 08/16] Disable use of bogus DEF_WEAK macro -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Daniel P. Berrangé ---- - sdk/tlibc/time/strptime.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/sdk/tlibc/time/strptime.c b/sdk/tlibc/time/strptime.c -index 08023a7c..9e62adc6 100644 ---- a/sdk/tlibc/time/strptime.c -+++ b/sdk/tlibc/time/strptime.c -@@ -89,7 +89,9 @@ strptime(const char *buf, const char *fmt, struct tm *tm) - { - return(_strptime(buf, fmt, tm, 1)); - } -+#if 0 - DEF_WEAK(strptime); -+#endif - - static char * - _strptime(const char *buf, const char *fmt, struct tm *tm, int initialize) --- -2.48.1 - diff --git a/0010-psw-prefer-dev-sgx_provision-dev-sgx_enclave.patch b/0008-psw-prefer-dev-sgx_provision-dev-sgx_enclave.patch similarity index 94% rename from 0010-psw-prefer-dev-sgx_provision-dev-sgx_enclave.patch rename to 0008-psw-prefer-dev-sgx_provision-dev-sgx_enclave.patch index c7874d8..d60b019 100644 --- a/0010-psw-prefer-dev-sgx_provision-dev-sgx_enclave.patch +++ b/0008-psw-prefer-dev-sgx_provision-dev-sgx_enclave.patch @@ -1,7 +1,7 @@ -From b35c87f751c42cec71c4d3107b88084eddc4f749 Mon Sep 17 00:00:00 2001 +From 8967386d8e9eb0f7a11a7e6ce7f97b6b1daf39ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 4 Oct 2024 16:33:20 +0100 -Subject: [PATCH 10/16] psw: prefer /dev/sgx_provision & /dev/sgx_enclave +Subject: [PATCH 08/15] psw: prefer /dev/sgx_provision & /dev/sgx_enclave MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -21,7 +21,7 @@ Signed-off-by: Daniel P. Berrangé 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/psw/enclave_common/sgx_enclave_common.cpp b/psw/enclave_common/sgx_enclave_common.cpp -index 46fcf873..651ba83e 100644 +index 399d63b2..f63149a0 100644 --- a/psw/enclave_common/sgx_enclave_common.cpp +++ b/psw/enclave_common/sgx_enclave_common.cpp @@ -481,11 +481,11 @@ static void enclave_set_provision_access(int hdevice, void* enclave_base) @@ -74,5 +74,5 @@ index 49f2b9aa..fc537a84 100644 } else if (driver_type == SGX_DRIVER_DCAP) -- -2.48.1 +2.49.0 diff --git a/0009-Remove-all-references-to-pccs-service.patch b/0009-Remove-all-references-to-pccs-service.patch deleted file mode 100644 index 6cc34cb..0000000 --- a/0009-Remove-all-references-to-pccs-service.patch +++ /dev/null @@ -1,497 +0,0 @@ -From 2135faf971e82c7dc351dc01baab5c6f716f8f11 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= -Date: Tue, 1 Oct 2024 20:18:48 +0100 -Subject: [PATCH 09/16] Remove all references to pccs service -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The PCCS code was deleted in the DCAP 1.22 release that SGX -references, resulting in a failure to build the installer: - - $ /usr/bin/make -I linux/installer/common/psw-dcap -f linux/installer/common/psw-dcap/Makefile SRCDIR=. DESTDIR=build/vroot/psw install - python /var/home/berrange/rpmbuild/BUILD/linux-sgx-sgx_2.25_reproducible/linux/installer/common/gen_source/copy_source.py --bom-file /var/home/berrange/rpmbuild/BUILD/linux-sgx-sgx_2.25_reproducible/linux/installer/common/psw-dcap/BOM_install/sgx-dcap-pccs.txt --src-path . --dst-path build/pkgroot/sgx-dcap-pccs - Error: src directory/file ./external/dcap_source/QuoteGeneration/pccs/config/default.json does not exist! - make: *** [linux/installer/common/psw-dcap/Makefile:195: pre_sgx-dcap-pccs] Error 1 - -Signed-off-by: Daniel P. Berrangé ---- - README.md | 4 - - .../psw-dcap/BOM_install/sgx-dcap-pccs.txt | 74 ------------------- - linux/installer/common/psw-dcap/Makefile | 14 +--- - linux/installer/common/psw-dcap/installConfig | 1 - - .../psw-tdx/BOM_install/sgx-dcap-pccs.txt | 74 ------------------- - linux/installer/common/psw-tdx/Makefile | 14 +--- - linux/installer/common/psw-tdx/installConfig | 1 - - linux/installer/rpm/psw-dcap/build.sh | 1 - - .../installer/rpm/psw-dcap/psw-dcap.spec.tmpl | 21 +----- - linux/installer/rpm/psw-tdx/build.sh | 1 - - linux/installer/rpm/psw-tdx/psw-tdx.spec.tmpl | 21 +----- - 11 files changed, 6 insertions(+), 220 deletions(-) - delete mode 100644 linux/installer/common/psw-dcap/BOM_install/sgx-dcap-pccs.txt - delete mode 100644 linux/installer/common/psw-tdx/BOM_install/sgx-dcap-pccs.txt - -diff --git a/README.md b/README.md -index fcd11874..9d4011a2 100644 ---- a/README.md -+++ b/README.md -@@ -523,10 +523,6 @@ Please follow the [Intel(R) SGX DCAP Installation Guide for Linux* OS](https://d - - - Install Quote Provider Library(QPL). You can use your own customized QPL or use default QPL provided by Intel(libsgx-dcap-default-qpl) - --- Install PCK Caching Service. For how to install and configure PCK Caching --Service, please refer to [SGXDataCenterAttestationPrimitives](https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master/QuoteGeneration/pccs) --- Ensure the PCK Caching Service is setup correctly by local administrator or data center administrator. Also make sure that the configure file of quote provider library (/etc/sgx_default_qcnl.conf) is consistent with the real environment, for example: PCS_URL=https://your_pcs_server:8081/sgx/certification/v1/ -- - ### Start or Stop aesmd Service - The Intel(R) SGX PSW installer installs an aesmd service in your machine, which is running in a special linux account `aesmd`. - To stop the service: `$ sudo service aesmd stop` -diff --git a/linux/installer/common/psw-dcap/BOM_install/sgx-dcap-pccs.txt b/linux/installer/common/psw-dcap/BOM_install/sgx-dcap-pccs.txt -deleted file mode 100644 -index d70745c9..00000000 ---- a/linux/installer/common/psw-dcap/BOM_install/sgx-dcap-pccs.txt -+++ /dev/null -@@ -1,74 +0,0 @@ --DeliveryName InstallName FileCheckSum FileFeature FileOwner --/external/dcap_source/QuoteGeneration/pccs/config/default.json /config/default.json 0 main STP --/external/dcap_source/QuoteGeneration/pccs/constants/index.js /constants/index.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/constants/pccs_status_code.js /constants/pccs_status_code.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/identityController.js /controllers/identityController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/index.js /controllers/index.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/pckcertController.js /controllers/pckcertController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/pckcrlController.js /controllers/pckcrlController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/platformCollateralController.js /controllers/platformCollateralController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/platformsController.js /controllers/platformsController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/refreshController.js /controllers/refreshController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/rootcacrlController.js /controllers/rootcacrlController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/tcbinfoController.js /controllers/tcbinfoController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/crlController.js /controllers/crlController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/fmspc_tcbs.js /dao/models/fmspc_tcbs.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/index.js /dao/models/index.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/pck_cert.js /dao/models/pck_cert.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/pck_certchain.js /dao/models/pck_certchain.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/pck_crl.js /dao/models/pck_crl.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/pcs_certificates.js /dao/models/pcs_certificates.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/pcs_version.js /dao/models/pcs_version.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/platform_tcbs.js /dao/models/platform_tcbs.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/platforms_registered.js /dao/models/platforms_registered.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/platforms.js /dao/models/platforms.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/enclave_identities.js /dao/models/enclave_identities.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/crl_cache.js /dao/models/crl_cache.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/fmspcTcbDao.js /dao/fmspcTcbDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/pckCertchainDao.js /dao/pckCertchainDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/pckcertDao.js /dao/pckcertDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/pckcrlDao.js /dao/pckcrlDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/pcsCertificatesDao.js /dao/pcsCertificatesDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/pcsVersionDao.js /dao/pcsVersionDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/platformsDao.js /dao/platformsDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/platformsRegDao.js /dao/platformsRegDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/platformTcbsDao.js /dao/platformTcbsDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/enclaveIdentityDao.js /dao/enclaveIdentityDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/crlCacheDao.js /dao/crlCacheDao.js 0 main STP --/external/dcap_source/tools/PCKCertSelection/out/libPCKCertSelection.so /lib/libPCKCertSelection.so 0 main STP --/external/dcap_source/QuoteGeneration/pccs/lib_wrapper/pcklib_wrapper.js /lib_wrapper/pcklib_wrapper.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/middleware/auth.js /middleware/auth.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/middleware/error.js /middleware/error.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/middleware/addRequestId.js /middleware/addRequestId.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/migrations/00_db_initialize.up.sql /migrations/00_db_initialize.up.sql 0 main STP --/external/dcap_source/QuoteGeneration/pccs/migrations/01_db_version_1.js /migrations/01_db_version_1.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/migrations/02_db_version_2.js /migrations/02_db_version_2.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/pcs_client/pcs_client.js /pcs_client/pcs_client.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/routes/index.js /routes/index.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/identityService.js /services/identityService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/index.js /services/index.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/pccs_schemas.js /services/pccs_schemas.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/pckcertService.js /services/pckcertService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/pckcrlService.js /services/pckcrlService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/platformCollateralService.js /services/platformCollateralService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/platformsRegService.js /services/platformsRegService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/platformsService.js /services/platformsService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/refreshService.js /services/refreshService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/rootcacrlService.js /services/rootcacrlService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/tcbinfoService.js /services/tcbinfoService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/crlService.js /services/crlService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/caching_modes/cachingMode.js /services/caching_modes/cachingMode.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/caching_modes/cachingModeManager.js /services/caching_modes/cachingModeManager.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/logic/commonCacheLogic.js /services/logic/commonCacheLogic.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/logic/qvCollateralLogic.js /services/logic/qvCollateralLogic.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/utils/Logger.js /utils/Logger.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/utils/PccsError.js /utils/PccsError.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/utils/apputil.js /utils/apputil.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/x509/x509.js /x509/x509.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/install.sh /install.sh 0 main STP --/external/dcap_source/QuoteGeneration/pccs/package.json /package.json 0 main STP --/external/dcap_source/QuoteGeneration/pccs/pccs_server.js /pccs_server.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/pccs.service /pccs.service 0 main STP --/external/dcap_source/QuoteGeneration/pccs/startup.sh /startup.sh 0 main STP --/external/dcap_source/QuoteGeneration/pccs/cleanup.sh /cleanup.sh 0 main STP --/external/dcap_source/QuoteGeneration/pccs/README.md /README.md 0 main STP -diff --git a/linux/installer/common/psw-dcap/Makefile b/linux/installer/common/psw-dcap/Makefile -index a85c8b82..5e8a8560 100644 ---- a/linux/installer/common/psw-dcap/Makefile -+++ b/linux/installer/common/psw-dcap/Makefile -@@ -95,9 +95,6 @@ AESMD_CONF=aesmd.service - AESMD_CONF_DEL=aesmd.conf - AESMD_CONF_PATH=$(if $(wildcard /lib/systemd/system/.),/lib/systemd/system,/usr/lib/systemd/system) - --PCCS_CONF=pccs.service --PCCS_CONF_PATH=$(if $(wildcard /lib/systemd/system/.),/lib/systemd/system,/usr/lib/systemd/system) -- - RAD_CONF=mpa_registration_tool.service - RAD_CONF_DEL=mpa_registration_tool.conf - RAD_CONF_PATH=$(if $(wildcard /lib/systemd/system/.),/lib/systemd/system,/usr/lib/systemd/system) -@@ -192,7 +189,7 @@ ALL_PKGS:= $(AESM_SERVICE_PKGS) $(AE_PKGS) $(DEV_LIB_PKGS) - - $(foreach PKG,$(AESM_SERVICE_PKGS) $(AE_PKGS),$(eval $(call INSTALL_AESM_SERVICE_TEMPLATE,$(PKG)))) - $(foreach PKG,$(DEV_LIB_PKGS),$(eval $(call INSTALL_DEV_LIB_TEMPLATE,$(PKG)))) --$(foreach PKG,$(ALL_PKGS) $(DCAP_PCCS_PACKAGE) $(RA_SERVICE_PACKAGE) $(PCK_ID_RETRIEVAL_TOOL_PACKAGE),$(eval $(call PRE_INSTALL_TEMPLATE,$(PKG)))) -+$(foreach PKG,$(ALL_PKGS) $(RA_SERVICE_PACKAGE) $(PCK_ID_RETRIEVAL_TOOL_PACKAGE),$(eval $(call PRE_INSTALL_TEMPLATE,$(PKG)))) - - PHONY+=$(ALL_PKGS) - PHONY+=$(foreach PKG,$(ALL_PKGS),pre_$(PKG)) -@@ -220,14 +217,6 @@ install_$(AESM_SERVICE_PACKAGE): $(foreach PKG,$(AESM_SERVICE_PKGS),post_$(PKG)) - ln -fs $(shell readlink -m $(USR_LIB_PATH)/libsgx_pce.signed.so) && \ - ln -fs liburts_internal.so libsgx_urts.so.$(URTS_MAJOR_VER) - --PHONY+=install_$(DCAP_PCCS_PACKAGE) --install_$(DCAP_PCCS_PACKAGE): pre_$(DCAP_PCCS_PACKAGE) | $(PACKAGE_ROOT_PATH) -- install -d $(shell readlink -m $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF_PATH)) && \ -- cp -f $|/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF) $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF_PATH) && \ -- rm -f $|/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF) -- install -d $(shell readlink -m $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(SGX_INSTALL_PATH)/$(DCAP_PCCS_PACKAGE)) && \ -- cp -fr $|/$(DCAP_PCCS_PACKAGE)/* $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(SGX_INSTALL_PATH)/$(DCAP_PCCS_PACKAGE) -- - PHONY+=$(RA_SERVICE_PACKAGE) - $(RA_SERVICE_PACKAGE): pre_$(RA_SERVICE_PACKAGE) | $(PACKAGE_ROOT_PATH) - install -d $(shell readlink -m $(DESTDIR)/$@/$(SGX_INSTALL_PATH)/$@) && \ -@@ -351,7 +340,6 @@ install_dev_lib: $(foreach PKG,$(DEV_LIB_PKGS),post_$(PKG)) - - PHONY+=install - install: install_$(AESM_SERVICE_PACKAGE) \ -- install_$(DCAP_PCCS_PACKAGE) \ - install_$(RA_SERVICE_PACKAGE) \ - install_$(PCK_ID_RETRIEVAL_TOOL_PACKAGE) \ - install_ae \ -diff --git a/linux/installer/common/psw-dcap/installConfig b/linux/installer/common/psw-dcap/installConfig -index 9f99f032..96acdd9a 100644 ---- a/linux/installer/common/psw-dcap/installConfig -+++ b/linux/installer/common/psw-dcap/installConfig -@@ -30,7 +30,6 @@ DCAP_QL_PACKAGE=libsgx-dcap-ql - DCAP_QL_DEV_PACKAGE=libsgx-dcap-ql-devel - DCAP_QVL_PACKAGE=libsgx-dcap-quote-verify - DCAP_QVL_DEV_PACKAGE=libsgx-dcap-quote-verify-devel --DCAP_PCCS_PACKAGE=sgx-dcap-pccs - - PCK_ID_RETRIEVAL_TOOL_PACKAGE=sgx-pck-id-retrieval-tool - RA_NETWORK_PACKAGE=libsgx-ra-network -diff --git a/linux/installer/common/psw-tdx/BOM_install/sgx-dcap-pccs.txt b/linux/installer/common/psw-tdx/BOM_install/sgx-dcap-pccs.txt -deleted file mode 100644 -index d70745c9..00000000 ---- a/linux/installer/common/psw-tdx/BOM_install/sgx-dcap-pccs.txt -+++ /dev/null -@@ -1,74 +0,0 @@ --DeliveryName InstallName FileCheckSum FileFeature FileOwner --/external/dcap_source/QuoteGeneration/pccs/config/default.json /config/default.json 0 main STP --/external/dcap_source/QuoteGeneration/pccs/constants/index.js /constants/index.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/constants/pccs_status_code.js /constants/pccs_status_code.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/identityController.js /controllers/identityController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/index.js /controllers/index.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/pckcertController.js /controllers/pckcertController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/pckcrlController.js /controllers/pckcrlController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/platformCollateralController.js /controllers/platformCollateralController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/platformsController.js /controllers/platformsController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/refreshController.js /controllers/refreshController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/rootcacrlController.js /controllers/rootcacrlController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/tcbinfoController.js /controllers/tcbinfoController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/crlController.js /controllers/crlController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/fmspc_tcbs.js /dao/models/fmspc_tcbs.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/index.js /dao/models/index.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/pck_cert.js /dao/models/pck_cert.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/pck_certchain.js /dao/models/pck_certchain.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/pck_crl.js /dao/models/pck_crl.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/pcs_certificates.js /dao/models/pcs_certificates.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/pcs_version.js /dao/models/pcs_version.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/platform_tcbs.js /dao/models/platform_tcbs.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/platforms_registered.js /dao/models/platforms_registered.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/platforms.js /dao/models/platforms.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/enclave_identities.js /dao/models/enclave_identities.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/crl_cache.js /dao/models/crl_cache.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/fmspcTcbDao.js /dao/fmspcTcbDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/pckCertchainDao.js /dao/pckCertchainDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/pckcertDao.js /dao/pckcertDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/pckcrlDao.js /dao/pckcrlDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/pcsCertificatesDao.js /dao/pcsCertificatesDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/pcsVersionDao.js /dao/pcsVersionDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/platformsDao.js /dao/platformsDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/platformsRegDao.js /dao/platformsRegDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/platformTcbsDao.js /dao/platformTcbsDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/enclaveIdentityDao.js /dao/enclaveIdentityDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/crlCacheDao.js /dao/crlCacheDao.js 0 main STP --/external/dcap_source/tools/PCKCertSelection/out/libPCKCertSelection.so /lib/libPCKCertSelection.so 0 main STP --/external/dcap_source/QuoteGeneration/pccs/lib_wrapper/pcklib_wrapper.js /lib_wrapper/pcklib_wrapper.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/middleware/auth.js /middleware/auth.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/middleware/error.js /middleware/error.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/middleware/addRequestId.js /middleware/addRequestId.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/migrations/00_db_initialize.up.sql /migrations/00_db_initialize.up.sql 0 main STP --/external/dcap_source/QuoteGeneration/pccs/migrations/01_db_version_1.js /migrations/01_db_version_1.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/migrations/02_db_version_2.js /migrations/02_db_version_2.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/pcs_client/pcs_client.js /pcs_client/pcs_client.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/routes/index.js /routes/index.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/identityService.js /services/identityService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/index.js /services/index.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/pccs_schemas.js /services/pccs_schemas.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/pckcertService.js /services/pckcertService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/pckcrlService.js /services/pckcrlService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/platformCollateralService.js /services/platformCollateralService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/platformsRegService.js /services/platformsRegService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/platformsService.js /services/platformsService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/refreshService.js /services/refreshService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/rootcacrlService.js /services/rootcacrlService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/tcbinfoService.js /services/tcbinfoService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/crlService.js /services/crlService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/caching_modes/cachingMode.js /services/caching_modes/cachingMode.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/caching_modes/cachingModeManager.js /services/caching_modes/cachingModeManager.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/logic/commonCacheLogic.js /services/logic/commonCacheLogic.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/logic/qvCollateralLogic.js /services/logic/qvCollateralLogic.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/utils/Logger.js /utils/Logger.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/utils/PccsError.js /utils/PccsError.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/utils/apputil.js /utils/apputil.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/x509/x509.js /x509/x509.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/install.sh /install.sh 0 main STP --/external/dcap_source/QuoteGeneration/pccs/package.json /package.json 0 main STP --/external/dcap_source/QuoteGeneration/pccs/pccs_server.js /pccs_server.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/pccs.service /pccs.service 0 main STP --/external/dcap_source/QuoteGeneration/pccs/startup.sh /startup.sh 0 main STP --/external/dcap_source/QuoteGeneration/pccs/cleanup.sh /cleanup.sh 0 main STP --/external/dcap_source/QuoteGeneration/pccs/README.md /README.md 0 main STP -diff --git a/linux/installer/common/psw-tdx/Makefile b/linux/installer/common/psw-tdx/Makefile -index 4f50ee49..0e8cb3e7 100644 ---- a/linux/installer/common/psw-tdx/Makefile -+++ b/linux/installer/common/psw-tdx/Makefile -@@ -80,9 +80,6 @@ QGSD_CONF=qgsd.service - QGSD_CONF_DEL=qgsd.conf - QGSD_CONF_PATH=$(if $(wildcard /lib/systemd/system/.),/lib/systemd/system,/usr/lib/systemd/system) - --PCCS_CONF=pccs.service --PCCS_CONF_PATH=$(if $(wildcard /lib/systemd/system/.),/lib/systemd/system,/usr/lib/systemd/system) -- - RAD_CONF=mpa_registration_tool.service - RAD_CONF_DEL=mpa_registration_tool.conf - RAD_CONF_PATH=$(if $(wildcard /lib/systemd/system/.),/lib/systemd/system,/usr/lib/systemd/system) -@@ -160,7 +157,7 @@ ALL_PKGS:= $(TDX_QGS_PKGS) $(AE_PKGS) $(DEV_LIB_PKGS) - - $(foreach PKG,$(TDX_QGS_PKGS) $(AE_PKGS),$(eval $(call INSTALL_AESM_SERVICE_TEMPLATE,$(PKG)))) - $(foreach PKG,$(DEV_LIB_PKGS),$(eval $(call INSTALL_DEV_LIB_TEMPLATE,$(PKG)))) --$(foreach PKG,$(ALL_PKGS) $(DCAP_PCCS_PACKAGE) $(RA_SERVICE_PACKAGE) $(PCK_ID_RETRIEVAL_TOOL_PACKAGE),$(eval $(call PRE_INSTALL_TEMPLATE,$(PKG)))) -+$(foreach PKG,$(ALL_PKGS) $(RA_SERVICE_PACKAGE) $(PCK_ID_RETRIEVAL_TOOL_PACKAGE),$(eval $(call PRE_INSTALL_TEMPLATE,$(PKG)))) - - PHONY+=$(ALL_PKGS) - PHONY+=$(foreach PKG,$(ALL_PKGS),pre_$(PKG)) -@@ -184,14 +181,6 @@ install_$(TDX_QGS_PACKAGE): $(foreach PKG,$(TDX_QGS_PKGS),post_$(PKG)) - $(DESTDIR)/$(TDX_QGS_PACKAGE)/$(ETC_DIR) && \ - rm -fr $(DESTDIR)/$(TDX_QGS_PACKAGE)/$(SGX_INSTALL_PATH)/$(TDX_QGS_PACKAGE)/conf)) - --PHONY+=install_$(DCAP_PCCS_PACKAGE) --install_$(DCAP_PCCS_PACKAGE): pre_$(DCAP_PCCS_PACKAGE) | $(PACKAGE_ROOT_PATH) -- install -d $(shell readlink -m $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF_PATH)) && \ -- cp -f $|/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF) $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF_PATH) && \ -- rm -f $|/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF) -- install -d $(shell readlink -m $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(SGX_INSTALL_PATH)/$(DCAP_PCCS_PACKAGE)) && \ -- cp -fr $|/$(DCAP_PCCS_PACKAGE)/* $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(SGX_INSTALL_PATH)/$(DCAP_PCCS_PACKAGE) -- - PHONY+=$(RA_SERVICE_PACKAGE) - $(RA_SERVICE_PACKAGE): pre_$(RA_SERVICE_PACKAGE) | $(PACKAGE_ROOT_PATH) - install -d $(shell readlink -m $(DESTDIR)/$@/$(SGX_INSTALL_PATH)/$@) && \ -@@ -291,7 +280,6 @@ install_dev_lib: $(foreach PKG,$(DEV_LIB_PKGS),post_$(PKG)) - - PHONY+=install - install: install_$(TDX_QGS_PACKAGE) \ -- install_$(DCAP_PCCS_PACKAGE) \ - install_$(RA_SERVICE_PACKAGE) \ - install_$(PCK_ID_RETRIEVAL_TOOL_PACKAGE) \ - install_ae \ -diff --git a/linux/installer/common/psw-tdx/installConfig b/linux/installer/common/psw-tdx/installConfig -index 7129b71d..c55a8ada 100644 ---- a/linux/installer/common/psw-tdx/installConfig -+++ b/linux/installer/common/psw-tdx/installConfig -@@ -16,7 +16,6 @@ TDX_ATTEST_PACKAGE=libtdx-attest - TDX_ATTEST_DEV_PACKAGE=libtdx-attest-devel - DCAP_QVL_PACKAGE=libsgx-dcap-quote-verify - DCAP_QVL_DEV_PACKAGE=libsgx-dcap-quote-verify-devel --DCAP_PCCS_PACKAGE=sgx-dcap-pccs - PCK_ID_RETRIEVAL_TOOL_PACKAGE=sgx-pck-id-retrieval-tool - RA_NETWORK_PACKAGE=libsgx-ra-network - RA_NETWORK_DEV_PACKAGE=libsgx-ra-network-devel -diff --git a/linux/installer/rpm/psw-dcap/build.sh b/linux/installer/rpm/psw-dcap/build.sh -index 22c8eef5..6188e816 100755 ---- a/linux/installer/rpm/psw-dcap/build.sh -+++ b/linux/installer/rpm/psw-dcap/build.sh -@@ -63,7 +63,6 @@ update_spec() { - -e "s:@dcap_version@:${dcap_version}:" \ - -e "s:@aesm_service_path@:${SGX_INSTALL_PATH}/${AESM_SERVICE_PACKAGE}:" \ - -e "s:@ra_service_path@:${SGX_INSTALL_PATH}/${RA_SERVICE_PACKAGE}:" \ -- -e "s:@dcap_pccs_path@:${SGX_INSTALL_PATH}/${DCAP_PCCS_PACKAGE}:" \ - -e "s:@pck_id_retrieval_tool_path@:${SGX_INSTALL_PATH}/${PCK_ID_RETRIEVAL_TOOL_PACKAGE}:" \ - ${cur_dir}/${psw_dcap}.spec.tmpl > ${cur_dir}/${rpm_build_dir}/SPECS/${psw_dcap}.spec - -diff --git a/linux/installer/rpm/psw-dcap/psw-dcap.spec.tmpl b/linux/installer/rpm/psw-dcap/psw-dcap.spec.tmpl -index c7ba4c12..66fc4a78 100644 ---- a/linux/installer/rpm/psw-dcap/psw-dcap.spec.tmpl -+++ b/linux/installer/rpm/psw-dcap/psw-dcap.spec.tmpl -@@ -31,7 +31,6 @@ - - %define _aesm_service_path @aesm_service_path@ - %define _ra_service_path @ra_service_path@ --%define _dcap_pccs_path @dcap_pccs_path@ - %define _pck_id_retrieval_tool_path @pck_id_retrieval_tool_path@ - %define _psw_version @psw_version@ - %define _dcap_version @dcap_version@ -@@ -303,14 +302,6 @@ Requires: libsgx-dcap-quote-verify = %{version}-%{release} libsgx-headers > - %description -n libsgx-dcap-quote-verify-devel - Intel(R) Software Guard Extensions Data Center Attestation Primitives Quote Verification Library for Developers - --%package -n sgx-dcap-pccs --Version: %{_dcap_version} --Summary: Intel(R) Software Guard Extensions PCK Caching Service --Requires: gcc gcc-c++ make -- --%description -n sgx-dcap-pccs --Intel(R) Software Guard Extensions PCK Caching Service -- - %package -n libsgx-ra-network - Version: %{_dcap_version} - Summary: Intel(R) Software Guard Extensions Registration Agent Network Library -@@ -378,14 +369,13 @@ for pkg in $(ls -A %{?buildroot} 2> /dev/null |grep -v "license"); do - grep -v "^%{_includedir}" | \ - grep -v "^%{_sysconfdir}" | \ - grep -v "^%{_aesm_service_path}" | \ -- grep -v "^%{_dcap_pccs_path}" | \ - grep -v "^%{_ra_service_path}" | \ - grep -v "^%{_pck_id_retrieval_tool_path}" | \ - sed -e "s#^#%dir #" > %{_specdir}/list-${pkg} - for f in $(find %{?buildroot}/${pkg}); do - if [ -d ${f} ]; then - echo ${f} | sed -e "s#^%{?buildroot}/${pkg}##" | \ -- grep -E "^%{_aesm_service_path}|^%{_dcap_pccs_path}|^%{_ra_service_path}|^%{_pck_id_retrieval_tool_path}" | \ -+ grep -E "^%{_aesm_service_path}|^%{_ra_service_path}|^%{_pck_id_retrieval_tool_path}" | \ - sed -e "s#^#%dir #" >> %{_specdir}/list-${pkg} - else - echo ${f} | \ -@@ -395,7 +385,7 @@ for pkg in $(ls -A %{?buildroot} 2> /dev/null |grep -v "license"); do - cp -r %{?buildroot}/${pkg}/* %{?buildroot}/ - rm -fr %{?buildroot}/${pkg} - sed -i -e 's:^/etc/.*\.conf:%config &:' \ -- -e 's:^%{_dcap_pccs_path}/config/default\.json:%config &:' %{_specdir}/list-${pkg} -+ %{_specdir}/list-${pkg} - done - rm -fr %{?buildroot}/license - -@@ -433,7 +423,6 @@ make clean - %files -n libsgx-dcap-ql-devel -f %{_specdir}/list-libsgx-dcap-ql-devel - %files -n libsgx-dcap-quote-verify -f %{_specdir}/list-libsgx-dcap-quote-verify - %files -n libsgx-dcap-quote-verify-devel -f %{_specdir}/list-libsgx-dcap-quote-verify-devel --%files -n sgx-dcap-pccs -f %{_specdir}/list-sgx-dcap-pccs - %files -n libsgx-ra-network -f %{_specdir}/list-libsgx-ra-network - %files -n libsgx-ra-network-devel -f %{_specdir}/list-libsgx-ra-network-devel - %files -n libsgx-ra-uefi -f %{_specdir}/list-libsgx-ra-uefi -@@ -447,12 +436,6 @@ if [ -x %{_aesm_service_path}/startup.sh ]; then %{_aesm_service_path}/startup.s - %preun - if [ -x %{_aesm_service_path}/cleanup.sh ]; then %{_aesm_service_path}/cleanup.sh; fi - --%posttrans -n sgx-dcap-pccs --if [ -x %{_dcap_pccs_path}/startup.sh ]; then %{_dcap_pccs_path}/startup.sh; fi -- --%preun -n sgx-dcap-pccs --if [ -x %{_dcap_pccs_path}/cleanup.sh ]; then %{_dcap_pccs_path}/cleanup.sh; fi -- - %posttrans -n sgx-ra-service - if [ -x %{_ra_service_path}/startup.sh ]; then %{_ra_service_path}/startup.sh; fi - -diff --git a/linux/installer/rpm/psw-tdx/build.sh b/linux/installer/rpm/psw-tdx/build.sh -index f42d6bd2..25a683c8 100755 ---- a/linux/installer/rpm/psw-tdx/build.sh -+++ b/linux/installer/rpm/psw-tdx/build.sh -@@ -63,7 +63,6 @@ update_spec() { - -e "s:@dcap_version@:${dcap_version}:" \ - -e "s:@tdx_qgs_path@:${SGX_INSTALL_PATH}/${TDX_QGS_PACKAGE}:" \ - -e "s:@ra_service_path@:${SGX_INSTALL_PATH}/${RA_SERVICE_PACKAGE}:" \ -- -e "s:@dcap_pccs_path@:${SGX_INSTALL_PATH}/${DCAP_PCCS_PACKAGE}:" \ - -e "s:@pck_id_retrieval_tool_path@:${SGX_INSTALL_PATH}/${PCK_ID_RETRIEVAL_TOOL_PACKAGE}:" \ - ${cur_dir}/${psw_tdx}.spec.tmpl > ${cur_dir}/${rpm_build_dir}/SPECS/${psw_tdx}.spec - -diff --git a/linux/installer/rpm/psw-tdx/psw-tdx.spec.tmpl b/linux/installer/rpm/psw-tdx/psw-tdx.spec.tmpl -index 0dd5fd8c..67eab01a 100644 ---- a/linux/installer/rpm/psw-tdx/psw-tdx.spec.tmpl -+++ b/linux/installer/rpm/psw-tdx/psw-tdx.spec.tmpl -@@ -31,7 +31,6 @@ - - %define _tdx_qgs_path @tdx_qgs_path@ - %define _ra_service_path @ra_service_path@ --%define _dcap_pccs_path @dcap_pccs_path@ - %define _pck_id_retrieval_tool_path @pck_id_retrieval_tool_path@ - %define _psw_version @psw_version@ - %define _dcap_version @dcap_version@ -@@ -198,14 +197,6 @@ Requires: libsgx-dcap-quote-verify = %{version}-%{release} libsgx-headers > - %description -n libsgx-dcap-quote-verify-devel - Intel(R) Software Guard Extensions Data Center Attestation Primitives Quote Verification Library for Developers - --%package -n sgx-dcap-pccs --Version: %{_dcap_version} --Summary: Intel(R) Software Guard Extensions PCK Caching Service --Requires: gcc gcc-c++ make -- --%description -n sgx-dcap-pccs --Intel(R) Software Guard Extensions PCK Caching Service -- - %package -n libsgx-ra-network - Version: %{_dcap_version} - Summary: Intel(R) Software Guard Extensions Registration Agent Network Library -@@ -273,14 +264,13 @@ for pkg in $(ls -A %{?buildroot} 2> /dev/null |grep -v "license"); do - grep -v "^%{_includedir}" | \ - grep -v "^%{_sysconfdir}" | \ - grep -v "^%{_tdx_qgs_path}" | \ -- grep -v "^%{_dcap_pccs_path}" | \ - grep -v "^%{_ra_service_path}" | \ - grep -v "^%{_pck_id_retrieval_tool_path}" | \ - sed -e "s#^#%dir #" > %{_specdir}/list-${pkg} - for f in $(find %{?buildroot}/${pkg}); do - if [ -d ${f} ]; then - echo ${f} | sed -e "s#^%{?buildroot}/${pkg}##" | \ -- grep -E "^%{_tdx_qgs_path}|^%{_dcap_pccs_path}|^%{_ra_service_path}|^%{_pck_id_retrieval_tool_path}" | \ -+ grep -E "^%{_tdx_qgs_path}|^%{_ra_service_path}|^%{_pck_id_retrieval_tool_path}" | \ - sed -e "s#^#%dir #" >> %{_specdir}/list-${pkg} - else - echo ${f} | \ -@@ -290,7 +280,7 @@ for pkg in $(ls -A %{?buildroot} 2> /dev/null |grep -v "license"); do - cp -r %{?buildroot}/${pkg}/* %{?buildroot}/ - rm -fr %{?buildroot}/${pkg} - sed -i -e 's:^/etc/.*\.conf:%config &:' \ -- -e 's:^%{_dcap_pccs_path}/config/default\.json:%config &:' %{_specdir}/list-${pkg} -+ %{_specdir}/list-${pkg} - done - rm -fr %{?buildroot}/license - -@@ -315,7 +305,6 @@ make clean - %files -n libtdx-attest-devel -f %{_specdir}/list-libtdx-attest-devel - %files -n libsgx-dcap-quote-verify -f %{_specdir}/list-libsgx-dcap-quote-verify - %files -n libsgx-dcap-quote-verify-devel -f %{_specdir}/list-libsgx-dcap-quote-verify-devel --%files -n sgx-dcap-pccs -f %{_specdir}/list-sgx-dcap-pccs - %files -n libsgx-ra-network -f %{_specdir}/list-libsgx-ra-network - %files -n libsgx-ra-network-devel -f %{_specdir}/list-libsgx-ra-network-devel - %files -n libsgx-ra-uefi -f %{_specdir}/list-libsgx-ra-uefi -@@ -329,12 +318,6 @@ if [ -x %{_tdx_qgs_path}/startup.sh ]; then %{_tdx_qgs_path}/startup.sh; fi - %preun - if [ -x %{_tdx_qgs_path}/cleanup.sh ]; then %{_tdx_qgs_path}/cleanup.sh; fi - --%posttrans -n sgx-dcap-pccs --if [ -x %{_dcap_pccs_path}/startup.sh ]; then %{_dcap_pccs_path}/startup.sh; fi -- --%preun -n sgx-dcap-pccs --if [ -x %{_dcap_pccs_path}/cleanup.sh ]; then %{_dcap_pccs_path}/cleanup.sh; fi -- - %posttrans -n sgx-ra-service - if [ -x %{_ra_service_path}/startup.sh ]; then %{_ra_service_path}/startup.sh; fi - --- -2.48.1 - diff --git a/0011-psw-fix-soname-for-libuae_service.so-library.patch b/0009-psw-fix-soname-for-libuae_service.so-library.patch similarity index 90% rename from 0011-psw-fix-soname-for-libuae_service.so-library.patch rename to 0009-psw-fix-soname-for-libuae_service.so-library.patch index 9d6ac62..c2f5807 100644 --- a/0011-psw-fix-soname-for-libuae_service.so-library.patch +++ b/0009-psw-fix-soname-for-libuae_service.so-library.patch @@ -1,7 +1,7 @@ -From 44fa7a1f6108ae855419f32288573ff3c51f1fa4 Mon Sep 17 00:00:00 2001 +From 6d0fee06ee6c87f8f89aac9947bb8b3df9930238 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 17 Jan 2025 15:38:56 +0000 -Subject: [PATCH 11/16] psw: fix soname for libuae_service.so library +Subject: [PATCH 09/15] psw: fix soname for libuae_service.so library MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -25,5 +25,5 @@ index bffbdc5b..81f5c4b7 100644 $(IPC_SRC:.cpp=.o) : $(IPC_COMMON_PROTO_DIR)/messages.pb.cc AEServicesImpl.o : $(IPC_COMMON_PROTO_DIR)/messages.pb.cc -- -2.48.1 +2.49.0 diff --git a/0012-pcl-remove-redundant-use-of-bool-type.patch b/0010-pcl-remove-redundant-use-of-bool-type.patch similarity index 91% rename from 0012-pcl-remove-redundant-use-of-bool-type.patch rename to 0010-pcl-remove-redundant-use-of-bool-type.patch index d0906e5..f774ad9 100644 --- a/0012-pcl-remove-redundant-use-of-bool-type.patch +++ b/0010-pcl-remove-redundant-use-of-bool-type.patch @@ -1,7 +1,7 @@ -From 64e9315acfc84f84299e8f0d8d890f158d972b0f Mon Sep 17 00:00:00 2001 +From 26f9569bf1ea44bc2e937b8ccbb1141bb1f88274 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 6 Feb 2025 09:54:33 +0000 -Subject: [PATCH 12/16] pcl: remove redundant use of 'bool' type +Subject: [PATCH 10/15] pcl: remove redundant use of 'bool' type MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -45,5 +45,5 @@ index 5ad6efde..b78ca907 100644 #endif // #ifdef SE_SIM -- -2.48.1 +2.49.0 diff --git a/0013-sdk-honour-CFLAGS-LDFLAGS-set-from-environment.patch b/0011-sdk-honour-CFLAGS-LDFLAGS-set-from-environment.patch similarity index 93% rename from 0013-sdk-honour-CFLAGS-LDFLAGS-set-from-environment.patch rename to 0011-sdk-honour-CFLAGS-LDFLAGS-set-from-environment.patch index ffce807..9bf9229 100644 --- a/0013-sdk-honour-CFLAGS-LDFLAGS-set-from-environment.patch +++ b/0011-sdk-honour-CFLAGS-LDFLAGS-set-from-environment.patch @@ -1,7 +1,7 @@ -From 51aa96fc252d5792ca26132478eb5c1c8af1a63c Mon Sep 17 00:00:00 2001 +From 5e43013eff1a6d558f1bad189cae185b383c49f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 27 Mar 2025 14:17:01 +0000 -Subject: [PATCH 13/16] sdk: honour CFLAGS/LDFLAGS set from environment +Subject: [PATCH 11/15] sdk: honour CFLAGS/LDFLAGS set from environment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -49,7 +49,7 @@ index d388dc1d..867de978 100644 LINK_FLAGS := -lcrypto -L$(BUILD_DIR) -lsgx_tservice CPP_FILES := encryptip.cpp diff --git a/sdk/sign_tool/SignTool/Makefile b/sdk/sign_tool/SignTool/Makefile -index 219fb5ad..fe16b392 100644 +index 1dcb6f51..1601de09 100644 --- a/sdk/sign_tool/SignTool/Makefile +++ b/sdk/sign_tool/SignTool/Makefile @@ -40,7 +40,7 @@ FLAGS += -DSE_DEBUG_LEVEL=SE_TRACE_ERROR @@ -88,7 +88,7 @@ index 45ddb576..865d5556 100644 RDRAND_LIBDIR := $(LINUX_EXTERNAL_DIR)/rdrand/src RDRAND_MAKEFILE := $(RDRAND_LIBDIR)/Makefile diff --git a/sdk/simulation/urtssim/linux/Makefile b/sdk/simulation/urtssim/linux/Makefile -index 505ce8d9..b340463a 100644 +index ea8ca78c..dd716f2b 100644 --- a/sdk/simulation/urtssim/linux/Makefile +++ b/sdk/simulation/urtssim/linux/Makefile @@ -65,9 +65,9 @@ DIR5 := $(LINUX_PSW_DIR)/../common/src/linux @@ -103,7 +103,7 @@ index 505ce8d9..b340463a 100644 OBJ1 := enclave.o \ tcs.o \ -@@ -119,7 +119,7 @@ vpath %.cpp .:$(DIR1):$(DIR2):$(DIR3):$(DIR4):$(DIR6) +@@ -120,7 +120,7 @@ vpath %.cpp .:$(DIR1):$(DIR2):$(DIR3):$(DIR4):$(DIR6) vpath %.S .:$(DIR2):$(DIR5) vpath %.c .:$(DIR6) @@ -112,7 +112,7 @@ index 505ce8d9..b340463a 100644 LIBURTSSIM_SHARED := libsgx_urts_sim.so LIBURTS_DEPLOY := libsgx_urts_deploy.so -@@ -133,7 +133,7 @@ all: $(LIBURTSSIM_SHARED) $(LIBURTS_DEPLOY)| $(BUILD_DIR) +@@ -134,7 +134,7 @@ all: $(LIBURTSSIM_SHARED) $(LIBURTS_DEPLOY)| $(BUILD_DIR) $(CP) $(LIBURTS_DEPLOY) $| $(LIBURTSSIM_SHARED): simasm uinst driver_api wrapper uae_service_sim $(OBJ) $(OBJ6) ittnotify @@ -122,5 +122,5 @@ index 505ce8d9..b340463a 100644 $(BUILD_DIR): @$(MKDIR) $@ -- -2.48.1 +2.49.0 diff --git a/0014-psw-make-aesm_service-build-verbose.patch b/0012-psw-make-aesm_service-build-verbose.patch similarity index 86% rename from 0014-psw-make-aesm_service-build-verbose.patch rename to 0012-psw-make-aesm_service-build-verbose.patch index f25cea8..6203c03 100644 --- a/0014-psw-make-aesm_service-build-verbose.patch +++ b/0012-psw-make-aesm_service-build-verbose.patch @@ -1,7 +1,7 @@ -From e2f8a9054e512b3c49f4264824892baf07898efc Mon Sep 17 00:00:00 2001 +From e9ca38a6045c2ad5d5277cb52bc175eb56ee7466 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 27 Mar 2025 16:07:10 +0000 -Subject: [PATCH 14/16] psw: make aesm_service build verbose. +Subject: [PATCH 12/15] psw: make aesm_service build verbose. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -25,5 +25,5 @@ index 89a15875..dbfa3fb6 100644 $(CP) $(CPPMICROSERVICES) source/build/bin/ endif -- -2.48.1 +2.49.0 diff --git a/0015-Fix-modern-C-function-prototype-compliance.patch b/0013-Fix-modern-C-function-prototype-compliance.patch similarity index 93% rename from 0015-Fix-modern-C-function-prototype-compliance.patch rename to 0013-Fix-modern-C-function-prototype-compliance.patch index 5a32649..81a760f 100644 --- a/0015-Fix-modern-C-function-prototype-compliance.patch +++ b/0013-Fix-modern-C-function-prototype-compliance.patch @@ -1,7 +1,7 @@ -From f70028402c31652c65277291e93b4c565c8863ad Mon Sep 17 00:00:00 2001 +From 0ef77c5de1ae80a8a1df4280af1dbd1fba6ebe46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Mon, 31 Mar 2025 10:55:25 +0100 -Subject: [PATCH 15/16] Fix modern C function prototype compliance +Subject: [PATCH 13/15] Fix modern C function prototype compliance MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -39,5 +39,5 @@ index 8e4e7600..8c38bb68 100644 g_sys_ptrace = (ptrace_t)dlsym(RTLD_NEXT, "ptrace"); g_sys_waitpid = (waitpid_t)dlsym(RTLD_NEXT, "waitpid"); -- -2.48.1 +2.49.0 diff --git a/0016-Add-wrapper-for-nasm-to-fix-cmake-compat.patch b/0014-Add-wrapper-for-nasm-to-fix-cmake-compat.patch similarity index 93% rename from 0016-Add-wrapper-for-nasm-to-fix-cmake-compat.patch rename to 0014-Add-wrapper-for-nasm-to-fix-cmake-compat.patch index 4432eab..b1a5bd0 100644 --- a/0016-Add-wrapper-for-nasm-to-fix-cmake-compat.patch +++ b/0014-Add-wrapper-for-nasm-to-fix-cmake-compat.patch @@ -1,7 +1,7 @@ -From dc2be9ad1955e85006604ef2840357a1dedf856c Mon Sep 17 00:00:00 2001 +From 77f998c285d15d31ec9104d413b380f90fa91970 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Wed, 2 Apr 2025 17:11:25 +0100 -Subject: [PATCH 16/16] Add wrapper for nasm to fix cmake compat +Subject: [PATCH 14/15] Add wrapper for nasm to fix cmake compat MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -37,7 +37,7 @@ index 00000000..4ad75f73 + exec python ${here}/sgx-asm-pp.py --assembler=nasm --MITIGATION-CVE-2020-0551=${MITIGATION} "$@" +fi diff --git a/external/ippcp_internal/Makefile b/external/ippcp_internal/Makefile -index 70718f5e..d8efe418 100644 +index d78ba90e..71a40247 100644 --- a/external/ippcp_internal/Makefile +++ b/external/ippcp_internal/Makefile @@ -58,10 +58,12 @@ IPP_CONFIG += -DIPPCP_FIPS_MODE=on -DFIPS_CUSTOM_IPPCP_API_HEADER=$(CURDIR)/inc @@ -65,5 +65,5 @@ index 70718f5e..d8efe418 100644 $(IPP_SOURCE)/build: ifeq ($(IPP_USE_GIT), 1) -- -2.48.1 +2.49.0 diff --git a/0015-fix-BOM-for-pccs-with-DCAP-1.23.patch b/0015-fix-BOM-for-pccs-with-DCAP-1.23.patch new file mode 100644 index 0000000..aa52f20 --- /dev/null +++ b/0015-fix-BOM-for-pccs-with-DCAP-1.23.patch @@ -0,0 +1,72 @@ +From 595343c8d79a45760a30b30e1bd66f4079c61f52 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Fri, 27 Jun 2025 11:37:26 +0100 +Subject: [PATCH 15/15] fix BOM for pccs with DCAP 1.23 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The BOM for pccs is missing various files causing it to fail to start. +This change is synced from the BOM filelist seen in the DCAP git repo. + +Signed-off-by: Daniel P. Berrangé +--- + .../common/psw-tdx/BOM_install/sgx-dcap-pccs.txt | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/linux/installer/common/psw-tdx/BOM_install/sgx-dcap-pccs.txt b/linux/installer/common/psw-tdx/BOM_install/sgx-dcap-pccs.txt +index d70745c9..73c687b3 100644 +--- a/linux/installer/common/psw-tdx/BOM_install/sgx-dcap-pccs.txt ++++ b/linux/installer/common/psw-tdx/BOM_install/sgx-dcap-pccs.txt +@@ -12,6 +12,7 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner + /external/dcap_source/QuoteGeneration/pccs/controllers/rootcacrlController.js /controllers/rootcacrlController.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/controllers/tcbinfoController.js /controllers/tcbinfoController.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/controllers/crlController.js /controllers/crlController.js 0 main STP ++/external/dcap_source/QuoteGeneration/pccs/controllers/appraisalPolicyController.js /controllers/appraisalPolicyController.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/dao/models/fmspc_tcbs.js /dao/models/fmspc_tcbs.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/dao/models/index.js /dao/models/index.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/dao/models/pck_cert.js /dao/models/pck_cert.js 0 main STP +@@ -24,6 +25,7 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner + /external/dcap_source/QuoteGeneration/pccs/dao/models/platforms.js /dao/models/platforms.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/dao/models/enclave_identities.js /dao/models/enclave_identities.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/dao/models/crl_cache.js /dao/models/crl_cache.js 0 main STP ++/external/dcap_source/QuoteGeneration/pccs/dao/models/appraisal_policy.js /dao/models/appraisal_policy.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/dao/fmspcTcbDao.js /dao/fmspcTcbDao.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/dao/pckCertchainDao.js /dao/pckCertchainDao.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/dao/pckcertDao.js /dao/pckcertDao.js 0 main STP +@@ -35,14 +37,19 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner + /external/dcap_source/QuoteGeneration/pccs/dao/platformTcbsDao.js /dao/platformTcbsDao.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/dao/enclaveIdentityDao.js /dao/enclaveIdentityDao.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/dao/crlCacheDao.js /dao/crlCacheDao.js 0 main STP ++/external/dcap_source/QuoteGeneration/pccs/dao/appraisalPolicyDao.js /dao/appraisalPolicyDao.js 0 main STP + /external/dcap_source/tools/PCKCertSelection/out/libPCKCertSelection.so /lib/libPCKCertSelection.so 0 main STP + /external/dcap_source/QuoteGeneration/pccs/lib_wrapper/pcklib_wrapper.js /lib_wrapper/pcklib_wrapper.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/middleware/auth.js /middleware/auth.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/middleware/error.js /middleware/error.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/middleware/addRequestId.js /middleware/addRequestId.js 0 main STP ++/external/dcap_source/QuoteGeneration/pccs/middleware/filterDuplicatedParams.js /middleware/filterDuplicatedParams.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/migrations/00_db_initialize.up.sql /migrations/00_db_initialize.up.sql 0 main STP + /external/dcap_source/QuoteGeneration/pccs/migrations/01_db_version_1.js /migrations/01_db_version_1.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/migrations/02_db_version_2.js /migrations/02_db_version_2.js 0 main STP ++/external/dcap_source/QuoteGeneration/pccs/migrations/03_db_version_3.js /migrations/03_db_version_3.js 0 main STP ++/external/dcap_source/QuoteGeneration/pccs/migrations/04_db_version_4.js /migrations/04_db_version_4.js 0 main STP ++/external/dcap_source/QuoteGeneration/pccs/migrations/05_db_version_5.js /migrations/05_db_version_5.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/pcs_client/pcs_client.js /pcs_client/pcs_client.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/routes/index.js /routes/index.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/services/identityService.js /services/identityService.js 0 main STP +@@ -57,6 +64,7 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner + /external/dcap_source/QuoteGeneration/pccs/services/rootcacrlService.js /services/rootcacrlService.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/services/tcbinfoService.js /services/tcbinfoService.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/services/crlService.js /services/crlService.js 0 main STP ++/external/dcap_source/QuoteGeneration/pccs/services/appraisalPolicyService.js /services/appraisalPolicyService.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/services/caching_modes/cachingMode.js /services/caching_modes/cachingMode.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/services/caching_modes/cachingModeManager.js /services/caching_modes/cachingModeManager.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/services/logic/commonCacheLogic.js /services/logic/commonCacheLogic.js 0 main STP +@@ -72,3 +80,4 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner + /external/dcap_source/QuoteGeneration/pccs/startup.sh /startup.sh 0 main STP + /external/dcap_source/QuoteGeneration/pccs/cleanup.sh /cleanup.sh 0 main STP + /external/dcap_source/QuoteGeneration/pccs/README.md /README.md 0 main STP ++/external/dcap_source/QuoteGeneration/pccs/nodejs.cnf /nodejs.cnf 0 main STP +-- +2.49.0 + diff --git a/0050-Disable-inclusion-of-AESM-in-installer.patch b/0050-Disable-inclusion-of-AESM-in-installer.patch index a89a40a..11aff78 100644 --- a/0050-Disable-inclusion-of-AESM-in-installer.patch +++ b/0050-Disable-inclusion-of-AESM-in-installer.patch @@ -1,4 +1,4 @@ -From 07f39d2eb84d66fd19d025856747c5521068f26c Mon Sep 17 00:00:00 2001 +From 550144746385554702fdcd65bbe8638cda08d055 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 11 Feb 2025 14:58:58 +0000 Subject: [PATCH] Disable inclusion of AESM in installer @@ -16,10 +16,10 @@ Signed-off-by: Daniel P. Berrangé 2 files changed, 3 insertions(+), 28 deletions(-) diff --git a/linux/installer/common/psw-dcap/Makefile b/linux/installer/common/psw-dcap/Makefile -index 5e8a8560..e8dd018b 100644 +index a85c8b82..3ea22440 100644 --- a/linux/installer/common/psw-dcap/Makefile +++ b/linux/installer/common/psw-dcap/Makefile -@@ -147,13 +147,7 @@ post_$(1): $(1) | $(PACKAGE_ROOT_PATH) +@@ -150,13 +150,7 @@ post_$(1): $(1) | $(PACKAGE_ROOT_PATH) cp -fr $$|/$$ Date: Mon, 26 Feb 2024 12:19:51 +0000 -Subject: [PATCH 100/117] Drop use of bundled pre-built openssl +Subject: [PATCH 100/120] Drop use of bundled pre-built openssl MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -99,7 +99,7 @@ index b25ce40..982c7d5 100644 SGX_COMMON_CFLAGS := $(COMMON_FLAGS) -m64 -Wjump-misses-init -Wstrict-prototypes -Wunsuffixed-float-constants SGX_COMMON_CXXFLAGS := $(COMMON_FLAGS) -m64 -Wnon-virtual-dtor -std=c++17 diff --git a/QuoteVerification/dcap_quoteverify/linux/Makefile b/QuoteVerification/dcap_quoteverify/linux/Makefile -index 9820b61..fba7f43 100644 +index 74fad4c..894e616 100644 --- a/QuoteVerification/dcap_quoteverify/linux/Makefile +++ b/QuoteVerification/dcap_quoteverify/linux/Makefile @@ -36,8 +36,8 @@ INSTALL_PATH ?= /usr/lib/x86_64-linux-gnu diff --git a/0101-Improve-debuggability-of-build-system.patch b/0101-Improve-debuggability-of-build-system.patch index c5c871b..4c3f469 100644 --- a/0101-Improve-debuggability-of-build-system.patch +++ b/0101-Improve-debuggability-of-build-system.patch @@ -1,7 +1,7 @@ -From b4d3b1401e16a557bcba1fe02b525bd5c26ee532 Mon Sep 17 00:00:00 2001 +From 50bbd267076608a9b0a3b5e23bcbc8bfadfb09d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 1 Mar 2024 12:05:01 +0000 -Subject: [PATCH 101/117] Improve debuggability of build system +Subject: [PATCH 101/120] Improve debuggability of build system MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -43,7 +43,7 @@ index 139848a..cd361c4 100644 clean: $(RM) $(QAL_Obj_Files) $(Target_Lib_Name) $(Target_Lib_Name).$(SGX_MAJOR_VER) $(Target_Static_Lib_Name) $(BUILD_DIR)/$(Target_Lib_Name) $(QVL_Cpp_Obj_Files) diff --git a/QuoteVerification/dcap_quoteverify/linux/Makefile b/QuoteVerification/dcap_quoteverify/linux/Makefile -index fba7f43..5979699 100644 +index 894e616..7962d10 100644 --- a/QuoteVerification/dcap_quoteverify/linux/Makefile +++ b/QuoteVerification/dcap_quoteverify/linux/Makefile @@ -107,13 +107,13 @@ $(BUILD_DIR): @@ -67,9 +67,9 @@ index fba7f43..5979699 100644 @@ -123,13 +123,13 @@ run: all ######## QVL Library Objects ######## - qve_u.h: $(SGX_EDGER8R) $(QVE_SRC_PATH)/Enclave/qve.edl -- @$(SGX_EDGER8R) --untrusted $(QVE_SRC_PATH)/Enclave/qve.edl --search-path $(QVE_SRC_PATH)/Enclave --search-path $(SGX_SDK)/include -+ $(SGX_EDGER8R) --untrusted $(QVE_SRC_PATH)/Enclave/qve.edl --search-path $(QVE_SRC_PATH)/Enclave --search-path $(SGX_SDK)/include + qve_u.h: $(QVE_SRC_PATH)/Enclave/qve.edl $(SGX_EDGER8R) +- @$(SGX_EDGER8R) --untrusted $< $(addprefix --search-path ,$(QVE_SRC_PATH)/Enclave $(SGX_SDK)/include $(addprefix $(SGXSSL_PACKAGE_PATH)/include/,. $(if $(FIPS),,no)filefunc)) ++ $(SGX_EDGER8R) --untrusted $< $(addprefix --search-path ,$(QVE_SRC_PATH)/Enclave $(SGX_SDK)/include $(addprefix $(SGXSSL_PACKAGE_PATH)/include/,. $(if $(FIPS),,no)filefunc)) @echo "GEN => $@" qve_u.c : qve_u.h @@ -126,7 +126,7 @@ index fba7f43..5979699 100644 + $(AR) rsD $(QVL_VERIFY_LIB_NAME_Static) $(QVL_VERIFY_CPP_OBJS_STATIC) $(QVL_VERIFY_C_OBJS) $(QVE_CPP_OBJ) $(QVL_LIB_COMMON_OBJS) .PHONY: qal - qal: + qal: -- 2.49.0 diff --git a/0102-Support-build-time-setting-of-enclave-load-directory.patch b/0102-Support-build-time-setting-of-enclave-load-directory.patch index eea8b4f..eb37253 100644 --- a/0102-Support-build-time-setting-of-enclave-load-directory.patch +++ b/0102-Support-build-time-setting-of-enclave-load-directory.patch @@ -1,7 +1,7 @@ -From edcd2d044a8e20cf8d2e1cebba7f74f2573c9ae5 Mon Sep 17 00:00:00 2001 +From 2f0e63c015f83aa2248b8afa04c1928b6aa8b0fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Mon, 26 Feb 2024 12:19:51 +0000 -Subject: [PATCH 102/117] Support build time setting of enclave load directory +Subject: [PATCH 102/120] Support build time setting of enclave load directory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -182,7 +182,7 @@ index 6321611..9597c52 100644 \ No newline at end of file +} diff --git a/QuoteVerification/dcap_quoteverify/linux/Makefile b/QuoteVerification/dcap_quoteverify/linux/Makefile -index 5979699..c9f11a0 100644 +index 7962d10..c4154b0 100644 --- a/QuoteVerification/dcap_quoteverify/linux/Makefile +++ b/QuoteVerification/dcap_quoteverify/linux/Makefile @@ -55,7 +55,7 @@ QVL_VERIFY_INC := -I$(QVE_SRC_PATH)/Include \ diff --git a/0103-Look-for-versioned-sgx_urts-library-in-PCKRetrievalT.patch b/0103-Look-for-versioned-sgx_urts-library-in-PCKRetrievalT.patch index c9f6b57..7557473 100644 --- a/0103-Look-for-versioned-sgx_urts-library-in-PCKRetrievalT.patch +++ b/0103-Look-for-versioned-sgx_urts-library-in-PCKRetrievalT.patch @@ -1,7 +1,7 @@ -From 3cbab8069678b15276d7a8d2d0c7aa34532ad4af Mon Sep 17 00:00:00 2001 +From 5fddd2225147e4372a6ff09350bdd495c3fdd4f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 27 Feb 2024 15:46:41 +0000 -Subject: [PATCH 103/117] Look for versioned sgx_urts library in +Subject: [PATCH 103/120] Look for versioned sgx_urts library in PCKRetrievalTool MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 diff --git a/0104-Don-t-import-pypac-in-pccsadmin.patch b/0104-Don-t-import-pypac-in-pccsadmin.patch index dbe5e30..067dd19 100644 --- a/0104-Don-t-import-pypac-in-pccsadmin.patch +++ b/0104-Don-t-import-pypac-in-pccsadmin.patch @@ -1,7 +1,7 @@ -From 2609841a9ddedd4c3f22778bff0aa399ce6d4f9a Mon Sep 17 00:00:00 2001 +From d758e815930fe6ca3d19ab880c8cb839001746ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 27 Feb 2024 20:28:24 +0000 -Subject: [PATCH 104/117] Don't import pypac in pccsadmin +Subject: [PATCH 104/120] Don't import pypac in pccsadmin MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/0105-Look-for-PCKRetrievalTool-config-file-in-etc.patch b/0105-Look-for-PCKRetrievalTool-config-file-in-etc.patch index 8155454..9e08f62 100644 --- a/0105-Look-for-PCKRetrievalTool-config-file-in-etc.patch +++ b/0105-Look-for-PCKRetrievalTool-config-file-in-etc.patch @@ -1,7 +1,7 @@ -From eb1018b10a5adedcdc1ae3cf8f5d8be6de5b7d6d Mon Sep 17 00:00:00 2001 +From 1d85ecfb88b08772efdaeb241b09502383e1123c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 29 Feb 2024 14:21:36 +0000 -Subject: [PATCH 105/117] Look for PCKRetrievalTool config file in /etc/ +Subject: [PATCH 105/120] Look for PCKRetrievalTool config file in /etc/ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/0106-Honour-CFLAGS-CXXFLAGS-LDFLAGS-for-various-tools-and.patch b/0106-Honour-CFLAGS-CXXFLAGS-LDFLAGS-for-various-tools-and.patch index 8436fa0..5538fb9 100644 --- a/0106-Honour-CFLAGS-CXXFLAGS-LDFLAGS-for-various-tools-and.patch +++ b/0106-Honour-CFLAGS-CXXFLAGS-LDFLAGS-for-various-tools-and.patch @@ -1,7 +1,7 @@ -From c1773ce8ab60a0d887a52b821de28d6fd996b7f4 Mon Sep 17 00:00:00 2001 +From ac4041d449135696b66c9d147d29f0967e2df1c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 28 Mar 2025 16:00:27 +0000 -Subject: [PATCH 106/117] Honour CFLAGS/CXXFLAGS/LDFLAGS for various tools and +Subject: [PATCH 106/120] Honour CFLAGS/CXXFLAGS/LDFLAGS for various tools and libraries MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -107,7 +107,7 @@ index 7d0b398..9b8c936 100644 ifndef DEBUG Quote_Cpp_Flags += -DDISABLE_TRACE diff --git a/QuoteVerification/dcap_quoteverify/linux/Makefile b/QuoteVerification/dcap_quoteverify/linux/Makefile -index c9f11a0..56095ac 100644 +index c4154b0..e125cbf 100644 --- a/QuoteVerification/dcap_quoteverify/linux/Makefile +++ b/QuoteVerification/dcap_quoteverify/linux/Makefile @@ -54,8 +54,8 @@ QVL_VERIFY_INC := -I$(QVE_SRC_PATH)/Include \ diff --git a/0107-qgs-add-space-between-program-name-first-arg-in-usag.patch b/0107-qgs-add-space-between-program-name-first-arg-in-usag.patch index 52ec735..738678f 100644 --- a/0107-qgs-add-space-between-program-name-first-arg-in-usag.patch +++ b/0107-qgs-add-space-between-program-name-first-arg-in-usag.patch @@ -1,7 +1,7 @@ -From a74ede38e306ff82ddbaf094d6148dc1bf9e524c Mon Sep 17 00:00:00 2001 +From 95b111ae4a42f872e467a58058cfc87d5a5d089d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 3 Oct 2024 14:42:29 +0100 -Subject: [PATCH 107/117] qgs: add space between program name & first arg in +Subject: [PATCH 107/120] qgs: add space between program name & first arg in usage MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 diff --git a/0108-qgs-protect-against-format-strings-in-QL-log-message.patch b/0108-qgs-protect-against-format-strings-in-QL-log-message.patch index efb8b4f..ebe3af5 100644 --- a/0108-qgs-protect-against-format-strings-in-QL-log-message.patch +++ b/0108-qgs-protect-against-format-strings-in-QL-log-message.patch @@ -1,7 +1,7 @@ -From 1e760dc7a67d601121b625e0d2bd7b2fe8b7b042 Mon Sep 17 00:00:00 2001 +From 0df9bd861d54722365e891911c18924af16cd732 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 4 Oct 2024 09:43:17 +0100 -Subject: [PATCH 108/117] qgs: protect against format strings in QL log +Subject: [PATCH 108/120] qgs: protect against format strings in QL log messages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 diff --git a/0109-qgs-add-debug-parameter-to-control-logging.patch b/0109-qgs-add-debug-parameter-to-control-logging.patch index f637a94..0d9a2f9 100644 --- a/0109-qgs-add-debug-parameter-to-control-logging.patch +++ b/0109-qgs-add-debug-parameter-to-control-logging.patch @@ -1,7 +1,7 @@ -From d43ef4cac2c2c022b89b0938be71a9b36b9a1923 Mon Sep 17 00:00:00 2001 +From 480ac4becb93a54184c024fa1945c1a2890488fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 3 Oct 2024 16:57:35 +0100 -Subject: [PATCH 109/117] qgs: add --debug parameter to control logging +Subject: [PATCH 109/120] qgs: add --debug parameter to control logging MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/0110-pccsadmin-remove-leftover-debugging-print-args-state.patch b/0110-pccsadmin-remove-leftover-debugging-print-args-state.patch index 473cfd6..b10409c 100644 --- a/0110-pccsadmin-remove-leftover-debugging-print-args-state.patch +++ b/0110-pccsadmin-remove-leftover-debugging-print-args-state.patch @@ -1,7 +1,7 @@ -From d375ba770975e565850ac12392bbc44807f28f75 Mon Sep 17 00:00:00 2001 +From e559fba635b7736a54a446e25afc268b2a27513c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 8 Oct 2024 10:13:02 +0100 -Subject: [PATCH 110/117] pccsadmin: remove leftover debugging 'print(args)' +Subject: [PATCH 110/120] pccsadmin: remove leftover debugging 'print(args)' statement MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 diff --git a/0111-Fix-soname-version-for-libsgx_qe3_logic.so-library.patch b/0111-Fix-soname-version-for-libsgx_qe3_logic.so-library.patch index bf66d08..7900087 100644 --- a/0111-Fix-soname-version-for-libsgx_qe3_logic.so-library.patch +++ b/0111-Fix-soname-version-for-libsgx_qe3_logic.so-library.patch @@ -1,7 +1,7 @@ -From 1db2f71aead55201fcd82efa7d1ee99c9fa006b9 Mon Sep 17 00:00:00 2001 +From 6a2d951d6a1d21a1c45256c81eaf1acd6f010d46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 17 Jan 2025 15:39:39 +0000 -Subject: [PATCH 111/117] Fix soname version for libsgx_qe3_logic.so library +Subject: [PATCH 111/120] Fix soname version for libsgx_qe3_logic.so library MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -13,21 +13,21 @@ Signed-off-by: Daniel P. Berrangé 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/QuoteGeneration/common/inc/internal/se_version.h b/QuoteGeneration/common/inc/internal/se_version.h -index 471784d..22e0dff 100644 +index 93f60cb..9ee51c0 100644 --- a/QuoteGeneration/common/inc/internal/se_version.h +++ b/QuoteGeneration/common/inc/internal/se_version.h @@ -41,6 +41,11 @@ - #define QUOTE_LOADER_VERSION "1.11.109.1" - #define TDQE_WRAPPER_VERSION "1.14.109.1" - #define PCE_WRAPPER_VERSION "1.14.109.1" + #define QUOTE_LOADER_VERSION "1.11.110.0" + #define TDQE_WRAPPER_VERSION "1.14.110.0" + #define PCE_WRAPPER_VERSION "1.14.110.0" +/* + * XXX: downstream hack based on version declared + * in linux-sgx.git/linux/installer/common/psw/Makefile + */ +#define QE3_WRAPPER_VERSION "1.0.0" - #define QE3_VERSION "1.19.100.1" - #define QVE_VERSION "1.21.100.1" + #define QE3_VERSION "1.22.100.1" + #define QVE_VERSION "1.22.100.1" diff --git a/QuoteGeneration/quote_wrapper/quote/linux/Makefile b/QuoteGeneration/quote_wrapper/quote/linux/Makefile index 9b8c936..c92d782 100644 --- a/QuoteGeneration/quote_wrapper/quote/linux/Makefile diff --git a/0112-Workaround-broken-GCC-15.patch b/0112-Workaround-broken-GCC-15.patch index 54cfd14..6df7556 100644 --- a/0112-Workaround-broken-GCC-15.patch +++ b/0112-Workaround-broken-GCC-15.patch @@ -1,7 +1,7 @@ -From 9c8155bb1b2928390a21408944fd876f40c281e6 Mon Sep 17 00:00:00 2001 +From 63e5a14cbae060060ee1de4eae177cc2f7b1f851 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 6 Feb 2025 20:08:59 +0000 -Subject: [PATCH 112/117] Workaround broken GCC 15 +Subject: [PATCH 112/120] Workaround broken GCC 15 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/0113-Don-t-disable-cf-protection-for-qgs.patch b/0113-Don-t-disable-cf-protection-for-qgs.patch index 40e1c88..b115c34 100644 --- a/0113-Don-t-disable-cf-protection-for-qgs.patch +++ b/0113-Don-t-disable-cf-protection-for-qgs.patch @@ -1,7 +1,7 @@ -From c4a2855d01b06e1da960a677379c55a5b31b427c Mon Sep 17 00:00:00 2001 +From 3cb471cfd9309a61c6cacf99ef8959c8d6c3079c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Wed, 2 Apr 2025 18:39:31 +0100 -Subject: [PATCH 113/117] Don't disable cf-protection for qgs +Subject: [PATCH 113/120] Don't disable cf-protection for qgs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/0114-Delete-broken-checks-for-GCC-version-that-break-fsta.patch b/0114-Delete-broken-checks-for-GCC-version-that-break-fsta.patch index 05b2090..c3aa197 100644 --- a/0114-Delete-broken-checks-for-GCC-version-that-break-fsta.patch +++ b/0114-Delete-broken-checks-for-GCC-version-that-break-fsta.patch @@ -1,7 +1,7 @@ -From 3bcde80a8e81c6f9992085f5a924544fb6082d79 Mon Sep 17 00:00:00 2001 +From 218ff444583b58dc122ac69507b50c6e9f711581 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 3 Apr 2025 17:44:48 +0100 -Subject: [PATCH 114/117] Delete broken checks for GCC version that break +Subject: [PATCH 114/120] Delete broken checks for GCC version that break -fstack-protector-strong MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -74,7 +74,7 @@ index f0a5e36..20f3022 100644 -Wsequence-point -Wformat-security -Wmissing-include-dirs -Wfloat-equal -Wundef -Wshadow -Wcast-align \ -Wconversion -Wredundant-decls -DITT_ARCH_IA64 -fcf-protection diff --git a/QuoteVerification/QvE/Makefile b/QuoteVerification/QvE/Makefile -index 6532e8f..e5045dd 100644 +index cdac5ff..73e0c65 100644 --- a/QuoteVerification/QvE/Makefile +++ b/QuoteVerification/QvE/Makefile @@ -101,12 +101,7 @@ endif diff --git a/0115-Use-distro-provided-rapidjson-package.patch b/0115-Use-distro-provided-rapidjson-package.patch index 45123cc..b367037 100644 --- a/0115-Use-distro-provided-rapidjson-package.patch +++ b/0115-Use-distro-provided-rapidjson-package.patch @@ -1,7 +1,7 @@ -From e7afd8a28400d47b3864514fde5c2ce62d3937ec Mon Sep 17 00:00:00 2001 +From 8c70d52e120ff2f2e878975db2ac7253b28319cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Mon, 26 Feb 2024 12:19:51 +0000 -Subject: [PATCH 115/117] Use distro provided rapidjson package +Subject: [PATCH 115/120] Use distro provided rapidjson package MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/0116-Don-t-stomp-on-VERBOSE-variable.patch b/0116-Don-t-stomp-on-VERBOSE-variable.patch index 281ae8d..205d410 100644 --- a/0116-Don-t-stomp-on-VERBOSE-variable.patch +++ b/0116-Don-t-stomp-on-VERBOSE-variable.patch @@ -1,7 +1,7 @@ -From 224d1fe828bc4fcaa0861c3b59ddcc0c979fc2d6 Mon Sep 17 00:00:00 2001 +From 9313ac72fda37a90096979cabae7d4294ef7ba42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Wed, 16 Apr 2025 11:48:52 +0100 -Subject: [PATCH 116/117] Don't stomp on "VERBOSE" variable +Subject: [PATCH 116/120] Don't stomp on "VERBOSE" variable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/0117-qgs-add-m-MODE-parameter-for-UNIX-socket-mode.patch b/0117-qgs-add-m-MODE-parameter-for-UNIX-socket-mode.patch index 399e653..a175203 100644 --- a/0117-qgs-add-m-MODE-parameter-for-UNIX-socket-mode.patch +++ b/0117-qgs-add-m-MODE-parameter-for-UNIX-socket-mode.patch @@ -1,7 +1,7 @@ -From 8ded27dcf0c5a02c7869568bd1cafd5c2d15c0b0 Mon Sep 17 00:00:00 2001 +From 22171373ad5c818b5a57339ba607ff9876e34939 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 2 May 2025 14:48:24 +0100 -Subject: [PATCH 117/117] qgs: add -m=MODE parameter for UNIX socket mode +Subject: [PATCH 117/120] qgs: add -m=MODE parameter for UNIX socket mode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/0118-Switch-default-PCCS-port-number-from-8081-to-10801.patch b/0118-Switch-default-PCCS-port-number-from-8081-to-10801.patch new file mode 100644 index 0000000..a87e3bd --- /dev/null +++ b/0118-Switch-default-PCCS-port-number-from-8081-to-10801.patch @@ -0,0 +1,174 @@ +From 2f42f8333820bb555778df38aaf27d02a5533ef6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 27 Feb 2024 15:46:41 +0000 +Subject: [PATCH 118/120] Switch default PCCS port number from 8081 to 10801 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Port 8081 is a very poor choice of port number, since it is +both assigned to existing softrware in /etc/services, and +a fairly common "alternative" HTTP port that application +developers use for ad-hoc services. + +Move it to 10801 which is not assigned in /etc/services and +thus unlikely to clash with other software. + +Signed-off-by: Daniel P. Berrangé +--- + QuoteGeneration/pccs/config/default.json | 2 +- + QuoteGeneration/qcnl/inc/qcnl_config.h | 2 +- + QuoteGeneration/qcnl/linux/sgx_default_qcnl.conf | 4 ++-- + QuoteGeneration/qcnl/linux/sgx_default_qcnl_dev.conf | 2 +- + tools/PCKRetrievalTool/App/App.cpp | 4 ++-- + tools/PCKRetrievalTool/network_setting.conf | 4 ++-- + tools/PccsAdminTool/pccsadmin.py | 12 ++++++------ + 7 files changed, 15 insertions(+), 15 deletions(-) + +diff --git a/QuoteGeneration/pccs/config/default.json b/QuoteGeneration/pccs/config/default.json +index 13e00e2..7be5c6e 100644 +--- a/QuoteGeneration/pccs/config/default.json ++++ b/QuoteGeneration/pccs/config/default.json +@@ -1,5 +1,5 @@ + { +- "HTTPS_PORT" : 8081, ++ "HTTPS_PORT" : 10801, + "hosts" : "127.0.0.1", + "uri": "https://api.trustedservices.intel.com/sgx/certification/v4/", + "ApiKey": "", +diff --git a/QuoteGeneration/qcnl/inc/qcnl_config.h b/QuoteGeneration/qcnl/inc/qcnl_config.h +index 71b9a99..b9f2262 100644 +--- a/QuoteGeneration/qcnl/inc/qcnl_config.h ++++ b/QuoteGeneration/qcnl/inc/qcnl_config.h +@@ -82,7 +82,7 @@ protected: + // TCB update type, "early" or "standard" + string tcb_update_type_; + +- QcnlConfig() : server_url_("https://localhost:8081/sgx/certification/v4/"), ++ QcnlConfig() : server_url_("https://localhost:10801/sgx/certification/v4/"), + use_secure_cert_(true), + collateral_service_url_(server_url_), + collateral_version_("3.0"), +diff --git a/QuoteGeneration/qcnl/linux/sgx_default_qcnl.conf b/QuoteGeneration/qcnl/linux/sgx_default_qcnl.conf +index 7df3995..af26a7e 100644 +--- a/QuoteGeneration/qcnl/linux/sgx_default_qcnl.conf ++++ b/QuoteGeneration/qcnl/linux/sgx_default_qcnl.conf +@@ -2,7 +2,7 @@ + // *** ATTENTION : This file is in JSON format so the keys are case sensitive. Don't change them. + + //PCCS server address +- "pccs_url": "https://localhost:8081/sgx/certification/v4/" ++ "pccs_url": "https://localhost:10801/sgx/certification/v4/" + + // To accept insecure HTTPS certificate, set this option to false + ,"use_secure_cert": true +@@ -37,7 +37,7 @@ + + // If local_pck_url is defined, the QCNL will try to retrieve PCK cert chain from local_pck_url first, + // and failover to pccs_url as in legacy mode. +- //,"local_pck_url": "http://localhost:8081/sgx/certification/v4/" ++ //,"local_pck_url": "http://localhost:10801/sgx/certification/v4/" + + // If local_pck_url is not defined, set pck_cache_expire_hours to a none-zero value will enable local cache. + // The PCK certificates will be cached in memory and then to the disk drive. +diff --git a/QuoteGeneration/qcnl/linux/sgx_default_qcnl_dev.conf b/QuoteGeneration/qcnl/linux/sgx_default_qcnl_dev.conf +index 08ee41c..f398b7d 100644 +--- a/QuoteGeneration/qcnl/linux/sgx_default_qcnl_dev.conf ++++ b/QuoteGeneration/qcnl/linux/sgx_default_qcnl_dev.conf +@@ -8,7 +8,7 @@ + // It is recommended to use "3.1" for DCAP 1.12 release and later + + //PCCS server address +- "pccs_url": "https://localhost:8081/sgx/certification/v4/", ++ "pccs_url": "https://localhost:10801/sgx/certification/v4/", + + // To accept insecure HTTPS certificate, set this option to false + "use_secure_cert": false, +diff --git a/tools/PCKRetrievalTool/App/App.cpp b/tools/PCKRetrievalTool/App/App.cpp +index a34710d..17196e2 100644 +--- a/tools/PCKRetrievalTool/App/App.cpp ++++ b/tools/PCKRetrievalTool/App/App.cpp +@@ -67,7 +67,7 @@ uint32_t COMM_API sgx_tool_get_launch_token( + + void PrintHelp() { + printf("Usage: %s [OPTION] \n", VER_PRODUCTNAME_STR); +- printf("Example: %s -f pck_retrieval_result.csv -url https://localhost:8081 -user_token 123456 -use_secure_cert true -platform_id\n", VER_PRODUCTNAME_STR); ++ printf("Example: %s -f pck_retrieval_result.csv -url https://localhost:10801 -user_token 123456 -use_secure_cert true -platform_id\n", VER_PRODUCTNAME_STR); + printf( "\nOptions:\n"); + printf( " -f filename - output the retrieval result to the \"filename\"\n"); + printf( " -url cache_server_address - cache server's address \n"); +@@ -171,7 +171,7 @@ int parse_arg(int argc, const char *argv[]) + } + } + else if (strncmp(argv[i], "-defaulturl", 11) == 0) { +- server_url_string = "https://localhost:8081"; ++ server_url_string = "https://localhost:10801"; + continue; + } + else if (strncmp(argv[i], "-proxy_type",11) == 0) { +diff --git a/tools/PCKRetrievalTool/network_setting.conf b/tools/PCKRetrievalTool/network_setting.conf +index 7aa5d71..3600191 100644 +--- a/tools/PCKRetrievalTool/network_setting.conf ++++ b/tools/PCKRetrievalTool/network_setting.conf +@@ -1,9 +1,9 @@ + # ############################################################# + # PCCS server address + # support V3 version PCCS +-#PCCS_URL=https://localhost:8081/sgx/certification/v3/platforms ++#PCCS_URL=https://localhost:10801/sgx/certification/v3/platforms + # support V4 version PCCS +-#PCCS_URL=https://localhost:8081/sgx/certification/v4/platforms ++#PCCS_URL=https://localhost:10801/sgx/certification/v4/platforms + # To accept insecure HTTPS cert, set this option to FALSE + #USE_SECURE_CERT=TRUE + # When PCCS running in REQ mode, set "tcb update type": STANDARD, EARLY or ALL +diff --git a/tools/PccsAdminTool/pccsadmin.py b/tools/PccsAdminTool/pccsadmin.py +index 8e447c5..f286827 100755 +--- a/tools/PccsAdminTool/pccsadmin.py ++++ b/tools/PccsAdminTool/pccsadmin.py +@@ -16,7 +16,7 @@ from urllib.parse import unquote + import traceback + + PCS_SERVICE_URL = 'https://api.trustedservices.intel.com/sgx/certification/v4/' +-PCCS_SERVICE_URL = 'https://localhost:8081/sgx/certification/v4' ++PCCS_SERVICE_URL = 'https://localhost:10801/sgx/certification/v4' + + def main(): + parser = argparse.ArgumentParser(description="Administrator tool for PCCS") +@@ -26,7 +26,7 @@ def main(): + # subparser for get + parser_get = subparsers.add_parser('get', formatter_class=argparse.RawTextHelpFormatter) + # add optional arguments for get +- parser_get.add_argument("-u", "--url", help="The URL of the PCCS's GET platforms API; default: https://localhost:8081/sgx/certification/v4/platforms") ++ parser_get.add_argument("-u", "--url", help="The URL of the PCCS's GET platforms API; default: https://localhost:10801/sgx/certification/v4/platforms") + parser_get.add_argument("-o", "--output_file", help="The output file name for platform list; default: platform_list.json") + parser_get.add_argument("-s", "--source", help= + "reg - Get platforms from registration table.(default)\n" +@@ -37,12 +37,12 @@ def main(): + # subparser for put + description_put = ( + "This put command supports the following formats([] means optional):\n" +- "1. pccsadmin put [-u https://localhost:8081/sgx/certification/v4/platformcollateral] [-i collateral_file(*.json)]\n" +- "2. pccsamdin put -u https://localhost:8081/sgx/certification/v4/appraisalpolicy [-d] -f fmspc -i policy_file(*.jwt)" ++ "1. pccsadmin put [-u https://localhost:10801/sgx/certification/v4/platformcollateral] [-i collateral_file(*.json)]\n" ++ "2. pccsamdin put -u https://localhost:10801/sgx/certification/v4/appraisalpolicy [-d] -f fmspc -i policy_file(*.jwt)" + ) + parser_put = subparsers.add_parser('put', description=description_put, formatter_class=argparse.RawTextHelpFormatter) + # add optional arguments for put +- parser_put.add_argument("-u", "--url", help="The URL of the PCCS's API; default: https://localhost:8081/sgx/certification/v4/platformcollateral") ++ parser_put.add_argument("-u", "--url", help="The URL of the PCCS's API; default: https://localhost:10801/sgx/certification/v4/platformcollateral") + parser_put.add_argument("-i", "--input_file", help="The input file name for platform collaterals or appraisal policy;\ + \nFor /platformcollateral API, default is platform_collaterals.json;\ + \nFor /appraisalpolicy API, the filename of the jwt file must be provided explicitly.") +@@ -71,7 +71,7 @@ def main(): + # subparser for refresh + parser_refresh = subparsers.add_parser('refresh') + # add optional arguments for refresh +- parser_refresh.add_argument("-u", "--url", help="The URL of the PCCS's refresh API; default: https://localhost:8081/sgx/certification/v4/refresh") ++ parser_refresh.add_argument("-u", "--url", help="The URL of the PCCS's refresh API; default: https://localhost:10801/sgx/certification/v4/refresh") + parser_refresh.add_argument("-f", "--fmspc", help="Only refresh certificates for specified FMSPCs. Format: [FMSPC1, FMSPC2, ..., FMSPCn]") + parser_refresh.set_defaults(func=pccs_refresh) + +-- +2.49.0 + diff --git a/0119-Sanitize-paths-to-all-resources-in-PCCS-server.patch b/0119-Sanitize-paths-to-all-resources-in-PCCS-server.patch new file mode 100644 index 0000000..8134d1b --- /dev/null +++ b/0119-Sanitize-paths-to-all-resources-in-PCCS-server.patch @@ -0,0 +1,108 @@ +From 308e939ffc44c4720833aa518b0d19be1e01a186 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 27 Feb 2024 13:38:49 +0000 +Subject: [PATCH 119/120] Sanitize paths to all resources in PCCS server +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Look for libPCKCertSelection.so in /lib64 +Look for SSL cert config in /etc/pccs/ssl +Look for DB migrations in /usr/share/pccs +Use log file in /var/log/pccs + +Signed-off-by: Daniel P. Berrangé +--- + QuoteGeneration/pccs/lib_wrapper/pcklib_wrapper.js | 4 ++-- + QuoteGeneration/pccs/pccs_server.js | 8 ++++---- + QuoteGeneration/pccs/utils/Logger.js | 2 +- + QuoteGeneration/pccs/utils/apputil.js | 6 +++--- + 4 files changed, 10 insertions(+), 10 deletions(-) + +diff --git a/QuoteGeneration/pccs/lib_wrapper/pcklib_wrapper.js b/QuoteGeneration/pccs/lib_wrapper/pcklib_wrapper.js +index 17cdf9a..1f7567b 100644 +--- a/QuoteGeneration/pccs/lib_wrapper/pcklib_wrapper.js ++++ b/QuoteGeneration/pccs/lib_wrapper/pcklib_wrapper.js +@@ -37,7 +37,7 @@ import { load, DataType, open, close, createPointer, arrayConstructor, restorePo + const __dirname = path.dirname(fileURLToPath(import.meta.url)); + let libpath = 'PCKCertSelectionLib.dll'; + if (process.platform === 'linux') { +- libpath = path.join(__dirname, '../lib/libPCKCertSelection.so'); ++ libpath = '/lib64/libPCKCertSelection.so.1'; + } + open({ + library: 'libPCKCertSelection', // key +@@ -84,4 +84,4 @@ export function pck_cert_select( + // Ensure the library is closed before the process exits + process.on('exit', () => { + close('libPCKCertSelection'); +-}); +\ No newline at end of file ++}); +diff --git a/QuoteGeneration/pccs/pccs_server.js b/QuoteGeneration/pccs/pccs_server.js +index b41d871..57c1cee 100644 +--- a/QuoteGeneration/pccs/pccs_server.js ++++ b/QuoteGeneration/pccs/pccs_server.js +@@ -61,9 +61,9 @@ process.on('SIGINT', () => { + }); + + // Create ./logs if it doesn't exist +-fs.mkdir('./logs', (err) => { ++//fs.mkdir('./logs', (err) => { + /* do nothing */ +-}); ++//}); + + const app = express(); + +@@ -141,8 +141,8 @@ function startHttpsServer() { + let privateKey; + let certificate; + try { +- privateKey = fs.readFileSync('./ssl_key/private.pem', 'utf8'); +- certificate = fs.readFileSync('./ssl_key/file.crt', 'utf8'); ++ privateKey = fs.readFileSync('/etc/pccs/ssl/server-key.pem', 'utf8'); ++ certificate = fs.readFileSync('/etc/pccs/ssl/server-cert.pem', 'utf8'); + } catch (err) { + logger.error('The private key or certificate for HTTPS server is missing.'); + logger.endAndExitProcess(); +diff --git a/QuoteGeneration/pccs/utils/Logger.js b/QuoteGeneration/pccs/utils/Logger.js +index 5ac7a48..c774ac4 100644 +--- a/QuoteGeneration/pccs/utils/Logger.js ++++ b/QuoteGeneration/pccs/utils/Logger.js +@@ -40,7 +40,7 @@ const { createLogger, format, transports } = winston; + const options = { + file: { + level: Config.has('LogLevel') ? Config.get('LogLevel') : 'info', +- filename: __dirname + `/../logs/pccs_server.log`, ++ filename: `/var/log/pccs/pccs_server.log`, + handleExceptions: true, + json: false, + colorize: true, +diff --git a/QuoteGeneration/pccs/utils/apputil.js b/QuoteGeneration/pccs/utils/apputil.js +index 6f910ee..6eb9d15 100644 +--- a/QuoteGeneration/pccs/utils/apputil.js ++++ b/QuoteGeneration/pccs/utils/apputil.js +@@ -84,8 +84,8 @@ async function test_db_status() { + } + + async function db_migration() { +- const migrations = fs.readdirSync('./migrations').map(name => { +- const path = `./migrations/${name}`; ++ const migrations = fs.readdirSync('/usr/lib/node_modules/pccs/migrations').map(name => { ++ const path = `/usr/lib/node_modules/pccs/migrations/${name}`; + + return { + name, +@@ -126,7 +126,7 @@ async function db_migration() { + + const umzug = new Umzug({ + migrations: { +- glob: './migrations/*.{js,up.sql}', ++ glob: '/usr/lib/node_modules/pccs/migrations/*.{js,up.sql}', + resolve: ({ name }) => { + const migration = migrations.find(migration => migration.name === name); + logger.debug(`Resolving migration: ${name}, found: ${migration ? migration.name : 'none'}`); +-- +2.49.0 + diff --git a/0120-pccs-only-pass-ApiKey-if-it-is-set.patch b/0120-pccs-only-pass-ApiKey-if-it-is-set.patch new file mode 100644 index 0000000..9e97d21 --- /dev/null +++ b/0120-pccs-only-pass-ApiKey-if-it-is-set.patch @@ -0,0 +1,71 @@ +From 512591ff394d7b04925893480519ebc1d29aefc7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Wed, 9 Jul 2025 16:41:59 +0100 +Subject: [PATCH 120/120] pccs: only pass ApiKey if it is set +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Some endpoints on the api.trustedservices.intel.com site do not +require an API token. The pcs_client code, however, will always +set the Ocp-Apim-Subscription-Key HTTP header, even if it is +the empty string. The server will reject the empty string +as invalid, rather than prcessing it as an non-authenticated +request. + +This leads to PCCS being unable to fetch PCK certs in an out of +the box config unless the admin sets the API token, which should +not be required for "LAZY" caching. + +Signed-off-by: Daniel P. Berrangé +--- + QuoteGeneration/pccs/pcs_client/pcs_client.js | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/QuoteGeneration/pccs/pcs_client/pcs_client.js b/QuoteGeneration/pccs/pcs_client/pcs_client.js +index 99ccea6..4f6c903 100644 +--- a/QuoteGeneration/pccs/pcs_client/pcs_client.js ++++ b/QuoteGeneration/pccs/pcs_client/pcs_client.js +@@ -66,7 +66,9 @@ async function do_request(url, options) { + if (!options.headers) { + options.headers = {}; + } +- options.headers['Ocp-Apim-Subscription-Key'] = Config.get('ApiKey'); ++ if (Config.get('ApiKey') != "") { ++ options.headers['Ocp-Apim-Subscription-Key'] = Config.get('ApiKey'); ++ } + } + + // global opitons ( proxy, timeout, etc) +@@ -128,8 +130,11 @@ export async function getCerts(enc_ppid, pceid) { + pceid: pceid, + }, + method: 'GET', +- headers: { 'Ocp-Apim-Subscription-Key': Config.get('ApiKey') }, ++ headers: {} + }; ++ if (Config.get('ApiKey') != "") { ++ options.headers['Ocp-Apim-Subscription-Key'] = Config.get('ApiKey'); ++ } + + return do_request(Config.get('uri') + 'pckcerts', options); + } +@@ -142,11 +147,14 @@ export async function getCertsWithManifest(platform_manifest, pceid) { + }, + method: 'POST', + headers: { +- 'Ocp-Apim-Subscription-Key': Config.get('ApiKey'), + 'Content-Type': 'application/json', + }, + }; + ++ if (Config.get('ApiKey') != "") { ++ options.headers['Ocp-Apim-Subscription-Key'] = Config.get('ApiKey'); ++ } ++ + return do_request(Config.get('uri') + 'pckcerts', options); + } + +-- +2.49.0 + diff --git a/0200-Enable-pointing-sgxssl-build-to-alternative-glibc-he.patch b/0200-Enable-pointing-sgxssl-build-to-alternative-glibc-he.patch index 1d94f3b..a7485ec 100644 --- a/0200-Enable-pointing-sgxssl-build-to-alternative-glibc-he.patch +++ b/0200-Enable-pointing-sgxssl-build-to-alternative-glibc-he.patch @@ -1,7 +1,7 @@ -From aaf1277c7c0aa37d387e8a7983da607498335757 Mon Sep 17 00:00:00 2001 +From 89d2bacc8b67eca8decae7b7508080582fc2c60d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 29 Aug 2024 12:23:30 +0100 -Subject: [PATCH 200/201] Enable pointing sgxssl build to alternative glibc +Subject: [PATCH 200/203] Enable pointing sgxssl build to alternative glibc headers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -20,10 +20,10 @@ Signed-off-by: Daniel P. Berrangé 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/Linux/build_openssl.sh b/Linux/build_openssl.sh -index cd76872..f1c39b6 100755 +index 0a99917..4e4a81e 100755 --- a/Linux/build_openssl.sh +++ b/Linux/build_openssl.sh -@@ -83,6 +83,7 @@ fi +@@ -89,6 +89,7 @@ fi # Mitigation flags MITIGATION_OPT="" MITIGATION_FLAGS="" @@ -31,7 +31,7 @@ index cd76872..f1c39b6 100755 CC_VERSION=`gcc -dumpversion` CC_VERSION_MAJOR=`echo "$CC_VERSION" | cut -f1 -d.` for arg in "$@" -@@ -123,6 +124,10 @@ do +@@ -129,6 +130,10 @@ do MITIGATION_FLAGS+=" $arg" shift ;; @@ -42,7 +42,7 @@ index cd76872..f1c39b6 100755 *) # Unknown option shift -@@ -131,6 +136,7 @@ do +@@ -137,6 +142,7 @@ do done echo $MITIGATION_OPT echo $MITIGATION_FLAGS @@ -50,20 +50,20 @@ index cd76872..f1c39b6 100755 echo $SPACE_OPT sed -i -- 's/OPENSSL_issetugid/OPENSSLd_issetugid/g' $OPENSSL_VERSION/crypto/uid.c || exit 1 -@@ -139,7 +145,7 @@ cp sgx_config.conf $OPENSSL_VERSION/ || exit 1 +@@ -145,7 +151,7 @@ cp sgx_config.conf $OPENSSL_VERSION/ || exit 1 cp x86_64-xlate.pl $OPENSSL_VERSION/crypto/perlasm/ || exit 1 cd $SGXSSL_ROOT/../openssl_source/$OPENSSL_VERSION || exit 1 --perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-async no-padlockeng no-dso no-shared no-ssl3 no-md2 no-md4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h || exit 1 -+perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS $ENCLAVE_CFLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-async no-padlockeng no-dso no-shared no-ssl3 no-md2 no-md4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h || exit 1 +-perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-async no-padlockeng no-dso no-shared no-ssl3 no-md2 no-md4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_POSIX_IO -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h || exit 1 ++perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS $ENCLAVE_CFLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-async no-padlockeng no-dso no-shared no-ssl3 no-md2 no-md4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_POSIX_IO -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h || exit 1 sed -i 's/ENGINE_set_default_RAND/dummy_ENGINE_set_default_RAND/' crypto/engine/tb_rand.c || exit 1 sed -i 's/return RUN_ONCE(&locale_base, ossl_init_locale_base);/return 1;/' crypto/ctype.c || exit 1 diff --git a/Linux/sgx/Makefile b/Linux/sgx/Makefile -index d08eff7..6555d28 100644 +index e4f3f92..ec1a0c3 100644 --- a/Linux/sgx/Makefile +++ b/Linux/sgx/Makefile -@@ -76,7 +76,7 @@ endif +@@ -85,7 +85,7 @@ endif endif $(PACKAGE_LIB)/$(OPENSSL_LIB): @@ -73,5 +73,5 @@ index d08eff7..6555d28 100644 clean: $(MAKE) -C $(TRUSTED_LIB_DIR) clean -- -2.46.0 +2.49.0 diff --git a/0201-Workaround-missing-output-directory.patch b/0201-Workaround-missing-output-directory.patch index 884374c..fca630c 100644 --- a/0201-Workaround-missing-output-directory.patch +++ b/0201-Workaround-missing-output-directory.patch @@ -1,7 +1,7 @@ -From 63f4368171ee5bf78f956c429c37d43618a881e7 Mon Sep 17 00:00:00 2001 +From d823d7a67291d51d8b3c57c36f059e1d1d84c2e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 29 Aug 2024 12:50:32 +0100 -Subject: [PATCH 201/201] Workaround missing output directory +Subject: [PATCH 201/203] Workaround missing output directory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -16,10 +16,10 @@ Signed-off-by: Daniel P. Berrangé 1 file changed, 1 insertion(+) diff --git a/Linux/build_openssl.sh b/Linux/build_openssl.sh -index f1c39b6..f2cf0b1 100755 +index 4e4a81e..d0518e5 100755 --- a/Linux/build_openssl.sh +++ b/Linux/build_openssl.sh -@@ -168,6 +168,7 @@ fi +@@ -174,6 +174,7 @@ fi make libcrypto.a || exit 1 cp libcrypto.a $SGXSSL_ROOT/package/lib64/$OUTPUT_LIB || exit 1 objcopy --rename-section .init=Q6A8dc14f40efc4288a03b32cba4e $SGXSSL_ROOT/package/lib64/$OUTPUT_LIB || exit 1 @@ -28,5 +28,5 @@ index f1c39b6..f2cf0b1 100755 grep OPENSSL_VERSION_STR include/openssl/opensslv.h > $SGXSSL_ROOT/sgx/osslverstr.h || exit 1 cp -r include/crypto $SGXSSL_ROOT/sgx/test_app/enclave/ || exit 1 -- -2.46.0 +2.49.0 diff --git a/0202-Disable-various-EC-crypto-features.patch b/0202-Disable-various-EC-crypto-features.patch index 90815e5..13f7de2 100644 --- a/0202-Disable-various-EC-crypto-features.patch +++ b/0202-Disable-various-EC-crypto-features.patch @@ -1,4 +1,4 @@ -From 6cf74b032bc9f120a7c4924a0394d22f6ed4767b Mon Sep 17 00:00:00 2001 +From 3aea585cfbe4691fea3c584981e36ee06d945bf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 1 Mar 2024 13:24:26 +0000 Subject: [PATCH 202/203] Disable various EC crypto features @@ -20,12 +20,12 @@ Signed-off-by: Daniel P. Berrangé create mode 100644 openssl_source/0012-Disable-explicit-ec.patch diff --git a/Linux/build_openssl.sh b/Linux/build_openssl.sh -index f2cf0b1..7470479 100755 +index d0518e5..cf8394b 100755 --- a/Linux/build_openssl.sh +++ b/Linux/build_openssl.sh -@@ -55,6 +55,17 @@ cd $SGXSSL_ROOT/../openssl_source || exit 1 +@@ -54,6 +54,17 @@ cd $SGXSSL_ROOT/../openssl_source || exit 1 rm -rf $OPENSSL_VERSION - tar xvf $OPENSSL_VERSION.tar.gz || exit 1 + tar xvf $OPENSSL_VERSION.tar.gz > /dev/null || exit 1 +# Disable forbidden EC +( @@ -1631,5 +1631,5 @@ index 0000000..0cae2fa + + err: -- -2.46.0 +2.49.0 diff --git a/0203-Disable-sm2-and-sm4-crypto-algorithms.patch b/0203-Disable-sm2-and-sm4-crypto-algorithms.patch index b4c32ee..99ff250 100644 --- a/0203-Disable-sm2-and-sm4-crypto-algorithms.patch +++ b/0203-Disable-sm2-and-sm4-crypto-algorithms.patch @@ -1,4 +1,4 @@ -From f429bf3ffd992c678f7d1a041f6a6b5df9a4b6fb Mon Sep 17 00:00:00 2001 +From 1c3da2baf4cc84aecd2f6610777d28ac69a47039 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 1 Mar 2024 13:25:14 +0000 Subject: [PATCH 203/203] Disable sm2 and sm4 crypto algorithms @@ -11,45 +11,45 @@ Policy copied from Fedora 39 openssl package Signed-off-by: Daniel P. Berrangé --- Linux/build_openssl.sh | 2 +- - Linux/sgx/test_app/enclave/TestEnclave.cpp | 5 ++++- + Linux/sgx/test_app/enclave/TestEnclave.cpp | 4 ++++ Linux/sgx/test_app/enclave/TestEnclave.h | 4 ++++ Linux/sgx/test_app/enclave/tests/evp_smx.c | 4 ++++ - 4 files changed, 13 insertions(+), 2 deletions(-) + 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/Linux/build_openssl.sh b/Linux/build_openssl.sh -index 7470479..e214ccb 100755 +index cf8394b..fea2232 100755 --- a/Linux/build_openssl.sh +++ b/Linux/build_openssl.sh -@@ -156,7 +156,7 @@ cp sgx_config.conf $OPENSSL_VERSION/ || exit 1 +@@ -162,7 +162,7 @@ cp sgx_config.conf $OPENSSL_VERSION/ || exit 1 cp x86_64-xlate.pl $OPENSSL_VERSION/crypto/perlasm/ || exit 1 cd $SGXSSL_ROOT/../openssl_source/$OPENSSL_VERSION || exit 1 --perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS $ENCLAVE_CFLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-async no-padlockeng no-dso no-shared no-ssl3 no-md2 no-md4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h || exit 1 -+perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS $ENCLAVE_CFLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-async no-padlockeng no-dso no-shared no-ssl3 no-md2 no-md4 no-sm2 no-sm4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h || exit 1 +-perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS $ENCLAVE_CFLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-async no-padlockeng no-dso no-shared no-ssl3 no-md2 no-md4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_POSIX_IO -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h || exit 1 ++perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS $ENCLAVE_CFLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-async no-padlockeng no-dso no-shared no-ssl3 no-md2 no-md4 no-sm2 no-sm4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_POSIX_IO -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h || exit 1 sed -i 's/ENGINE_set_default_RAND/dummy_ENGINE_set_default_RAND/' crypto/engine/tb_rand.c || exit 1 sed -i 's/return RUN_ONCE(&locale_base, ossl_init_locale_base);/return 1;/' crypto/ctype.c || exit 1 diff --git a/Linux/sgx/test_app/enclave/TestEnclave.cpp b/Linux/sgx/test_app/enclave/TestEnclave.cpp -index dac620a..b219e74 100644 +index 7b21dd2..65330d5 100644 --- a/Linux/sgx/test_app/enclave/TestEnclave.cpp +++ b/Linux/sgx/test_app/enclave/TestEnclave.cpp -@@ -413,6 +413,7 @@ void t_sgxssl_call_apis() +@@ -469,6 +469,7 @@ void t_sgxssl_call_apis() } printf("test threads_test completed\n"); - + #ifndef SGXSSL_FIPS +#if 0 //GM SM2 - sign and verify ret = ecall_sm2_sign_verify(); if (ret != 0) -@@ -430,6 +431,7 @@ void t_sgxssl_call_apis() - exit(ret); +@@ -486,6 +487,7 @@ void t_sgxssl_call_apis() + goto end; } printf("test evp_sm2_encrypt_decrypt completed\n"); +#endif //GM SM3 - compute digest of message ret = ecall_sm3(); -@@ -440,6 +442,7 @@ void t_sgxssl_call_apis() +@@ -496,6 +498,7 @@ void t_sgxssl_call_apis() } printf("test evp_sm3 completed\n"); @@ -57,13 +57,14 @@ index dac620a..b219e74 100644 //GM SM4 - cbc encrypt and decrypt ret = ecall_sm4_cbc(); if (ret != 0) -@@ -457,5 +460,5 @@ void t_sgxssl_call_apis() - exit(ret); +@@ -513,6 +516,7 @@ void t_sgxssl_call_apis() + goto end; } printf("test evp_sm4_ctr completed\n"); -- +#endif - } + #endif + printf("ALL tests in t_sgxssl_call_apis passed!\n"); + end: diff --git a/Linux/sgx/test_app/enclave/TestEnclave.h b/Linux/sgx/test_app/enclave/TestEnclave.h index c2ca854..a989735 100644 --- a/Linux/sgx/test_app/enclave/TestEnclave.h @@ -118,5 +119,5 @@ index a395ce8..f49e5b7 100644 } +#endif -- -2.46.0 +2.49.0 diff --git a/download.sh b/download.sh new file mode 100755 index 0000000..1ab8298 --- /dev/null +++ b/download.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +set -e + +spec=linux-sgx.spec + +for url in $(rpmspec -P ${spec} 2>/dev/null | grep Source | grep http | awk '{print $2}') +do + tarball=$(basename ${url}) + echo "Check $url -> $tarball" + if ! test -f ${tarball} + then + wget -O $tarball ${url} + fi +done diff --git a/linux-sgx.spec b/linux-sgx.spec index b8d8a07..8769433 100644 --- a/linux-sgx.spec +++ b/linux-sgx.spec @@ -67,22 +67,22 @@ # versions based on what the new release depends on (see various # git submodule tags and code files). # -%global linux_sgx_version 2.25 +%global linux_sgx_version 2.26 # From SGX git submodule -%global dcap_version 1.22 +%global dcap_version 1.23 # From DCAP git submodule %global dcap_qvl_version 1.21 # From DCAP git submodule %global dcap_qvs_version 1.1.0-2885 # From SGX external/sgxssl/prepare_sgxssl.sh -%global sgx_ssl_version 3.0_Rev4 +%global sgx_ssl_version 3.1.6_Rev1 # From SGX git submodule %global ipp_crypto_version 2021.12.1 # From SGX git submodule %global sgx_emm_version 1.0.3 # From SGX external/sgxssl/prepare_sgxssl.sh -%global openssl_version 3.0.14 +%global openssl_version 3.1.6 # From SGX git submodule %global libcbor_version 0.10.2 # From protobuf third_party/abseil-cpp @@ -90,7 +90,7 @@ # From DCAP git submodule %global jwt_cpp_version 0.6.0 # From DCAP git submodule -%global wamr_version 1.3.3 +%global wamr_version 1.0.0 # From SGX external/tinyxml2 %global tinyxml2_version 10.0.0 @@ -100,6 +100,10 @@ %global rdrand_version 1.1 %global vtune_version 2018 +# From SGX external/dcap_source/QuoteGeneration/pccs/package_lock.json +# NB: node_modules/@yuuang/ffi-rs-linux-x64-gnu will likely pull the +# version higher than what is declared for 'ffi-rs' itself. +%global node_ffi_rs_version 1.2.6 # enclaves from prebuilt_dcap_NNN.tar.gz - DCAP version numbers, # except for pce, which is actually an SGX enclave just bundled @@ -159,13 +163,16 @@ Summary: Intel Linux SGX SDK and Platform Software # so while the license of the combined work is declared to be # BSD-3-Clause, there is actually a huge set of licenses to track License: %{shrink: - %dnl sdk/tlibcxx, external/ippcp_internal, external/epid-sdk + %dnl node_modules + 0BSD AND + + %dnl sdk/tlibcxx, external/ippcp_internal, external/epid-sdk, node_modules, node-ffi-rs vendor Apache-2.0 AND - %dnl sdk/cpprt, sdk/tlibc + %dnl sdk/cpprt, sdk/tlibc, node_modules BSD-2-Clause AND - %dnl external/dcap_source, sdk/* + %dnl external/dcap_source, sdk/*, node_modules BSD-3-Clause AND %dnl sdk/tlibc @@ -177,10 +184,10 @@ License: %{shrink: %dnl psd/urts/linux/isgx_user.h GPL-2.0-only AND - %dnl sdk/tlibc, sdk/pthread + %dnl sdk/tlibc, sdk/pthread, node_modules, node-ffi-rs vendor ISC AND - %dnl external/cbor/libcbor, sdk/* + %dnl external/cbor/libcbor, sdk/*, node_modules, node-ffi-rs vendor MIT AND %dnl sdk/tlibc/stdlib/malloc.c @@ -198,6 +205,12 @@ License: %{shrink: %dnl sdk/tlibc/math SunPro AND + %dnl node-ffi-rs vendor + Unicode-3.0 AND + + %dnl node_modules, node-ffi-rs vendor + Unlicense AND + %dnl sdk/tlibc LicenseRef-Fedora-Public-Domain } @@ -208,14 +221,14 @@ URL: https://github.com/intel/linux-sgx ############################################################ # SGX related projects SourceN for N in (0..9) -Source0: https://github.com/intel/linux-sgx/archive/refs/tags/sgx_%{linux_sgx_version}_reproducible.tar.gz#/linux-sgx-%{linux_sgx_version}-reproducible.tar.gz +Source0: https://github.com/intel/linux-sgx/archive/refs/tags/sgx_%{linux_sgx_version}.tar.gz#/linux-sgx-%{linux_sgx_version}.tar.gz # repack.sh purges all the prebuilt AE's that we ship in a different RPM # as well as 'prebuilt/' content (openssl / OPA binaries) that we must # not distribute. Source1: repack.sh -Source2: https://github.com/intel/SGXDataCenterAttestationPrimitives/archive/refs/tags/dcap_%{dcap_version}_reproducible.tar.gz +Source2: https://github.com/intel/SGXDataCenterAttestationPrimitives/archive/refs/tags/DCAP_%{dcap_version}.tar.gz Provides: bundled(dcap) = %{dcap_version} # Upload tarball is: @@ -278,6 +291,20 @@ Source46: qgs.sysconfig Source48: mpa_registration.service +Source50: pccs.sysusers.conf +Source51: pccs.service +# RPM build doesn't run this, but we want it in the src.rpm +# as record of what was used to create Source54 +Source52: pccs-nodejs-bundler +# Pre-created using Source53 +Source53: dcap-%{dcap_version}-pccs-node-modules.tar.xz + +# RPM build doesn't run this, but we want it in the src.rpm +# as record of what was used to create Source55 & Source56 +Source54: pccs-node-ffi-rs-bundler +Source55: node-ffi-rs-%{node_ffi_rs_version}.tar.gz +Source56: node-ffi-rs-%{node_ffi_rs_version}-vendor.tar.gz + ############################################################ # External projects that have been copied in tarballs as bundles @@ -299,23 +326,20 @@ Patch0002: 0002-Add-support-for-building-against-host-CppMicroServic.patch # https://github.com/intel/linux-sgx/pull/1055 Patch0003: 0003-Improve-make-debuggability.patch Patch0004: 0004-Support-disabling-use-of-git-for-ippcp-code.patch -Patch0005: 0005-disable-openmp-protobuf-mbedtls-sample_crypto-builds.patch +Patch0005: 0005-disable-openmp-protobuf-sample_crypto-builds.patch # https://github.com/intel/linux-sgx/pull/1063 Patch0006: 0006-Fix-compat-with-gcc-14.patch # https://github.com/intel/linux-sgx/pull/1056 Patch0007: 0007-Fix-escaping-of-regexes-in-sgx-asm-pp.patch -# https://github.com/intel/linux-sgx/pull/1058 -Patch0008: 0008-Disable-use-of-bogus-DEF_WEAK-macro.patch -# https://github.com/intel/linux-sgx/pull/1057 -Patch0009: 0009-Remove-all-references-to-pccs-service.patch # https://github.com/intel/linux-sgx/pull/1064 -Patch0010: 0010-psw-prefer-dev-sgx_provision-dev-sgx_enclave.patch -Patch0011: 0011-psw-fix-soname-for-libuae_service.so-library.patch -Patch0012: 0012-pcl-remove-redundant-use-of-bool-type.patch -Patch0013: 0013-sdk-honour-CFLAGS-LDFLAGS-set-from-environment.patch -Patch0014: 0014-psw-make-aesm_service-build-verbose.patch -Patch0015: 0015-Fix-modern-C-function-prototype-compliance.patch -Patch0016: 0016-Add-wrapper-for-nasm-to-fix-cmake-compat.patch +Patch0008: 0008-psw-prefer-dev-sgx_provision-dev-sgx_enclave.patch +Patch0009: 0009-psw-fix-soname-for-libuae_service.so-library.patch +Patch0010: 0010-pcl-remove-redundant-use-of-bool-type.patch +Patch0011: 0011-sdk-honour-CFLAGS-LDFLAGS-set-from-environment.patch +Patch0012: 0012-psw-make-aesm_service-build-verbose.patch +Patch0013: 0013-Fix-modern-C-function-prototype-compliance.patch +Patch0014: 0014-Add-wrapper-for-nasm-to-fix-cmake-compat.patch +Patch0015: 0015-fix-BOM-for-pccs-with-DCAP-1.23.patch # Optional patches Patch0050: 0050-Disable-inclusion-of-AESM-in-installer.patch @@ -342,6 +366,9 @@ Patch0114: 0114-Delete-broken-checks-for-GCC-version-that-break-fsta.patch #Patch0115: 0115-Use-distro-provided-rapidjson-package.patch Patch0116: 0116-Don-t-stomp-on-VERBOSE-variable.patch Patch0117: 0117-qgs-add-m-MODE-parameter-for-UNIX-socket-mode.patch +Patch0118: 0118-Switch-default-PCCS-port-number-from-8081-to-10801.patch +Patch0119: 0119-Sanitize-paths-to-all-resources-in-PCCS-server.patch +Patch0120: 0120-pccs-only-pass-ApiKey-if-it-is-set.patch # 0200-0299 -> against intel-sgx-ssl.git Patch0200: 0200-Enable-pointing-sgxssl-build-to-alternative-glibc-he.patch @@ -367,6 +394,7 @@ BuildRequires: ocaml-ocamlbuild BuildRequires: openssl BuildRequires: openssl-devel BuildRequires: libcurl-devel +BuildRequires: chrpath BuildRequires: python3-devel BuildRequires: perl-generators BuildRequires: perl-interpreter @@ -375,7 +403,12 @@ BuildRequires: perl(FindBin) BuildRequires: perl(lib) BuildRequires: perl(IPC::Cmd) BuildRequires: nasm +BuildRequires: nodejs +BuildRequires: nodejs-devel +BuildRequires: npm +BuildRequires: nodejs-packaging BuildRequires: python-unversioned-command +BuildRequires: sqlite-devel BuildRequires: systemd-rpm-macros %if %{with_host_tinyxml2} BuildRequires: tinyxml2-devel @@ -387,6 +420,11 @@ BuildRequires: CppMicroServices-devel BuildRequires: protobuf-compiler BuildRequires: protobuf-devel BuildRequires: boost-devel +%if 0%{?rhel} +BuildRequires: rust-toolset +%else +BuildRequires: cargo-rpm-macros +%endif # If dpkg-architecture exists in $PATH, the Makefile # will change all the install paths, breaking this @@ -457,6 +495,7 @@ Requires: sgx-common = %{version}-%{release} This package contains the runtime libraries and tools required to run applications that interact with SGX enclaves on the platform. + %if %{with_aesm} %package -n sgx-aesm Summary: SGX platform Architectural Enclave Service Manager @@ -474,6 +513,16 @@ This package contains the Architectural Enclave Service Manager (AESM) daemon. %endif + +%package -n sgx-pccs +Summary: SGX Provisioning Certificate Caching Service +Requires: nodejs +Requires: sgx-mpa = %{version}-%{release} + +%description -n sgx-pccs +SGX Provisioning Certificate Caching Service + + %package -n sgx-pccs-admin Summary: SGX Provisioning Certificate Caching Service Admin Tool Requires: python3-asn1 @@ -483,6 +532,9 @@ Requires: python3-keyring Requires: python3-requests Requires: python3-urllib3 Requires: sgx-libs = %{version}-%{release} +# pccs admin tool can be used against a remote pccs +# so don't force a hard dep +Recommends: sgx-pccs = %{version}-%{release} %description -n sgx-pccs-admin SGX Provisioning Certificate Caching Service Admin Tool @@ -509,8 +561,20 @@ SGX Multi-package Registration Agent %package -n tdx-qgs Summary: TDX Quoting Generation Service Requires: sgx-libs = %{version}-%{release} -Recommends: sgx-mpa sgx-pckid-tool -Suggests: sgx-pckid-tool +# mpa provides auto-registration of the platform, if it +# is enabled in EFI. If not enabled, it is a no-op so +# safe to have installed by default regardless, but use +# weak dep to allow skipping for optimized installs +Recommends: sgx-mpa = %{version}-%{release} +# If auto-registration is not enabled, the pckid-tool +# is needed for manual registration; it is also useful +# misc admin tasks +Recommends: sgx-pckid-tool = %{version}-%{release} +# In internet isolated hosts pccs can be used to +# provide pre-cached certs, either running it on +# localhost or on the LAN. Weak dep though as it +# is expected that LAN deployment is more common +Suggests: sgx-pccs = %{version}-%{release} %enclave_requires ide %{enclave_ide_version} %enclave_requires pce %{enclave_pce_version} @@ -544,7 +608,7 @@ in applications %prep -%setup -q -n linux-sgx-sgx_%{linux_sgx_version}_reproducible +%setup -q -n linux-sgx-sgx_%{linux_sgx_version} %autopatch -m 0 -M 49 -p1 %if !%{with_aesm} @@ -572,7 +636,7 @@ rm -rf external/tinyxml2 # Don't intend to package these optional bits since none of # the required enclaves need this, and thus we can cut down # on bundling some 3rd party code -rm -rf external/{dnnl,openmp,protobuf,mbedtls} sdk/sample_libcrypto +rm -rf external/{dnnl,openmp,protobuf} sdk/sample_libcrypto ############################################################ # dcap @@ -705,8 +769,9 @@ touch psw/ae/data/prebuilt/libsgx_{le,qe,pve,pce}.signed.so touch ../prebuilt/opa_bin/policy.wasm ) -# Sanity check that upstream hasn't include more prebult -# files that we've not expected. +# Sanity check that upstream hasn't include more prebuilt +# files that we're not expecting and thus failed to purge +# in the repack.sh script. find -name '*.a' -o -name '*.o' > prebuilt.txt if test -s prebuilt.txt then @@ -830,10 +895,15 @@ done ############################################################ # Fourth, build the Platform Software +# XXX temp override -j1 due to race conditions that have not yet been diagnosed +# +# Perhaps 20% of the time it will fail with error like: +# +# /usr/bin/ld: /builddir/build/BUILD/linux-sgx-2.26-build/linux-sgx-sgx_2.26/common/se_wrapper_psw/libwrapper.a: error adding symbols: file format not recognized CFLAGS="%{build_cflags}" \ CXXFLAGS="%{build_cxxflags}" \ LDFLAGS="%{build_ldflags}" \ -%__make %{?_smp_mflags} \ +%__make %{?_smp_mflags} -j1 \ -C psw/ V=1 VERBOSE=1 \ SGX_SDK=$(pwd)/%{vroot}/sgxsdk \ SGX_ENCLAVE_PATH=%{sgx_libdir} \ @@ -849,6 +919,40 @@ LDFLAGS="%{build_ldflags}" \ SGX_SDK=$(pwd)/%{vroot}/sgxsdk \ SGX_ENCLAVE_PATH=%{sgx_libdir} +( + # PCCS NodeJS deps bundle + + cd external/dcap_source + tar Jxvf %{SOURCE53} + + cd QuoteGeneration/pccs + + perl -i -p -e 's,"sqlite%":"internal","sqlite%":"/usr",' node_modules/sqlite3/binding.gyp + perl -i -p -e 's,\(sqlite\)/lib,(sqlite)/lib64,' node_modules/sqlite3/binding.gyp + + for pkg in node_modules/* + do + ( + cd $pkg + npm run install --if-present --nodedir=/usr + ) + done + + # Keep brp-mangle-shebangs happy + find node_modules -type f -exec chmod -x {} \; + + chrpath --delete node_modules/sqlite3/build/Release/node_sqlite3.node + + tar zxvf %{SOURCE55} + ( + cd node-ffi-rs-%{node_ffi_rs_version} + tar zxvf %{SOURCE56} + %cargo_prep -v vendor + %cargo_build + mv target/rpm/libffi_rs.so ../node_modules/ffi-rs/ffi-rs.linux-x64-gnu.node + ) +) + # SDK provides dummy stub libraries to deal with a circular # build dependancy problem where the PSW wants these libs @@ -977,6 +1081,7 @@ do done cp -a %{vroot}/root/ %{buildroot}/root + # Second, re-arrange the content to match the normal tree # layout Fedora expects. We rm/rmdir any bits we don't # want, such that RPM will warn about any files left in @@ -1044,6 +1149,51 @@ rmdir %{buildroot}/root/opt/intel/sgx-aesm-service %endif +############################################################ +# Host PCCS service + +# Home dir for 'pccs' user +%__install -d %{buildroot}%{_sharedstatedir}/pccs +%__install -d %{buildroot}%{_localstatedir}/log/pccs +%__install -d %{buildroot}%{_sysconfdir}/pccs +%__install -d %{buildroot}%{_sysconfdir}/pccs/ssl +%__install -d %{buildroot}%{nodejs_sitearch}/pccs + +mv %{buildroot}/root/opt/intel/sgx-dcap-pccs/lib/libPCKCertSelection.so \ + %{buildroot}%{_libdir}/libPCKCertSelection.so.1 +ln -s libPCKCertSelection.so.1 %{buildroot}%{_libdir}/libPCKCertSelection.so + +mv %{buildroot}/root/opt/intel/sgx-dcap-pccs/config/default.json \ + %{buildroot}%{_sysconfdir}/pccs/default.json +rmdir %{buildroot}/root/opt/intel/sgx-dcap-pccs/config +rm -f %{buildroot}/root/lib/systemd/system/pccs.service + +mv %{buildroot}/root/opt/intel/sgx-dcap-pccs/* \ + %{buildroot}%{nodejs_sitearch}/pccs +rmdir %{buildroot}/root/opt/intel/sgx-dcap-pccs + +( + # Node JS deps bundle + cd external/dcap_source/QuoteGeneration/pccs + rm -f install.sh README.md + + # So find-debuginfo processes it + chmod +x node_modules/sqlite3/build/Release/node_sqlite3.node + + cp -a node_modules %{buildroot}%{nodejs_sitearch}/pccs/node_modules +) + +cat >>%{buildroot}%{_sbindir}/pccs <> ../dcap-${VERSION}-pccs-nodejs-licenses.txt +find . -name "package.json" -exec jq '.license | objects | .type' {} \; >> ../dcap-${VERSION}-pccs-nodejs-licenses.txt 2>/dev/null +find . -name "package.json" -exec jq '.licenses[] .type' {} \; >> ../dcap-${VERSION}-pccs-nodejs-licenses.txt 2>/dev/null +sort -u -o ../dcap-${VERSION}-pccs-nodejs-licenses.txt ../dcap-${VERSION}-pccs-nodejs-licenses.txt + +# Locate any dependencies without a provided license +find . -type f -name package.json -execdir jq 'if .license==null and .licenses==null then .name else null end' '{}' '+' \ + | grep -vE '^null$' | sort -u > ../nolicense.txt + +if [ -s ../nolicense.txt ]; then + echo -e "\e[5m\e[41mSome dependencies do not list a license. Manual verification required!\e[0m" + cat ../nolicense.txt + echo -e "\e[5m\e[41m======================================================================\e[0m" +fi + + +if [ -d QuoteGeneration/pccs/node_modules ] ; then + tar cJf ../dcap-${VERSION}-pccs-node-modules.tar.xz --sort=name $(find QuoteGeneration/pccs -type d -name node_modules) +fi + +popd + +rm -rf $DIRNAME diff --git a/pccs.service b/pccs.service new file mode 100644 index 0000000..8bd8ff4 --- /dev/null +++ b/pccs.service @@ -0,0 +1,23 @@ +[Unit] +Description=Provisioning Certificate Caching Service (PCCS) +Documentation=https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/QuoteGeneration/pccs/README.md +After=syslog.target network.target auditd.service mpa_registration.service +ConditionPathExists=/dev/sgx_enclave +Requires=mpa_registration.service + +[Service] +Type=simple +User=pccs +ExecStart=/usr/sbin/pccs +Restart=on-failure +RestartSec=15s + +Environment=NODE_CONFIG_DIR=/etc/pccs +WorkingDirectory=/var/lib/pccs +InaccessibleDirectories=/home +DevicePolicy=closed +DeviceAllow=/dev/sgx_enclave rw +DeviceAllow=/dev/sgx_provision rw + +[Install] +WantedBy=multi-user.target diff --git a/pccs.sysusers.conf b/pccs.sysusers.conf new file mode 100644 index 0000000..7f9623c --- /dev/null +++ b/pccs.sysusers.conf @@ -0,0 +1 @@ +u pccs - "SGX PCCS Server" /var/lib/pccs diff --git a/sources b/sources index 88b704e..4addeda 100644 --- a/sources +++ b/sources @@ -1,13 +1,16 @@ -SHA512 (dcap_1.22_reproducible.tar.gz) = 1f6d79721f9b7c86a8a935429c8133db9cc24585a8fa3e8e8fbab99f5f0ffebdb206077844c83e630e2ad15d51ec7ad8ea35352f5ccbf7408dc3ced885b89b72 +SHA512 (DCAP_1.23.tar.gz) = 02fe956c176362079094c5009ce48d6dc4d17233217a9d6d779707893231e68b065ca02a458d5b06e518b99185f00e3d0e5f6c4165bbde1fe22b87d52f952e29 SHA512 (dcap-qvl-1.21.tar.gz) = 62ab0d9f48c9a8d975cb861ac5161770b990af3bbc8ff67a8b9ca48af86565b6d445cfe87786d332a65efee22114de2e2a4589722625cbc4fc6b58647599626d SHA512 (dcap-qvs-1.1.0-2885.tar.gz) = 811663f713902f263e3d8ad7cc7d62e92f76f1618c5ac8b5366dc880d79509a0d349328ac2d8f9dc2170e09d80ac00ec934f7cbf3594bec9cb69b6b544ca30e6 -SHA512 (intel-sgx-ssl-3.0_Rev4.tar.gz) = 9b8bd2ec3c9eccb3fbbecdaa586b669fa68f4bf68911194dcba6f7ea9c8ec84503a86733c70019124eaeff4ac79c6f178435c2a51530104f22014760146d87fe +SHA512 (intel-sgx-ssl-3.1.6_Rev1.tar.gz) = cbcae2df7a2518fa00e05dacb708b39ba0d1f1aa23f12a97c403dbbd02a81965b3f682257302e20fe837fe6abc00848e955b9e02e12eafb6973a358c24c4a6d5 SHA512 (ippcp_2021.12.1.tar.gz) = cdde7eed0f27b80663bf6a131abd8e6afcf16f0b9897ae12e251dc6bd3a9cc15c7666e4276eb4ba4b3b66fa93b5115c29537e176a6a2fb0de1b17cfcc1b7c426 SHA512 (jwt-cpp-0.6.0.tar.gz) = b6d5ebb3a7eeb6fef9a1d41c707251d1ab05bf47920c280d5203f1b9ee5bf6f8e914cd2ffaed66550cfa6d78c34465d4cf86517a759d5f8739b429faf1c2c0ef SHA512 (libcbor-0.10.2.tar.gz) = 23c6177443778d4b4833ec7ed0d0e639a0d4863372e3a38d772fdce2673eae6d5cb2a31a2a021d1a699082ea53494977c907fd0e94149b97cb23a4b6d039228a -SHA512 (linux-sgx-2.25-reproducible.tar.gz) = 5fa14448c872822916c5abe4f21e633ee2967ae605de426ccef2cdd4572427a63cf00c76160e9f54c072375d23b52342b7befd59e56816b4226799b8a627f98c -SHA512 (openssl-3.0.14.tar.gz) = 1c59c01e60da902a20780d71f1fa5055d4037f38c4bc3fb27ed5b91f211b36a6018055409441ad4df58b5e9232b2528240d02067272c3c9ccb8c221449ca9ac0 -SHA512 (prebuilt_dcap_1.22-repacked.tar.gz) = 306ab63c28635ebee51c194087c9212a6223619a07f8bd50ba1e5d5a7bdd2325edfb40c69f7e59a937fe21bc937248c5d273790eed45ca67fcde9298d5abd2f7 +SHA512 (linux-sgx-2.26.tar.gz) = 129ee9d6f2d33157f0d96adef1a6c44a801a1064c1c0c75f8bf61f7085408e1de34f59d7acab26f7db32618b1f3ba2c08e2ffa8879f43450c14f085d902ab687 +SHA512 (node-ffi-rs-1.2.6.tar.gz) = 37f95562e5a61b60949c59d024bea2e2d02c6bf1b21a3bc07d558538d05082a03d1ba2eb8e4500fd4ccd7e556aae0c60fc875d487b2d2d54c8302757f69dc003 +SHA512 (node-ffi-rs-1.2.6-vendor.tar.gz) = 76d59d69a842ce207dce21f12a8ada3b3b1b81a93ccd3a0b68838cea4aad1cbdba0a314ff7208b43caf6435e820a226ab1e8f8477bedcdb323eec80976ab96be +SHA512 (openssl-3.1.6.tar.gz) = 18ca07ee6a98d5fe46accfa0156e0354ad770d78bbbbe8e4bb92b316a0e4404f17a34eb700f17ed355d826a4b2166894aa46d8dd81fedbcb16aa1aad0926a390 +SHA512 (prebuilt_dcap_1.23-repacked.tar.gz) = a253b7ea5a9a0c73a31259bb852ad5942d9c11c98ea23616bec3cef028ed135090a5837895a1a5771bc8507caec1c1a6c845bd12e01864bfd79fb1827867ce66 SHA512 (sgx-emm-1.0.3.tar.gz) = 0ec9f0133b3a32409c8af61568a47128a1860407170b9b274647140ac36069851638d7282649e23590131d44ca93f839fd2ffe4b9b39821631d279c1384874bf +SHA512 (wasm-micro-runtime-1.0.0.tar.gz) = fb16a992b54f5c006be386b72ff65c680ededaafe7f2010db163b6e4365d198cc96f06ae60ac42986aaf45609803ffc1722308277474c341673e391f9bc4846e +SHA512 (dcap-1.23-pccs-node-modules.tar.xz) = 7f311e72b3bd66009574cd77b5398cc6081626de2394dfb567308172f1ae325e4720e596f9badc0084a5750dc990c774b025816f509b4e1e73be9af7784c2065 SHA512 (tinyxml2-10.0.0.tar.gz) = a359d33bc12fad455b53d81011dbe12727cae0aabfaa5704f1a25807ca216dd854a571291029886c0beedeca5c3b6393dd49c4718773e18a0e008abbdb3de36a -SHA512 (wasm-micro-runtime-1.3.3.tar.gz) = 53f2ee3adf55e5b2e207287231621bef50b812c3e228c9306a03b7487ff579e2fc3ed2831da546cbcc337843e139d1add2b0276e87a58b3035eb0c2fbb73b275