Initial import

Resolves: https://issues.redhat.com/browse/RHELPLAN-171792 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-03-19 16:55:21 +00:00 · 2025-03-19 16:55:21 +00:00 · f370d400ee
commit f370d400ee
parent a445c23b5e
44 changed files with 6836 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,13 @@
+/dcap_1.22_reproducible.tar.gz
+/dcap-qvl-1.21.tar.gz
+/dcap-qvs-1.1.0-2885.tar.gz
+/intel-sgx-ssl-3.0_Rev4.tar.gz
+/ippcp_2021.12.1.tar.gz
+/jwt-cpp-0.6.0.tar.gz
+/libcbor-0.10.2.tar.gz
+/linux-sgx-2.25-reproducible.tar.gz
+/openssl-3.0.14.tar.gz
+/prebuilt_dcap_1.22-repacked.tar.gz
+/sgx-emm-1.0.3.tar.gz
+/tinyxml2-10.0.0.tar.gz
+/wasm-micro-runtime-1.3.3.tar.gz
--- a/0000-Add-support-for-building-against-host-openssl-crypto.patch
+++ b/0000-Add-support-for-building-against-host-openssl-crypto.patch
@ -0,0 +1,216 @@
+From 3a59361036c6096c817444b68bd3ff6d5e0224cd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Thu, 13 Feb 2025 14:12:38 +0000
+Subject: [PATCH 00/13] Add support for building against host openssl crypto
+ lib
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+For the host tools/libraries it is desirable to be build
+against the host provided openssl crypto library, such
+that security updates automatically propagate from the
+distro vendor.
+
+This is enabled as an opt-in by setting the make variable
+
+  USE_HOST_OPENSSL_CRYPTO=1
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ buildenv.mk                                     | 13 +++++++++++++
+ psw/ae/aesm_service/Makefile                    |  3 +++
+ psw/ae/aesm_service/source/utils/CMakeLists.txt |  4 ++--
+ psw/urts/linux/Makefile                         |  8 +++-----
+ sdk/sign_tool/SignTool/Makefile                 |  7 ++-----
+ sdk/simulation/uae_service_sim/linux/Makefile   |  7 ++-----
+ sdk/simulation/urtssim/linux/Makefile           |  7 ++-----
+ 7 files changed, 27 insertions(+), 22 deletions(-)
+
+diff --git a/buildenv.mk b/buildenv.mk
+index 4689c603..acae2106 100644
+--- a/buildenv.mk
+++ b/buildenv.mk
+@@ -371,3 +371,16 @@ else
+     SGX_LIB_DIR := $(SGX_SDK)/lib64/$(MITIGATION_LIB_PATH)
+     SGX_BIN_DIR := $(SGX_SDK)/bin/x64
+ endif
+
+USE_HOST_OPENSSL_CRYPTO ?= 0
+
+ifeq ($(USE_HOST_OPENSSL_CRYPTO), 1)
+OPENSSL_CRYPTO_CFLAGS = $(shell pkg-config --cflags libcrypto)
+OPENSSL_CRYPTO_LDFLAGS = $(shell pkg-config --libs libcrypto)
+OPENSSL_CRYPTO_LIBS = $(shell pkg-config --libs libcrypto)
+else
+OPENSSL_CRYPTO_PREBUILT_DIR := $(LINUX_EXTERNAL_DIR)/dcap_source/prebuilt/openssl
+OPENSSL_CRYPTO_CFLAGS = -I$(OPENSSL_CRYPTO_PREBUILT_DIR)/inc
+OPENSSL_CRYPTO_LDFLAGS = -L$(OPENSSL_CRYPTO_PREBUILT_DIR)/lib/linux64 -lcrypto
+OPENSSL_CRYPTO_LIBS = $(OPENSSL_CRYPTO_PREBUILT_DIR)/lib/linux64/libcrypto.a
+endif
+diff --git a/psw/ae/aesm_service/Makefile b/psw/ae/aesm_service/Makefile
+index 498d6e2f..bac84292 100644
+--- a/psw/ae/aesm_service/Makefile
+++ b/psw/ae/aesm_service/Makefile
+@@ -46,6 +46,9 @@ ifeq ($(BUILD_REF_LE), 1)
+      AESM_CONFIG += -DREF_LE=ON
+ endif
+ 
+AESM_CONFIG += -DOPENSSL_CRYPTO_CFLAGS=$(OPENSSL_CRYPTO_CFLAGS)
+AESM_CONFIG += -DOPENSSL_CRYPTO_LIBS=$(OPENSSL_CRYPTO_LIBS)
+
+ ifeq ($(ARCH), x86)
+     SQLITECFLAGS += -m32
+ else
+diff --git a/psw/ae/aesm_service/source/utils/CMakeLists.txt b/psw/ae/aesm_service/source/utils/CMakeLists.txt
+index a3843bdf..2c9c87b3 100644
+--- a/psw/ae/aesm_service/source/utils/CMakeLists.txt
+++ b/psw/ae/aesm_service/source/utils/CMakeLists.txt
+@@ -45,7 +45,7 @@ target_include_directories(utils PRIVATE
+     ${PROJECT_SOURCE_DIR}/../../../../external/epid-sdk
+     ${PROJECT_SOURCE_DIR}/../../../../external/rdrand
+     ${PROJECT_SOURCE_DIR}/../../data/constants/linux
+-    ${PROJECT_SOURCE_DIR}/../../../../external/dcap_source/prebuilt/openssl/inc
+    ${OPENSSL_CRYPTO_CFLAGS}
+ )
+ 
+ target_compile_definitions(utils PRIVATE
+@@ -55,7 +55,7 @@ target_compile_definitions(utils PRIVATE
+ set_property(TARGET utils APPEND_STRING PROPERTY LINK_FLAGS " -Wl,-z,defs")
+ 
+ target_link_libraries(utils
+-    ${PROJECT_SOURCE_DIR}/../../../../external/dcap_source/prebuilt/openssl/lib/linux64/libcrypto.a
+    ${OPENSSL_CRYPTO_LIBS}
+     oal
+     ${CMAKE_SOURCE_DIR}/../../../../external/rdrand/src/librdrand.a
+ )
+diff --git a/psw/urts/linux/Makefile b/psw/urts/linux/Makefile
+index 41797648..4097444c 100644
+--- a/psw/urts/linux/Makefile
+++ b/psw/urts/linux/Makefile
+@@ -43,8 +43,6 @@ CFLAGS += -fPIC -Werror -g
+ CFLAGS += $(ADDED_INC)
+ 
+ VTUNE_DIR = $(LINUX_EXTERNAL_DIR)/vtune/linux
+-PREBUILT_OPENSSL_DIR := $(LINUX_EXTERNAL_DIR)/dcap_source/prebuilt/openssl
+-CRYPTO_LIB := -L$(PREBUILT_OPENSSL_DIR)/lib/linux64 -lcrypto
+ 
+ INC += -I$(SGX_HEADER_DIR)                \
+        -I$(COMMON_DIR)/inc/internal       \
+@@ -55,14 +53,14 @@ INC += -I$(SGX_HEADER_DIR)                \
+        -I$(LINUX_PSW_DIR)/urts/parser     \
+        -I$(VTUNE_DIR)/include \
+        -I$(VTUNE_DIR)/sdk/src/ittnotify   \
+-       -I$(PREBUILT_OPENSSL_DIR)/inc
+       $(OPENSSL_CRYPTO_CFLAGS)
+ 
+ LDFLAGS := -lwrapper
+ INTERNAL_LDFLAGS := -lwrapper
+ LDFLAGS += $(COMMON_LDFLAGS) -Wl,-Bdynamic -L$(BUILD_DIR) -lsgx_enclave_common -lpthread
+ INTERNAL_LDFLAGS += $(COMMON_LDFLAGS) -lpthread
+-LDFLAGS += -L$(VTUNE_DIR)/sdk/src/ittnotify -littnotify -ldl $(CRYPTO_LIB)
+-INTERNAL_LDFLAGS += -L$(VTUNE_DIR)/sdk/src/ittnotify -littnotify -ldl $(CRYPTO_LIB)
+LDFLAGS += -L$(VTUNE_DIR)/sdk/src/ittnotify -littnotify -ldl $(OPENSSL_CRYPTO_LDFLAGS)
+INTERNAL_LDFLAGS += -L$(VTUNE_DIR)/sdk/src/ittnotify -littnotify -ldl $(OPENSSL_CRYPTO_LDFLAGS)
+ LDFLAGS += -Wl,--version-script=urts.lds -Wl,--gc-sections
+ INTERNAL_LDFLAGS += -Wl,--version-script=urts_internal.lds -Wl,--gc-sections
+ 
+diff --git a/sdk/sign_tool/SignTool/Makefile b/sdk/sign_tool/SignTool/Makefile
+index 3d593972..1eb8d460 100644
+--- a/sdk/sign_tool/SignTool/Makefile
+++ b/sdk/sign_tool/SignTool/Makefile
+@@ -42,9 +42,6 @@ CFLAGS += $(FLAGS)
+ CXXFLAGS += $(FLAGS)
+ LDFLAGS := -pie $(COMMON_LDFLAGS) -Wno-odr
+ 
+-PREBUILT_OPENSSL_DIR := $(LINUX_EXTERNAL_DIR)/dcap_source/prebuilt/openssl
+-CRYPTO_LIB := -L$(PREBUILT_OPENSSL_DIR)/lib/linux64 -lcrypto
+-
+ INC += $(ADDED_INC)
+ INC +=  -I$(COMMON_DIR)/inc                         \
+         -I$(COMMON_DIR)/inc/internal                \
+@@ -54,7 +51,7 @@ INC +=  -I$(COMMON_DIR)/inc                         \
+         -I$(LINUX_PSW_DIR)/urts/linux               \
+         -I$(LINUX_EXTERNAL_DIR)/tinyxml2            \
+         -I$(LINUX_PSW_DIR)/urts/parser              \
+-        -I$(PREBUILT_OPENSSL_DIR)/inc
+        $(OPENSSL_CRYPTO_CFLAGS)
+ 
+ DIR1 := $(LINUX_EXTERNAL_DIR)/tinyxml2/
+ DIR2 := $(COMMON_DIR)/src/
+@@ -89,7 +86,7 @@ all: sgx_sign | $(BUILD_DIR)
+ $(BUILD_DIR):
+ 	@$(MKDIR) $@
+ 
+-sgx_sign: PRIVATE_LDLIBS  := -lpthread -lenclaveparser $(CRYPTO_LIB) -ldl
+sgx_sign: PRIVATE_LDLIBS  := -lpthread -lenclaveparser $(OPENSSL_CRYPTO_LDFLAGS) -ldl
+ sgx_sign: PRIVATE_LDFLAGS := -L$(LINUX_PSW_DIR)/urts/parser $(LDFLAGS)
+ 
+ sgx_sign: $(OBJS) enclaveparser
+diff --git a/sdk/simulation/uae_service_sim/linux/Makefile b/sdk/simulation/uae_service_sim/linux/Makefile
+index c66beed2..45ddb576 100644
+--- a/sdk/simulation/uae_service_sim/linux/Makefile
+++ b/sdk/simulation/uae_service_sim/linux/Makefile
+@@ -34,9 +34,6 @@ include $(TOP_DIR)/buildenv.mk
+ 
+ get_version_name = $(addsuffix _VERSION,$(shell echo $(subst _deploy,,$(subst libsgx_,,$(basename $1))) | tr a-z A-Z))
+ 
+-PREBUILT_OPENSSL_DIR := $(LINUX_EXTERNAL_DIR)/dcap_source/prebuilt/openssl
+-CRYPTO_LIB := -L$(PREBUILT_OPENSSL_DIR)/lib/linux64 -lcrypto
+-
+ INCLUDES := -I..                                            \
+             -I$(COMMON_DIR)/inc                             \
+             -I$(COMMON_DIR)/inc/internal                    \
+@@ -48,7 +45,7 @@ INCLUDES := -I..                                            \
+             -I$(LINUX_PSW_DIR)/ae/inc                       \
+             -I$(LINUX_PSW_DIR)/ae/inc/internal              \
+             -I$(LINUX_PSW_DIR)/ae/common                    \
+-            -I$(PREBUILT_OPENSSL_DIR)/inc
+            $(OPENSSL_CRYPTO_CFLAGS)
+ 
+ 
+ CXXFLAGS += -Wall -fPIC $(INCLUDES) -Werror -g $(CET_FLAGS)
+@@ -60,7 +57,7 @@ RDRAND_MAKEFILE := $(RDRAND_LIBDIR)/Makefile
+ 
+ EXTERNAL_LIB += -L$(RDRAND_LIBDIR) -lrdrand
+ EXTERNAL_LIB += -L$(RDRAND_LIBDIR) -lrt
+-EXTERNAL_LIB += -ldl $(CRYPTO_LIB)
+EXTERNAL_LIB += -ldl $(OPENSSL_CRYPTO_LDFLAGS)
+ 
+ vpath %.cpp $(LINUX_PSW_DIR)/ae/common \
+             $(LINUX_SDK_DIR)/simulation/urtssim \
+diff --git a/sdk/simulation/urtssim/linux/Makefile b/sdk/simulation/urtssim/linux/Makefile
+index dde577ca..505ce8d9 100644
+--- a/sdk/simulation/urtssim/linux/Makefile
+++ b/sdk/simulation/urtssim/linux/Makefile
+@@ -42,9 +42,6 @@ endif
+ CXXFLAGS += -fPIC -DSE_SIM -Werror -g $(CET_FLAGS)
+ CFLAGS   += -fPIC -DSE_SIM -Werror -g $(CET_FLAGS)
+ 
+-PREBUILT_OPENSSL_DIR := $(LINUX_EXTERNAL_DIR)/dcap_source/prebuilt/openssl
+-CRYPTO_LIB := -L$(PREBUILT_OPENSSL_DIR)/lib/linux64 -lcrypto
+-
+ CPPFLAGS += $(ADDED_INC) #for ubuntu 11 and later version
+ CPPFLAGS += -I$(COMMON_DIR)/inc                \
+             -I$(COMMON_DIR)/inc/internal/linux \
+@@ -53,7 +50,7 @@ CPPFLAGS += -I$(COMMON_DIR)/inc                \
+             -I$(LINUX_PSW_DIR)/urts/parser     \
+             -I$(VTUNE_DIR)/include \
+             -I$(VTUNE_DIR)/sdk/src/ittnotify \
+-            -I$(PREBUILT_OPENSSL_DIR)/inc
+            $(OPENSSL_CRYPTO_CFLAGS)
+ 
+ CPPFLAGS += -I$(COMMON_DIR)/inc/internal      \
+             -I$(LINUX_PSW_DIR)/urts/linux     \
+@@ -127,7 +124,7 @@ LDFLAGS += $(COMMON_LDFLAGS) -Wl,--version-script=$(LINUX_PSW_DIR)/urts/linux/ur
+ LIBURTSSIM_SHARED := libsgx_urts_sim.so
+ LIBURTS_DEPLOY := libsgx_urts_deploy.so
+ 
+-LDLIBS += -lwrapper $(CRYPTO_LIB) -Wl,-Bdynamic -Wl,-Bsymbolic -lsgx_uae_service_sim
+LDLIBS += -lwrapper $(OPENSSL_CRYPTO_LDFLAGS) -Wl,-Bdynamic -Wl,-Bsymbolic -lsgx_uae_service_sim
+ SONAME = $(LIBURTSSIM_SHARED)
+ 
+ .PHONY: all
+-- 
+2.46.0
+
--- a/0001-Add-support-for-building-against-host-tinyxml2-lib.patch
+++ b/0001-Add-support-for-building-against-host-tinyxml2-lib.patch
@ -0,0 +1,84 @@
+From 6b1e08b5a1f6c035b7f761349c9751a2983c7a4b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Thu, 13 Feb 2025 14:01:10 +0000
+Subject: [PATCH 01/13] Add support for building against host tinyxml2 lib
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+For the host tools/libraries it is desirable to be build
+against the host provided tinyxml2 library, such that
+security updates automatically propagate from the distro
+vendor.
+
+This is enabled as an opt-in by setting the make variable
+
+  USE_HOST_TINYXML2=1
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ buildenv.mk                     | 14 ++++++++++++++
+ sdk/sign_tool/SignTool/Makefile |  8 ++++----
+ 2 files changed, 18 insertions(+), 4 deletions(-)
+
+diff --git a/buildenv.mk b/buildenv.mk
+index acae2106..6dac4028 100644
+--- a/buildenv.mk
+++ b/buildenv.mk
+@@ -384,3 +384,17 @@ OPENSSL_CRYPTO_CFLAGS = -I$(OPENSSL_CRYPTO_PREBUILT_DIR)/inc
+ OPENSSL_CRYPTO_LDFLAGS = -L$(OPENSSL_CRYPTO_PREBUILT_DIR)/lib/linux64 -lcrypto
+ OPENSSL_CRYPTO_LIBS = $(OPENSSL_CRYPTO_PREBUILT_DIR)/lib/linux64/libcrypto.a
+ endif
+
+USE_HOST_TINYXML2 ?= 0
+
+ifeq ($(USE_HOST_TINYXML2), 1)
+TINYXML2_CFLAGS = $(shell pkg-config --cflags tinyxml2)
+TINYXML2_LDFLAGS = $(shell pkg-config --libs tinyxml2)
+TINYXML2_OBJ =
+TINYXML2_DIR =
+else
+TINYXML2_CFLAGS = -I$(LINUX_EXTERNAL_DIR)/tinyxml2
+TINYXML2_LDFLAGS =
+TINYXML2_OBJ = tinyxml2.o
+TINYXML2_DIR = $(LINUX_EXTERNAL_DIR)/tinyxml2/
+endif
+diff --git a/sdk/sign_tool/SignTool/Makefile b/sdk/sign_tool/SignTool/Makefile
+index 1eb8d460..219fb5ad 100644
+--- a/sdk/sign_tool/SignTool/Makefile
+++ b/sdk/sign_tool/SignTool/Makefile
+@@ -49,11 +49,11 @@ INC +=  -I$(COMMON_DIR)/inc                         \
+         -I$(LINUX_PSW_DIR)/enclave_common           \
+         -I$(LINUX_PSW_DIR)/urts                     \
+         -I$(LINUX_PSW_DIR)/urts/linux               \
+-        -I$(LINUX_EXTERNAL_DIR)/tinyxml2            \
+        $(TINYXML2_CFLAGS)                          \
+         -I$(LINUX_PSW_DIR)/urts/parser              \
+         $(OPENSSL_CRYPTO_CFLAGS)
+ 
+-DIR1 := $(LINUX_EXTERNAL_DIR)/tinyxml2/
+DIR1 := $(TINYXML2_DIR)
+ DIR2 := $(COMMON_DIR)/src/
+ DIR3 := $(LINUX_PSW_DIR)/urts/
+ DIR4 := $(LINUX_PSW_DIR)/urts/linux
+@@ -68,7 +68,7 @@ OBJ1 := manage_metadata.o      \
+ 
+ OBJ2 := sgx_memset_s.o crypto_evp_digest.o crypto_rsa_key.o crypto_rsa3072.o
+ 
+-OBJ3 := tinyxml2.o
+OBJ3 := $(TINYXML2_OBJ)
+ 
+ OBJ4 := loader.o     \
+         se_detect.o  
+@@ -86,7 +86,7 @@ all: sgx_sign | $(BUILD_DIR)
+ $(BUILD_DIR):
+ 	@$(MKDIR) $@
+ 
+-sgx_sign: PRIVATE_LDLIBS  := -lpthread -lenclaveparser $(OPENSSL_CRYPTO_LDFLAGS) -ldl
+sgx_sign: PRIVATE_LDLIBS  := -lpthread -lenclaveparser $(OPENSSL_CRYPTO_LDFLAGS) -ldl $(TINYXML2_LDFLAGS)
+ sgx_sign: PRIVATE_LDFLAGS := -L$(LINUX_PSW_DIR)/urts/parser $(LDFLAGS)
+ 
+ sgx_sign: $(OBJS) enclaveparser
+-- 
+2.46.0
+
--- a/0002-Add-support-for-building-against-host-CppMicroServic.patch
+++ b/0002-Add-support-for-building-against-host-CppMicroServic.patch
@ -0,0 +1,142 @@
+From 08e7b92cc7324b954ba773e8d2edb53f364efb64 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Thu, 13 Feb 2025 14:01:10 +0000
+Subject: [PATCH 02/13] Add support for building against host CppMicroServices
+ lib
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+For the aesm_sevice it is desirable to be build against the host
+provided CppMicroServices library, such that security updates
+automatically propagate from the distro vendor.
+
+This is enabled as an opt-in by setting the make variable
+
+  USE_HOST_CPPMICROSERVICES=1
+
+The in-tree bundle of CppMicroServices ships a 6 year outdated
+git snapshot that claims to be version 4.0.0, since that time
+upstream reverted the version to 3.x.x. Hence the cmake path
+used for the host is looking for 'cppmicroservices3' not
+'cppmicroservices4' which is used for the ancient bundled copy.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ buildenv.mk                               | 10 +++++++++
+ psw/ae/aesm_service/Makefile              | 27 ++++++++++++++---------
+ psw/ae/aesm_service/source/CMakeLists.txt |  2 +-
+ 3 files changed, 28 insertions(+), 11 deletions(-)
+
+diff --git a/buildenv.mk b/buildenv.mk
+index 6dac4028..915e2eb4 100644
+--- a/buildenv.mk
+++ b/buildenv.mk
+@@ -398,3 +398,13 @@ TINYXML2_LDFLAGS =
+ TINYXML2_OBJ = tinyxml2.o
+ TINYXML2_DIR = $(LINUX_EXTERNAL_DIR)/tinyxml2/
+ endif
+
+USE_HOST_CPPMICROSERVICES ?= 0
+
+ifeq ($(USE_HOST_CPPMICROSERVICES), 1)
+CPPMICROSERVICES_CMAKE_DIR = /usr/share/cppmicroservices3/cmake
+else
+CPPMICROSERVICES_SRC_DIR = $(LINUX_EXTERNAL_DIR)/CppMicroServices
+CPPMICROSERVICES_INSTALL_DIR = $(CPPMICROSERVICES_SRC_DIR)/local-install
+CPPMICROSERVICES_CMAKE_DIR = $(CPPMICROSERVICES_INSTALL_DIR)/share/cppmicroservices4/cmake
+endif
+diff --git a/psw/ae/aesm_service/Makefile b/psw/ae/aesm_service/Makefile
+index bac84292..89a15875 100644
+--- a/psw/ae/aesm_service/Makefile
+++ b/psw/ae/aesm_service/Makefile
+@@ -32,10 +32,8 @@
+ TOP_DIR  = ../../..
+ include $(TOP_DIR)/buildenv.mk
+ 
+-CPPMICROSERVICES_DIR := $(LINUX_EXTERNAL_DIR)/CppMicroServices
+-CPPMICROSERVICES_INSTALL := $(CPPMICROSERVICES_DIR)/local-install
+ AESM_CONFIG := -DBUILD_SHARED_LIBS=ON -DUS_BUILD_SHARED_LIBS=ON
+-CPPMICROSERVICES_CONFIG := -DCMAKE_INSTALL_PREFIX=$(CPPMICROSERVICES_INSTALL) -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_FLAGS= -DCMAKE_CXX_FLAGS= -DFORTIFY_SOURCE_VAL=$(FORTIFY_SOURCE_VAL)
+CPPMICROSERVICES_CONFIG := -DCMAKE_INSTALL_PREFIX=$(CPPMICROSERVICES_INSTALL_DIR) -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_FLAGS= -DCMAKE_CXX_FLAGS= -DFORTIFY_SOURCE_VAL=$(FORTIFY_SOURCE_VAL)
+ ifdef DEBUG
+     AESM_CONFIG += -DCMAKE_BUILD_TYPE=Debug
+ else
+@@ -48,6 +46,7 @@ endif
+ 
+ AESM_CONFIG += -DOPENSSL_CRYPTO_CFLAGS=$(OPENSSL_CRYPTO_CFLAGS)
+ AESM_CONFIG += -DOPENSSL_CRYPTO_LIBS=$(OPENSSL_CRYPTO_LIBS)
+AESM_CONFIG += -DCPPMICROSERVICES_CMAKE_DIR=$(CPPMICROSERVICES_CMAKE_DIR)
+ 
+ ifeq ($(ARCH), x86)
+     SQLITECFLAGS += -m32
+@@ -66,7 +65,9 @@ CFLAGS := $(filter-out -Werror, $(CFLAGS))
+ 
+ WHITE_LIST_FILE := $(LINUX_PSW_DIR)/ae/data/prebuilt/white_list_cert_to_be_verify.bin
+ APPNAME         := source/build/bin/aesm_service
+-CPPMICROSERVICES:= $(CPPMICROSERVICES_DIR)/build/lib/libCppMicroServices.so.4.0.0
+ifeq ($(USE_HOST_CPPMICROSERVICES), 0)
+CPPMICROSERVICES:= $(CPPMICROSERVICES_SRC_DIR)/build/lib/libCppMicroServices.so.4.0.0
+endif
+ RDRAND_LIBDIR :=$(LINUX_EXTERNAL_DIR)/rdrand/src
+ RDRAND_MAKEFILE := $(RDRAND_LIBDIR)/Makefile
+ 
+@@ -80,21 +81,25 @@ copy_data_file:
+ 
+ $(APPNAME): $(CPPMICROSERVICES) source/build/CMakeCache.txt urts RDRAND
+ 	$(MAKE) -C source/build
+ifeq ($(USE_HOST_CPPMICROSERVICES), 0)
+ 	$(CP) $(CPPMICROSERVICES) source/build/bin/
+endif
+ 
+ CMAKE_VERSION_MAJOR=$(shell cmake --version | head -n  1 | cut -d \  -f 3 | cut -d . -f 1)
+ CMAKE_VERSION_MINOR=$(shell cmake --version | head -n  1 | cut -d \  -f 3 | cut -d . -f 2 | xargs printf '%02d')
+ CMAKE_VERSION=$(CMAKE_VERSION_MAJOR)$(CMAKE_VERSION_MINOR)
+ CMAKE := $(HOME)/cache/bin/cmake
+ 
+ifeq ($(USE_HOST_CPPMICROSERVICES), 0)
+ .PHONY: CPPMICROSERVICES
+ $(CPPMICROSERVICES):
+-	mkdir -p $(CPPMICROSERVICES_DIR)/build
+	mkdir -p $(CPPMICROSERVICES_SRC_DIR)/build
+ ifeq ($(shell test $(CMAKE_VERSION) -lt 302 && echo 1), 1)
+-	$(CPPMICROSERVICES_DIR)/install_cmake.sh
+-	cd $(CPPMICROSERVICES_DIR)/build && $(CMAKE) -DCMAKE_COMMAND=$(CMAKE) $(CPPMICROSERVICES_CONFIG) ../ && $(MAKE) && $(MAKE) install
+	$(CPPMICROSERVICES_SRC_DIR)/install_cmake.sh
+	cd $(CPPMICROSERVICES_SRC_DIR)/build && $(CMAKE) -DCMAKE_COMMAND=$(CMAKE) $(CPPMICROSERVICES_CONFIG) ../ && $(MAKE) && $(MAKE) install
+ else
+-	cd $(CPPMICROSERVICES_DIR)/build && cmake $(CPPMICROSERVICES_CONFIG) ../ && $(MAKE) && $(MAKE) install
+	cd $(CPPMICROSERVICES_SRC_DIR)/build && cmake $(CPPMICROSERVICES_CONFIG) ../ && $(MAKE) && $(MAKE) install
+endif
+ endif
+ 
+ source/build/CMakeCache.txt: $(CPPMICROSERVICES)
+@@ -124,8 +129,10 @@ $(BUILD_DIR):
+ .PHONY: clean
+ clean:
+ 	@$(RM) -r source/build
+-	@$(RM) -r $(CPPMICROSERVICES_DIR)/build
+-	@$(RM) -r $(CPPMICROSERVICES_INSTALL)
+ifeq ($(USE_HOST_CPPMICROSERVICES), 0)
+	@$(RM) -r $(CPPMICROSERVICES_SRC_DIR)/build
+	@$(RM) -r $(CPPMICROSERVICES_INSTALL_DIR)
+endif
+ 	@$(RM) -r data
+ ifeq ($(RDRAND_MAKEFILE), $(wildcard $(RDRAND_MAKEFILE)))
+ 	@$(MAKE) distclean -C $(RDRAND_LIBDIR)
+diff --git a/psw/ae/aesm_service/source/CMakeLists.txt b/psw/ae/aesm_service/source/CMakeLists.txt
+index 98c724a7..3edd77c7 100644
+--- a/psw/ae/aesm_service/source/CMakeLists.txt
+++ b/psw/ae/aesm_service/source/CMakeLists.txt
+@@ -46,7 +46,7 @@ else()
+ endif()
+ 
+ # check if CppMicroServices was found
+-set(CppMicroServices_DIR ../../../../external/CppMicroServices/local-install/share/cppmicroservices4/cmake)
+set(CppMicroServices_DIR ${CPPMICROSERVICES_CMAKE_DIR})
+ find_package(CppMicroServices NO_MODULE REQUIRED)
+ cmake_minimum_required(VERSION ${US_CMAKE_MINIMUM_REQUIRED_VERSION})
+ cmake_policy(VERSION ${US_CMAKE_MINIMUM_REQUIRED_VERSION})
+-- 
+2.46.0
+
--- a/0003-Improve-make-debuggability.patch
+++ b/0003-Improve-make-debuggability.patch
@ -0,0 +1,74 @@
+From 1c1ec62d0a754fc477b64cb881a721c316eb58d5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Fri, 1 Mar 2024 12:53:26 +0000
+Subject: [PATCH 03/13] Improve make debuggability
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Stop discarding stderr output
+Stop hardcoding parallelism to 'nproc' value and allow user
+specified setting to propagate to sub-make invocations.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ sdk/Makefile.source | 8 ++++----
+ sdk/cpprt/Makefile  | 2 +-
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/sdk/Makefile.source b/sdk/Makefile.source
+index 4bbfd4f3..d3e40036 100644
+--- a/sdk/Makefile.source
+++ b/sdk/Makefile.source
+@@ -78,7 +78,7 @@ tstdc: $(LIBTLIBC)
+ 
+ ifndef SERVTD_ATTEST
+ $(LIBTLIBC): tlibthread compiler-rt tsafecrt tsetjmp tmm_rsrv
+-	$(MAKE) -C tlibc/ -j$(shell nproc) 2> /dev/null
+	$(MAKE) -C tlibc/
+ 	@$(MKDIR) $(BUILD_DIR)/.compiler-rt $(BUILD_DIR)/.tlibthread $(BUILD_DIR)/.tsafecrt $(BUILD_DIR)/.tsetjmp $(BUILD_DIR)/.tmm_rsrv
+ 	@$(RM) -f $(BUILD_DIR)/.compiler-rt/*   && cd $(BUILD_DIR)/.compiler-rt && $(AR) x $(LINUX_SDK_DIR)/compiler-rt/libcompiler-rt.a
+ 	@$(RM) -f $(BUILD_DIR)/.tlibthread/*    && cd $(BUILD_DIR)/.tlibthread && $(AR) x $(LINUX_SDK_DIR)/tlibthread/libtlibthread.a
+@@ -96,7 +96,7 @@ $(LIBTLIBC): tlibthread compiler-rt tsafecrt tsetjmp tmm_rsrv
+ 	@$(RM) -rf $(BUILD_DIR)/.tsetjmp $(BUILD_DIR)/.tmm_rsrv
+ else
+ $(LIBTLIBC): tlibthread tsafecrt tsetjmp tmm_rsrv
+-	$(MAKE) -C tlibc/ SERVTD_ATTEST=1 -j$(shell nproc) 2> /dev/null
+	$(MAKE) -C tlibc/ SERVTD_ATTEST=1
+ 	@$(MKDIR) $(BUILD_DIR)/.tlibthread $(BUILD_DIR)/.tsafecrt $(BUILD_DIR)/.tsetjmp  $(BUILD_DIR)/.tmm_rsrv
+ 	@$(RM) -f $(BUILD_DIR)/.tlibthread/*    && cd $(BUILD_DIR)/.tlibthread && $(AR) x $(LINUX_SDK_DIR)/tlibthread/libtlibthread.a
+ 	@$(RM) -f $(BUILD_DIR)/.tsafecrt/*      && cd $(BUILD_DIR)/.tsafecrt   && $(AR) x $(LINUX_SDK_DIR)/tsafecrt/libsgx_tsafecrt.a
+@@ -119,7 +119,7 @@ tsafecrt:
+ 
+ .PHONY: compiler-rt
+ compiler-rt:
+-	$(MAKE) -C compiler-rt/ 2> /dev/null
+	$(MAKE) -C compiler-rt/
+ 
+ .PHONY: tsetjmp
+ tsetjmp:
+@@ -163,7 +163,7 @@ cpprt:
+ 
+ .PHONY: tlibcxx
+ tlibcxx: $(BUILD_DIR)
+-	$(MAKE) -C tlibcxx/ 2> /dev/null
+	$(MAKE) -C tlibcxx/
+ 	$(CP) tlibcxx/README.sgx $(BUILD_DIR)/libc++_Changes_SGX.txt
+ 
+ # ---------------------------------------------------
+diff --git a/sdk/cpprt/Makefile b/sdk/cpprt/Makefile
+index d1ac38a1..5fb90c21 100644
+--- a/sdk/cpprt/Makefile
+++ b/sdk/cpprt/Makefile
+@@ -83,7 +83,7 @@ $(CPPRT): $(OBJS) prepare-libunwind libunwind
+ libunwind:
+ 	cd $(LIBUNWIND_DIR)/ && \
+ 		( test -f Makefile || CFLAGS="$(CFLAGS)" ./autogen.sh ) && \
+-		$(MAKE) -j$(shell nproc)
+		$(MAKE)
+ 
+ 
+ .PHONY: clean
+-- 
+2.46.0
+
--- a/0004-Support-disabling-use-of-git-for-ippcp-code.patch
+++ b/0004-Support-disabling-use-of-git-for-ippcp-code.patch
@ -0,0 +1,49 @@
+From 028b9d1eeb5cdda62d0d3669b1320358402c2bb1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Thu, 13 Feb 2025 14:37:24 +0000
+Subject: [PATCH 04/13] Support disabling use of git for ippcp code
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Allow the user to provide the ippcp source ahead of time,
+to avoid use of git in environments where there is no
+network access available.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ external/ippcp_internal/Makefile | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/external/ippcp_internal/Makefile b/external/ippcp_internal/Makefile
+index b4108cb8..70718f5e 100644
+--- a/external/ippcp_internal/Makefile
+++ b/external/ippcp_internal/Makefile
+@@ -33,6 +33,8 @@ include ../../buildenv.mk
+ 
+ DIR = $(CURDIR)
+ 
+IPP_USE_GIT := 1
+
+ IPP_CONFIG = -Bbuild -DCMAKE_VERBOSE_MAKEFILE=on
+ 
+ # Ignore the CMAKE C/C++ compiler check to avoid conflicts with mitigation options
+@@ -85,6 +87,7 @@ build_ipp: $(CHECK_SOURCE)
+ 	cd $(IPP_SOURCE) && $(PRE_CONFIG) cmake CMakeLists.txt $(IPP_CONFIG) && cd build && make ippcp_s
+ 
+ $(IPP_SOURCE)/build:
+ifeq ($(IPP_USE_GIT), 1)
+ ifeq ($(shell git rev-parse --is-inside-work-tree), true)
+ 	git submodule update -f --init --recursive --remote -- $(IPP_SOURCE)
+ else
+@@ -92,6 +95,7 @@ else
+ 	git clone -b ipp-ipp-crypto_2021_12_1 https://github.com/intel/ipp-crypto.git --depth 1 $(IPP_SOURCE)
+ endif
+ 	cd $(IPP_SOURCE) && git apply ../0001-IPP-crypto-for-SGX.patch
+endif
+ 	mkdir -p $(IPP_SOURCE)/build
+ 
+ .PHONY: clean
+-- 
+2.46.0
+
--- a/0005-disable-openmp-protobuf-mbedtls-sample_crypto-builds.patch
+++ b/0005-disable-openmp-protobuf-mbedtls-sample_crypto-builds.patch
@ -0,0 +1,525 @@
+From 6b9f6d62de22cfcf7ad89ec8a38e292c45ab0e2a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 18 Jun 2024 15:57:22 +0100
+Subject: [PATCH 05/13] disable openmp, protobuf, mbedtls & sample_crypto
+ builds
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+These libraries are demoware, not known to be used for anything
+important, so skip them to reduce amount of bundled package code.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ linux/installer/common/sdk/BOMs/sdk_base.txt  | 335 ------------------
+ .../common/sdk/BOMs/sdk_cve_2020_0551_cf.txt  |   3 -
+ .../sdk/BOMs/sdk_cve_2020_0551_load.txt       |   3 -
+ linux/installer/common/sdk/BOMs/sdk_x64.txt   |   4 -
+ sdk/Makefile.source                           |  30 +-
+ 5 files changed, 1 insertion(+), 374 deletions(-)
+
+diff --git a/linux/installer/common/sdk/BOMs/sdk_base.txt b/linux/installer/common/sdk/BOMs/sdk_base.txt
+index 032479d8..ed585066 100644
+--- a/linux/installer/common/sdk/BOMs/sdk_base.txt
+++ b/linux/installer/common/sdk/BOMs/sdk_base.txt
+@@ -1,5 +1,4 @@
+ DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
+-<deliverydir>/build/linux/libsample_libcrypto.so	<installdir>/package/SampleCode/RemoteAttestation/sample_libcrypto/libsample_libcrypto.so	0	main	STP
+ <deliverydir>/common/inc/sgx_attributes.h	<installdir>/package/include/sgx_attributes.h	0	main	STP
+ <deliverydir>/common/inc/sgx_capable.h	<installdir>/package/include/sgx_capable.h	0	main	STP
+ <deliverydir>/common/inc/sgx_cpuid.h	<installdir>/package/include/sgx_cpuid.h	0	main	STP
+@@ -391,26 +390,6 @@ DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
+ <deliverydir>/SampleCode/SealUnseal/Enclave_Unseal/Enclave_Unseal.cpp	<installdir>/package/SampleCode/SealUnseal/Enclave_Unseal/Enclave_Unseal.cpp	0	N/A	N/A
+ <deliverydir>/SampleCode/SealUnseal/Enclave_Unseal/Enclave_Unseal.edl	<installdir>/package/SampleCode/SealUnseal/Enclave_Unseal/Enclave_Unseal.edl	0	N/A	N/A
+ <deliverydir>/SampleCode/SealUnseal/Enclave_Unseal/Enclave_Unseal.lds	<installdir>/package/SampleCode/SealUnseal/Enclave_Unseal/Enclave_Unseal.lds	0	N/A	N/A
+-<deliverydir>/SampleCode/ProtobufSGXDemo/App/App.h	<installdir>/package/SampleCode/ProtobufSGXDemo/App/App.h	0	N/A	N/A
+-<deliverydir>/SampleCode/ProtobufSGXDemo/App/App.cpp	<installdir>/package/SampleCode/ProtobufSGXDemo/App/App.cpp	0	N/A	N/A
+-<deliverydir>/SampleCode/ProtobufSGXDemo/Enclave/Enclave.config.xml	<installdir>/package/SampleCode/ProtobufSGXDemo/Enclave/Enclave.config.xml	0	N/A	N/A
+-<deliverydir>/SampleCode/ProtobufSGXDemo/Enclave/Enclave.cpp	<installdir>/package/SampleCode/ProtobufSGXDemo/Enclave/Enclave.cpp	0	N/A	N/A
+-<deliverydir>/SampleCode/ProtobufSGXDemo/Enclave/Enclave_debug.lds	<installdir>/package/SampleCode/ProtobufSGXDemo/Enclave/Enclave_debug.lds	0	N/A	N/A
+-<deliverydir>/SampleCode/ProtobufSGXDemo/Enclave/Enclave.edl	<installdir>/package/SampleCode/ProtobufSGXDemo/Enclave/Enclave.edl	0	N/A	N/A
+-<deliverydir>/SampleCode/ProtobufSGXDemo/Enclave/Enclave.h	<installdir>/package/SampleCode/ProtobufSGXDemo/Enclave/Enclave.h	0	N/A	N/A
+-<deliverydir>/SampleCode/ProtobufSGXDemo/Enclave/Enclave.lds	<installdir>/package/SampleCode/ProtobufSGXDemo/Enclave/Enclave.lds	0	N/A	N/A
+-<deliverydir>/SampleCode/ProtobufSGXDemo/Enclave/person.proto	<installdir>/package/SampleCode/ProtobufSGXDemo/Enclave/person.proto	0	N/A	N/A
+-<deliverydir>/SampleCode/ProtobufSGXDemo/Makefile	<installdir>/package/SampleCode/ProtobufSGXDemo/Makefile	0	N/A	N/A
+-<deliverydir>/SampleCode/SampleMbedCrypto/App/App.cpp	<installdir>/package/SampleCode/SampleMbedCrypto/App/App.cpp	0	N/A	N/A
+-<deliverydir>/SampleCode/SampleMbedCrypto/App/App.h	<installdir>/package/SampleCode/SampleMbedCrypto/App/App.h	0	N/A	N/A
+-<deliverydir>/SampleCode/SampleMbedCrypto/Makefile	<installdir>/package/SampleCode/SampleMbedCrypto/Makefile	0	N/A	N/A
+-<deliverydir>/SampleCode/SampleMbedCrypto/Enclave/Enclave.cpp	<installdir>/package/SampleCode/SampleMbedCrypto/Enclave/Enclave.cpp	0	N/A	N/A
+-<deliverydir>/SampleCode/SampleMbedCrypto/Enclave/Enclave.lds	<installdir>/package/SampleCode/SampleMbedCrypto/Enclave/Enclave.lds	0	N/A	N/A
+-<deliverydir>/SampleCode/SampleMbedCrypto/Enclave/Enclave_debug.lds	<installdir>/package/SampleCode/SampleMbedCrypto/Enclave/Enclave_debug.lds	0	N/A	N/A
+-<deliverydir>/SampleCode/SampleMbedCrypto/Enclave/Enclave.h	<installdir>/package/SampleCode/SampleMbedCrypto/Enclave/Enclave.h	0	N/A	N/A
+-<deliverydir>/SampleCode/SampleMbedCrypto/Enclave/Enclave.edl	<installdir>/package/SampleCode/SampleMbedCrypto/Enclave/Enclave.edl	0	N/A	N/A
+-<deliverydir>/SampleCode/SampleMbedCrypto/Enclave/Enclave.config.xml	<installdir>/package/SampleCode/SampleMbedCrypto/Enclave/Enclave.config.xml	0	N/A	N/A
+-<deliverydir>/SampleCode/SampleMbedCrypto/README.txt	<installdir>/package/SampleCode/SampleMbedCrypto/README.txt	0	N/A	N/A
+ <deliverydir>/SampleCode/SampleAEXNotify/Enclave/Enclave.config.xml	<installdir>/package/SampleCode/SampleAEXNotify/Enclave/Enclave.config.xml	0	N/A	N/A
+ <deliverydir>/SampleCode/SampleAEXNotify/Enclave/Enclave.cpp	<installdir>/package/SampleCode/SampleAEXNotify/Enclave/Enclave.cpp	0	N/A	N/A
+ <deliverydir>/SampleCode/SampleAEXNotify/Enclave/Enclave.edl	<installdir>/package/SampleCode/SampleAEXNotify/Enclave/Enclave.edl	0	N/A	N/A
+@@ -422,7 +401,6 @@ DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
+ <deliverydir>/SampleCode/SampleAEXNotify/Makefile	<installdir>/package/SampleCode/SampleAEXNotify/Makefile	0	N/A	N/A
+ <deliverydir>/SampleCode/SampleAEXNotify/README.txt	<installdir>/package/SampleCode/SampleAEXNotify/README.txt	0	N/A	N/A
+ <deliverydir>/build/linux/gdb-sgx-plugin/sgx-gdb	<installdir>/package/bin/sgx-gdb	0	main	STP
+-<deliverydir>/sdk/sample_libcrypto/sample_libcrypto.h	<installdir>/package/SampleCode/RemoteAttestation/sample_libcrypto/sample_libcrypto.h	0	main	STP
+ <deliverydir>/sdk/tlibcxx/include/CMakeLists.txt	<installdir>/package/include/libcxx/CMakeLists.txt	0	main	STP
+ <deliverydir>/sdk/tlibcxx/include/__availability	<installdir>/package/include/libcxx/__availability	0	main	STP
+ <deliverydir>/sdk/tlibcxx/include/__bit_reference	<installdir>/package/include/libcxx/__bit_reference	0	main	STP
+@@ -607,317 +585,4 @@ DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
+ <deliverydir>/sdk/tlibcxx/include/variant	<installdir>/package/include/libcxx/variant	0	main	STP
+ <deliverydir>/sdk/tlibcxx/include/vector	<installdir>/package/include/libcxx/vector	0	main	STP
+ <deliverydir>/sdk/tlibcxx/include/version	<installdir>/package/include/libcxx/version	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/any.h	<installdir>/package/include/tprotobuf/google/protobuf/any.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/any.pb.h	<installdir>/package/include/tprotobuf/google/protobuf/any.pb.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/any.proto	<installdir>/package/include/tprotobuf/google/protobuf/any.proto	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/api.pb.h	<installdir>/package/include/tprotobuf/google/protobuf/api.pb.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/api.proto	<installdir>/package/include/tprotobuf/google/protobuf/api.proto	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/arena.h	<installdir>/package/include/tprotobuf/google/protobuf/arena.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/arena_align.h	<installdir>/package/include/tprotobuf/google/protobuf/arena_align.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/arena_allocation_policy.h	<installdir>/package/include/tprotobuf/google/protobuf/arena_allocation_policy.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/arena_cleanup.h	<installdir>/package/include/tprotobuf/google/protobuf/arena_cleanup.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/arena_config.h	<installdir>/package/include/tprotobuf/google/protobuf/arena_config.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/arenastring.h	<installdir>/package/include/tprotobuf/google/protobuf/arenastring.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/arenaz_sampler.h	<installdir>/package/include/tprotobuf/google/protobuf/arenaz_sampler.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/descriptor.h	<installdir>/package/include/tprotobuf/google/protobuf/descriptor.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/descriptor.pb.h	<installdir>/package/include/tprotobuf/google/protobuf/descriptor.pb.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/descriptor.proto	<installdir>/package/include/tprotobuf/google/protobuf/descriptor.proto	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/descriptor_database.h	<installdir>/package/include/tprotobuf/google/protobuf/descriptor_database.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/descriptor_legacy.h	<installdir>/package/include/tprotobuf/google/protobuf/descriptor_legacy.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/dynamic_message.h	<installdir>/package/include/tprotobuf/google/protobuf/dynamic_message.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/empty.pb.h	<installdir>/package/include/tprotobuf/google/protobuf/empty.pb.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/empty.proto	<installdir>/package/include/tprotobuf/google/protobuf/empty.proto	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/endian.h	<installdir>/package/include/tprotobuf/google/protobuf/endian.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/explicitly_constructed.h	<installdir>/package/include/tprotobuf/google/protobuf/explicitly_constructed.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/extension_set.h	<installdir>/package/include/tprotobuf/google/protobuf/extension_set.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/extension_set_inl.h	<installdir>/package/include/tprotobuf/google/protobuf/extension_set_inl.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/field_access_listener.h	<installdir>/package/include/tprotobuf/google/protobuf/field_access_listener.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/field_mask.pb.h	<installdir>/package/include/tprotobuf/google/protobuf/field_mask.pb.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/field_mask.proto	<installdir>/package/include/tprotobuf/google/protobuf/field_mask.proto	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/generated_enum_reflection.h	<installdir>/package/include/tprotobuf/google/protobuf/generated_enum_reflection.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/generated_enum_util.h	<installdir>/package/include/tprotobuf/google/protobuf/generated_enum_util.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/generated_message_bases.h	<installdir>/package/include/tprotobuf/google/protobuf/generated_message_bases.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/generated_message_reflection.h	<installdir>/package/include/tprotobuf/google/protobuf/generated_message_reflection.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/generated_message_tctable_decl.h	<installdir>/package/include/tprotobuf/google/protobuf/generated_message_tctable_decl.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/generated_message_util.h	<installdir>/package/include/tprotobuf/google/protobuf/generated_message_util.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/has_bits.h	<installdir>/package/include/tprotobuf/google/protobuf/has_bits.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/implicit_weak_message.h	<installdir>/package/include/tprotobuf/google/protobuf/implicit_weak_message.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/inlined_string_field.h	<installdir>/package/include/tprotobuf/google/protobuf/inlined_string_field.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/io/coded_stream.h	<installdir>/package/include/tprotobuf/google/protobuf/io/coded_stream.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/io/printer.h	<installdir>/package/include/tprotobuf/google/protobuf/io/printer.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/io/strtod.h	<installdir>/package/include/tprotobuf/google/protobuf/io/strtod.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/io/tokenizer.h	<installdir>/package/include/tprotobuf/google/protobuf/io/tokenizer.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/io/zero_copy_stream.h	<installdir>/package/include/tprotobuf/google/protobuf/io/zero_copy_stream.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/io/zero_copy_stream_impl.h	<installdir>/package/include/tprotobuf/google/protobuf/io/zero_copy_stream_impl.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/io/zero_copy_stream_impl_lite.h	<installdir>/package/include/tprotobuf/google/protobuf/io/zero_copy_stream_impl_lite.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/map.h	<installdir>/package/include/tprotobuf/google/protobuf/map.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/map_entry.h	<installdir>/package/include/tprotobuf/google/protobuf/map_entry.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/map_entry_lite.h	<installdir>/package/include/tprotobuf/google/protobuf/map_entry_lite.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/map_field.h	<installdir>/package/include/tprotobuf/google/protobuf/map_field.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/map_field_inl.h	<installdir>/package/include/tprotobuf/google/protobuf/map_field_inl.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/map_field_lite.h	<installdir>/package/include/tprotobuf/google/protobuf/map_field_lite.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/map_type_handler.h	<installdir>/package/include/tprotobuf/google/protobuf/map_type_handler.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/message.h	<installdir>/package/include/tprotobuf/google/protobuf/message.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/message_lite.h	<installdir>/package/include/tprotobuf/google/protobuf/message_lite.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/metadata.h	<installdir>/package/include/tprotobuf/google/protobuf/metadata.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/metadata_lite.h	<installdir>/package/include/tprotobuf/google/protobuf/metadata_lite.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/parse_context.h	<installdir>/package/include/tprotobuf/google/protobuf/parse_context.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/port.h	<installdir>/package/include/tprotobuf/google/protobuf/port.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/port_def.inc	<installdir>/package/include/tprotobuf/google/protobuf/port_def.inc	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/port_undef.inc	<installdir>/package/include/tprotobuf/google/protobuf/port_undef.inc	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/reflection.h	<installdir>/package/include/tprotobuf/google/protobuf/reflection.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/reflection_mode.h	<installdir>/package/include/tprotobuf/google/protobuf/reflection_mode.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/reflection_ops.h	<installdir>/package/include/tprotobuf/google/protobuf/reflection_ops.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/repeated_field.h	<installdir>/package/include/tprotobuf/google/protobuf/repeated_field.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/repeated_ptr_field.h	<installdir>/package/include/tprotobuf/google/protobuf/repeated_ptr_field.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/serial_arena.h	<installdir>/package/include/tprotobuf/google/protobuf/serial_arena.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/service.h	<installdir>/package/include/tprotobuf/google/protobuf/service.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/source_context.pb.h	<installdir>/package/include/tprotobuf/google/protobuf/source_context.pb.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/source_context.proto	<installdir>/package/include/tprotobuf/google/protobuf/source_context.proto	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/string_block.h	<installdir>/package/include/tprotobuf/google/protobuf/string_block.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/string_member_robber.h	<installdir>/package/include/tprotobuf/google/protobuf/string_member_robber.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/struct.pb.h	<installdir>/package/include/tprotobuf/google/protobuf/struct.pb.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/struct.proto	<installdir>/package/include/tprotobuf/google/protobuf/struct.proto	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/stubs/callback.h	<installdir>/package/include/tprotobuf/google/protobuf/stubs/callback.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/stubs/common.h	<installdir>/package/include/tprotobuf/google/protobuf/stubs/common.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/stubs/platform_macros.h	<installdir>/package/include/tprotobuf/google/protobuf/stubs/platform_macros.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/stubs/port.h	<installdir>/package/include/tprotobuf/google/protobuf/stubs/port.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/stubs/status_macros.h	<installdir>/package/include/tprotobuf/google/protobuf/stubs/status_macros.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/text_format.h	<installdir>/package/include/tprotobuf/google/protobuf/text_format.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/thread_safe_arena.h	<installdir>/package/include/tprotobuf/google/protobuf/thread_safe_arena.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/type.pb.h	<installdir>/package/include/tprotobuf/google/protobuf/type.pb.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/type.proto	<installdir>/package/include/tprotobuf/google/protobuf/type.proto	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/unknown_field_set.h	<installdir>/package/include/tprotobuf/google/protobuf/unknown_field_set.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/varint_shuffle.h	<installdir>/package/include/tprotobuf/google/protobuf/varint_shuffle.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/wire_format.h	<installdir>/package/include/tprotobuf/google/protobuf/wire_format.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/wire_format_lite.h	<installdir>/package/include/tprotobuf/google/protobuf/wire_format_lite.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/wrappers.pb.h	<installdir>/package/include/tprotobuf/google/protobuf/wrappers.pb.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/src/google/protobuf/wrappers.proto	<installdir>/package/include/tprotobuf/google/protobuf/wrappers.proto	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/algorithm/algorithm.h	<installdir>/package/include/tprotobuf/absl/algorithm/algorithm.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/algorithm/container.h	<installdir>/package/include/tprotobuf/absl/algorithm/container.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/attributes.h	<installdir>/package/include/tprotobuf/absl/base/attributes.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/call_once.h	<installdir>/package/include/tprotobuf/absl/base/call_once.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/casts.h	<installdir>/package/include/tprotobuf/absl/base/casts.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/config.h	<installdir>/package/include/tprotobuf/absl/base/config.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/const_init.h	<installdir>/package/include/tprotobuf/absl/base/const_init.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/dynamic_annotations.h	<installdir>/package/include/tprotobuf/absl/base/dynamic_annotations.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/internal/atomic_hook.h	<installdir>/package/include/tprotobuf/absl/base/internal/atomic_hook.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/internal/dynamic_annotations.h	<installdir>/package/include/tprotobuf/absl/base/internal/dynamic_annotations.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/internal/endian.h	<installdir>/package/include/tprotobuf/absl/base/internal/endian.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/internal/errno_saver.h	<installdir>/package/include/tprotobuf/absl/base/internal/errno_saver.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/internal/identity.h	<installdir>/package/include/tprotobuf/absl/base/internal/identity.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/internal/inline_variable.h	<installdir>/package/include/tprotobuf/absl/base/internal/inline_variable.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/internal/invoke.h	<installdir>/package/include/tprotobuf/absl/base/internal/invoke.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/internal/low_level_alloc.h	<installdir>/package/include/tprotobuf/absl/base/internal/low_level_alloc.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h	<installdir>/package/include/tprotobuf/absl/base/internal/low_level_scheduling.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/internal/per_thread_tls.h	<installdir>/package/include/tprotobuf/absl/base/internal/per_thread_tls.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/internal/prefetch.h	<installdir>/package/include/tprotobuf/absl/base/internal/prefetch.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/internal/raw_logging.h	<installdir>/package/include/tprotobuf/absl/base/internal/raw_logging.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/internal/scheduling_mode.h	<installdir>/package/include/tprotobuf/absl/base/internal/scheduling_mode.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/internal/spinlock.h	<installdir>/package/include/tprotobuf/absl/base/internal/spinlock.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h	<installdir>/package/include/tprotobuf/absl/base/internal/spinlock_wait.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/internal/thread_annotations.h	<installdir>/package/include/tprotobuf/absl/base/internal/thread_annotations.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/internal/thread_identity.h	<installdir>/package/include/tprotobuf/absl/base/internal/thread_identity.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/internal/throw_delegate.h	<installdir>/package/include/tprotobuf/absl/base/internal/throw_delegate.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h	<installdir>/package/include/tprotobuf/absl/base/internal/tsan_mutex_interface.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/internal/unaligned_access.h	<installdir>/package/include/tprotobuf/absl/base/internal/unaligned_access.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/log_severity.h	<installdir>/package/include/tprotobuf/absl/base/log_severity.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/macros.h	<installdir>/package/include/tprotobuf/absl/base/macros.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/optimization.h	<installdir>/package/include/tprotobuf/absl/base/optimization.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/options.h	<installdir>/package/include/tprotobuf/absl/base/options.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/policy_checks.h	<installdir>/package/include/tprotobuf/absl/base/policy_checks.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/port.h	<installdir>/package/include/tprotobuf/absl/base/port.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/base/thread_annotations.h	<installdir>/package/include/tprotobuf/absl/base/thread_annotations.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/cleanup/cleanup.h	<installdir>/package/include/tprotobuf/absl/cleanup/cleanup.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/container/btree_map.h	<installdir>/package/include/tprotobuf/absl/container/btree_map.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/container/btree_set.h	<installdir>/package/include/tprotobuf/absl/container/btree_set.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/container/fixed_array.h	<installdir>/package/include/tprotobuf/absl/container/fixed_array.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/container/flat_hash_map.h	<installdir>/package/include/tprotobuf/absl/container/flat_hash_map.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/container/flat_hash_set.h	<installdir>/package/include/tprotobuf/absl/container/flat_hash_set.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/container/inlined_vector.h	<installdir>/package/include/tprotobuf/absl/container/inlined_vector.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/container/internal/btree.h	<installdir>/package/include/tprotobuf/absl/container/internal/btree.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/container/internal/btree_container.h	<installdir>/package/include/tprotobuf/absl/container/internal/btree_container.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/container/internal/common.h	<installdir>/package/include/tprotobuf/absl/container/internal/common.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/container/internal/common_policy_traits.h	<installdir>/package/include/tprotobuf/absl/container/internal/common_policy_traits.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h	<installdir>/package/include/tprotobuf/absl/container/internal/compressed_tuple.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/container/internal/container_memory.h	<installdir>/package/include/tprotobuf/absl/container/internal/container_memory.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h	<installdir>/package/include/tprotobuf/absl/container/internal/hash_function_defaults.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h	<installdir>/package/include/tprotobuf/absl/container/internal/hash_policy_traits.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/container/internal/hashtable_debug_hooks.h	<installdir>/package/include/tprotobuf/absl/container/internal/hashtable_debug_hooks.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h	<installdir>/package/include/tprotobuf/absl/container/internal/hashtablez_sampler.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/container/internal/inlined_vector.h	<installdir>/package/include/tprotobuf/absl/container/internal/inlined_vector.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/container/internal/layout.h	<installdir>/package/include/tprotobuf/absl/container/internal/layout.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h	<installdir>/package/include/tprotobuf/absl/container/internal/raw_hash_map.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h	<installdir>/package/include/tprotobuf/absl/container/internal/raw_hash_set.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/container/node_hash_map.h	<installdir>/package/include/tprotobuf/absl/container/node_hash_map.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/container/node_hash_set.h	<installdir>/package/include/tprotobuf/absl/container/node_hash_set.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/crc/crc32c.h	<installdir>/package/include/tprotobuf/absl/crc/crc32c.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/crc/internal/crc32_x86_arm_combined_simd.h	<installdir>/package/include/tprotobuf/absl/crc/internal/crc32_x86_arm_combined_simd.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/crc/internal/crc32c_inline.h	<installdir>/package/include/tprotobuf/absl/crc/internal/crc32c_inline.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/crc/internal/crc_cord_state.h	<installdir>/package/include/tprotobuf/absl/crc/internal/crc_cord_state.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/debugging/failure_signal_handler.h	<installdir>/package/include/tprotobuf/absl/debugging/failure_signal_handler.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/debugging/leak_check.h	<installdir>/package/include/tprotobuf/absl/debugging/leak_check.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/debugging/stacktrace.h	<installdir>/package/include/tprotobuf/absl/debugging/stacktrace.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/debugging/symbolize.h	<installdir>/package/include/tprotobuf/absl/debugging/symbolize.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc	<installdir>/package/include/tprotobuf/absl/debugging/symbolize_darwin.inc	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc	<installdir>/package/include/tprotobuf/absl/debugging/symbolize_elf.inc	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/debugging/symbolize_emscripten.inc	<installdir>/package/include/tprotobuf/absl/debugging/symbolize_emscripten.inc	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/debugging/symbolize_unimplemented.inc	<installdir>/package/include/tprotobuf/absl/debugging/symbolize_unimplemented.inc	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/debugging/symbolize_win32.inc	<installdir>/package/include/tprotobuf/absl/debugging/symbolize_win32.inc	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/flags/commandlineflag.h	<installdir>/package/include/tprotobuf/absl/flags/commandlineflag.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/flags/config.h	<installdir>/package/include/tprotobuf/absl/flags/config.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/flags/declare.h	<installdir>/package/include/tprotobuf/absl/flags/declare.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/flags/flag.h	<installdir>/package/include/tprotobuf/absl/flags/flag.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/flags/flag_benchmark.lds	<installdir>/package/include/tprotobuf/absl/flags/flag_benchmark.lds	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/flags/marshalling.h	<installdir>/package/include/tprotobuf/absl/flags/marshalling.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/flags/parse.h	<installdir>/package/include/tprotobuf/absl/flags/parse.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/flags/reflection.h	<installdir>/package/include/tprotobuf/absl/flags/reflection.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/flags/usage.h	<installdir>/package/include/tprotobuf/absl/flags/usage.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/flags/usage_config.h	<installdir>/package/include/tprotobuf/absl/flags/usage_config.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/functional/any_invocable.h	<installdir>/package/include/tprotobuf/absl/functional/any_invocable.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/functional/bind_front.h	<installdir>/package/include/tprotobuf/absl/functional/bind_front.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/functional/function_ref.h	<installdir>/package/include/tprotobuf/absl/functional/function_ref.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/functional/internal/function_ref.h	<installdir>/package/include/tprotobuf/absl/functional/internal/function_ref.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/hash/hash.h	<installdir>/package/include/tprotobuf/absl/hash/hash.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/hash/internal/city.h	<installdir>/package/include/tprotobuf/absl/hash/internal/city.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/hash/internal/hash.h	<installdir>/package/include/tprotobuf/absl/hash/internal/hash.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/hash/internal/low_level_hash.h	<installdir>/package/include/tprotobuf/absl/hash/internal/low_level_hash.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/absl_check.h	<installdir>/package/include/tprotobuf/absl/log/absl_check.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/absl_log.h	<installdir>/package/include/tprotobuf/absl/log/absl_log.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/check.h	<installdir>/package/include/tprotobuf/absl/log/check.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/die_if_null.h	<installdir>/package/include/tprotobuf/absl/log/die_if_null.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/flags.h	<installdir>/package/include/tprotobuf/absl/log/flags.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/globals.h	<installdir>/package/include/tprotobuf/absl/log/globals.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/initialize.h	<installdir>/package/include/tprotobuf/absl/log/initialize.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/internal/check_impl.h	<installdir>/package/include/tprotobuf/absl/log/internal/check_impl.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/internal/check_op.h	<installdir>/package/include/tprotobuf/absl/log/internal/check_op.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/internal/conditions.h	<installdir>/package/include/tprotobuf/absl/log/internal/conditions.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/internal/config.h	<installdir>/package/include/tprotobuf/absl/log/internal/config.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/internal/log_impl.h	<installdir>/package/include/tprotobuf/absl/log/internal/log_impl.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/internal/log_message.h	<installdir>/package/include/tprotobuf/absl/log/internal/log_message.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/internal/nullguard.h	<installdir>/package/include/tprotobuf/absl/log/internal/nullguard.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/internal/nullstream.h	<installdir>/package/include/tprotobuf/absl/log/internal/nullstream.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/internal/strip.h	<installdir>/package/include/tprotobuf/absl/log/internal/strip.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/internal/voidify.h	<installdir>/package/include/tprotobuf/absl/log/internal/voidify.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/log.h	<installdir>/package/include/tprotobuf/absl/log/log.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/log_entry.h	<installdir>/package/include/tprotobuf/absl/log/log_entry.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/log_sink.h	<installdir>/package/include/tprotobuf/absl/log/log_sink.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/log_sink_registry.h	<installdir>/package/include/tprotobuf/absl/log/log_sink_registry.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/log_streamer.h	<installdir>/package/include/tprotobuf/absl/log/log_streamer.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/scoped_mock_log.h	<installdir>/package/include/tprotobuf/absl/log/scoped_mock_log.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/log/structured.h	<installdir>/package/include/tprotobuf/absl/log/structured.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/memory/memory.h	<installdir>/package/include/tprotobuf/absl/memory/memory.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/meta/type_traits.h	<installdir>/package/include/tprotobuf/absl/meta/type_traits.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/numeric/bits.h	<installdir>/package/include/tprotobuf/absl/numeric/bits.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/numeric/int128.h	<installdir>/package/include/tprotobuf/absl/numeric/int128.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/numeric/int128_have_intrinsic.inc	<installdir>/package/include/tprotobuf/absl/numeric/int128_have_intrinsic.inc	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/numeric/int128_no_intrinsic.inc	<installdir>/package/include/tprotobuf/absl/numeric/int128_no_intrinsic.inc	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/numeric/internal/bits.h	<installdir>/package/include/tprotobuf/absl/numeric/internal/bits.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/profiling/internal/sample_recorder.h	<installdir>/package/include/tprotobuf/absl/profiling/internal/sample_recorder.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/random/bernoulli_distribution.h	<installdir>/package/include/tprotobuf/absl/random/bernoulli_distribution.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/random/beta_distribution.h	<installdir>/package/include/tprotobuf/absl/random/beta_distribution.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/random/bit_gen_ref.h	<installdir>/package/include/tprotobuf/absl/random/bit_gen_ref.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/random/discrete_distribution.h	<installdir>/package/include/tprotobuf/absl/random/discrete_distribution.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/random/distributions.h	<installdir>/package/include/tprotobuf/absl/random/distributions.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/random/exponential_distribution.h	<installdir>/package/include/tprotobuf/absl/random/exponential_distribution.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/random/gaussian_distribution.h	<installdir>/package/include/tprotobuf/absl/random/gaussian_distribution.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/random/log_uniform_int_distribution.h	<installdir>/package/include/tprotobuf/absl/random/log_uniform_int_distribution.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/random/mock_distributions.h	<installdir>/package/include/tprotobuf/absl/random/mock_distributions.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/random/mocking_bit_gen.h	<installdir>/package/include/tprotobuf/absl/random/mocking_bit_gen.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/random/poisson_distribution.h	<installdir>/package/include/tprotobuf/absl/random/poisson_distribution.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/random/random.h	<installdir>/package/include/tprotobuf/absl/random/random.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/random/seed_gen_exception.h	<installdir>/package/include/tprotobuf/absl/random/seed_gen_exception.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/random/seed_sequences.h	<installdir>/package/include/tprotobuf/absl/random/seed_sequences.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/random/uniform_int_distribution.h	<installdir>/package/include/tprotobuf/absl/random/uniform_int_distribution.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/random/uniform_real_distribution.h	<installdir>/package/include/tprotobuf/absl/random/uniform_real_distribution.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/random/zipf_distribution.h	<installdir>/package/include/tprotobuf/absl/random/zipf_distribution.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/status/status.h	<installdir>/package/include/tprotobuf/absl/status/status.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/status/status_payload_printer.h	<installdir>/package/include/tprotobuf/absl/status/status_payload_printer.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/status/statusor.h	<installdir>/package/include/tprotobuf/absl/status/statusor.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/ascii.h	<installdir>/package/include/tprotobuf/absl/strings/ascii.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/charconv.h	<installdir>/package/include/tprotobuf/absl/strings/charconv.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/cord.h	<installdir>/package/include/tprotobuf/absl/strings/cord.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/cord_analysis.h	<installdir>/package/include/tprotobuf/absl/strings/cord_analysis.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/cord_buffer.h	<installdir>/package/include/tprotobuf/absl/strings/cord_buffer.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/escaping.h	<installdir>/package/include/tprotobuf/absl/strings/escaping.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/internal/cord_data_edge.h	<installdir>/package/include/tprotobuf/absl/strings/internal/cord_data_edge.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/internal/cord_internal.h	<installdir>/package/include/tprotobuf/absl/strings/internal/cord_internal.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree.h	<installdir>/package/include/tprotobuf/absl/strings/internal/cord_rep_btree.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree_navigator.h	<installdir>/package/include/tprotobuf/absl/strings/internal/cord_rep_btree_navigator.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree_reader.h	<installdir>/package/include/tprotobuf/absl/strings/internal/cord_rep_btree_reader.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/internal/cord_rep_crc.h	<installdir>/package/include/tprotobuf/absl/strings/internal/cord_rep_crc.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/internal/cord_rep_flat.h	<installdir>/package/include/tprotobuf/absl/strings/internal/cord_rep_flat.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h	<installdir>/package/include/tprotobuf/absl/strings/internal/cord_rep_ring.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/internal/cordz_functions.h	<installdir>/package/include/tprotobuf/absl/strings/internal/cordz_functions.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/internal/cordz_handle.h	<installdir>/package/include/tprotobuf/absl/strings/internal/cordz_handle.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/internal/cordz_info.h	<installdir>/package/include/tprotobuf/absl/strings/internal/cordz_info.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/internal/cordz_statistics.h	<installdir>/package/include/tprotobuf/absl/strings/internal/cordz_statistics.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/internal/cordz_update_scope.h	<installdir>/package/include/tprotobuf/absl/strings/internal/cordz_update_scope.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/internal/cordz_update_tracker.h	<installdir>/package/include/tprotobuf/absl/strings/internal/cordz_update_tracker.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/internal/has_absl_stringify.h	<installdir>/package/include/tprotobuf/absl/strings/internal/has_absl_stringify.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/internal/resize_uninitialized.h	<installdir>/package/include/tprotobuf/absl/strings/internal/resize_uninitialized.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/internal/string_constant.h	<installdir>/package/include/tprotobuf/absl/strings/internal/string_constant.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/internal/stringify_sink.h	<installdir>/package/include/tprotobuf/absl/strings/internal/stringify_sink.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/match.h	<installdir>/package/include/tprotobuf/absl/strings/match.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/numbers.h	<installdir>/package/include/tprotobuf/absl/strings/numbers.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/str_cat.h	<installdir>/package/include/tprotobuf/absl/strings/str_cat.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/str_format.h	<installdir>/package/include/tprotobuf/absl/strings/str_format.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/str_join.h	<installdir>/package/include/tprotobuf/absl/strings/str_join.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/str_replace.h	<installdir>/package/include/tprotobuf/absl/strings/str_replace.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/str_split.h	<installdir>/package/include/tprotobuf/absl/strings/str_split.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/string_view.h	<installdir>/package/include/tprotobuf/absl/strings/string_view.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/strip.h	<installdir>/package/include/tprotobuf/absl/strings/strip.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/strings/substitute.h	<installdir>/package/include/tprotobuf/absl/strings/substitute.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/synchronization/barrier.h	<installdir>/package/include/tprotobuf/absl/synchronization/barrier.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/synchronization/blocking_counter.h	<installdir>/package/include/tprotobuf/absl/synchronization/blocking_counter.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.h	<installdir>/package/include/tprotobuf/absl/synchronization/internal/create_thread_identity.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h	<installdir>/package/include/tprotobuf/absl/synchronization/internal/kernel_timeout.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h	<installdir>/package/include/tprotobuf/absl/synchronization/internal/per_thread_sem.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/synchronization/mutex.h	<installdir>/package/include/tprotobuf/absl/synchronization/mutex.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/synchronization/notification.h	<installdir>/package/include/tprotobuf/absl/synchronization/notification.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/time/civil_time.h	<installdir>/package/include/tprotobuf/absl/time/civil_time.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/time/clock.h	<installdir>/package/include/tprotobuf/absl/time/clock.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h	<installdir>/package/include/tprotobuf/absl/time/internal/cctz/include/cctz/civil_time.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h	<installdir>/package/include/tprotobuf/absl/time/internal/cctz/include/cctz/civil_time_detail.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h	<installdir>/package/include/tprotobuf/absl/time/internal/cctz/include/cctz/time_zone.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/time/time.h	<installdir>/package/include/tprotobuf/absl/time/time.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/types/any.h	<installdir>/package/include/tprotobuf/absl/types/any.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/types/bad_any_cast.h	<installdir>/package/include/tprotobuf/absl/types/bad_any_cast.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/types/bad_optional_access.h	<installdir>/package/include/tprotobuf/absl/types/bad_optional_access.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/types/bad_variant_access.h	<installdir>/package/include/tprotobuf/absl/types/bad_variant_access.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/types/compare.h	<installdir>/package/include/tprotobuf/absl/types/compare.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/types/internal/span.h	<installdir>/package/include/tprotobuf/absl/types/internal/span.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/types/internal/variant.h	<installdir>/package/include/tprotobuf/absl/types/internal/variant.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/types/internal/optional.h	<installdir>/package/include/tprotobuf/absl/types/internal/optional.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/types/optional.h	<installdir>/package/include/tprotobuf/absl/types/optional.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/types/span.h	<installdir>/package/include/tprotobuf/absl/types/span.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/types/variant.h	<installdir>/package/include/tprotobuf/absl/types/variant.h	0	main	STP
+-<deliverydir>/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/utility/utility.h	<installdir>/package/include/tprotobuf/absl/utility/utility.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/aes.h	<installdir>/package/include/mbedtls/aes.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/bignum.h	<installdir>/package/include/mbedtls/bignum.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/build_info.h	<installdir>/package/include/mbedtls/build_info.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/check_config.h	<installdir>/package/include/mbedtls/check_config.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/cipher.h	<installdir>/package/include/mbedtls/cipher.h	0	main	STP
+-
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/config_psa.h	<installdir>/package/include/mbedtls/config_psa.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/ctr_drbg.h	<installdir>/package/include/mbedtls/ctr_drbg.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/ecdsa.h	<installdir>/package/include/mbedtls/ecdsa.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/ecp.h	<installdir>/package/include/mbedtls/ecp.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/entropy.h	<installdir>/package/include/mbedtls/entropy.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/mbedtls_config.h	<installdir>/package/include/mbedtls/mbedtls_config.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/md.h	<installdir>/package/include/mbedtls/md.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/platform_util.h	<installdir>/package/include/mbedtls/platform_util.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/private_access.h	<installdir>/package/include/mbedtls/private_access.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/sha1.h	<installdir>/package/include/mbedtls/sha1.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/sha256.h	<installdir>/package/include/mbedtls/sha256.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/sha512.h	<installdir>/package/include/mbedtls/sha512.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/threading.h	<installdir>/package/include/mbedtls/threading.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/platform.h	<installdir>/package/include/mbedtls/platform.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/ecdh.h	<installdir>/package/include/mbedtls/ecdh.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/cmac.h	<installdir>/package/include/mbedtls/cmac.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/rsa.h	<installdir>/package/include/mbedtls/rsa.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/gcm.h	<installdir>/package/include/mbedtls/gcm.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/config_adjust_legacy_crypto.h	<installdir>/package/include/mbedtls/config_adjust_legacy_crypto.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/config_adjust_x509.h	<installdir>/package/include/mbedtls/config_adjust_x509.h	0	main	STP
+-<deliverydir>/external/mbedtls/mbedtls_code/include/mbedtls/config_adjust_ssl.h	<installdir>/package/include/mbedtls/config_adjust_ssl.h	0	main	STP
+ <deliverydir>/common/buildenv.mk	<installdir>/package/buildenv.mk	0	main	STP
+diff --git a/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_cf.txt b/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_cf.txt
+index d494deba..998def35 100644
+--- a/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_cf.txt
+++ b/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_cf.txt
+@@ -9,11 +9,8 @@ DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
+ <deliverydir>/build/linuxCF/libsgx_tswitchless.a	<installdir>/package/lib64/cve_2020_0551_cf/libsgx_tswitchless.a	0	main	STP
+ <deliverydir>/build/linuxCF/libsgx_tprotected_fs.a	<installdir>/package/lib64/cve_2020_0551_cf/libsgx_tprotected_fs.a	0	main	STP
+ <deliverydir>/build/linuxCF/libsgx_pcl.a	<installdir>/package/lib64/cve_2020_0551_cf/libsgx_pcl.a	0	main	STP
+-<deliverydir>/build/linuxCF/libsgx_omp.a	<installdir>/package/lib64/cve_2020_0551_cf/libsgx_omp.a	0	main	STP
+ <deliverydir>/build/linuxCF/libsgx_pthread.a	<installdir>/package/lib64/cve_2020_0551_cf/libsgx_pthread.a	0	main	STP
+-<deliverydir>/build/linuxCF/libsgx_protobuf.a	<installdir>/package/lib64/cve_2020_0551_cf/libsgx_protobuf.a	0	main	STP
+ <deliverydir>/build/linuxCF/libsgx_ttls.a	<installdir>/package/lib64/cve_2020_0551_cf/libsgx_ttls.a	0	main	STP
+ <deliverydir>/build/linuxCF/libtdx_tls.a	<installdir>/package/lib64/cve_2020_0551_cf/libtdx_tls.a	0	main	STP
+ <deliverydir>/build/linuxCF/libsgx_utls.a	<installdir>/package/lib64/cve_2020_0551_cf/libsgx_utls.a	0	main	STP
+-<deliverydir>/build/linuxCF/libsgx_mbedcrypto.a	<installdir>/package/lib64/cve_2020_0551_cf/libsgx_mbedcrypto.a	0	main	STP
+ <deliverydir>/external/dcap_source/QuoteGeneration/build/linuxCF/libsgx_dcap_tvl.a	<installdir>/package/lib64/cve_2020_0551_cf/libsgx_dcap_tvl.a	0	main	STP
+diff --git a/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_load.txt b/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_load.txt
+index 53c9cfc6..b68b9976 100644
+--- a/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_load.txt
+++ b/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_load.txt
+@@ -9,11 +9,8 @@ DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
+ <deliverydir>/build/linuxLOAD/libsgx_tswitchless.a	<installdir>/package/lib64/cve_2020_0551_load/libsgx_tswitchless.a	0	main	STP
+ <deliverydir>/build/linuxLOAD/libsgx_tprotected_fs.a	<installdir>/package/lib64/cve_2020_0551_load/libsgx_tprotected_fs.a	0	main	STP
+ <deliverydir>/build/linuxLOAD/libsgx_pcl.a	<installdir>/package/lib64/cve_2020_0551_load/libsgx_pcl.a	0	main	STP
+-<deliverydir>/build/linuxLOAD/libsgx_omp.a	<installdir>/package/lib64/cve_2020_0551_load/libsgx_omp.a	0	main	STP
+ <deliverydir>/build/linuxLOAD/libsgx_pthread.a	<installdir>/package/lib64/cve_2020_0551_load/libsgx_pthread.a	0	main	STP
+-<deliverydir>/build/linuxLOAD/libsgx_protobuf.a	<installdir>/package/lib64/cve_2020_0551_load/libsgx_protobuf.a	0	main	STP
+ <deliverydir>/build/linuxLOAD/libsgx_ttls.a	<installdir>/package/lib64/cve_2020_0551_load/libsgx_ttls.a	0	main	STP
+ <deliverydir>/build/linuxLOAD/libtdx_tls.a	<installdir>/package/lib64/cve_2020_0551_load/libtdx_tls.a	0	main	STP
+ <deliverydir>/build/linuxLOAD/libsgx_utls.a	<installdir>/package/lib64/cve_2020_0551_load/libsgx_utls.a	0	main	STP
+-<deliverydir>/build/linuxLOAD/libsgx_mbedcrypto.a	<installdir>/package/lib64/cve_2020_0551_load/libsgx_mbedcrypto.a	0	main	STP
+ <deliverydir>/external/dcap_source/QuoteGeneration/build/linuxLOAD/libsgx_dcap_tvl.a	<installdir>/package/lib64/cve_2020_0551_load/libsgx_dcap_tvl.a	0	main	STP
+diff --git a/linux/installer/common/sdk/BOMs/sdk_x64.txt b/linux/installer/common/sdk/BOMs/sdk_x64.txt
+index 629492c1..602a804d 100644
+--- a/linux/installer/common/sdk/BOMs/sdk_x64.txt
+++ b/linux/installer/common/sdk/BOMs/sdk_x64.txt
+@@ -39,14 +39,10 @@ DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
+ <deliverydir>/build/linux/sgx_edger8r	<installdir>/package/bin/x64/sgx_edger8r	0	main	STP
+ <deliverydir>/build/linux/sgx_sign	<installdir>/package/bin/x64/sgx_sign	0	main	STP
+ <deliverydir>/build/linux/sgx_encrypt	<installdir>/package/bin/x64/sgx_encrypt	0	main	STP
+-<deliverydir>/build/linux/sgx_protoc	<installdir>/package/bin/x64/sgx_protoc	0	main	STP
+ <deliverydir>/build/linux/libsgx_pthread.a	<installdir>/package/lib64/libsgx_pthread.a	0	main	STP
+-<deliverydir>/build/linux/libsgx_omp.a	<installdir>/package/lib64/libsgx_omp.a	0	main	STP
+-<deliverydir>/build/linux/libsgx_protobuf.a	<installdir>/package/lib64/libsgx_protobuf.a	0	main	STP
+ <deliverydir>/build/linux/libsgx_ttls.a	<installdir>/package/lib64/libsgx_ttls.a	0	main	STP
+ <deliverydir>/build/linux/libtdx_tls.a	<installdir>/package/lib64/libtdx_tls.a	0	main	STP
+ <deliverydir>/build/linux/libsgx_utls.a	<installdir>/package/lib64/libsgx_utls.a	0	main	STP
+-<deliverydir>/build/linux/libsgx_mbedcrypto.a	<installdir>/package/lib64/libsgx_mbedcrypto.a	0	main	STP
+ <deliverydir>/external/dcap_source/QuoteGeneration/build/linux/libsgx_dcap_tvl.a	<installdir>/package/lib64/libsgx_dcap_tvl.a	0	main	STP
+ <deliverydir>/linux/installer/common/sdk/installConfig.x64	<installdir>/scripts/installConfig	0	main	STP
+ <deliverydir>/linux/installer/common/sdk/pkgconfig/x64/libsgx_uae_service_sim.pc	<installdir>/package/pkgconfig/libsgx_uae_service_sim.pc	0	main	STP
+diff --git a/sdk/Makefile.source b/sdk/Makefile.source
+index d3e40036..3bd08d5c 100644
+--- a/sdk/Makefile.source
+++ b/sdk/Makefile.source
+@@ -41,15 +41,11 @@
+ #        - tprotected_fs: libsgx_tprotected_fs.a
+ #        - tcmalloc:      libsgx_tcmalloc.a
+ #        - sgx_pcl:       libsgx_pcl.a
+-#        - openmp:        libsgx_omp.a
+-#        - protobuf:      libsgx_protobuf.a
+ #        - ttls:          libsgx_ttls.a
+-#        - mbedtls:       libsgx_mbedcrypto.a
+ #  - Untrtusted libraries
+ #        - ukey_exchange: libsgx_ukey_exchange.a
+ #        - uprotected_fs: libsgx_uprotected_fs.a
+ #        - ptrace:        libsgx_ptrace.so, gdb-sgx-plugin
+-#        - sample_crypto: libsample_crypto.so (for sample code use)
+ #        - utls:          libsgx_utls.a
+ #  - Standalone, untrusted libraries
+ #        - libcapable:    libsgx_capable.a libsgx_capable.so
+@@ -67,7 +63,7 @@ LIBTCXX    := $(BUILD_DIR)/libsgx_tcxx.a
+ LIBTSE     := $(BUILD_DIR)/libsgx_tservice.a
+ 
+ .PHONY: components
+-components: tstdc tcxx tservice trts tcrypto tkey_exchange ukey_exchange tprotected_fs uprotected_fs ptrace sample_crypto libcapable simulation signtool edger8r tcmalloc sgx_pcl sgx_encrypt sgx_tswitchless sgx_uswitchless pthread openmp protobuf ttls utls mbedtls
+components: tstdc tcxx tservice trts tcrypto tkey_exchange ukey_exchange tprotected_fs uprotected_fs ptrace libcapable simulation signtool edger8r tcmalloc sgx_pcl sgx_encrypt sgx_tswitchless sgx_uswitchless pthread ttls utls
+ 
+ # ---------------------------------------------------
+ #  tstdc
+@@ -221,26 +217,10 @@ tprotected_fs: edger8r
+ sgx_pcl:
+ 	$(MAKE) -C protected_code_loader
+ 
+-.PHONY: openmp
+-openmp:
+-	$(MAKE) -C $(LINUX_EXTERNAL_DIR)/openmp
+-
+-.PHONY: protobuf
+-protobuf:
+-ifeq ($(MITIGATION-CVE-2020-0551),)
+-	$(MAKE) -C $(LINUX_EXTERNAL_DIR)/protobuf BUILD_PROTOC=1
+-else
+-	$(MAKE) -C $(LINUX_EXTERNAL_DIR)/protobuf
+-endif
+-
+ .PHONY: ttls
+ ttls: edger8r
+ 	$(MAKE) -C ttls
+ 
+-.PHONY: mbedtls
+-mbedtls:
+-	$(MAKE) -C $(LINUX_EXTERNAL_DIR)/mbedtls
+-
+ # ---------------------------------------------------
+ #  Untrusted libraries
+ # ---------------------------------------------------
+@@ -256,10 +236,6 @@ uprotected_fs: edger8r
+ ptrace:
+ 	$(MAKE) -C debugger_interface/linux/
+ 
+-.PHONY: sample_crypto
+-sample_crypto:
+-	$(MAKE) -C sample_libcrypto
+-
+ .PHONY: utls
+ utls:
+ 	$(MAKE) -C utls
+@@ -329,7 +305,6 @@ clean:
+ 	$(MAKE) -C protected_fs/sgx_tprotected_fs/     clean
+ 	$(MAKE) -C protected_fs/sgx_uprotected_fs/     clean
+ 	$(MAKE) -C debugger_interface/linux/           clean
+-	$(MAKE) -C sample_libcrypto/                   clean
+ 	$(MAKE) -C libcapable/linux/                   clean
+ 	$(MAKE) -C simulation/                         clean
+ 	$(MAKE) -C sign_tool/SignTool                  clean
+@@ -340,11 +315,8 @@ clean:
+ 	$(MAKE) -C switchless/sgx_uswitchless          clean
+ 	$(MAKE) -C tmm_rsrv/                           clean
+ 	$(MAKE) -C pthread                             clean
+-	$(MAKE) -C $(LINUX_EXTERNAL_DIR)/openmp        clean
+-	$(MAKE) -C $(LINUX_EXTERNAL_DIR)/protobuf      clean
+ 	$(MAKE) -C ttls						           clean
+ 	$(MAKE) -C utls						           clean
+-	$(MAKE) -C $(LINUX_EXTERNAL_DIR)/mbedtls			           clean
+ 	@$(RM) $(LIBTLIBC) $(LIBTCXX) $(LIBTSE)
+ 	@$(RM) $(BUILD_DIR)/libc++_Changes_SGX.txt
+ 	@$(RM) -rf $(BUILD_DIR)/.compiler-rt
+-- 
+2.46.0
+
--- a/0006-Fix-compat-with-gcc-14.patch
+++ b/0006-Fix-compat-with-gcc-14.patch
@ -0,0 +1,48 @@
+From ec8e718cbcdce69263bb2f61df112118234df7aa Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Mon, 24 Jun 2024 17:36:13 +0100
+Subject: [PATCH 06/13] Fix compat with gcc 14
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+With refactoring of libstdc++, the <algorithm> header is no
+longer pulled in indirectly, so must be explicitly requested.
+
+The C++ standard for aesm must also be bumped to 14 to ensure
+that std::enable_if_t is available.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ psw/ae/aesm_service/source/CMakeLists.txt | 2 +-
+ psw/enclave_common/sgx_enclave_common.cpp | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/psw/ae/aesm_service/source/CMakeLists.txt b/psw/ae/aesm_service/source/CMakeLists.txt
+index 3edd77c7..89b3e3ae 100644
+--- a/psw/ae/aesm_service/source/CMakeLists.txt
+++ b/psw/ae/aesm_service/source/CMakeLists.txt
+@@ -61,7 +61,7 @@ if(REF_LE)
+ endif()
+ 
+ set(CMAKE_CXX_STANDARD_REQUIRED 1)
+-set(CMAKE_CXX_STANDARD 11)
+set(CMAKE_CXX_STANDARD 14)
+ set(CMAKE_SKIP_BUILD_RPATH true)
+ 
+ ########## SGX SDK Settings ##########
+diff --git a/psw/enclave_common/sgx_enclave_common.cpp b/psw/enclave_common/sgx_enclave_common.cpp
+index 9867ecc8..46fcf873 100644
+--- a/psw/enclave_common/sgx_enclave_common.cpp
+++ b/psw/enclave_common/sgx_enclave_common.cpp
+@@ -35,6 +35,7 @@
+ #include <dlfcn.h>
+ #include <map>
+ #include <functional>
+#include <algorithm>
+ #include "sgx_enclave_common.h"
+ #include "sgx_urts.h"
+ #include "arch.h"
+-- 
+2.46.0
+
--- a/0007-Fix-escaping-of-regexes-in-sgx-asm-pp.patch
+++ b/0007-Fix-escaping-of-regexes-in-sgx-asm-pp.patch
@ -0,0 +1,282 @@
+From 285845dd940042c9dfa3983aa478263b3aeb6d09 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Mon, 2 Sep 2024 16:49:18 +0100
+Subject: [PATCH 07/13] Fix escaping of regexes in sgx-asm-pp
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Running sgx-asm-pp.py on recent Python generates many warnings
+
+  sgx-asm-pp.py:64: SyntaxWarning: invalid escape sequence '\s'
+  sgx-asm-pp.py:85: SyntaxWarning: invalid escape sequence '\s'
+  sgx-asm-pp.py:65: SyntaxWarning: invalid escape sequence '\s'
+  sgx-asm-pp.py:86: SyntaxWarning: invalid escape sequence '\s'
+  sgx-asm-pp.py:66: SyntaxWarning: invalid escape sequence '\s'
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ build-scripts/sgx-asm-pp.py | 242 ++++++++++++++++++------------------
+ 1 file changed, 121 insertions(+), 121 deletions(-)
+
+diff --git a/build-scripts/sgx-asm-pp.py b/build-scripts/sgx-asm-pp.py
+index 2b02396b..0df3fc47 100644
+--- a/build-scripts/sgx-asm-pp.py
+++ b/build-scripts/sgx-asm-pp.py
+@@ -38,132 +38,132 @@ import re
+ import shutil
+ import argparse
+ 
+-LOCK = 'lock'
+-REP = 'rep[a-z]*'
+-REX = 'rex(?:\.[a-zA-Z]+)?'
+-SCALAR = '(?:(?:[+-]\s*)?(?:[0-9][0-9a-fA-F]*|0x[0-9a-fA-F]+))'
+-IMMEDIATE = '(?:%s[hb]?)' %(SCALAR)
+-REG = '(?:[a-zA-Z][a-zA-Z0-9]*)'
+-SYM = '(?:[_a-zA-Z][_a-zA-Z0-9]*(?:@[0-9a-zA-Z]+)?)'
+-LABEL = '(?:[._a-zA-Z0-9]+)'
+-SEP = '(?:(?:^|:)\s*)'
+-PFX = '(?:%s\s+)?' %(REX)
+-CONST = '(?:(?:%s|%s|%s)(?:\s*[/*+-]\s*(?:%s|%s|%s))*)' %(SYM, SCALAR, LABEL, SYM, SCALAR, LABEL)
+-OFFSET = '(?:%s|%s|%s\s*:\s*(?:%s|%s|))' %(CONST, SYM, REG, CONST, SYM)
+-MEMORYOP = '(?:\[*(?:[a-zA-Z]+\s+)*(?:%s\s*:\s*%s?|(?:%s\s*)?\[[^]]+\]\]*))' %(REG, CONST, OFFSET)
+-ANYOP = '(?:%s|%s|%s|%s|%s)' %(MEMORYOP, IMMEDIATE, REG, SYM, LABEL)
+-MEMORYOP = '(?:%s|(?:[a-zA-Z]+\s+(?:ptr|PTR)\s+%s))' %(MEMORYOP, ANYOP)
+-MEMORYSRC = '(?:%s\s*,\s*)+%s(?:\s*,\s*%s)*' %(ANYOP, MEMORYOP, ANYOP)
+-MEMORYANY = '(?:%s\s*,\s*)*%s(?:\s*,\s*%s)*' %(ANYOP, MEMORYOP, ANYOP)
+LOCK = r'lock'
+REP = r'rep[a-z]*'
+REX = r'rex(?:\.[a-zA-Z]+)?'
+SCALAR = r'(?:(?:[+-]\s*)?(?:[0-9][0-9a-fA-F]*|0x[0-9a-fA-F]+))'
+IMMEDIATE = r'(?:%s[hb]?)' %(SCALAR)
+REG = r'(?:[a-zA-Z][a-zA-Z0-9]*)'
+SYM = r'(?:[_a-zA-Z][_a-zA-Z0-9]*(?:@[0-9a-zA-Z]+)?)'
+LABEL = r'(?:[._a-zA-Z0-9]+)'
+SEP = r'(?:(?:^|:)\s*)'
+PFX = r'(?:%s\s+)?' %(REX)
+CONST = r'(?:(?:%s|%s|%s)(?:\s*[/*+-]\s*(?:%s|%s|%s))*)' %(SYM, SCALAR, LABEL, SYM, SCALAR, LABEL)
+OFFSET = r'(?:%s|%s|%s\s*:\s*(?:%s|%s|))' %(CONST, SYM, REG, CONST, SYM)
+MEMORYOP = r'(?:\[*(?:[a-zA-Z]+\s+)*(?:%s\s*:\s*%s?|(?:%s\s*)?\[[^]]+\]\]*))' %(REG, CONST, OFFSET)
+ANYOP = r'(?:%s|%s|%s|%s|%s)' %(MEMORYOP, IMMEDIATE, REG, SYM, LABEL)
+MEMORYOP = r'(?:%s|(?:[a-zA-Z]+\s+(?:ptr|PTR)\s+%s))' %(MEMORYOP, ANYOP)
+MEMORYSRC = r'(?:%s\s*,\s*)+%s(?:\s*,\s*%s)*' %(ANYOP, MEMORYOP, ANYOP)
+MEMORYANY = r'(?:%s\s*,\s*)*%s(?:\s*,\s*%s)*' %(ANYOP, MEMORYOP, ANYOP)
+ ATTSTAR = ''
+-GPR = '(?:rax|rcx|rdx|rbx|rdi|rsi|rbp|rsp|r8|r9|r10|r11|r12|r13|r14|r15|RAX|RCX|RDX|RBX|RDI|RSI|RBP|RSP|R8|R9|R10|R11|R12|R13|R14|R15)'
+GPR = r'(?:rax|rcx|rdx|rbx|rdi|rsi|rbp|rsp|r8|r9|r10|r11|r12|r13|r14|r15|RAX|RCX|RDX|RBX|RDI|RSI|RBP|RSP|R8|R9|R10|R11|R12|R13|R14|R15)'
+ 
+ LFENCE = [
+-    '(?:%s%smov(?:[a-rt-z][a-z0-9]*)?\s+%s)' %(SEP, PFX, MEMORYSRC),
+-    '(?:%s%s(?:vpmask|vmask|mask|c|v|p|vp)mov[a-z0-9]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+-    '(?:%s%spop[bswlqt]?\s+(?:%s|%s))' %(SEP, PFX, MEMORYOP, REG),
+-    '(?:%s%spopad?\s+%s\s*)' %(SEP, PFX, REG),
+-    '(?:%s%s(?:%s\s+)?xchg[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+-    '(?:%s%s(?:%s\s+)?(?:x|p|vp|ph|h|pm|vpm|)add[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+-    '(?:%s%s(?:%s\s+)?(?:p|vp|ph|h|)sub[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+-    '(?:%s%s(?:%s\s+)?ad[co]x?[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+-    '(?:%s%s(?:%s\s+)?sbb[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+-    '(?:%s%s(?:%s\s+)?v?p?cmp(?:[a-rt-z][a-z0-9]*)?\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+-    '(?:%s%s(?:%s\s+)?inc[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+-    '(?:%s%s(?:%s\s+)?dec[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+-    '(?:%s%s(?:%s\s+)?not[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+-    '(?:%s%s(?:%s\s+)?neg[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+-    '(?:%s%s(?:i|v|p|vp|)mul[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%s(?:i|v|p|vp|)div[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%spopcnt[a-z]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+-    '(?:%s%scrc32[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%s(?:%s\s+)?v?p?and[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+-    '(?:%s%s(?:%s\s+)?v?p?or[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+-    '(?:%s%s(?:%s\s+)?v?p?xor[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+-    '(?:%s%sv?p?test[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%ss[ah][lr][a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%ssar[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%s(?:vp|)ro(?:r|l)[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%src(?:r|l)[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%s(?:%s\s+)?bt[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+-    '(?:%s%sbs[fr][a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%s(?:vp|)[lt]zcnt[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sblsi[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sblsmsk[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sblsr[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sbextr[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sbzhi[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%spdep[a-z]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+-    '(?:%s%spext[a-z]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+-    '(?:%s%s(?:%s\s+)?lods[a-z]*(?:\s+%s|\s*(?:#|$)))' %(SEP, PFX, REP, MEMORYSRC),
+-    '(?:%s%s(?:%s\s+)?scas[a-z]*(?:\s+%s|\s*(?:#|$)))' %(SEP, PFX, REP, MEMORYSRC),
+-    '(?:%s%s(?:%s\s+)?outs[a-z]*(?:\s+%s|\s*(?:#|$)))' %(SEP, PFX, REP, MEMORYSRC),
+-    '(?:%s%s(?:%s\s+)?cmps[a-z]*(?:\s+%s|\s*(?:#|$)))' %(SEP, PFX, REP, MEMORYSRC),
+-    '(?:%s%s(?:%s\s+)?movs[a-z]*(?:\s+%s|\s*(?:#|$)))' %(SEP, PFX, REP, MEMORYSRC),
+-    '(?:%s%slddqu\s+%s)' %(SEP, PFX, MEMORYSRC),
+-    '(?:%s%sv?pack[a-z]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+-    '(?:%s%sv?p?unpck[a-z]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+-    '(?:%s%sv?p?shuf[a-z0-9]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+-    '(?:%s%sv?p?align[a-z]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+-    '(?:%s%sv?pblend[a-z]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+-    '(?:%s%svperm[a-z0-9]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+-    '(?:%s%sv?p?insr[a-z]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+-    '(?:%s%sv?insert[a-z0-9]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+-    '(?:%s%sv?p?expand[a-z]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+-    '(?:%s%svp?broadcast[a-z0-9]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%svp?gather[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sv?pavg[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sv?p?min[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sv?p?max[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sv?phminpos[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sv?pabs[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sv?psign[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sv?(?:m|db|)psad[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sv?psll[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sv?psrl[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sv?psra[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sv?pclmulqdq\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sv?aesdec(?:last)?\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sv?aesenc(?:last)?\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sv?aesimc\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sv?aeskeygenassist\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sv?sha(?:1|256)(?:nexte|rnds4|msg1|msg2)\s+%s)' %(SEP, PFX, MEMORYSRC),
+-    '(?:%s%sv?cvt[a-z0-9]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+-    '(?:%s%sv?rcp(?:ss|ps)\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sv?u?comis[sd]\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sv?round[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sv?dpp[sd]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sv?r?sqrt[a-z0-9]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+-    '(?:%s%sv?ldmxcsr\s+%s)' %(SEP, PFX, MEMORYOP),
+-    '(?:%s%sf?x?rstors?\s+%s)' %(SEP, PFX, MEMORYOP),
+-    '(?:%s%sl[gi]dt\s+%s)' %(SEP, PFX, MEMORYOP),
+-    '(?:%s%slmsw\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%svmptrld\s+%s)' %(SEP, PFX, MEMORYOP),
+-    '(?:%s%sf(?:b|i|)ld[a-z0-9]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sfi?add[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sfi?sub[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sfi?mul[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sfi?div[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sf(?:i|u|)com[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sleave[bswlqt]?)' %(SEP, PFX),
+-    '(?:%s%spopf[bswlqt]?)' %(SEP, PFX),
+-    '(?:%s%svfixupimm[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%svf[m|n]add[a-z0-9]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%svfpclass[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%svget[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%svpconflict[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%svpternlog[d|q]\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%svrange[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%svreduce[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%svrndscale[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%svscalef[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sxlat\s+%s)' %(SEP, PFX, MEMORYANY),
+-    '(?:%s%sxlatb?)' %(SEP, PFX),
+    r'(?:%s%smov(?:[a-rt-z][a-z0-9]*)?\s+%s)' %(SEP, PFX, MEMORYSRC),
+    r'(?:%s%s(?:vpmask|vmask|mask|c|v|p|vp)mov[a-z0-9]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+    r'(?:%s%spop[bswlqt]?\s+(?:%s|%s))' %(SEP, PFX, MEMORYOP, REG),
+    r'(?:%s%spopad?\s+%s\s*)' %(SEP, PFX, REG),
+    r'(?:%s%s(?:%s\s+)?xchg[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+    r'(?:%s%s(?:%s\s+)?(?:x|p|vp|ph|h|pm|vpm|)add[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+    r'(?:%s%s(?:%s\s+)?(?:p|vp|ph|h|)sub[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+    r'(?:%s%s(?:%s\s+)?ad[co]x?[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+    r'(?:%s%s(?:%s\s+)?sbb[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+    r'(?:%s%s(?:%s\s+)?v?p?cmp(?:[a-rt-z][a-z0-9]*)?\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+    r'(?:%s%s(?:%s\s+)?inc[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+    r'(?:%s%s(?:%s\s+)?dec[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+    r'(?:%s%s(?:%s\s+)?not[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+    r'(?:%s%s(?:%s\s+)?neg[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+    r'(?:%s%s(?:i|v|p|vp|)mul[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%s(?:i|v|p|vp|)div[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%spopcnt[a-z]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+    r'(?:%s%scrc32[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%s(?:%s\s+)?v?p?and[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+    r'(?:%s%s(?:%s\s+)?v?p?or[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+    r'(?:%s%s(?:%s\s+)?v?p?xor[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+    r'(?:%s%sv?p?test[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%ss[ah][lr][a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%ssar[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%s(?:vp|)ro(?:r|l)[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%src(?:r|l)[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%s(?:%s\s+)?bt[a-z]*\s+%s)' %(SEP, PFX, LOCK, MEMORYANY),
+    r'(?:%s%sbs[fr][a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%s(?:vp|)[lt]zcnt[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sblsi[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sblsmsk[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sblsr[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sbextr[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sbzhi[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%spdep[a-z]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+    r'(?:%s%spext[a-z]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+    r'(?:%s%s(?:%s\s+)?lods[a-z]*(?:\s+%s|\s*(?:#|$)))' %(SEP, PFX, REP, MEMORYSRC),
+    r'(?:%s%s(?:%s\s+)?scas[a-z]*(?:\s+%s|\s*(?:#|$)))' %(SEP, PFX, REP, MEMORYSRC),
+    r'(?:%s%s(?:%s\s+)?outs[a-z]*(?:\s+%s|\s*(?:#|$)))' %(SEP, PFX, REP, MEMORYSRC),
+    r'(?:%s%s(?:%s\s+)?cmps[a-z]*(?:\s+%s|\s*(?:#|$)))' %(SEP, PFX, REP, MEMORYSRC),
+    r'(?:%s%s(?:%s\s+)?movs[a-z]*(?:\s+%s|\s*(?:#|$)))' %(SEP, PFX, REP, MEMORYSRC),
+    r'(?:%s%slddqu\s+%s)' %(SEP, PFX, MEMORYSRC),
+    r'(?:%s%sv?pack[a-z]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+    r'(?:%s%sv?p?unpck[a-z]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+    r'(?:%s%sv?p?shuf[a-z0-9]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+    r'(?:%s%sv?p?align[a-z]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+    r'(?:%s%sv?pblend[a-z]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+    r'(?:%s%svperm[a-z0-9]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+    r'(?:%s%sv?p?insr[a-z]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+    r'(?:%s%sv?insert[a-z0-9]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+    r'(?:%s%sv?p?expand[a-z]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+    r'(?:%s%svp?broadcast[a-z0-9]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%svp?gather[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sv?pavg[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sv?p?min[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sv?p?max[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sv?phminpos[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sv?pabs[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sv?psign[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sv?(?:m|db|)psad[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sv?psll[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sv?psrl[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sv?psra[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sv?pclmulqdq\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sv?aesdec(?:last)?\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sv?aesenc(?:last)?\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sv?aesimc\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sv?aeskeygenassist\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sv?sha(?:1|256)(?:nexte|rnds4|msg1|msg2)\s+%s)' %(SEP, PFX, MEMORYSRC),
+    r'(?:%s%sv?cvt[a-z0-9]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+    r'(?:%s%sv?rcp(?:ss|ps)\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sv?u?comis[sd]\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sv?round[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sv?dpp[sd]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sv?r?sqrt[a-z0-9]*\s+%s)' %(SEP, PFX, MEMORYSRC),
+    r'(?:%s%sv?ldmxcsr\s+%s)' %(SEP, PFX, MEMORYOP),
+    r'(?:%s%sf?x?rstors?\s+%s)' %(SEP, PFX, MEMORYOP),
+    r'(?:%s%sl[gi]dt\s+%s)' %(SEP, PFX, MEMORYOP),
+    r'(?:%s%slmsw\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%svmptrld\s+%s)' %(SEP, PFX, MEMORYOP),
+    r'(?:%s%sf(?:b|i|)ld[a-z0-9]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sfi?add[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sfi?sub[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sfi?mul[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sfi?div[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sf(?:i|u|)com[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sleave[bswlqt]?)' %(SEP, PFX),
+    r'(?:%s%spopf[bswlqt]?)' %(SEP, PFX),
+    r'(?:%s%svfixupimm[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%svf[m|n]add[a-z0-9]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%svfpclass[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%svget[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%svpconflict[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%svpternlog[d|q]\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%svrange[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%svreduce[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%svrndscale[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%svscalef[a-z]*\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sxlat\s+%s)' %(SEP, PFX, MEMORYANY),
+    r'(?:%s%sxlatb?)' %(SEP, PFX),
+ ]
+ 
+-RET = '(?:%s%sret[a-z]*(?:\s+%s)?(?:#|$))' %(SEP, PFX, IMMEDIATE)
+-MEM_INDBR = '(?:%s%s(?:call|jmp)[a-z]*\s+%s%s)' %(SEP, PFX, ATTSTAR, MEMORYOP)
+-REG_INDBR = '(?:%s%s(?:call|jmp)[a-z]*\s+%s)' %(SEP, PFX, GPR)
+RET = r'(?:%s%sret[a-z]*(?:\s+%s)?(?:#|$))' %(SEP, PFX, IMMEDIATE)
+MEM_INDBR = r'(?:%s%s(?:call|jmp)[a-z]*\s+%s%s)' %(SEP, PFX, ATTSTAR, MEMORYOP)
+REG_INDBR = r'(?:%s%s(?:call|jmp)[a-z]*\s+%s)' %(SEP, PFX, GPR)
+ 
+ #
+ # File Operations - read/write
+-- 
+2.46.0
+
--- a/0008-Disable-use-of-bogus-DEF_WEAK-macro.patch
+++ b/0008-Disable-use-of-bogus-DEF_WEAK-macro.patch
@ -0,0 +1,30 @@
+From 0584b938529c615f16dbb9751267e14ce73b37ca Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 1 Oct 2024 18:53:17 +0100
+Subject: [PATCH 08/13] Disable use of bogus DEF_WEAK macro
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ sdk/tlibc/time/strptime.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/sdk/tlibc/time/strptime.c b/sdk/tlibc/time/strptime.c
+index 08023a7c..9e62adc6 100644
+--- a/sdk/tlibc/time/strptime.c
+++ b/sdk/tlibc/time/strptime.c
+@@ -89,7 +89,9 @@ strptime(const char *buf, const char *fmt, struct tm *tm)
+ {
+ 	return(_strptime(buf, fmt, tm, 1));
+ }
+#if 0
+ DEF_WEAK(strptime);
+#endif
+ 
+ static char *
+ _strptime(const char *buf, const char *fmt, struct tm *tm, int initialize)
+-- 
+2.46.0
+
--- a/0009-Remove-all-references-to-pccs-service.patch
+++ b/0009-Remove-all-references-to-pccs-service.patch
@ -0,0 +1,497 @@
+From d0a7e7bcf090c5a3549e76709b83aaee87197b2b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 1 Oct 2024 20:18:48 +0100
+Subject: [PATCH 09/13] Remove all references to pccs service
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The PCCS code was deleted in the DCAP 1.22 release that SGX
+references, resulting in a failure to build the installer:
+
+ $ /usr/bin/make -I linux/installer/common/psw-dcap -f linux/installer/common/psw-dcap/Makefile SRCDIR=. DESTDIR=build/vroot/psw install
+ python /var/home/berrange/rpmbuild/BUILD/linux-sgx-sgx_2.25_reproducible/linux/installer/common/gen_source/copy_source.py --bom-file /var/home/berrange/rpmbuild/BUILD/linux-sgx-sgx_2.25_reproducible/linux/installer/common/psw-dcap/BOM_install/sgx-dcap-pccs.txt --src-path . --dst-path build/pkgroot/sgx-dcap-pccs
+ Error: src directory/file ./external/dcap_source/QuoteGeneration/pccs/config/default.json does not exist!
+ make: *** [linux/installer/common/psw-dcap/Makefile:195: pre_sgx-dcap-pccs] Error 1
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ README.md                                     |  4 -
+ .../psw-dcap/BOM_install/sgx-dcap-pccs.txt    | 74 -------------------
+ linux/installer/common/psw-dcap/Makefile      | 14 +---
+ linux/installer/common/psw-dcap/installConfig |  1 -
+ .../psw-tdx/BOM_install/sgx-dcap-pccs.txt     | 74 -------------------
+ linux/installer/common/psw-tdx/Makefile       | 14 +---
+ linux/installer/common/psw-tdx/installConfig  |  1 -
+ linux/installer/rpm/psw-dcap/build.sh         |  1 -
+ .../installer/rpm/psw-dcap/psw-dcap.spec.tmpl | 21 +-----
+ linux/installer/rpm/psw-tdx/build.sh          |  1 -
+ linux/installer/rpm/psw-tdx/psw-tdx.spec.tmpl | 21 +-----
+ 11 files changed, 6 insertions(+), 220 deletions(-)
+ delete mode 100644 linux/installer/common/psw-dcap/BOM_install/sgx-dcap-pccs.txt
+ delete mode 100644 linux/installer/common/psw-tdx/BOM_install/sgx-dcap-pccs.txt
+
+diff --git a/README.md b/README.md
+index fcd11874..9d4011a2 100644
+--- a/README.md
+++ b/README.md
+@@ -523,10 +523,6 @@ Please follow the [Intel(R) SGX DCAP Installation Guide for Linux* OS](https://d
+ 
+ - Install Quote Provider Library(QPL). You can use your own customized QPL or use default QPL provided by Intel(libsgx-dcap-default-qpl)
+ 
+-- Install PCK Caching Service. For how to install and configure PCK Caching
+-Service, please refer to [SGXDataCenterAttestationPrimitives](https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master/QuoteGeneration/pccs)
+-- Ensure the PCK Caching Service is setup correctly by local administrator or data center administrator. Also make sure that the configure file of quote provider library (/etc/sgx_default_qcnl.conf) is consistent with the real environment, for example: PCS_URL=https://your_pcs_server:8081/sgx/certification/v1/
+-
+ ### Start or Stop aesmd Service
+ The Intel(R) SGX PSW installer installs an aesmd service in your machine, which is running in a special linux account `aesmd`.
+ To stop the service: `$ sudo service aesmd stop`
+diff --git a/linux/installer/common/psw-dcap/BOM_install/sgx-dcap-pccs.txt b/linux/installer/common/psw-dcap/BOM_install/sgx-dcap-pccs.txt
+deleted file mode 100644
+index d70745c9..00000000
+--- a/linux/installer/common/psw-dcap/BOM_install/sgx-dcap-pccs.txt
+++ /dev/null
+@@ -1,74 +0,0 @@
+-DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/config/default.json	<installdir>/config/default.json	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/constants/index.js	<installdir>/constants/index.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/constants/pccs_status_code.js	<installdir>/constants/pccs_status_code.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/controllers/identityController.js	<installdir>/controllers/identityController.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/controllers/index.js	<installdir>/controllers/index.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/controllers/pckcertController.js	<installdir>/controllers/pckcertController.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/controllers/pckcrlController.js	<installdir>/controllers/pckcrlController.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/controllers/platformCollateralController.js	<installdir>/controllers/platformCollateralController.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/controllers/platformsController.js	<installdir>/controllers/platformsController.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/controllers/refreshController.js	<installdir>/controllers/refreshController.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/controllers/rootcacrlController.js	<installdir>/controllers/rootcacrlController.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/controllers/tcbinfoController.js	<installdir>/controllers/tcbinfoController.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/controllers/crlController.js	<installdir>/controllers/crlController.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/fmspc_tcbs.js	<installdir>/dao/models/fmspc_tcbs.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/index.js	<installdir>/dao/models/index.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/pck_cert.js	<installdir>/dao/models/pck_cert.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/pck_certchain.js	<installdir>/dao/models/pck_certchain.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/pck_crl.js	<installdir>/dao/models/pck_crl.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/pcs_certificates.js	<installdir>/dao/models/pcs_certificates.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/pcs_version.js	<installdir>/dao/models/pcs_version.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/platform_tcbs.js	<installdir>/dao/models/platform_tcbs.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/platforms_registered.js	<installdir>/dao/models/platforms_registered.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/platforms.js	<installdir>/dao/models/platforms.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/enclave_identities.js	<installdir>/dao/models/enclave_identities.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/crl_cache.js	<installdir>/dao/models/crl_cache.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/fmspcTcbDao.js	<installdir>/dao/fmspcTcbDao.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/pckCertchainDao.js	<installdir>/dao/pckCertchainDao.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/pckcertDao.js	<installdir>/dao/pckcertDao.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/pckcrlDao.js	<installdir>/dao/pckcrlDao.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/pcsCertificatesDao.js	<installdir>/dao/pcsCertificatesDao.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/pcsVersionDao.js	<installdir>/dao/pcsVersionDao.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/platformsDao.js	<installdir>/dao/platformsDao.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/platformsRegDao.js	<installdir>/dao/platformsRegDao.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/platformTcbsDao.js	<installdir>/dao/platformTcbsDao.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/enclaveIdentityDao.js	<installdir>/dao/enclaveIdentityDao.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/crlCacheDao.js	<installdir>/dao/crlCacheDao.js	0	main	STP
+-<deliverydir>/external/dcap_source/tools/PCKCertSelection/out/libPCKCertSelection.so	<installdir>/lib/libPCKCertSelection.so	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/lib_wrapper/pcklib_wrapper.js	<installdir>/lib_wrapper/pcklib_wrapper.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/middleware/auth.js	<installdir>/middleware/auth.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/middleware/error.js	<installdir>/middleware/error.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/middleware/addRequestId.js	<installdir>/middleware/addRequestId.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/migrations/00_db_initialize.up.sql	<installdir>/migrations/00_db_initialize.up.sql	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/migrations/01_db_version_1.js	<installdir>/migrations/01_db_version_1.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/migrations/02_db_version_2.js	<installdir>/migrations/02_db_version_2.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/pcs_client/pcs_client.js	<installdir>/pcs_client/pcs_client.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/routes/index.js	<installdir>/routes/index.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/identityService.js	<installdir>/services/identityService.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/index.js	<installdir>/services/index.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/pccs_schemas.js	<installdir>/services/pccs_schemas.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/pckcertService.js	<installdir>/services/pckcertService.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/pckcrlService.js	<installdir>/services/pckcrlService.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/platformCollateralService.js	<installdir>/services/platformCollateralService.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/platformsRegService.js	<installdir>/services/platformsRegService.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/platformsService.js	<installdir>/services/platformsService.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/refreshService.js	<installdir>/services/refreshService.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/rootcacrlService.js	<installdir>/services/rootcacrlService.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/tcbinfoService.js	<installdir>/services/tcbinfoService.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/crlService.js	<installdir>/services/crlService.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/caching_modes/cachingMode.js	<installdir>/services/caching_modes/cachingMode.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/caching_modes/cachingModeManager.js	<installdir>/services/caching_modes/cachingModeManager.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/logic/commonCacheLogic.js	<installdir>/services/logic/commonCacheLogic.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/logic/qvCollateralLogic.js	<installdir>/services/logic/qvCollateralLogic.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/utils/Logger.js	<installdir>/utils/Logger.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/utils/PccsError.js	<installdir>/utils/PccsError.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/utils/apputil.js	<installdir>/utils/apputil.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/x509/x509.js	<installdir>/x509/x509.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/install.sh	<installdir>/install.sh	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/package.json	<installdir>/package.json	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/pccs_server.js	<installdir>/pccs_server.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/pccs.service	<installdir>/pccs.service	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/startup.sh	<installdir>/startup.sh	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/cleanup.sh	<installdir>/cleanup.sh	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/README.md	<installdir>/README.md	0	main	STP
+diff --git a/linux/installer/common/psw-dcap/Makefile b/linux/installer/common/psw-dcap/Makefile
+index a85c8b82..5e8a8560 100644
+--- a/linux/installer/common/psw-dcap/Makefile
+++ b/linux/installer/common/psw-dcap/Makefile
+@@ -95,9 +95,6 @@ AESMD_CONF=aesmd.service
+ AESMD_CONF_DEL=aesmd.conf
+ AESMD_CONF_PATH=$(if $(wildcard /lib/systemd/system/.),/lib/systemd/system,/usr/lib/systemd/system)
+ 
+-PCCS_CONF=pccs.service
+-PCCS_CONF_PATH=$(if $(wildcard /lib/systemd/system/.),/lib/systemd/system,/usr/lib/systemd/system)
+-
+ RAD_CONF=mpa_registration_tool.service
+ RAD_CONF_DEL=mpa_registration_tool.conf
+ RAD_CONF_PATH=$(if $(wildcard /lib/systemd/system/.),/lib/systemd/system,/usr/lib/systemd/system)
+@@ -192,7 +189,7 @@ ALL_PKGS:= $(AESM_SERVICE_PKGS) $(AE_PKGS) $(DEV_LIB_PKGS)
+ 
+ $(foreach PKG,$(AESM_SERVICE_PKGS) $(AE_PKGS),$(eval $(call INSTALL_AESM_SERVICE_TEMPLATE,$(PKG))))
+ $(foreach PKG,$(DEV_LIB_PKGS),$(eval $(call INSTALL_DEV_LIB_TEMPLATE,$(PKG))))
+-$(foreach PKG,$(ALL_PKGS) $(DCAP_PCCS_PACKAGE) $(RA_SERVICE_PACKAGE) $(PCK_ID_RETRIEVAL_TOOL_PACKAGE),$(eval $(call PRE_INSTALL_TEMPLATE,$(PKG))))
+$(foreach PKG,$(ALL_PKGS) $(RA_SERVICE_PACKAGE) $(PCK_ID_RETRIEVAL_TOOL_PACKAGE),$(eval $(call PRE_INSTALL_TEMPLATE,$(PKG))))
+ 
+ PHONY+=$(ALL_PKGS)
+ PHONY+=$(foreach PKG,$(ALL_PKGS),pre_$(PKG))
+@@ -220,14 +217,6 @@ install_$(AESM_SERVICE_PACKAGE): $(foreach PKG,$(AESM_SERVICE_PKGS),post_$(PKG))
+ 	ln -fs $(shell readlink -m $(USR_LIB_PATH)/libsgx_pce.signed.so)                                          && \
+ 	ln -fs liburts_internal.so libsgx_urts.so.$(URTS_MAJOR_VER)
+ 
+-PHONY+=install_$(DCAP_PCCS_PACKAGE)
+-install_$(DCAP_PCCS_PACKAGE): pre_$(DCAP_PCCS_PACKAGE) | $(PACKAGE_ROOT_PATH)
+-	install -d $(shell readlink -m $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF_PATH))                        && \
+-	cp -f $|/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF) $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF_PATH)             && \
+-	rm -f $|/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF)
+-	install -d $(shell readlink -m $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(SGX_INSTALL_PATH)/$(DCAP_PCCS_PACKAGE)) && \
+-	cp -fr $|/$(DCAP_PCCS_PACKAGE)/* $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(SGX_INSTALL_PATH)/$(DCAP_PCCS_PACKAGE)
+-
+ PHONY+=$(RA_SERVICE_PACKAGE)
+ $(RA_SERVICE_PACKAGE): pre_$(RA_SERVICE_PACKAGE) | $(PACKAGE_ROOT_PATH)
+ 	install -d $(shell readlink -m $(DESTDIR)/$@/$(SGX_INSTALL_PATH)/$@) && \
+@@ -351,7 +340,6 @@ install_dev_lib: $(foreach PKG,$(DEV_LIB_PKGS),post_$(PKG))
+ 
+ PHONY+=install
+ install: install_$(AESM_SERVICE_PACKAGE)         \
+-	install_$(DCAP_PCCS_PACKAGE)             \
+ 	install_$(RA_SERVICE_PACKAGE)            \
+ 	install_$(PCK_ID_RETRIEVAL_TOOL_PACKAGE) \
+ 	install_ae                               \
+diff --git a/linux/installer/common/psw-dcap/installConfig b/linux/installer/common/psw-dcap/installConfig
+index 9f99f032..96acdd9a 100644
+--- a/linux/installer/common/psw-dcap/installConfig
+++ b/linux/installer/common/psw-dcap/installConfig
+@@ -30,7 +30,6 @@ DCAP_QL_PACKAGE=libsgx-dcap-ql
+ DCAP_QL_DEV_PACKAGE=libsgx-dcap-ql-devel
+ DCAP_QVL_PACKAGE=libsgx-dcap-quote-verify
+ DCAP_QVL_DEV_PACKAGE=libsgx-dcap-quote-verify-devel
+-DCAP_PCCS_PACKAGE=sgx-dcap-pccs
+ 
+ PCK_ID_RETRIEVAL_TOOL_PACKAGE=sgx-pck-id-retrieval-tool
+ RA_NETWORK_PACKAGE=libsgx-ra-network
+diff --git a/linux/installer/common/psw-tdx/BOM_install/sgx-dcap-pccs.txt b/linux/installer/common/psw-tdx/BOM_install/sgx-dcap-pccs.txt
+deleted file mode 100644
+index d70745c9..00000000
+--- a/linux/installer/common/psw-tdx/BOM_install/sgx-dcap-pccs.txt
+++ /dev/null
+@@ -1,74 +0,0 @@
+-DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/config/default.json	<installdir>/config/default.json	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/constants/index.js	<installdir>/constants/index.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/constants/pccs_status_code.js	<installdir>/constants/pccs_status_code.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/controllers/identityController.js	<installdir>/controllers/identityController.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/controllers/index.js	<installdir>/controllers/index.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/controllers/pckcertController.js	<installdir>/controllers/pckcertController.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/controllers/pckcrlController.js	<installdir>/controllers/pckcrlController.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/controllers/platformCollateralController.js	<installdir>/controllers/platformCollateralController.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/controllers/platformsController.js	<installdir>/controllers/platformsController.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/controllers/refreshController.js	<installdir>/controllers/refreshController.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/controllers/rootcacrlController.js	<installdir>/controllers/rootcacrlController.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/controllers/tcbinfoController.js	<installdir>/controllers/tcbinfoController.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/controllers/crlController.js	<installdir>/controllers/crlController.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/fmspc_tcbs.js	<installdir>/dao/models/fmspc_tcbs.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/index.js	<installdir>/dao/models/index.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/pck_cert.js	<installdir>/dao/models/pck_cert.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/pck_certchain.js	<installdir>/dao/models/pck_certchain.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/pck_crl.js	<installdir>/dao/models/pck_crl.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/pcs_certificates.js	<installdir>/dao/models/pcs_certificates.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/pcs_version.js	<installdir>/dao/models/pcs_version.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/platform_tcbs.js	<installdir>/dao/models/platform_tcbs.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/platforms_registered.js	<installdir>/dao/models/platforms_registered.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/platforms.js	<installdir>/dao/models/platforms.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/enclave_identities.js	<installdir>/dao/models/enclave_identities.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/models/crl_cache.js	<installdir>/dao/models/crl_cache.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/fmspcTcbDao.js	<installdir>/dao/fmspcTcbDao.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/pckCertchainDao.js	<installdir>/dao/pckCertchainDao.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/pckcertDao.js	<installdir>/dao/pckcertDao.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/pckcrlDao.js	<installdir>/dao/pckcrlDao.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/pcsCertificatesDao.js	<installdir>/dao/pcsCertificatesDao.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/pcsVersionDao.js	<installdir>/dao/pcsVersionDao.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/platformsDao.js	<installdir>/dao/platformsDao.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/platformsRegDao.js	<installdir>/dao/platformsRegDao.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/platformTcbsDao.js	<installdir>/dao/platformTcbsDao.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/enclaveIdentityDao.js	<installdir>/dao/enclaveIdentityDao.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/dao/crlCacheDao.js	<installdir>/dao/crlCacheDao.js	0	main	STP
+-<deliverydir>/external/dcap_source/tools/PCKCertSelection/out/libPCKCertSelection.so	<installdir>/lib/libPCKCertSelection.so	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/lib_wrapper/pcklib_wrapper.js	<installdir>/lib_wrapper/pcklib_wrapper.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/middleware/auth.js	<installdir>/middleware/auth.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/middleware/error.js	<installdir>/middleware/error.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/middleware/addRequestId.js	<installdir>/middleware/addRequestId.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/migrations/00_db_initialize.up.sql	<installdir>/migrations/00_db_initialize.up.sql	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/migrations/01_db_version_1.js	<installdir>/migrations/01_db_version_1.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/migrations/02_db_version_2.js	<installdir>/migrations/02_db_version_2.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/pcs_client/pcs_client.js	<installdir>/pcs_client/pcs_client.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/routes/index.js	<installdir>/routes/index.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/identityService.js	<installdir>/services/identityService.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/index.js	<installdir>/services/index.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/pccs_schemas.js	<installdir>/services/pccs_schemas.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/pckcertService.js	<installdir>/services/pckcertService.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/pckcrlService.js	<installdir>/services/pckcrlService.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/platformCollateralService.js	<installdir>/services/platformCollateralService.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/platformsRegService.js	<installdir>/services/platformsRegService.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/platformsService.js	<installdir>/services/platformsService.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/refreshService.js	<installdir>/services/refreshService.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/rootcacrlService.js	<installdir>/services/rootcacrlService.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/tcbinfoService.js	<installdir>/services/tcbinfoService.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/crlService.js	<installdir>/services/crlService.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/caching_modes/cachingMode.js	<installdir>/services/caching_modes/cachingMode.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/caching_modes/cachingModeManager.js	<installdir>/services/caching_modes/cachingModeManager.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/logic/commonCacheLogic.js	<installdir>/services/logic/commonCacheLogic.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/services/logic/qvCollateralLogic.js	<installdir>/services/logic/qvCollateralLogic.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/utils/Logger.js	<installdir>/utils/Logger.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/utils/PccsError.js	<installdir>/utils/PccsError.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/utils/apputil.js	<installdir>/utils/apputil.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/x509/x509.js	<installdir>/x509/x509.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/install.sh	<installdir>/install.sh	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/package.json	<installdir>/package.json	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/pccs_server.js	<installdir>/pccs_server.js	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/pccs.service	<installdir>/pccs.service	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/startup.sh	<installdir>/startup.sh	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/cleanup.sh	<installdir>/cleanup.sh	0	main	STP
+-<deliverydir>/external/dcap_source/QuoteGeneration/pccs/README.md	<installdir>/README.md	0	main	STP
+diff --git a/linux/installer/common/psw-tdx/Makefile b/linux/installer/common/psw-tdx/Makefile
+index 4f50ee49..0e8cb3e7 100644
+--- a/linux/installer/common/psw-tdx/Makefile
+++ b/linux/installer/common/psw-tdx/Makefile
+@@ -80,9 +80,6 @@ QGSD_CONF=qgsd.service
+ QGSD_CONF_DEL=qgsd.conf
+ QGSD_CONF_PATH=$(if $(wildcard /lib/systemd/system/.),/lib/systemd/system,/usr/lib/systemd/system)
+ 
+-PCCS_CONF=pccs.service
+-PCCS_CONF_PATH=$(if $(wildcard /lib/systemd/system/.),/lib/systemd/system,/usr/lib/systemd/system)
+-
+ RAD_CONF=mpa_registration_tool.service
+ RAD_CONF_DEL=mpa_registration_tool.conf
+ RAD_CONF_PATH=$(if $(wildcard /lib/systemd/system/.),/lib/systemd/system,/usr/lib/systemd/system)
+@@ -160,7 +157,7 @@ ALL_PKGS:= $(TDX_QGS_PKGS) $(AE_PKGS) $(DEV_LIB_PKGS)
+ 
+ $(foreach PKG,$(TDX_QGS_PKGS) $(AE_PKGS),$(eval $(call INSTALL_AESM_SERVICE_TEMPLATE,$(PKG))))
+ $(foreach PKG,$(DEV_LIB_PKGS),$(eval $(call INSTALL_DEV_LIB_TEMPLATE,$(PKG))))
+-$(foreach PKG,$(ALL_PKGS) $(DCAP_PCCS_PACKAGE) $(RA_SERVICE_PACKAGE) $(PCK_ID_RETRIEVAL_TOOL_PACKAGE),$(eval $(call PRE_INSTALL_TEMPLATE,$(PKG))))
+$(foreach PKG,$(ALL_PKGS) $(RA_SERVICE_PACKAGE) $(PCK_ID_RETRIEVAL_TOOL_PACKAGE),$(eval $(call PRE_INSTALL_TEMPLATE,$(PKG))))
+ 
+ PHONY+=$(ALL_PKGS)
+ PHONY+=$(foreach PKG,$(ALL_PKGS),pre_$(PKG))
+@@ -184,14 +181,6 @@ install_$(TDX_QGS_PACKAGE): $(foreach PKG,$(TDX_QGS_PKGS),post_$(PKG))
+ 				$(DESTDIR)/$(TDX_QGS_PACKAGE)/$(ETC_DIR) &&                                                         \
+ 		rm -fr $(DESTDIR)/$(TDX_QGS_PACKAGE)/$(SGX_INSTALL_PATH)/$(TDX_QGS_PACKAGE)/conf))
+ 
+-PHONY+=install_$(DCAP_PCCS_PACKAGE)
+-install_$(DCAP_PCCS_PACKAGE): pre_$(DCAP_PCCS_PACKAGE) | $(PACKAGE_ROOT_PATH)
+-	install -d $(shell readlink -m $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF_PATH))                        && \
+-	cp -f $|/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF) $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF_PATH)             && \
+-	rm -f $|/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF)
+-	install -d $(shell readlink -m $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(SGX_INSTALL_PATH)/$(DCAP_PCCS_PACKAGE)) && \
+-	cp -fr $|/$(DCAP_PCCS_PACKAGE)/* $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(SGX_INSTALL_PATH)/$(DCAP_PCCS_PACKAGE)
+-
+ PHONY+=$(RA_SERVICE_PACKAGE)
+ $(RA_SERVICE_PACKAGE): pre_$(RA_SERVICE_PACKAGE) | $(PACKAGE_ROOT_PATH)
+ 	install -d $(shell readlink -m $(DESTDIR)/$@/$(SGX_INSTALL_PATH)/$@) && \
+@@ -291,7 +280,6 @@ install_dev_lib: $(foreach PKG,$(DEV_LIB_PKGS),post_$(PKG))
+ 
+ PHONY+=install
+ install: install_$(TDX_QGS_PACKAGE)          \
+-	install_$(DCAP_PCCS_PACKAGE)             \
+ 	install_$(RA_SERVICE_PACKAGE)            \
+ 	install_$(PCK_ID_RETRIEVAL_TOOL_PACKAGE) \
+ 	install_ae                               \
+diff --git a/linux/installer/common/psw-tdx/installConfig b/linux/installer/common/psw-tdx/installConfig
+index 7129b71d..c55a8ada 100644
+--- a/linux/installer/common/psw-tdx/installConfig
+++ b/linux/installer/common/psw-tdx/installConfig
+@@ -16,7 +16,6 @@ TDX_ATTEST_PACKAGE=libtdx-attest
+ TDX_ATTEST_DEV_PACKAGE=libtdx-attest-devel
+ DCAP_QVL_PACKAGE=libsgx-dcap-quote-verify
+ DCAP_QVL_DEV_PACKAGE=libsgx-dcap-quote-verify-devel
+-DCAP_PCCS_PACKAGE=sgx-dcap-pccs
+ PCK_ID_RETRIEVAL_TOOL_PACKAGE=sgx-pck-id-retrieval-tool
+ RA_NETWORK_PACKAGE=libsgx-ra-network
+ RA_NETWORK_DEV_PACKAGE=libsgx-ra-network-devel
+diff --git a/linux/installer/rpm/psw-dcap/build.sh b/linux/installer/rpm/psw-dcap/build.sh
+index 22c8eef5..6188e816 100755
+--- a/linux/installer/rpm/psw-dcap/build.sh
+++ b/linux/installer/rpm/psw-dcap/build.sh
+@@ -63,7 +63,6 @@ update_spec() {
+         -e "s:@dcap_version@:${dcap_version}:"                                                    \
+         -e "s:@aesm_service_path@:${SGX_INSTALL_PATH}/${AESM_SERVICE_PACKAGE}:"                   \
+         -e "s:@ra_service_path@:${SGX_INSTALL_PATH}/${RA_SERVICE_PACKAGE}:"                       \
+-        -e "s:@dcap_pccs_path@:${SGX_INSTALL_PATH}/${DCAP_PCCS_PACKAGE}:"                         \
+         -e "s:@pck_id_retrieval_tool_path@:${SGX_INSTALL_PATH}/${PCK_ID_RETRIEVAL_TOOL_PACKAGE}:" \
+         ${cur_dir}/${psw_dcap}.spec.tmpl > ${cur_dir}/${rpm_build_dir}/SPECS/${psw_dcap}.spec
+ 
+diff --git a/linux/installer/rpm/psw-dcap/psw-dcap.spec.tmpl b/linux/installer/rpm/psw-dcap/psw-dcap.spec.tmpl
+index c7ba4c12..66fc4a78 100644
+--- a/linux/installer/rpm/psw-dcap/psw-dcap.spec.tmpl
+++ b/linux/installer/rpm/psw-dcap/psw-dcap.spec.tmpl
+@@ -31,7 +31,6 @@
+ 
+ %define _aesm_service_path @aesm_service_path@
+ %define _ra_service_path @ra_service_path@
+-%define _dcap_pccs_path @dcap_pccs_path@
+ %define _pck_id_retrieval_tool_path @pck_id_retrieval_tool_path@
+ %define _psw_version @psw_version@
+ %define _dcap_version @dcap_version@
+@@ -303,14 +302,6 @@ Requires:      libsgx-dcap-quote-verify = %{version}-%{release} libsgx-headers >
+ %description -n libsgx-dcap-quote-verify-devel
+ Intel(R) Software Guard Extensions Data Center Attestation Primitives Quote Verification Library for Developers
+ 
+-%package -n sgx-dcap-pccs
+-Version:       %{_dcap_version}
+-Summary:       Intel(R) Software Guard Extensions PCK Caching Service
+-Requires:      gcc gcc-c++ make
+-
+-%description -n sgx-dcap-pccs
+-Intel(R) Software Guard Extensions PCK Caching Service
+-
+ %package -n libsgx-ra-network
+ Version:       %{_dcap_version}
+ Summary:       Intel(R) Software Guard Extensions Registration Agent Network Library
+@@ -378,14 +369,13 @@ for pkg in $(ls -A %{?buildroot} 2> /dev/null |grep -v "license"); do
+     grep -v "^%{_includedir}" | \
+     grep -v "^%{_sysconfdir}" | \
+     grep -v "^%{_aesm_service_path}" | \
+-    grep -v "^%{_dcap_pccs_path}" | \
+     grep -v "^%{_ra_service_path}" | \
+     grep -v "^%{_pck_id_retrieval_tool_path}" | \
+     sed -e "s#^#%dir #" > %{_specdir}/list-${pkg}
+     for f in $(find %{?buildroot}/${pkg}); do
+         if [ -d ${f} ]; then
+             echo ${f} | sed -e "s#^%{?buildroot}/${pkg}##" | \
+-            grep -E "^%{_aesm_service_path}|^%{_dcap_pccs_path}|^%{_ra_service_path}|^%{_pck_id_retrieval_tool_path}" | \
+            grep -E "^%{_aesm_service_path}|^%{_ra_service_path}|^%{_pck_id_retrieval_tool_path}" | \
+             sed -e "s#^#%dir #" >> %{_specdir}/list-${pkg}
+         else
+             echo ${f} | \
+@@ -395,7 +385,7 @@ for pkg in $(ls -A %{?buildroot} 2> /dev/null |grep -v "license"); do
+     cp -r %{?buildroot}/${pkg}/* %{?buildroot}/
+     rm -fr %{?buildroot}/${pkg}
+     sed -i -e 's:^/etc/.*\.conf:%config &:' \
+-           -e 's:^%{_dcap_pccs_path}/config/default\.json:%config &:' %{_specdir}/list-${pkg}
+           %{_specdir}/list-${pkg}
+ done
+ rm -fr %{?buildroot}/license
+ 
+@@ -433,7 +423,6 @@ make clean
+ %files -n libsgx-dcap-ql-devel -f %{_specdir}/list-libsgx-dcap-ql-devel
+ %files -n libsgx-dcap-quote-verify -f %{_specdir}/list-libsgx-dcap-quote-verify
+ %files -n libsgx-dcap-quote-verify-devel -f %{_specdir}/list-libsgx-dcap-quote-verify-devel
+-%files -n sgx-dcap-pccs -f %{_specdir}/list-sgx-dcap-pccs
+ %files -n libsgx-ra-network -f %{_specdir}/list-libsgx-ra-network
+ %files -n libsgx-ra-network-devel -f %{_specdir}/list-libsgx-ra-network-devel
+ %files -n libsgx-ra-uefi -f %{_specdir}/list-libsgx-ra-uefi
+@@ -447,12 +436,6 @@ if [ -x %{_aesm_service_path}/startup.sh ]; then %{_aesm_service_path}/startup.s
+ %preun
+ if [ -x %{_aesm_service_path}/cleanup.sh ]; then %{_aesm_service_path}/cleanup.sh; fi
+ 
+-%posttrans -n sgx-dcap-pccs
+-if [ -x %{_dcap_pccs_path}/startup.sh ]; then %{_dcap_pccs_path}/startup.sh; fi
+-
+-%preun -n sgx-dcap-pccs
+-if [ -x %{_dcap_pccs_path}/cleanup.sh ]; then %{_dcap_pccs_path}/cleanup.sh; fi
+-
+ %posttrans -n sgx-ra-service
+ if [ -x %{_ra_service_path}/startup.sh ]; then %{_ra_service_path}/startup.sh; fi
+ 
+diff --git a/linux/installer/rpm/psw-tdx/build.sh b/linux/installer/rpm/psw-tdx/build.sh
+index f42d6bd2..25a683c8 100755
+--- a/linux/installer/rpm/psw-tdx/build.sh
+++ b/linux/installer/rpm/psw-tdx/build.sh
+@@ -63,7 +63,6 @@ update_spec() {
+         -e "s:@dcap_version@:${dcap_version}:"                                                    \
+         -e "s:@tdx_qgs_path@:${SGX_INSTALL_PATH}/${TDX_QGS_PACKAGE}:"                             \
+         -e "s:@ra_service_path@:${SGX_INSTALL_PATH}/${RA_SERVICE_PACKAGE}:"                       \
+-        -e "s:@dcap_pccs_path@:${SGX_INSTALL_PATH}/${DCAP_PCCS_PACKAGE}:"                         \
+         -e "s:@pck_id_retrieval_tool_path@:${SGX_INSTALL_PATH}/${PCK_ID_RETRIEVAL_TOOL_PACKAGE}:" \
+         ${cur_dir}/${psw_tdx}.spec.tmpl > ${cur_dir}/${rpm_build_dir}/SPECS/${psw_tdx}.spec
+ 
+diff --git a/linux/installer/rpm/psw-tdx/psw-tdx.spec.tmpl b/linux/installer/rpm/psw-tdx/psw-tdx.spec.tmpl
+index 0dd5fd8c..67eab01a 100644
+--- a/linux/installer/rpm/psw-tdx/psw-tdx.spec.tmpl
+++ b/linux/installer/rpm/psw-tdx/psw-tdx.spec.tmpl
+@@ -31,7 +31,6 @@
+ 
+ %define _tdx_qgs_path @tdx_qgs_path@
+ %define _ra_service_path @ra_service_path@
+-%define _dcap_pccs_path @dcap_pccs_path@
+ %define _pck_id_retrieval_tool_path @pck_id_retrieval_tool_path@
+ %define _psw_version @psw_version@
+ %define _dcap_version @dcap_version@
+@@ -198,14 +197,6 @@ Requires:      libsgx-dcap-quote-verify = %{version}-%{release} libsgx-headers >
+ %description -n libsgx-dcap-quote-verify-devel
+ Intel(R) Software Guard Extensions Data Center Attestation Primitives Quote Verification Library for Developers
+ 
+-%package -n sgx-dcap-pccs
+-Version:       %{_dcap_version}
+-Summary:       Intel(R) Software Guard Extensions PCK Caching Service
+-Requires:      gcc gcc-c++ make
+-
+-%description -n sgx-dcap-pccs
+-Intel(R) Software Guard Extensions PCK Caching Service
+-
+ %package -n libsgx-ra-network
+ Version:       %{_dcap_version}
+ Summary:       Intel(R) Software Guard Extensions Registration Agent Network Library
+@@ -273,14 +264,13 @@ for pkg in $(ls -A %{?buildroot} 2> /dev/null |grep -v "license"); do
+     grep -v "^%{_includedir}" | \
+     grep -v "^%{_sysconfdir}" | \
+     grep -v "^%{_tdx_qgs_path}" | \
+-    grep -v "^%{_dcap_pccs_path}" | \
+     grep -v "^%{_ra_service_path}" | \
+     grep -v "^%{_pck_id_retrieval_tool_path}" | \
+     sed -e "s#^#%dir #" > %{_specdir}/list-${pkg}
+     for f in $(find %{?buildroot}/${pkg}); do
+         if [ -d ${f} ]; then
+             echo ${f} | sed -e "s#^%{?buildroot}/${pkg}##" | \
+-            grep -E "^%{_tdx_qgs_path}|^%{_dcap_pccs_path}|^%{_ra_service_path}|^%{_pck_id_retrieval_tool_path}" | \
+            grep -E "^%{_tdx_qgs_path}|^%{_ra_service_path}|^%{_pck_id_retrieval_tool_path}" | \
+             sed -e "s#^#%dir #" >> %{_specdir}/list-${pkg}
+         else
+             echo ${f} | \
+@@ -290,7 +280,7 @@ for pkg in $(ls -A %{?buildroot} 2> /dev/null |grep -v "license"); do
+     cp -r %{?buildroot}/${pkg}/* %{?buildroot}/
+     rm -fr %{?buildroot}/${pkg}
+     sed -i -e 's:^/etc/.*\.conf:%config &:' \
+-           -e 's:^%{_dcap_pccs_path}/config/default\.json:%config &:' %{_specdir}/list-${pkg}
+           %{_specdir}/list-${pkg}
+ done
+ rm -fr %{?buildroot}/license
+ 
+@@ -315,7 +305,6 @@ make clean
+ %files -n libtdx-attest-devel -f %{_specdir}/list-libtdx-attest-devel
+ %files -n libsgx-dcap-quote-verify -f %{_specdir}/list-libsgx-dcap-quote-verify
+ %files -n libsgx-dcap-quote-verify-devel -f %{_specdir}/list-libsgx-dcap-quote-verify-devel
+-%files -n sgx-dcap-pccs -f %{_specdir}/list-sgx-dcap-pccs
+ %files -n libsgx-ra-network -f %{_specdir}/list-libsgx-ra-network
+ %files -n libsgx-ra-network-devel -f %{_specdir}/list-libsgx-ra-network-devel
+ %files -n libsgx-ra-uefi -f %{_specdir}/list-libsgx-ra-uefi
+@@ -329,12 +318,6 @@ if [ -x %{_tdx_qgs_path}/startup.sh ]; then %{_tdx_qgs_path}/startup.sh; fi
+ %preun
+ if [ -x %{_tdx_qgs_path}/cleanup.sh ]; then %{_tdx_qgs_path}/cleanup.sh; fi
+ 
+-%posttrans -n sgx-dcap-pccs
+-if [ -x %{_dcap_pccs_path}/startup.sh ]; then %{_dcap_pccs_path}/startup.sh; fi
+-
+-%preun -n sgx-dcap-pccs
+-if [ -x %{_dcap_pccs_path}/cleanup.sh ]; then %{_dcap_pccs_path}/cleanup.sh; fi
+-
+ %posttrans -n sgx-ra-service
+ if [ -x %{_ra_service_path}/startup.sh ]; then %{_ra_service_path}/startup.sh; fi
+ 
+-- 
+2.46.0
+
--- a/0010-psw-prefer-dev-sgx_provision-dev-sgx_enclave.patch
+++ b/0010-psw-prefer-dev-sgx_provision-dev-sgx_enclave.patch
@ -0,0 +1,78 @@
+From b3adcc233373a403654954e364a798cc06a618b4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Fri, 4 Oct 2024 16:33:20 +0100
+Subject: [PATCH 10/13] psw: prefer /dev/sgx_provision & /dev/sgx_enclave
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The default behaviour for SGX deployments in upstream Linux is to
+have /dev/sgx_provision & /dev/sgx_enclave device paths, instead of
+the old /dev/sgx/provision & /dev/sgx/enclave paths
+
+The code should prefer opening the current default device paths first,
+with the old paths as the fallback, so the common case will be an
+immediate success.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ psw/enclave_common/sgx_enclave_common.cpp |  6 +++---
+ psw/urts/linux/edmm_utility.cpp           | 12 ++++++------
+ 2 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/psw/enclave_common/sgx_enclave_common.cpp b/psw/enclave_common/sgx_enclave_common.cpp
+index 46fcf873..651ba83e 100644
+--- a/psw/enclave_common/sgx_enclave_common.cpp
+++ b/psw/enclave_common/sgx_enclave_common.cpp
+@@ -481,11 +481,11 @@ static void enclave_set_provision_access(int hdevice, void* enclave_base)
+     
+     if (s_driver_type == SGX_DRIVER_IN_KERNEL)
+     {
+-        hdev_prov = open("/dev/sgx/provision", O_RDWR);
+        hdev_prov = open("/dev/sgx_provision", O_RDWR);
+         if (-1 == hdev_prov)
+         {
+-            //if /dev/sgx/provision is not present, try to open /dev/sgx_provision
+-            hdev_prov = open("/dev/sgx_provision", O_RDWR);
+            //if /dev/sgx_provision is not present, try to open /dev/sgx/provision
+            hdev_prov = open("/dev/sgx/provision", O_RDWR);
+         }
+         if (-1 == hdev_prov)
+         {
+diff --git a/psw/urts/linux/edmm_utility.cpp b/psw/urts/linux/edmm_utility.cpp
+index 49f2b9aa..fc537a84 100644
+--- a/psw/urts/linux/edmm_utility.cpp
+++ b/psw/urts/linux/edmm_utility.cpp
+@@ -99,11 +99,11 @@ bool get_driver_type(int *driver_type)
+         *driver_type = sgx_driver_type;
+     }
+     
+-    int hdev = open("/dev/sgx/enclave", O_RDWR);    //attempt to open the in-kernel driver
+    int hdev = open("/dev/sgx_enclave", O_RDWR);    //attempt to open the in-kernel driver
+     if (-1 == hdev)
+     {
+-        //if /dev/sgx/enclave is not present, try to open /dev/sgx_enclave
+-        hdev = open("/dev/sgx_enclave", O_RDWR);
+        //if /dev/sgx_enclave is not present, try to open /dev/sgx/enclave
+        hdev = open("/dev/sgx/enclave", O_RDWR);
+     }
+     if (-1 == hdev)
+     {
+@@ -154,11 +154,11 @@ extern "C" bool open_se_device(int driver_type, int *hdevice)
+     *hdevice = -1;
+     if (driver_type == SGX_DRIVER_IN_KERNEL)
+     {
+-        *hdevice = open("/dev/sgx/enclave", O_RDWR);    //attempt to open the in-kernel driver
+-        //if /dev/sgx/enclave is not present, try to open /dev/sgx_enclave
+        *hdevice = open("/dev/sgx_enclave", O_RDWR);    //attempt to open the in-kernel driver
+        //if /dev/sgx_enclave is not present, try to open /dev/sgx/enclave
+         if(-1 == *hdevice)
+         {
+-            *hdevice = open("/dev/sgx_enclave", O_RDWR);
+            *hdevice = open("/dev/sgx/enclave", O_RDWR);
+         }
+     }
+     else if (driver_type == SGX_DRIVER_DCAP)
+-- 
+2.46.0
+
--- a/0011-psw-fix-soname-for-libuae_service.so-library.patch
+++ b/0011-psw-fix-soname-for-libuae_service.so-library.patch
@ -0,0 +1,29 @@
+From 134a3214bc7d2de69c015204d43453535125907d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Fri, 17 Jan 2025 15:38:56 +0000
+Subject: [PATCH 11/13] psw: fix soname for libuae_service.so library
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ psw/uae_service/linux/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/psw/uae_service/linux/Makefile b/psw/uae_service/linux/Makefile
+index bffbdc5b..81f5c4b7 100644
+--- a/psw/uae_service/linux/Makefile
+++ b/psw/uae_service/linux/Makefile
+@@ -143,7 +143,7 @@ libsgx_%.so: $(OBJ) %_version.o
+ 	$(CXX) $(CXXFLAGS) $^ -shared $(LDUFLAGS) -Wl,--version-script=$(@:.so=.lds) -Wl,--gc-sections $(EXTERNAL_LIB) -Wl,-soname=$@.$(call get_major_version,$(call get_version_name,$@)) -o $@
+ 
+ $(LEGACY_LIBNAME): $(LEGACY_OBJ)
+-	$(CXX) $(CXXFLAGS) $^ -shared $(LDUFLAGS) -ldl -Wl,--version-script=uae_service.lds -Wl,--gc-sections -Wl,-soname=$@ -o $@
+	$(CXX) $(CXXFLAGS) $^ -shared $(LDUFLAGS) -ldl -Wl,--version-script=uae_service.lds -Wl,--gc-sections -Wl,-soname=$@.$(call get_major_version,$(call get_version_name,$@)) -o $@
+ 
+ $(IPC_SRC:.cpp=.o) : $(IPC_COMMON_PROTO_DIR)/messages.pb.cc
+ AEServicesImpl.o : $(IPC_COMMON_PROTO_DIR)/messages.pb.cc
+-- 
+2.46.0
+
--- a/0012-pcl-remove-redundant-use-of-bool-type.patch
+++ b/0012-pcl-remove-redundant-use-of-bool-type.patch
@ -0,0 +1,49 @@
+From d0d00e0d5518c983983eb8dbe4fd8c2c09845e9b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Thu, 6 Feb 2025 09:54:33 +0000
+Subject: [PATCH 12/13] pcl: remove redundant use of 'bool' type
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The 'typedef unsigned int bool' statement is a compile error with
+GCC 15, since c23 defaults 'bool' as a built-in type / reserved
+keyword.
+
+The original openssl code from which pcl_vpaes_cbc_encrypt is
+copied simply used 'int', the actual method impl is asm code
+which just expects an int, and the only callers just pass the
+integer value 1. Remove use of the bool typedef since it is
+serving no purpose.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ sdk/protected_code_loader/crypto/pcl_crypto_internal.h | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/sdk/protected_code_loader/crypto/pcl_crypto_internal.h b/sdk/protected_code_loader/crypto/pcl_crypto_internal.h
+index 5ad6efde..b78ca907 100644
+--- a/sdk/protected_code_loader/crypto/pcl_crypto_internal.h
+++ b/sdk/protected_code_loader/crypto/pcl_crypto_internal.h
+@@ -36,9 +36,6 @@
+ 
+ extern "C" 
+ {	
+-#else // Not C++, must define bool:
+-
+-typedef unsigned int bool;
+ 
+ #endif // #ifdef __cplusplus
+ 
+@@ -106,7 +103,7 @@ void pcl_vpaes_cbc_encrypt(
+             size_t len, 
+             AES_KEY* wide_key_p, 
+             uint8_t* iv, 
+-            bool encrypt);
+            int encrypt);
+ 
+ #endif // #ifdef SE_SIM 
+ 
+-- 
+2.46.0
+
--- a/0013-Disable-inclusion-of-AESM-in-installer.patch
+++ b/0013-Disable-inclusion-of-AESM-in-installer.patch
@ -0,0 +1,81 @@
+From 820d3a2491ddc9b9b02bc9530e89bc5f5b557139 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 11 Feb 2025 14:58:58 +0000
+Subject: [PATCH 13/13] Disable inclusion of AESM in installer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Disabling AESM will allow optionally building without the
+CppMicroServices dependency
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ linux/installer/common/psw-dcap/Makefile | 27 +-----------------------
+ psw/ae/Makefile                          |  4 ++--
+ 2 files changed, 3 insertions(+), 28 deletions(-)
+
+diff --git a/linux/installer/common/psw-dcap/Makefile b/linux/installer/common/psw-dcap/Makefile
+index 5e8a8560..e8dd018b 100644
+--- a/linux/installer/common/psw-dcap/Makefile
+++ b/linux/installer/common/psw-dcap/Makefile
+@@ -147,13 +147,7 @@ post_$(1): $(1) | $(PACKAGE_ROOT_PATH)
+ 	cp -fr $$|/$$</* $(DESTDIR)/$$< ) ||:
+ endef
+ 
+-AESM_SERVICE_PKGS:= $(AESM_PCE_PACKAGE)      \
+-                    $(AESM_EPID_PACKAGE)     \
+-                    $(AESM_ECDSA_PACKAGE)    \
+-                    $(AESM_LAUNCH_PACKAGE)   \
+-                    $(AESM_QUOTE_EX_PACKAGE) \
+-                    $(AESM_SERVICE_PACKAGE)  \
+-                    $(QE3_LOGIC_PACKAGE)     \
+AESM_SERVICE_PKGS:= $(QE3_LOGIC_PACKAGE)     \
+                     $(PCE_LOGIC_PACKAGE)
+ 
+ AE_PKGS:= $(AE_EPID_PACKAGE)                 \
+@@ -197,25 +191,6 @@ PHONY+=$(foreach PKG,$(ALL_PKGS),post_$(PKG))
+ 
+ PHONY+=install_$(AESM_SERVICE_PACKAGE)
+ install_$(AESM_SERVICE_PACKAGE): $(foreach PKG,$(AESM_SERVICE_PKGS),post_$(PKG))
+-	install -d $(shell readlink -m $(DESTDIR)/$(AESM_SERVICE_PACKAGE)/$(VAR_OPT_PATH))
+-	install -d $(shell readlink -m $(DESTDIR)/$(AESM_SERVICE_PACKAGE)/$(AESMD_CONF_PATH))
+-	sed -e "s:@aesm_folder@:$(SGX_INSTALL_PATH)/$(AESM_SERVICE_PACKAGE)/aesm:"                                   \
+-		$(DESTDIR)/$(AESM_SERVICE_PACKAGE)/$(SGX_INSTALL_PATH)/$(AESM_SERVICE_PACKAGE)/aesm/$(AESMD_CONF)    \
+-		> $(DESTDIR)/$(AESM_SERVICE_PACKAGE)/$(AESMD_CONF_PATH)/$(AESMD_CONF)
+-	rm -f $(DESTDIR)/$(AESM_SERVICE_PACKAGE)/$(SGX_INSTALL_PATH)/$(AESM_SERVICE_PACKAGE)/aesm/$(AESMD_CONF)
+-	rm -f $(DESTDIR)/$(AESM_SERVICE_PACKAGE)/$(SGX_INSTALL_PATH)/$(AESM_SERVICE_PACKAGE)/aesm/$(AESMD_CONF_DEL)
+-	$(if $(wildcard $(DESTDIR)/$(AESM_SERVICE_PACKAGE)/$(SGX_INSTALL_PATH)/$(AESM_SERVICE_PACKAGE)/aesm/conf/*), \
+-		install -d $(shell readlink -m $(DESTDIR)/$(AESM_SERVICE_PACKAGE)/$(ETC_DIR))                     && \
+-		cp -fr $(DESTDIR)/$(AESM_SERVICE_PACKAGE)/$(SGX_INSTALL_PATH)/$(AESM_SERVICE_PACKAGE)/aesm/conf/*    \
+-			$(DESTDIR)/$(AESM_SERVICE_PACKAGE)/$(ETC_DIR)                                             && \
+-		rm -fr $(DESTDIR)/$(AESM_SERVICE_PACKAGE)/$(SGX_INSTALL_PATH)/$(AESM_SERVICE_PACKAGE)/aesm/conf)
+-	cd $(shell readlink -m $(DESTDIR)/$(AESM_ECDSA_PACKAGE)/$(SGX_INSTALL_PATH)/$(AESM_SERVICE_PACKAGE)/aesm) && \
+-	ln -fs $(shell readlink -m $(USR_LIB_PATH)/libsgx_qe3.signed.so.$(QE3_MAJOR_VER))                         && \
+-	ln -fs $(shell readlink -m $(USR_LIB_PATH)/libsgx_qe3.signed.so)
+-	cd $(shell readlink -m $(DESTDIR)/$(AESM_PCE_PACKAGE)/$(SGX_INSTALL_PATH)/$(AESM_SERVICE_PACKAGE)/aesm)   && \
+-	ln -fs $(shell readlink -m $(USR_LIB_PATH)/libsgx_pce.signed.so.$(PCE_MAJOR_VER))                         && \
+-	ln -fs $(shell readlink -m $(USR_LIB_PATH)/libsgx_pce.signed.so)                                          && \
+-	ln -fs liburts_internal.so libsgx_urts.so.$(URTS_MAJOR_VER)
+ 
+ PHONY+=$(RA_SERVICE_PACKAGE)
+ $(RA_SERVICE_PACKAGE): pre_$(RA_SERVICE_PACKAGE) | $(PACKAGE_ROOT_PATH)
+diff --git a/psw/ae/Makefile b/psw/ae/Makefile
+index a810d6b9..82a07af1 100644
+--- a/psw/ae/Makefile
+++ b/psw/ae/Makefile
+@@ -46,9 +46,9 @@ endif
+ 
+ .PHONY: all
+ ifeq ($(BUILD_REF_LE), 1)
+-all: $(CMAKE_RESULT) AESM REF_LE COPY_AES| $(BUILD_DIR)
+all: $(CMAKE_RESULT) REF_LE COPY_AES| $(BUILD_DIR)
+ else
+-all: $(CMAKE_RESULT) AESM COPY_AES| $(BUILD_DIR)
+all: $(CMAKE_RESULT) COPY_AES| $(BUILD_DIR)
+ endif #($(BUILD_REF_LE), 1)
+ 
+ # COPY_AES: currently copy le, qe, pve, pce, qe3
+-- 
+2.46.0
+
--- a/0100-Drop-use-of-bundled-pre-built-openssl.patch
+++ b/0100-Drop-use-of-bundled-pre-built-openssl.patch
@ -0,0 +1,192 @@
+From d70390caa01c88dd681e6ce68f850d26a33bb838 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Mon, 26 Feb 2024 12:19:51 +0000
+Subject: [PATCH 100/112] Drop use of bundled pre-built openssl
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Use pkg-config to find the host distro libcrypto library.
+Tweaked rules to dynamically link to the distro library.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ QuoteGeneration/qcnl/linux/Makefile                      | 8 +++-----
+ QuoteGeneration/qpl/linux/Makefile                       | 8 +++-----
+ QuoteVerification/buildenv.mk                            | 1 -
+ QuoteVerification/dcap_quoteverify/linux/Makefile        | 7 ++++---
+ tools/PCKCertSelection/PCKCertSelectionLib/Makefile      | 9 +++------
+ .../PCKCertSelectionLib/Makefile.static_lib              | 5 +----
+ 6 files changed, 14 insertions(+), 24 deletions(-)
+
+diff --git a/QuoteGeneration/qcnl/linux/Makefile b/QuoteGeneration/qcnl/linux/Makefile
+index f5b7be9..f043575 100644
+--- a/QuoteGeneration/qcnl/linux/Makefile
+++ b/QuoteGeneration/qcnl/linux/Makefile
+@@ -32,7 +32,6 @@
+ ######## SGX SDK Settings ########
+ TOP_DIR = ../..
+ include $(TOP_DIR)/buildenv.mk
+-PREBUILD_OPENSSL_PATH = ../../../prebuilt/openssl
+ 
+ ######## SGX CNL Library Settings ########
+ 
+@@ -45,10 +44,9 @@ CNL_Lib_Include_Paths := -I../../quote_wrapper/common/inc       \
+                          -I../../common/inc/internal            \
+                          -I../../pce_wrapper/inc                \
+                          -I../../../QuoteVerification/QVL/Src/ThirdParty/rapidjson/include/rapidjson	\
+-                         -I../../../tools/PCKCertSelection/include \
+-                         -I$(PREBUILD_OPENSSL_PATH)/inc
+                         -I../../../tools/PCKCertSelection/include
+ 
+-CNL_Lib_C_Flags := $(COMMON_FLAGS) -g -fPIC -Wno-attributes $(CNL_Lib_Include_Paths)
+CNL_Lib_C_Flags := $(COMMON_FLAGS) -g -fPIC -Wno-attributes $(CNL_Lib_Include_Paths) $(pkg-config --cflags libcrypto)
+ 
+ LDUFLAGS:= -pthread $(COMMON_LDFLAGS)
+ LDUFLAGS += -Wl,--version-script=sgx_default_qcnl.lds -Wl,--gc-sections
+@@ -60,7 +58,7 @@ CNL_Lib_Cpp_Flags+= -DSELF_SIGNED_CERT
+ endif
+ 
+ CNL_Lib_Link_Flags := $(SGX_COMMON_FLAGS) -g -L$(TOP_DIR)/build/linux -L$(SGX_SDK)/lib64 \
+-		-lpthread -ldl ../../../tools/PCKCertSelection/static_out/libPCKCertSelection.a
+		-lpthread -ldl ../../../tools/PCKCertSelection/static_out/libPCKCertSelection.a $(pkg-config --libs libcrypto)
+  
+ ifndef DEBUG
+ CNL_Lib_Cpp_Flags += -DDISABLE_TRACE
+diff --git a/QuoteGeneration/qpl/linux/Makefile b/QuoteGeneration/qpl/linux/Makefile
+index b675e72..204234c 100644
+--- a/QuoteGeneration/qpl/linux/Makefile
+++ b/QuoteGeneration/qpl/linux/Makefile
+@@ -32,7 +32,6 @@
+ ######## SGX SDK Settings ########
+ TOP_DIR  = ../..
+ include $(TOP_DIR)/buildenv.mk
+-PREBUILD_OPENSSL_PATH  = ../../../prebuilt/openssl
+ 
+ ######## SGX QPL Library Settings ########
+ 
+@@ -42,17 +41,16 @@ QPL_Lib_Cpp_Files := $(wildcard *.cpp ../*.cpp)
+ QPL_Lib_Include_Paths := -I../../quote_wrapper/common/inc       \
+                          -I../inc -I$(SGX_SDK)/include          \
+                          -I../../common/inc/internal            \
+-                         -I../../qcnl/inc                       \
+-                         -I$(PREBUILD_OPENSSL_PATH)/inc
+                         -I../../qcnl/inc
+ 
+-QPL_Lib_C_Flags := $(COMMON_FLAGS) -g -fPIC -Wno-attributes $(QPL_Lib_Include_Paths)
+QPL_Lib_C_Flags := $(COMMON_FLAGS) -g -fPIC -Wno-attributes $(QPL_Lib_Include_Paths) $(pkg-config --cflags libcrypto)
+ 
+ LDUFLAGS:= -pthread $(COMMON_LDFLAGS)
+ LDUFLAGS += -Wl,--version-script=sgx_default_quote_provider.lds -Wl,--gc-sections
+ 
+ QPL_Lib_Cpp_Flags := $(QPL_Lib_C_Flags) -std=c++11
+ 
+-QPL_Lib_Link_Flags := $(SGX_COMMON_FLAGS) -g -L$(TOP_DIR)/build/linux -L$(SGX_SDK)/lib64 -L$(PREBUILD_OPENSSL_PATH)/lib/linux64 \
+QPL_Lib_Link_Flags := $(SGX_COMMON_FLAGS) -g -L$(TOP_DIR)/build/linux -L$(SGX_SDK)/lib64 \
+         -lcrypto -lsgx_default_qcnl_wrapper -lpthread -ldl
+  
+ ifndef DEBUG
+diff --git a/QuoteVerification/buildenv.mk b/QuoteVerification/buildenv.mk
+index b25ce40..982c7d5 100644
+--- a/QuoteVerification/buildenv.mk
+++ b/QuoteVerification/buildenv.mk
+@@ -56,7 +56,6 @@ PREBUILD_PATH	        := $(DCAP_QG_DIR)/../prebuilt
+ DCAP_QV_DIR				:= $(DCAP_QG_DIR)/../QuoteVerification
+ QVL_SRC_PATH 			?= $(DCAP_QV_DIR)/QVL/Src
+ SGXSSL_PACKAGE_PATH 	?= $(DCAP_QV_DIR)/sgxssl/Linux/package
+-PREBUILD_OPENSSL_PATH	?= $(PREBUILD_PATH)/openssl
+ 
+ SGX_COMMON_CFLAGS := $(COMMON_FLAGS) -m64 -Wjump-misses-init -Wstrict-prototypes -Wunsuffixed-float-constants
+ SGX_COMMON_CXXFLAGS := $(COMMON_FLAGS) -m64 -Wnon-virtual-dtor -std=c++17
+diff --git a/QuoteVerification/dcap_quoteverify/linux/Makefile b/QuoteVerification/dcap_quoteverify/linux/Makefile
+index 9820b61..fba7f43 100644
+--- a/QuoteVerification/dcap_quoteverify/linux/Makefile
+++ b/QuoteVerification/dcap_quoteverify/linux/Makefile
+@@ -36,8 +36,8 @@ INSTALL_PATH 		?= /usr/lib/x86_64-linux-gnu
+ QVE_SRC_PATH		:= $(DCAP_QV_DIR)/QvE
+ DCAP_QPL_DIR := $(DCAP_QG_DIR)/qpl
+ 
+-QVL_LIB_INC		+= -I$(PREBUILD_OPENSSL_PATH)/inc -I$(QVE_SRC_PATH)/Include
+-QVL_PARSER_INC  += -I$(PREBUILD_OPENSSL_PATH)/inc
+QVL_LIB_INC		+= $(pkg-config --cflags libcrypto) -I$(QVE_SRC_PATH)/Include
+QVL_PARSER_INC  += $(pkg-config --cflags libcrypto)
+ QVL_VERIFY_INC	:= -I$(QVE_SRC_PATH)/Include \
+                    -I../inc \
+                    -I$(DCAP_QG_DIR)/quote_wrapper/common/inc \
+@@ -45,6 +45,7 @@ QVL_VERIFY_INC	:= -I$(QVE_SRC_PATH)/Include \
+                    -I$(DCAP_QG_DIR)/common/inc/internal \
+                    -I$(DCAP_QG_DIR)/common/inc/internal/linux \
+                    -I$(DCAP_QG_DIR)/pce_wrapper/inc \
+		   $(pkg-config --cflags libcrypto) \
+                    -I$(PREBUILD_OPENSSL_PATH)/inc \
+                    $(QVL_LIB_INC) \
+                    -I$(DCAP_QPL_DIR)/inc \
+@@ -64,7 +65,7 @@ QVL_PARSER := sgx_dcap_qvl_attestation
+ QVL_LIB_NAME := lib$(QVL_LIB).a
+ QVL_PARSER_NAME := lib$(QVL_PARSER).a
+ 
+-LDUFLAGS	:= -pthread -ldl -L. -l$(QVL_LIB) -l$(QVL_PARSER) $(COMMON_LDFLAGS) -L$(PREBUILD_OPENSSL_PATH)/lib/linux64 -lcrypto
+LDUFLAGS	:= -pthread -ldl -L. -l$(QVL_LIB) -l$(QVL_PARSER) $(COMMON_LDFLAGS) -lcrypto
+ LDUFLAGS	+= -Wl,--version-script=sgx_dcap_quoteverify.lds -Wl,--gc-sections
+ 
+ QVL_VERIFY_CPP_SRCS := $(wildcard ../*.cpp) $(wildcard *.cpp)
+diff --git a/tools/PCKCertSelection/PCKCertSelectionLib/Makefile b/tools/PCKCertSelection/PCKCertSelectionLib/Makefile
+index e0402e9..12c0d35 100644
+--- a/tools/PCKCertSelection/PCKCertSelectionLib/Makefile
+++ b/tools/PCKCertSelection/PCKCertSelectionLib/Makefile
+@@ -63,10 +63,7 @@ ifndef QG_DIR
+ endif
+ 
+ # openssl include dir
+-OPENSSL_INC 		:= $(PROJ_ROOT_DIR)/../../prebuilt/openssl/inc
+-
+-# openssl lib dir
+-OPENSSL_LIB 		:= $(PROJ_ROOT_DIR)/../../prebuilt/openssl/lib/linux64
+OPENSSL_INC 		:= $(pkg-config --cflags libcrypto)
+ 
+ # JSON parser include dir
+ JSON_INC		:= $(QVL_DIR)/ThirdParty/rapidjson/include
+@@ -116,7 +113,7 @@ LIB_CPP_OBJECTS 	:= \
+ 	$(UTILS_CPP_FILES:.cpp=.o)
+ 
+ # include paths, local, parser and openssl
+-LIB_INCLUDE_PATHS	:= -I. -I$(PROJ_ROOT_DIR)/include -I$(OPENSSL_INC) -I$(JSON_INC) -I$(PARSERS_INC) -I$(PARSERS_COMM_INC) -I$(PARSERS_DIR) -I$(VER_DIR) -I$(PARSERS_UTIL_INC)
+LIB_INCLUDE_PATHS	:= -I. -I$(PROJ_ROOT_DIR)/include $(OPENSSL_INC) -I$(JSON_INC) -I$(PARSERS_INC) -I$(PARSERS_COMM_INC) -I$(PARSERS_DIR) -I$(VER_DIR) -I$(PARSERS_UTIL_INC)
+ 
+ # the library shared object name
+ LIB_NAME		:= libPCKCertSelection.so
+@@ -136,7 +133,7 @@ C_FLAGS	:= -fPIC -fvisibility=hidden -fvisibility-inlines-hidden -Werror -Wno-ov
+ C_FLAGS += -UPCK_CERT_SELECTION_WITH_COMPONENT
+ 
+ # link flags, link openssl crypto
+-LINK_FLAGS := -shared -L$(OPENSSL_LIB) -lcrypto -lpthread -ldl
+LINK_FLAGS := -shared -lcrypto -lpthread -ldl
+ LINK_FLAGS += -Wl,--version-script=pck_cert_selection.lds -Wl,--gc-sections
+ 
+ # debug/release switch
+diff --git a/tools/PCKCertSelection/PCKCertSelectionLib/Makefile.static_lib b/tools/PCKCertSelection/PCKCertSelectionLib/Makefile.static_lib
+index a20a3cd..c8e1d01 100644
+--- a/tools/PCKCertSelection/PCKCertSelectionLib/Makefile.static_lib
+++ b/tools/PCKCertSelection/PCKCertSelectionLib/Makefile.static_lib
+@@ -118,7 +118,7 @@ LIB_CPP_OBJECTS 	:= \
+ LIB_CPP_OBJECTS := $(addprefix $(BIN_DIR)/, $(LIB_CPP_OBJECTS))
+ 
+ # include paths, local, parser and openssl
+-LIB_INCLUDE_PATHS	:= -I. -I$(PROJ_ROOT_DIR)/include -I$(OPENSSL_INC) -I$(JSON_INC) -I$(PARSERS_INC) -I$(PARSERS_COMM_INC) -I$(PARSERS_DIR) -I$(VER_DIR) -I$(PARSERS_UTIL_INC)
+LIB_INCLUDE_PATHS	:= -I. -I$(PROJ_ROOT_DIR)/include $(pkg-config --cflags libcrypto) -I$(JSON_INC) -I$(PARSERS_INC) -I$(PARSERS_COMM_INC) -I$(PARSERS_DIR) -I$(VER_DIR) -I$(PARSERS_UTIL_INC)
+ 
+ # the library shared object name
+ LIB_NAME		:= libPCKCertSelection.a
+@@ -197,9 +197,6 @@ $(BIN_DIR)/%.o: $(UTILS_DIR)/%.cpp
+ $(LIB_NAME): $(LIB_CPP_OBJECTS)
+ 	$(PCKCERTSEL_VERBOSE)echo "Archiving..."
+ 	$(PCKCERTSEL_VERBOSE)$(AR) -rcs $(BIN_DIR)/$@ $^
+-	$(PCKCERTSEL_VERBOSE)@$(MKDIR) $(BIN_DIR)/.libcrypto
+-	$(PCKCERTSEL_VERBOSE)@$(RM) -f $(BIN_DIR)/.libcrypto/* && cd $(BIN_DIR)/.libcrypto && $(AR) x $(OPENSSL_LIB)/libcrypto.a
+-	$(PCKCERTSEL_VERBOSE)$(AR) qD $(BIN_DIR)/$@ $(BIN_DIR)/.libcrypto/*.o
+ 
+ debug:
+ 	$(PCKCERTSEL_VERBOSE)$(MAKE) DEBUG=1 all
+-- 
+2.46.0
+
--- a/0101-Improve-debuggability-of-build-system.patch
+++ b/0101-Improve-debuggability-of-build-system.patch
@ -0,0 +1,118 @@
+From 015be80fb831f9fe5f364f82448acbd0c998df95 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Fri, 1 Mar 2024 12:05:01 +0000
+Subject: [PATCH 101/112] Improve debuggability of build system
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Preserve make args by using $(MAKE).
+Don't hide commands that are run, so compiler flags are visible.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ QuoteGeneration/qcnl/linux/Makefile           |  2 +-
+ .../dcap_quoteverify/linux/Makefile           | 28 +++++++++----------
+ 2 files changed, 15 insertions(+), 15 deletions(-)
+
+diff --git a/QuoteGeneration/qcnl/linux/Makefile b/QuoteGeneration/qcnl/linux/Makefile
+index f043575..bfe9c61 100644
+--- a/QuoteGeneration/qcnl/linux/Makefile
+++ b/QuoteGeneration/qcnl/linux/Makefile
+@@ -113,7 +113,7 @@ $(CNL_Lib_Name_Static): $(CNL_Lib_Cpp_Objects) $(CNL_Lib_C_Objects) $(PCK_Select
+ 	$(AR) rsD $(CNL_Lib_Name_Static) $(CNL_Lib_Cpp_Objects) $(CNL_Lib_C_Objects) $(PCK_Selection_Cpp_Objects)
+ 
+ $(PCK_Selection_Lib_Static):
+-	make -C ../../../tools/PCKCertSelection/PCKCertSelectionLib -f Makefile.static_lib
+	$(MAKE) -C ../../../tools/PCKCertSelection/PCKCertSelectionLib -f Makefile.static_lib VERBOSE=1
+ force_look:
+ 	true
+ 
+diff --git a/QuoteVerification/dcap_quoteverify/linux/Makefile b/QuoteVerification/dcap_quoteverify/linux/Makefile
+index fba7f43..5979699 100644
+--- a/QuoteVerification/dcap_quoteverify/linux/Makefile
+++ b/QuoteVerification/dcap_quoteverify/linux/Makefile
+@@ -107,13 +107,13 @@ $(BUILD_DIR):
+ 	@$(MKDIR) $@
+ 
+ install_lib: $(QVL_VERIFY_LIB_NAME_Dynamic) | $(BUILD_DIR)
+-	@$(CP) $(QVL_VERIFY_LIB_NAME_Dynamic) $|/$(QVL_VERIFY_LIB_NAME_Dynamic_Full)
+-	@$(LN) $(QVL_VERIFY_LIB_NAME_Dynamic_Full) $|/$(QVL_VERIFY_LIB_NAME_Dynamic_Major)
+-	@$(LN) $(QVL_VERIFY_LIB_NAME_Dynamic_Major) $|/$(QVL_VERIFY_LIB_NAME_Dynamic)
+	$(CP) $(QVL_VERIFY_LIB_NAME_Dynamic) $|/$(QVL_VERIFY_LIB_NAME_Dynamic_Full)
+	$(LN) $(QVL_VERIFY_LIB_NAME_Dynamic_Full) $|/$(QVL_VERIFY_LIB_NAME_Dynamic_Major)
+	$(LN) $(QVL_VERIFY_LIB_NAME_Dynamic_Major) $|/$(QVL_VERIFY_LIB_NAME_Dynamic)
+ 	$(CP) $(PREBUILD_PATH)/opa_bin/policy.wasm $|/tee_appraisal_policy.wasm
+ 
+ ifeq ($(GEN_STATIC),1)
+-	@$(MAKE) $(QVL_VERIFY_LIB_NAME_Static)
+	$(MAKE) $(QVL_VERIFY_LIB_NAME_Static)
+ 	@$(CP) $(QVL_VERIFY_LIB_NAME_Static) $|
+ endif
+ 
+@@ -123,13 +123,13 @@ run: all
+ ######## QVL Library Objects ########
+ 
+ qve_u.h: $(SGX_EDGER8R) $(QVE_SRC_PATH)/Enclave/qve.edl
+-	@$(SGX_EDGER8R) --untrusted $(QVE_SRC_PATH)/Enclave/qve.edl --search-path $(QVE_SRC_PATH)/Enclave --search-path $(SGX_SDK)/include
+	$(SGX_EDGER8R) --untrusted $(QVE_SRC_PATH)/Enclave/qve.edl --search-path $(QVE_SRC_PATH)/Enclave --search-path $(SGX_SDK)/include
+ 	@echo "GEN  =>  $@"
+ 
+ qve_u.c : qve_u.h
+ 
+ $(QVL_VERIFY_C_OBJS): %.o: %.c qve_u.c
+-	@$(CC) $(SGX_COMMON_CFLAGS) $(QVL_VERIFY_INC) -c $< -o $@
+	$(CC) $(SGX_COMMON_CFLAGS) $(QVL_VERIFY_INC) -c $< -o $@
+ 	@echo "CC  <=  $<"
+ 
+ -include $(QPL_BASE64_CPP_DEP)
+@@ -143,30 +143,30 @@ ec_key.o: $(DCAP_QV_DIR)/appraisal/common/ec_key.cpp
+ 	@echo "CXX  <=  $<"
+ 
+ $(QVL_VERIFY_CPP_OBJS): %.o: %.cpp qve_u.h
+-	@$(CXX) $(SGX_COMMON_CXXFLAGS) $(QVL_VERIFY_INC) -c $< -o $@
+	$(CXX) $(SGX_COMMON_CXXFLAGS) $(QVL_VERIFY_INC) -c $< -o $@
+ 	@echo "CXX  <=  $<"
+ 
+ $(QVL_VERIFY_CPP_OBJS_STATIC): %_s.o: %.cpp qve_u.h
+-	@$(CXX) -DGEN_STATIC $(SGX_COMMON_CXXFLAGS) $(QVL_VERIFY_INC) -c $< -o $@
+	$(CXX) -DGEN_STATIC $(SGX_COMMON_CXXFLAGS) $(QVL_VERIFY_INC) -c $< -o $@
+ 	@echo "CXX  <=  $<"
+ 
+ $(QVE_CPP_OBJ): $(QVE_CPP_SRC)
+-	@$(CXX) $(SGX_COMMON_CXXFLAGS) $(QVL_VERIFY_INC) -c $< -o $(QVE_CPP_OBJ)
+	$(CXX) $(SGX_COMMON_CXXFLAGS) $(QVL_VERIFY_INC) -c $< -o $(QVE_CPP_OBJ)
+ 	@echo "CXX  <=  $<"
+ 
+ $(QVL_LIB_OBJS): %_untrusted.o: %.cpp
+-	@$(CXX) $(SGX_COMMON_CXXFLAGS) $(QVL_LIB_INC) -c $< -o $@
+	$(CXX) $(SGX_COMMON_CXXFLAGS) $(QVL_LIB_INC) -c $< -o $@
+ 	@echo "CXX  <=  $<"
+ 
+ $(QVL_PARSER_OBJS): %_untrusted.o: %.cpp
+-	@$(CXX) $(SGX_COMMON_CXXFLAGS) $(QVL_PARSER_INC) -c $< -o $@
+	$(CXX) $(SGX_COMMON_CXXFLAGS) $(QVL_PARSER_INC) -c $< -o $@
+ 	@echo "CXX  <=  $<"
+ 
+ $(QVL_LIB_NAME): $(QVL_LIB_OBJS)
+-	@$(AR) rsD $(QVL_LIB_NAME) $(QVL_LIB_OBJS)
+	$(AR) rsD $(QVL_LIB_NAME) $(QVL_LIB_OBJS)
+ 
+ $(QVL_PARSER_NAME): $(QVL_PARSER_OBJS)
+-	@$(AR) rsD $(QVL_PARSER_NAME) $(QVL_PARSER_OBJS)
+	$(AR) rsD $(QVL_PARSER_NAME) $(QVL_PARSER_OBJS)
+ 
+ 
+ $(QVL_VERIFY_LIB_NAME_Dynamic): $(QVL_VERIFY_CPP_OBJS) $(QVL_VERIFY_C_OBJS) $(QVE_CPP_OBJ) $(QVL_LIB_NAME) $(QVL_PARSER_NAME) $(QVL_LIB_COMMON_OBJS) qal
+@@ -174,7 +174,7 @@ $(QVL_VERIFY_LIB_NAME_Dynamic): $(QVL_VERIFY_CPP_OBJS) $(QVL_VERIFY_C_OBJS) $(QV
+ 	@ln -sf $(QVL_VERIFY_LIB_NAME_Dynamic) $(QVL_VERIFY_LIB_NAME_Dynamic).1
+ 
+ $(QVL_VERIFY_LIB_NAME_Static): $(QVL_VERIFY_CPP_OBJS_STATIC) $(QVL_VERIFY_C_OBJS) $(QVE_CPP_OBJ) $(QVL_LIB_NAME) $(QVL_PARSER_NAME) $(QVL_LIB_COMMON_OBJS)
+-	@$(AR) rsD $(QVL_VERIFY_LIB_NAME_Static) $(QVL_VERIFY_CPP_OBJS_STATIC) $(QVL_VERIFY_C_OBJS) $(QVE_CPP_OBJ) $(QVL_LIB_COMMON_OBJS)
+	$(AR) rsD $(QVL_VERIFY_LIB_NAME_Static) $(QVL_VERIFY_CPP_OBJS_STATIC) $(QVL_VERIFY_C_OBJS) $(QVE_CPP_OBJ) $(QVL_LIB_COMMON_OBJS)
+ 
+ .PHONY: qal
+ qal: 
+-- 
+2.46.0
+
--- a/0102-Support-build-time-setting-of-enclave-load-directory.patch
+++ b/0102-Support-build-time-setting-of-enclave-load-directory.patch
@ -0,0 +1,263 @@
+From 6433514bb00f1fe166cb99a2b3a0bb979bb11fbd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Mon, 26 Feb 2024 12:19:51 +0000
+Subject: [PATCH 102/112] Support build time setting of enclave load directory
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The current code for loading enclaves (pce, id_enclave, qe3, tdqe, qve)
+tries to find the enclave file in the directory of the currently
+loaded library (as reported by dladdr), or in the directory of the
+current executable (as reported by /proc/self/exe).
+
+Neither of these approaches is sufficiently flexible to work with
+all Linux distro filesystem layout policies. In particular distros
+may desire to have a specific directory location exclusively for
+the shipping of enclaves, separate from any native libraries or
+executables.
+
+This introduces support for an "SGX_ENCLAVE_PATH" variable in the
+makefiles, which is used to define an SGX_ENCLAVE_PATH symbol in
+code.
+
+By default SGX_ENCLAVE_PATH path will get defined to an empty
+string at the C level and so current code behaviour will not
+be changed.
+
+If this is set though, then it will be used to locate the enclaves,
+with no fallback to searching relative to the library or binary.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ QuoteGeneration/pce_wrapper/linux/Makefile           |  2 +-
+ QuoteGeneration/pce_wrapper/pce_wrapper.cpp          |  9 +++++++++
+ QuoteGeneration/quote_wrapper/quote/linux/Makefile   |  2 +-
+ QuoteGeneration/quote_wrapper/quote/qe_logic.cpp     |  9 +++++++++
+ .../quote_wrapper/tdx_quote/linux/Makefile           |  2 +-
+ .../quote_wrapper/tdx_quote/td_ql_logic.cpp          |  8 ++++++++
+ QuoteVerification/appraisal/qal/Makefile             |  2 +-
+ QuoteVerification/appraisal/qal/qae_wrapper.cpp      | 10 +++++++++-
+ QuoteVerification/dcap_quoteverify/linux/Makefile    |  2 +-
+ .../dcap_quoteverify/linux/qve_parser.cpp            |  8 ++++++++
+ tools/PCKRetrievalTool/App/utility.cpp               | 12 +++++++++++-
+ tools/PCKRetrievalTool/Makefile                      |  2 +-
+ 12 files changed, 60 insertions(+), 8 deletions(-)
+
+diff --git a/QuoteGeneration/pce_wrapper/linux/Makefile b/QuoteGeneration/pce_wrapper/linux/Makefile
+index debcb41..7ceaaea 100644
+--- a/QuoteGeneration/pce_wrapper/linux/Makefile
+++ b/QuoteGeneration/pce_wrapper/linux/Makefile
+@@ -40,7 +40,7 @@ INCLUDE += -I$(ROOT_DIR)/ae/common \
+            -I$(ROOT_DIR)/ae/inc    \
+            -I$(ROOT_DIR)/ae/inc/internal
+ 
+-CXXFLAGS += -fPIC -Werror -g
+CXXFLAGS += -fPIC -Werror -g -DSGX_ENCLAVE_PATH="\"$(SGX_ENCLAVE_PATH)\""
+ 
+ CFLAGS += -fPIC -Werror -g
+ Link_Flags := $(SGX_COMMON_CFLAGS) -L$(ROOT_DIR)/build/linux -L$(SGX_SDK)/lib64 -lsgx_urts -lpthread -ldl
+diff --git a/QuoteGeneration/pce_wrapper/pce_wrapper.cpp b/QuoteGeneration/pce_wrapper/pce_wrapper.cpp
+index 1b362da..a940d8b 100644
+--- a/QuoteGeneration/pce_wrapper/pce_wrapper.cpp
+++ b/QuoteGeneration/pce_wrapper/pce_wrapper.cpp
+@@ -112,6 +112,15 @@ bool get_pce_path(
+         p_file_path[buf_size - 1] = '\0';  //null terminate the string
+         return true;
+     }
+    else if (*SGX_ENCLAVE_PATH)
+    {
+        if ((strlen(SGX_ENCLAVE_PATH) + 1 + strlen(PCE_ENCLAVE_NAME) + 1) > buf_size) {
+            return false;
+        }
+        strcpy(p_file_path, SGX_ENCLAVE_PATH);
+        strcat(p_file_path, "/");
+        strcat(p_file_path, PCE_ENCLAVE_NAME);
+    }
+     else if(0 != dladdr(__builtin_return_address(0), &dl_info) &&
+         NULL != dl_info.dli_fname)
+     {
+diff --git a/QuoteGeneration/quote_wrapper/quote/linux/Makefile b/QuoteGeneration/quote_wrapper/quote/linux/Makefile
+index c50fdb3..7d0b398 100644
+--- a/QuoteGeneration/quote_wrapper/quote/linux/Makefile
+++ b/QuoteGeneration/quote_wrapper/quote/linux/Makefile
+@@ -51,7 +51,7 @@ Quote_Include_Paths := -I$(SGX_SDK)/include -I../inc -I../../common/inc -I./ -I.
+ 
+ Quote_C_Flags := $(COMMON_FLAGS) -g -fPIC -Wno-attributes $(Quote_Include_Paths)
+ 
+-Quote_Cpp_Flags := $(Quote_C_Flags) -std=c++11
+Quote_Cpp_Flags := $(Quote_C_Flags) -std=c++11 -DSGX_ENCLAVE_PATH="\"$(SGX_ENCLAVE_PATH)\""
+ Quote_Link_Flags := $(COMMON_FLAGS) -g -L$(ROOT_DIR)/build/linux -L$(SGX_SDK)/lib64 -lsgx_urts -lpthread -ldl
+ 
+ ifndef DEBUG
+diff --git a/QuoteGeneration/quote_wrapper/quote/qe_logic.cpp b/QuoteGeneration/quote_wrapper/quote/qe_logic.cpp
+index 783c27f..0d81066 100644
+--- a/QuoteGeneration/quote_wrapper/quote/qe_logic.cpp
+++ b/QuoteGeneration/quote_wrapper/quote/qe_logic.cpp
+@@ -573,6 +573,15 @@ get_qe_path(const TCHAR *p_file_name,
+         p_file_path[buf_size - 1] = '\0';  //null terminate the string
+         return true;
+     }
+    else if (*SGX_ENCLAVE_PATH)
+    {
+        if ((strlen(SGX_ENCLAVE_PATH) + 1 + strlen(p_file_name) + 1) > buf_size) {
+            return false;
+        }
+        strcpy(p_file_path, SGX_ENCLAVE_PATH);
+        strcat(p_file_path, "/");
+        strcat(p_file_path, p_file_name);
+    }
+     else if(0 != dladdr(__builtin_return_address(0), &dl_info) &&
+         NULL != dl_info.dli_fname)
+     {
+diff --git a/QuoteGeneration/quote_wrapper/tdx_quote/linux/Makefile b/QuoteGeneration/quote_wrapper/tdx_quote/linux/Makefile
+index 61ad7f3..fc5bd20 100644
+--- a/QuoteGeneration/quote_wrapper/tdx_quote/linux/Makefile
+++ b/QuoteGeneration/quote_wrapper/tdx_quote/linux/Makefile
+@@ -56,7 +56,7 @@ Quote_Include_Paths := -I$(SGX_SDK)/include -I../inc -I../../common/inc -I./ \
+ 
+ Quote_C_Flags := $(CFLAGS) -g -MMD -fPIC -Wno-attributes $(Quote_Include_Paths)
+ 
+-Quote_Cpp_Flags := $(CXXFLAGS) -g -MMD -fPIC -Wno-attributes $(Quote_Include_Paths)
+Quote_Cpp_Flags := $(CXXFLAGS) -g -MMD -fPIC -Wno-attributes $(Quote_Include_Paths) -DSGX_ENCLAVE_PATH="\"$(SGX_ENCLAVE_PATH)\""
+ Quote_Link_Flags := $(COMMON_LDFLAGS) -g -L$(ROOT_DIR)/build/linux \
+                     -L$(PCE_Library_Dir) -lsgx_pce_logic -L$(SGX_SDK)/lib64 \
+ 					-lsgx_urts -lpthread -ldl
+diff --git a/QuoteGeneration/quote_wrapper/tdx_quote/td_ql_logic.cpp b/QuoteGeneration/quote_wrapper/tdx_quote/td_ql_logic.cpp
+index dbbe2af..a57e082 100644
+--- a/QuoteGeneration/quote_wrapper/tdx_quote/td_ql_logic.cpp
+++ b/QuoteGeneration/quote_wrapper/tdx_quote/td_ql_logic.cpp
+@@ -403,6 +403,14 @@ bool tee_att_config_t::get_qe_path(tee_att_ae_type_t type,
+         p_file_path[len] = '\0';  //null terminate the string
+         return true;
+     }
+    else if (*SGX_ENCLAVE_PATH) {
+        if ((strlen(SGX_ENCLAVE_PATH) + 1 + strlen(p_file_name) + 1) > buf_size) {
+            return false;
+        }
+        strcpy(p_file_path, SGX_ENCLAVE_PATH);
+        strcat(p_file_path, "/");
+        strcat(p_file_path, p_file_name);
+    }
+     else if(0 != dladdr(__builtin_return_address(0), &dl_info) &&
+         NULL != dl_info.dli_fname)
+     {
+diff --git a/QuoteVerification/appraisal/qal/Makefile b/QuoteVerification/appraisal/qal/Makefile
+index 139848a..c63c1e0 100644
+--- a/QuoteVerification/appraisal/qal/Makefile
+++ b/QuoteVerification/appraisal/qal/Makefile
+@@ -49,7 +49,7 @@ QAL_Include_Path := -I./ \
+                 -I../common/ \
+                 -I$(RAPIDJSON_DIR)/
+ 
+-QAL_Cpp_Flags := $(CXXFLAGS) -g -fPIC $(QAL_Include_Path)
+QAL_Cpp_Flags := $(CXXFLAGS) -g -fPIC $(QAL_Include_Path) -DSGX_ENCLAVE_PATH="\"$(SGX_ENCLAVE_PATH)\""
+ QAL_C_Flags := $(CFLAGS) -g -fPIC $(QAL_Include_Path)
+ 
+ QAL_Link_Flags := $(COMMON_LDFLAGS) -L$(WARM_Lib_Path) -lvmlib  -ldl -lm -lpthread \
+diff --git a/QuoteVerification/appraisal/qal/qae_wrapper.cpp b/QuoteVerification/appraisal/qal/qae_wrapper.cpp
+index 6321611..9597c52 100644
+--- a/QuoteVerification/appraisal/qal/qae_wrapper.cpp
+++ b/QuoteVerification/appraisal/qal/qae_wrapper.cpp
+@@ -101,6 +101,14 @@ static bool get_qae_path(
+         p_file_path[buf_size - 1] = '\0'; // null terminate the string
+         return true;
+     }
+    else if (*SGX_ENCLAVE_PATH)
+    {
+        if ((strlen(SGX_ENCLAVE_PATH) + 1 + 1) > buf_size) {
+            return false;
+        }
+        (void)strcpy(p_file_path, SGX_ENCLAVE_PATH);
+        (void)strcat(p_file_path, "/");
+    }
+     else if (0 != dladdr(__builtin_return_address(0), &dl_info) &&
+              NULL != dl_info.dli_fname)
+     {
+@@ -360,4 +368,4 @@ quote3_error_t ecall_authenticate_policy_owner(sgx_enclave_id_t eid,
+             retval = SGX_QL_ERROR_UNEXPECTED;
+     }
+     return retval;
+-}
+\ No newline at end of file
+}
+diff --git a/QuoteVerification/dcap_quoteverify/linux/Makefile b/QuoteVerification/dcap_quoteverify/linux/Makefile
+index 5979699..c9f11a0 100644
+--- a/QuoteVerification/dcap_quoteverify/linux/Makefile
+++ b/QuoteVerification/dcap_quoteverify/linux/Makefile
+@@ -55,7 +55,7 @@ QVL_VERIFY_INC	:= -I$(QVE_SRC_PATH)/Include \
+ QPL_BASE64_CPP_DEP	:= $(DCAP_QPL_DIR)/sgx_base64.d
+ 
+ SGX_COMMON_CFLAGS	+= -g -fPIC -Wno-attributes -USGX_TRUSTED
+-SGX_COMMON_CXXFLAGS	+= -g -fPIC -USGX_TRUSTED
+SGX_COMMON_CXXFLAGS	+= -g -fPIC -USGX_TRUSTED -DSGX_ENCLAVE_PATH="\"$(SGX_ENCLAVE_PATH)\""
+ 
+ QVL_LIB_OBJS := $(QVL_LIB_FILES:.cpp=_untrusted.o)
+ QVL_PARSER_OBJS := $(QVL_PARSER_FILES:.cpp=_untrusted.o)
+diff --git a/QuoteVerification/dcap_quoteverify/linux/qve_parser.cpp b/QuoteVerification/dcap_quoteverify/linux/qve_parser.cpp
+index d3d4353..2f8f581 100644
+--- a/QuoteVerification/dcap_quoteverify/linux/qve_parser.cpp
+++ b/QuoteVerification/dcap_quoteverify/linux/qve_parser.cpp
+@@ -88,6 +88,14 @@ bool get_qve_path(
+         p_file_path[buf_size - 1] = '\0';  //null terminate the string
+         return true;
+     }
+    else if (*SGX_ENCLAVE_PATH)
+    {
+        if ((strlen(SGX_ENCLAVE_PATH) + 1 + 1) > buf_size) {
+            return false;
+        }
+        (void)strcpy(p_file_path, SGX_ENCLAVE_PATH);
+        (void)strcat(p_file_path, "/");
+    }
+     else if(0 != dladdr(__builtin_return_address(0), &dl_info) &&
+         NULL != dl_info.dli_fname)
+     {
+diff --git a/tools/PCKRetrievalTool/App/utility.cpp b/tools/PCKRetrievalTool/App/utility.cpp
+index b2c9307..d77a6eb 100644
+--- a/tools/PCKRetrievalTool/App/utility.cpp
+++ b/tools/PCKRetrievalTool/App/utility.cpp
+@@ -235,9 +235,9 @@ bool load_enclave(const char* enclave_name, sgx_enclave_id_t* p_eid)
+     char enclave_path[MAX_PATH] = "";
+ #endif
+ 
+#if defined(_MSC_VER)
+     if (!get_program_path(enclave_path, MAX_PATH - 1))
+         return false;
+-#if defined(_MSC_VER)    
+     if (_tcsnlen(enclave_path, MAX_PATH) + _tcsnlen(enclave_name, MAX_PATH) + sizeof(char) > MAX_PATH)
+         return false;
+     (void)_tcscat_s(enclave_path, MAX_PATH, enclave_name);
+@@ -248,6 +248,16 @@ bool load_enclave(const char* enclave_name, sgx_enclave_id_t* p_eid)
+     sgx_create_enclave_func_t p_sgx_create_enclave = (sgx_create_enclave_func_t)FINDFUNCTIONSYM(sgx_urts_handle, "sgx_create_enclavea");
+ #endif
+ #else
+    if (*SGX_ENCLAVE_PATH) {
+        if ((strlen(SGX_ENCLAVE_PATH) + 1 + 1) > MAX_PATH) {
+            return false;
+        }
+        (void)strcpy(enclave_path, SGX_ENCLAVE_PATH);
+        (void)strcat(enclave_path, "/");
+    } else {
+        if (!get_program_path(enclave_path, MAX_PATH - 1))
+            return false;
+    }
+     if (strnlen(enclave_path, MAX_PATH) + strnlen(enclave_name, MAX_PATH) + sizeof(char) > MAX_PATH)
+         return false;
+     (void)strncat(enclave_path, enclave_name, strnlen(enclave_name, MAX_PATH));
+diff --git a/tools/PCKRetrievalTool/Makefile b/tools/PCKRetrievalTool/Makefile
+index d9c2bac..1065949 100644
+--- a/tools/PCKRetrievalTool/Makefile
+++ b/tools/PCKRetrievalTool/Makefile
+@@ -108,7 +108,7 @@ App_Include_Paths += -I ../../QuoteGeneration/ae/inc/internal -I ../SGXPlatformR
+ 
+ App_C_Flags := $(COMMON_FLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
+ 
+-App_Cpp_Flags := $(App_C_Flags) -std=c++11
+App_Cpp_Flags := $(App_C_Flags) -std=c++11 -DSGX_ENCLAVE_PATH="\"$(SGX_ENCLAVE_PATH)\""
+ App_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,-z,relro,-z,now,-z,noexecstack
+ App_Link_Flags +=  -lcurl -ldl -lpthread
+ ifeq ($(STANDALONE), 1)
+-- 
+2.46.0
+
--- a/0103-Look-for-versioned-sgx_urts-library-in-PCKRetrievalT.patch
+++ b/0103-Look-for-versioned-sgx_urts-library-in-PCKRetrievalT.patch
@ -0,0 +1,44 @@
+From f91fe574c57080ca8818473c8f140f555fbafaf7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 27 Feb 2024 15:46:41 +0000
+Subject: [PATCH 103/112] Look for versioned sgx_urts library in
+ PCKRetrievalTool
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Other code is already looking for the versioned library soname,
+so switch to that for PCKRetrievalTool too. The unversioned
+library is typically only installed by -devel packages, not the
+runtime package.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ tools/PCKRetrievalTool/App/utility.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tools/PCKRetrievalTool/App/utility.cpp b/tools/PCKRetrievalTool/App/utility.cpp
+index d77a6eb..d195717 100644
+--- a/tools/PCKRetrievalTool/App/utility.cpp
+++ b/tools/PCKRetrievalTool/App/utility.cpp
+@@ -82,7 +82,7 @@ typedef sgx_status_t (SGXAPI *sgx_create_enclave_func_t)(const LPCSTR file_name,
+ #else
+ #define PCE_ENCLAVE_NAME  "libsgx_pce.signed.so.1"
+ #define ID_ENCLAVE_NAME   "libsgx_id_enclave.signed.so.1"
+-#define SGX_URTS_LIBRARY "libsgx_urts.so"             
+#define SGX_URTS_LIBRARY "libsgx_urts.so.2"
+ #define SGX_MULTI_PACKAGE_AGENT_UEFI_LIBRARY "libmpa_uefi.so.1"
+ #define FINDFUNCTIONSYM   dlsym
+ #define CLOSELIBRARYHANDLE  dlclose
+@@ -204,7 +204,7 @@ bool get_urts_library_handle()
+ #else
+     sgx_urts_handle = dlopen(SGX_URTS_LIBRARY, RTLD_LAZY);
+     if (sgx_urts_handle == NULL) {
+-        printf("ERROR: didn't find the sgx_urts.so library, please make sure you have installed sgx_urts installer package. \n");
+        printf("ERROR: didn't find the " SGX_URTS_LIBRARY " library, please make sure you have installed sgx_urts installer package. \n");
+         return false;
+     }
+ #endif
+-- 
+2.46.0
+
--- a/0104-Don-t-import-pypac-in-pccsadmin.patch
+++ b/0104-Don-t-import-pypac-in-pccsadmin.patch
@ -0,0 +1,33 @@
+From 56067e04cecad42779a42420f8acbf2635481f67 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 27 Feb 2024 20:28:24 +0000
+Subject: [PATCH 104/112] Don't import pypac in pccsadmin
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The code only uses the pypac module when executing on Windows
+hosts. It should not be imported when packaged for Linux
+environments to avoid a redundant python dependency.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ tools/PccsAdminTool/lib/intelsgx/pcs.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/PccsAdminTool/lib/intelsgx/pcs.py b/tools/PccsAdminTool/lib/intelsgx/pcs.py
+index 9f1d224..af1e78e 100644
+--- a/tools/PccsAdminTool/lib/intelsgx/pcs.py
+++ b/tools/PccsAdminTool/lib/intelsgx/pcs.py
+@@ -5,7 +5,7 @@ import json
+ import binascii
+ from urllib import parse
+ from OpenSSL import crypto
+-from pypac import PACSession
+#from pypac import PACSession
+ from platform import system
+ from lib.intelsgx.credential import Credentials
+ from requests.adapters import HTTPAdapter
+-- 
+2.46.0
+
--- a/0105-Look-for-PCKRetrievalTool-config-file-in-etc.patch
+++ b/0105-Look-for-PCKRetrievalTool-config-file-in-etc.patch
@ -0,0 +1,43 @@
+From ec86bb174a3ba05adebbfa9e58d0d3a24888d5dd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Thu, 29 Feb 2024 14:21:36 +0000
+Subject: [PATCH 105/112] Look for PCKRetrievalTool config file in /etc/
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Looking for config files in the same directory as the binary is
+inappropriate.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ tools/PCKRetrievalTool/App/linux/network_wrapper.cpp | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/tools/PCKRetrievalTool/App/linux/network_wrapper.cpp b/tools/PCKRetrievalTool/App/linux/network_wrapper.cpp
+index e423f38..36f219b 100644
+--- a/tools/PCKRetrievalTool/App/linux/network_wrapper.cpp
+++ b/tools/PCKRetrievalTool/App/linux/network_wrapper.cpp
+@@ -219,7 +219,8 @@ static void network_configuration(string &url, string &proxy_type, string &proxy
+ {
+     //firstly read local configuration File
+     char local_configuration_file_path[MAX_PATH] = "";
+-    bool ret = get_program_path(local_configuration_file_path, MAX_PATH -1);
+    bool ret = true;
+    strcpy(local_configuration_file_path, "/etc/PCKIDRetrievalTool/");
+     if (ret) {
+         if(strnlen(local_configuration_file_path ,MAX_PATH)+strnlen(LOCAL_NETWORK_SETTING,MAX_PATH)+sizeof(char) > MAX_PATH) {
+             ret = false;
+@@ -378,7 +379,8 @@ network_post_error_t network_https_post(const uint8_t* raw_data, const uint32_t
+ 
+ bool is_server_url_available() {
+     char local_configuration_file_path[MAX_PATH] = "";
+-    bool ret = get_program_path(local_configuration_file_path, MAX_PATH -1);
+    bool ret = true;
+    strcpy(local_configuration_file_path, "/etc/PCKIDRetrievalTool/");
+     if (ret) {
+         if(strnlen(local_configuration_file_path ,MAX_PATH)+strnlen(LOCAL_NETWORK_SETTING,MAX_PATH)+sizeof(char) > MAX_PATH) {
+             return false;
+-- 
+2.46.0
+
--- a/0107-qgs-add-space-between-program-name-first-arg-in-usag.patch
+++ b/0107-qgs-add-space-between-program-name-first-arg-in-usag.patch
@ -0,0 +1,39 @@
+From 17fa2fd409f228623f4b86f5997e74cb43f3bd2f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Thu, 3 Oct 2024 14:42:29 +0100
+Subject: [PATCH 107/112] qgs: add space between program name & first arg in
+ usage
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ QuoteGeneration/quote_wrapper/qgs/server_main.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/QuoteGeneration/quote_wrapper/qgs/server_main.cpp b/QuoteGeneration/quote_wrapper/qgs/server_main.cpp
+index 478dbfe..3618b5a 100644
+--- a/QuoteGeneration/quote_wrapper/qgs/server_main.cpp
+++ b/QuoteGeneration/quote_wrapper/qgs/server_main.cpp
+@@ -75,7 +75,7 @@ int main(int argc, const char* argv[])
+     unsigned long int num_threads = 0;
+     char *endptr = NULL;
+     if (argc > 4) {
+-        cout << "Usage: " << argv[0] << "[--no-daemon] [-p=port_number] [-n=number_threads]"
+        cout << "Usage: " << argv[0] << " [--no-daemon] [-p=port_number] [-n=number_threads]"
+              << endl;
+         exit(1);
+     }
+@@ -114,7 +114,7 @@ int main(int argc, const char* argv[])
+             cout << "thread number [" << num_threads << "] found in cmdline" << endl;
+             continue;
+         } else {
+-            cout << "Usage: " << argv[0] << "[--no-daemon] [-p=port_number] [-n=number_threads]"
+            cout << "Usage: " << argv[0] << " [--no-daemon] [-p=port_number] [-n=number_threads]"
+                 << endl;
+             exit(1);
+         }
+-- 
+2.46.0
+
--- a/0108-qgs-protect-against-format-strings-in-QL-log-message.patch
+++ b/0108-qgs-protect-against-format-strings-in-QL-log-message.patch
@ -0,0 +1,39 @@
+From 3f9b4a9fbce0e29f33680fffa881f67ab31d4bb3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Fri, 4 Oct 2024 09:43:17 +0100
+Subject: [PATCH 108/112] qgs: protect against format strings in QL log
+ messages
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The sgx_proc_log_report() method takes a format string and
+var-args. It is unsafe to accept a non-const string from
+the QL library and pass it to sgx_proc_log_report(), as the
+log message may contain format strings from user data.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ QuoteGeneration/quote_wrapper/qgs/qgs_ql_logic.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/QuoteGeneration/quote_wrapper/qgs/qgs_ql_logic.cpp b/QuoteGeneration/quote_wrapper/qgs/qgs_ql_logic.cpp
+index 77838c3..1e97b58 100644
+--- a/QuoteGeneration/quote_wrapper/qgs/qgs_ql_logic.cpp
+++ b/QuoteGeneration/quote_wrapper/qgs/qgs_ql_logic.cpp
+@@ -50,10 +50,10 @@ typedef quote3_error_t (*sgx_ql_set_logging_callback_t)(sgx_ql_logging_callback_
+ 
+ void sgx_ql_logging_callback(sgx_ql_log_level_t level, const char *message) {
+     if (level == SGX_QL_LOG_ERROR) {
+-        sgx_proc_log_report(1, message);
+        sgx_proc_log_report(1, "%s", message);
+ 
+     } else if (level == SGX_QL_LOG_INFO) {
+-        sgx_proc_log_report(3, message);
+        sgx_proc_log_report(3, "%s", message);
+     }
+ }
+ 
+-- 
+2.46.0
+
--- a/0109-qgs-add-debug-parameter-to-control-logging.patch
+++ b/0109-qgs-add-debug-parameter-to-control-logging.patch
@ -0,0 +1,129 @@
+From b2a17ca9e38c8d81bcc1fedefd92c59721b2de75 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Thu, 3 Oct 2024 16:57:35 +0100
+Subject: [PATCH 109/112] qgs: add --debug parameter to control logging
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Currently qgs prints all log messages to syslog or stderr
+unconditionally, even those at QGS_LOG_LEVEL_INFO. At the
+same time it hardcodes SGX_QL_LOG_ERROR for the quote
+provider library making it impossible to debug it.
+
+This adds a --debug flag to qgs with two effects:
+
+ * QGS_LOG_LEVEL_INFO is discarded unless --debug was set
+   making QGS quiet by default, only printing warnings/errors.
+
+ * The quote provider logging is increased to
+   QGS_LOG_LEVEL_DEBUG if --debug is set
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ QuoteGeneration/quote_wrapper/qgs/qgs_log.cpp      |  5 +++++
+ QuoteGeneration/quote_wrapper/qgs/qgs_log.h        |  2 ++
+ QuoteGeneration/quote_wrapper/qgs/qgs_ql_logic.cpp |  8 ++++----
+ QuoteGeneration/quote_wrapper/qgs/server_main.cpp  | 10 ++++++++--
+ 4 files changed, 19 insertions(+), 6 deletions(-)
+
+diff --git a/QuoteGeneration/quote_wrapper/qgs/qgs_log.cpp b/QuoteGeneration/quote_wrapper/qgs/qgs_log.cpp
+index 1cf1e40..7ae9b75 100644
+--- a/QuoteGeneration/quote_wrapper/qgs/qgs_log.cpp
+++ b/QuoteGeneration/quote_wrapper/qgs/qgs_log.cpp
+@@ -36,6 +36,8 @@
+ #include "qgs_log.h"
+ 
+ static bool _nosyslog = false;
+bool qgs_debug = false;
+bool qgs_verbose = false;
+ 
+ void qgs_log_init(void)
+ {
+@@ -68,6 +70,9 @@ void sgx_proc_log_report(int level, const char *format, ...)
+     // so we can always add newline
+     if (!format || !(*format))
+         return;//ignore
+    if (!qgs_verbose &&
+	level == QGS_LOG_LEVEL_INFO)
+        return;//ignore
+     va_start(ap, format);
+     switch(level){
+         case QGS_LOG_LEVEL_FATAL:
+diff --git a/QuoteGeneration/quote_wrapper/qgs/qgs_log.h b/QuoteGeneration/quote_wrapper/qgs/qgs_log.h
+index 1d7fd74..05d41a4 100644
+--- a/QuoteGeneration/quote_wrapper/qgs/qgs_log.h
+++ b/QuoteGeneration/quote_wrapper/qgs/qgs_log.h
+@@ -40,6 +40,8 @@
+ #ifdef __cplusplus
+ extern "C" {
+ #endif/*__cplusplus*/
+    extern bool qgs_debug;
+    extern bool qgs_verbose;
+     void qgs_log_init(void);
+     void qgs_log_init_ex(bool nosyslog);
+     void qgs_log_fini(void);
+diff --git a/QuoteGeneration/quote_wrapper/qgs/qgs_ql_logic.cpp b/QuoteGeneration/quote_wrapper/qgs/qgs_ql_logic.cpp
+index 1e97b58..db642f7 100644
+--- a/QuoteGeneration/quote_wrapper/qgs/qgs_ql_logic.cpp
+++ b/QuoteGeneration/quote_wrapper/qgs/qgs_ql_logic.cpp
+@@ -113,8 +113,8 @@ namespace intel { namespace sgx { namespace dcap { namespace qgs {
+                 sgx_ql_set_logging_callback_t ql_set_logging_callback =
+                     (sgx_ql_set_logging_callback_t)dlsym(p_handle, "sgx_ql_set_logging_callback");
+                 if (dlerror() == NULL && ql_set_logging_callback) {
+-                    // Set log level to SGX_QL_LOG_ERROR
+-                    ql_set_logging_callback(sgx_ql_logging_callback, SGX_QL_LOG_ERROR);
+                    ql_set_logging_callback(sgx_ql_logging_callback,
+                                            qgs_debug ? SGX_QL_LOG_INFO : SGX_QL_LOG_ERROR);
+                 } else {
+                     QGS_LOG_WARN("Failed to set logging callback for the quote provider library.\n");
+                 }
+@@ -355,8 +355,8 @@ namespace intel { namespace sgx { namespace dcap { namespace qgs {
+                 sgx_ql_set_logging_callback_t ql_set_logging_callback =
+                     (sgx_ql_set_logging_callback_t)dlsym(p_handle, "sgx_ql_set_logging_callback");
+                 if (dlerror() == NULL && ql_set_logging_callback) {
+-                    // Set log level to SGX_QL_LOG_ERROR
+-                    ql_set_logging_callback(sgx_ql_logging_callback, SGX_QL_LOG_ERROR);
+                    ql_set_logging_callback(sgx_ql_logging_callback,
+                                            qgs_debug ? SGX_QL_LOG_INFO : SGX_QL_LOG_ERROR);
+                 } else {
+                     QGS_LOG_WARN("Failed to set logging callback for the quote provider library.\n");
+                 }
+diff --git a/QuoteGeneration/quote_wrapper/qgs/server_main.cpp b/QuoteGeneration/quote_wrapper/qgs/server_main.cpp
+index 3618b5a..a65a985 100644
+--- a/QuoteGeneration/quote_wrapper/qgs/server_main.cpp
+++ b/QuoteGeneration/quote_wrapper/qgs/server_main.cpp
+@@ -75,7 +75,7 @@ int main(int argc, const char* argv[])
+     unsigned long int num_threads = 0;
+     char *endptr = NULL;
+     if (argc > 4) {
+-        cout << "Usage: " << argv[0] << " [--no-daemon] [-p=port_number] [-n=number_threads]"
+        cout << "Usage: " << argv[0] << " [--no-daemon] [-p=port_number] [-n=number_threads] [--verbose] [--debug]"
+              << endl;
+         exit(1);
+     }
+@@ -87,6 +87,12 @@ int main(int argc, const char* argv[])
+                  << endl;
+             no_daemon = true;
+             continue;
+	} else if (strcmp(argv[i], "--debug") == 0) {
+            qgs_verbose = qgs_debug = true;
+            continue;
+	} else if (strcmp(argv[i], "--verbose") == 0) {
+            qgs_verbose = true;
+            continue;
+         } else if (strncmp(argv[i], "-p=", 3 ) == 0) {
+             if (strspn(argv[i] + 3, "0123456789") != strlen(argv[i] + 3)) {
+                 cout << "Please input valid port number" << endl;
+@@ -114,7 +120,7 @@ int main(int argc, const char* argv[])
+             cout << "thread number [" << num_threads << "] found in cmdline" << endl;
+             continue;
+         } else {
+-            cout << "Usage: " << argv[0] << " [--no-daemon] [-p=port_number] [-n=number_threads]"
+            cout << "Usage: " << argv[0] << " [--no-daemon] [-p=port_number] [-n=number_threads] [--verbose] [--debug]"
+                 << endl;
+             exit(1);
+         }
+-- 
+2.46.0
+
--- a/0110-pccsadmin-remove-leftover-debugging-print-args-state.patch
+++ b/0110-pccsadmin-remove-leftover-debugging-print-args-state.patch
@ -0,0 +1,33 @@
+From 497df1056cdc0571a73aa3dc5410a020d1cc6a3e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 8 Oct 2024 10:13:02 +0100
+Subject: [PATCH 110/112] pccsadmin: remove leftover debugging 'print(args)'
+ statement
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Dumping the python "Namespace" object to stdout after parsing argv
+serves no user purpose. Remove what is presumably a leftover
+debugging statement.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ tools/PccsAdminTool/pccsadmin.py | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/tools/PccsAdminTool/pccsadmin.py b/tools/PccsAdminTool/pccsadmin.py
+index ffee326..8e447c5 100755
+--- a/tools/PccsAdminTool/pccsadmin.py
+++ b/tools/PccsAdminTool/pccsadmin.py
+@@ -92,7 +92,6 @@ def main():
+         parser.print_help()
+         parser.exit()
+ 
+-    print(args)
+     # Check mandatory arguments for appraisalpolicy
+     if args.command == 'put' and args.url and args.url.endswith("/appraisalpolicy"):
+         if not args.fmspc or not args.input_file:
+-- 
+2.46.0
+
--- a/0111-Fix-soname-version-for-libsgx_qe3_logic.so-library.patch
+++ b/0111-Fix-soname-version-for-libsgx_qe3_logic.so-library.patch
@ -0,0 +1,55 @@
+From 0600caaa2b2f0ce8c6a4667d5d09ffeadcd760d4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Fri, 17 Jan 2025 15:39:39 +0000
+Subject: [PATCH 111/112] Fix soname version for libsgx_qe3_logic.so library
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ QuoteGeneration/common/inc/internal/se_version.h   | 5 +++++
+ QuoteGeneration/quote_wrapper/quote/linux/Makefile | 4 +++-
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/QuoteGeneration/common/inc/internal/se_version.h b/QuoteGeneration/common/inc/internal/se_version.h
+index 471784d..22e0dff 100644
+--- a/QuoteGeneration/common/inc/internal/se_version.h
+++ b/QuoteGeneration/common/inc/internal/se_version.h
+@@ -41,6 +41,11 @@
+ #define QUOTE_LOADER_VERSION         "1.11.109.1"
+ #define TDQE_WRAPPER_VERSION         "1.14.109.1"
+ #define PCE_WRAPPER_VERSION          "1.14.109.1"
+/*
+ * XXX: downstream hack based on version declared
+ * in linux-sgx.git/linux/installer/common/psw/Makefile
+ */
+#define QE3_WRAPPER_VERSION          "1.0.0"
+ 
+ #define QE3_VERSION                  "1.19.100.1"
+ #define QVE_VERSION                  "1.21.100.1"
+diff --git a/QuoteGeneration/quote_wrapper/quote/linux/Makefile b/QuoteGeneration/quote_wrapper/quote/linux/Makefile
+index 7d0b398..1361c4b 100644
+--- a/QuoteGeneration/quote_wrapper/quote/linux/Makefile
+++ b/QuoteGeneration/quote_wrapper/quote/linux/Makefile
+@@ -65,6 +65,8 @@ Quote_C_Objects := $(Quote_C_Files:.c=.o)
+ Quote_Cpp_Objects := $(Quote_Cpp_Files:.cpp=.o)
+ 
+ Quote_Name := libsgx_qe3_logic.so
+Quote_Full := $(Quote_Name).$(call get_full_version,QE3_WRAPPER_VERSION)
+Quote_Major := $(Quote_Name).$(call get_major_version,QE3_WRAPPER_VERSION)
+ 
+ .PHONY: all
+ all: install_lib
+@@ -94,7 +96,7 @@ $(Quote_Cpp_Objects): %.o: %.cpp
+ 	@echo "CXX  <=  $<"
+ 
+ $(Quote_Name): $(Quote_C_Objects) $(Quote_Cpp_Objects)
+-	$(CXX) $(Quote_C_Objects) $(Quote_Cpp_Objects) -shared -Wl,-soname=$@ $(Quote_Link_Flags) -o $@
+	$(CXX) $(Quote_C_Objects) $(Quote_Cpp_Objects) -shared -Wl,-soname=$(Quote_Major) $(Quote_Link_Flags) -o $@
+ 	@echo "LINK =>  $@"
+ 
+ $(BUILD_DIR):
+-- 
+2.46.0
+
--- a/0112-Workaround-broken-GCC-15.patch
+++ b/0112-Workaround-broken-GCC-15.patch
@ -0,0 +1,40 @@
+From 546ac41ec1ffe16aac36af0ce4b8572636cc667e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Thu, 6 Feb 2025 20:08:59 +0000
+Subject: [PATCH 112/112] Workaround broken GCC 15
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The C++ standard does not allow 'alignas' to be applied to type
+aliases. GNU C++ has allowed it as a non-standard extension, but
+strictly that should have been expressed using 'gnu::aligned'
+instead of 'alignas'. Regardless of the syntax, however, GCC 15
+has a regression causing it to reject alignment requests entirely
+on template aliases.
+
+https://gcc.gnu.org/bugzilla/show_bug.cgi?id=118773
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ .../common/inc/internal/linux/sgx_random_buffers.h            | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/QuoteGeneration/common/inc/internal/linux/sgx_random_buffers.h b/QuoteGeneration/common/inc/internal/linux/sgx_random_buffers.h
+index 15fbdd4..4400544 100644
+--- a/QuoteGeneration/common/inc/internal/linux/sgx_random_buffers.h
+++ b/QuoteGeneration/common/inc/internal/linux/sgx_random_buffers.h
+@@ -258,7 +258,11 @@ struct alignas(A)randomly_placed_buffer
+     }
+ 
+     template <unsigned C = 1>
+#if __GNUC__ == 15 && __GNUC_MINOR__ == 0
+    using storage = char[size(C)];
+#else
+     using storage = char[size(C)] alignas(A);
+#endif
+ 
+ private:
+     struct alignas(A)_T_instantiator_
+-- 
+2.46.0
+
--- a/0200-Enable-pointing-sgxssl-build-to-alternative-glibc-he.patch
+++ b/0200-Enable-pointing-sgxssl-build-to-alternative-glibc-he.patch
@ -0,0 +1,77 @@
+From aaf1277c7c0aa37d387e8a7983da607498335757 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Thu, 29 Aug 2024 12:23:30 +0100
+Subject: [PATCH 200/201] Enable pointing sgxssl build to alternative glibc
+ headers
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The enclave must be built with headers from a specific glibc version
+for the sake of reproducibility. It does not actually link to glibc,
+merely requiring a few self contained definitions.
+
+The ENCLAVE_SYSTEM_INCLUDES make var can be set from RPM builds.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ Linux/build_openssl.sh | 8 +++++++-
+ Linux/sgx/Makefile     | 2 +-
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/Linux/build_openssl.sh b/Linux/build_openssl.sh
+index cd76872..f1c39b6 100755
+--- a/Linux/build_openssl.sh
+++ b/Linux/build_openssl.sh
+@@ -83,6 +83,7 @@ fi
+ # Mitigation flags
+ MITIGATION_OPT=""
+ MITIGATION_FLAGS=""
+ENCLAVE_CFLAGS=""
+ CC_VERSION=`gcc -dumpversion`
+ CC_VERSION_MAJOR=`echo "$CC_VERSION" | cut -f1 -d.`
+ for arg in "$@"
+@@ -123,6 +124,10 @@ do
+         MITIGATION_FLAGS+=" $arg"
+         shift
+         ;;
+    -isystem*)
+	ENCLAVE_CFLAGS+=" $arg"
+	shift
+	;;
+     *)
+         # Unknown option
+         shift
+@@ -131,6 +136,7 @@ do
+ done
+ echo $MITIGATION_OPT
+ echo $MITIGATION_FLAGS
+echo $ENCLAVE_CFLAGS
+ echo $SPACE_OPT 
+ 
+ sed -i -- 's/OPENSSL_issetugid/OPENSSLd_issetugid/g' $OPENSSL_VERSION/crypto/uid.c || exit 1
+@@ -139,7 +145,7 @@ cp sgx_config.conf $OPENSSL_VERSION/ || exit 1
+ cp x86_64-xlate.pl $OPENSSL_VERSION/crypto/perlasm/ || exit 1
+ 
+ cd $SGXSSL_ROOT/../openssl_source/$OPENSSL_VERSION || exit 1
+-perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-async no-padlockeng no-dso no-shared no-ssl3 no-md2 no-md4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h || exit 1
+perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS $ENCLAVE_CFLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-async no-padlockeng no-dso no-shared no-ssl3 no-md2 no-md4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h || exit 1
+ 
+ sed -i 's/ENGINE_set_default_RAND/dummy_ENGINE_set_default_RAND/' crypto/engine/tb_rand.c || exit 1
+ sed -i 's/return RUN_ONCE(&locale_base, ossl_init_locale_base);/return 1;/' crypto/ctype.c || exit 1
+diff --git a/Linux/sgx/Makefile b/Linux/sgx/Makefile
+index d08eff7..6555d28 100644
+--- a/Linux/sgx/Makefile
+++ b/Linux/sgx/Makefile
+@@ -76,7 +76,7 @@ endif
+ endif
+ 
+ $(PACKAGE_LIB)/$(OPENSSL_LIB):
+-	test -f $(PACKAGE_LIB)/$(OPENSSL_LIB) || $(BUILD_OPENSSL) $(OPENSSL_CONFIG) $(MITIGATION-CVE-2020-0551) $(MITIGATION_CFLAGS)
+	test -f $(PACKAGE_LIB)/$(OPENSSL_LIB) || $(BUILD_OPENSSL) $(OPENSSL_CONFIG) $(MITIGATION-CVE-2020-0551) $(MITIGATION_CFLAGS) $(ENCLAVE_SYSTEM_INCLUDES)
+ 
+ clean:	
+ 	$(MAKE) -C $(TRUSTED_LIB_DIR) clean
+-- 
+2.46.0
+
--- a/0201-Workaround-missing-output-directory.patch
+++ b/0201-Workaround-missing-output-directory.patch
@ -0,0 +1,32 @@
+From 63f4368171ee5bf78f956c429c37d43618a881e7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Thu, 29 Aug 2024 12:50:32 +0100
+Subject: [PATCH 201/201] Workaround missing output directory
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Something is causing the output directory to be unexpectedly deleted.
+Until the root cause is identified, workaround this by creating the
+required directory again.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ Linux/build_openssl.sh | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Linux/build_openssl.sh b/Linux/build_openssl.sh
+index f1c39b6..f2cf0b1 100755
+--- a/Linux/build_openssl.sh
+++ b/Linux/build_openssl.sh
+@@ -168,6 +168,7 @@ fi
+ make libcrypto.a || exit 1
+ cp libcrypto.a $SGXSSL_ROOT/package/lib64/$OUTPUT_LIB || exit 1
+ objcopy --rename-section .init=Q6A8dc14f40efc4288a03b32cba4e $SGXSSL_ROOT/package/lib64/$OUTPUT_LIB || exit 1
+mkdir -p $SGXSSL_ROOT/package/include/openssl/
+ cp include/openssl/* $SGXSSL_ROOT/package/include/openssl/ || exit 1
+ grep OPENSSL_VERSION_STR include/openssl/opensslv.h > $SGXSSL_ROOT/sgx/osslverstr.h || exit 1
+ cp -r include/crypto $SGXSSL_ROOT/sgx/test_app/enclave/ || exit 1
+-- 
+2.46.0
+
--- a/0202-Disable-various-EC-crypto-features.patch
+++ b/0202-Disable-various-EC-crypto-features.patch
--- a/0203-Disable-sm2-and-sm4-crypto-algorithms.patch
+++ b/0203-Disable-sm2-and-sm4-crypto-algorithms.patch
@ -0,0 +1,122 @@
+From f429bf3ffd992c678f7d1a041f6a6b5df9a4b6fb Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Fri, 1 Mar 2024 13:25:14 +0000
+Subject: [PATCH 203/203] Disable sm2 and sm4 crypto algorithms
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Policy copied from Fedora 39 openssl package
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ Linux/build_openssl.sh                     | 2 +-
+ Linux/sgx/test_app/enclave/TestEnclave.cpp | 5 ++++-
+ Linux/sgx/test_app/enclave/TestEnclave.h   | 4 ++++
+ Linux/sgx/test_app/enclave/tests/evp_smx.c | 4 ++++
+ 4 files changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/Linux/build_openssl.sh b/Linux/build_openssl.sh
+index 7470479..e214ccb 100755
+--- a/Linux/build_openssl.sh
+++ b/Linux/build_openssl.sh
+@@ -156,7 +156,7 @@ cp sgx_config.conf $OPENSSL_VERSION/ || exit 1
+ cp x86_64-xlate.pl $OPENSSL_VERSION/crypto/perlasm/ || exit 1
+ 
+ cd $SGXSSL_ROOT/../openssl_source/$OPENSSL_VERSION || exit 1
+-perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS $ENCLAVE_CFLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-async no-padlockeng no-dso no-shared no-ssl3 no-md2 no-md4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h || exit 1
+perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS $ENCLAVE_CFLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-async no-padlockeng no-dso no-shared no-ssl3 no-md2 no-md4 no-sm2 no-sm4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h || exit 1
+ 
+ sed -i 's/ENGINE_set_default_RAND/dummy_ENGINE_set_default_RAND/' crypto/engine/tb_rand.c || exit 1
+ sed -i 's/return RUN_ONCE(&locale_base, ossl_init_locale_base);/return 1;/' crypto/ctype.c || exit 1
+diff --git a/Linux/sgx/test_app/enclave/TestEnclave.cpp b/Linux/sgx/test_app/enclave/TestEnclave.cpp
+index dac620a..b219e74 100644
+--- a/Linux/sgx/test_app/enclave/TestEnclave.cpp
+++ b/Linux/sgx/test_app/enclave/TestEnclave.cpp
+@@ -413,6 +413,7 @@ void t_sgxssl_call_apis()
+     }
+ 	printf("test threads_test completed\n");
+ 
+#if 0
+     //GM SM2 - sign and verify
+     ret = ecall_sm2_sign_verify();
+     if (ret != 0)
+@@ -430,6 +431,7 @@ void t_sgxssl_call_apis()
+         exit(ret);
+     }
+     printf("test evp_sm2_encrypt_decrypt completed\n");
+#endif
+ 
+     //GM SM3 - compute digest of message
+     ret = ecall_sm3();
+@@ -440,6 +442,7 @@ void t_sgxssl_call_apis()
+     }
+     printf("test evp_sm3 completed\n");
+ 
+#if 0
+     //GM SM4 - cbc encrypt and decrypt
+     ret = ecall_sm4_cbc();
+     if (ret != 0)
+@@ -457,5 +460,5 @@ void t_sgxssl_call_apis()
+         exit(ret);
+     }
+     printf("test evp_sm4_ctr completed\n");
+-
+#endif
+ }
+diff --git a/Linux/sgx/test_app/enclave/TestEnclave.h b/Linux/sgx/test_app/enclave/TestEnclave.h
+index c2ca854..a989735 100644
+--- a/Linux/sgx/test_app/enclave/TestEnclave.h
+++ b/Linux/sgx/test_app/enclave/TestEnclave.h
+@@ -66,11 +66,15 @@ int sha256_test();
+ int sha1_test();
+ int hmac_tests();
+ int threads_test();
+#if 0
+ int ecall_sm2_sign_verify();
+ int ecall_sm2_encrypt_decrypt();
+#endif
+ int ecall_sm3();
+#if 0
+ int ecall_sm4_cbc();
+ int ecall_sm4_ctr();
+#endif
+ 
+ #if defined(__cplusplus)
+ }
+diff --git a/Linux/sgx/test_app/enclave/tests/evp_smx.c b/Linux/sgx/test_app/enclave/tests/evp_smx.c
+index a395ce8..f49e5b7 100644
+--- a/Linux/sgx/test_app/enclave/tests/evp_smx.c
+++ b/Linux/sgx/test_app/enclave/tests/evp_smx.c
+@@ -44,6 +44,7 @@
+ #define SAFE_FREE(ptr, size)  {if (NULL != (ptr)) {memset_s(ptr, size, 0, size); free(ptr); (ptr)=NULL;}}
+ #endif
+ 
+#if 0
+ // Default sm2_user_id and its length defined by openssl
+ unsigned char sm2_user_id[] = "1234567812345678";
+ unsigned int sm2_user_id_len = sizeof(sm2_user_id)-1;
+@@ -512,6 +513,7 @@ end:
+ 
+ 	return ret;
+ }
+#endif
+ 
+ /* Compute a SM3 digest of a message. */
+ int ecall_sm3(void)
+@@ -571,6 +573,7 @@ end:
+ 	return ret;
+ }
+ 
+#if 0
+ /* SM4 block cipher mode(cbc) of operation. */
+ int ecall_sm4_cbc(void)
+ {	
+@@ -743,3 +746,4 @@ end:
+ 
+ 	return ret;
+ }
+#endif
+-- 
+2.46.0
+
--- a/0300-Drop-min-openssl-from-3.0.8-to-3.0.7.patch
+++ b/0300-Drop-min-openssl-from-3.0.8-to-3.0.7.patch
@ -0,0 +1,29 @@
+From 22a2f289d7e613e070e23897596ff8451402d680 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 3 Sep 2024 10:11:45 +0100
+Subject: [PATCH 300/301] Drop min openssl from 3.0.8 to 3.0.7
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ sources/ippcp/crypto_mb/CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sources/ippcp/crypto_mb/CMakeLists.txt b/sources/ippcp/crypto_mb/CMakeLists.txt
+index 6e810567..d92f6c68 100644
+--- a/sources/ippcp/crypto_mb/CMakeLists.txt
+++ b/sources/ippcp/crypto_mb/CMakeLists.txt
+@@ -76,7 +76,7 @@ if(BORINGSSL OR BABASSL) # off by default
+     # by find_package(OpenSSL)
+     find_package(OpenSSL REQUIRED)
+ else()
+-    find_package(OpenSSL 3.0.8 REQUIRED) # set -DOPENSSL_INCLUDE_DIR= -DOPENSSL_LIBRARIES= -DOPENSSL_ROOT_DIR= to use patched
+    find_package(OpenSSL 3.0.7 REQUIRED) # set -DOPENSSL_INCLUDE_DIR= -DOPENSSL_LIBRARIES= -DOPENSSL_ROOT_DIR= to use patched
+ endif()
+ 
+ if(BN_OPENSSL_PATCH)
+-- 
+2.46.0
+
--- a/0301-Drop-Werror-from-build-flags.patch
+++ b/0301-Drop-Werror-from-build-flags.patch
@ -0,0 +1,71 @@
+From b073f869a15483ef1d843c9dfaa5d8dcdc0d7836 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 3 Sep 2024 10:14:31 +0100
+Subject: [PATCH 301/301] Drop -Werror from build flags
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ sources/cmake/linux/Clang9.0.0.cmake        | 2 +-
+ sources/cmake/linux/GNU8.2.0.cmake          | 2 +-
+ sources/cmake/linux/Intel19.0.0.cmake       | 2 +-
+ sources/cmake/linux/IntelLLVM2023.1.0.cmake | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/sources/cmake/linux/Clang9.0.0.cmake b/sources/cmake/linux/Clang9.0.0.cmake
+index 18e5182a..fa9ee20a 100644
+--- a/sources/cmake/linux/Clang9.0.0.cmake
+++ b/sources/cmake/linux/Clang9.0.0.cmake
+@@ -106,7 +106,7 @@ if(SANITIZERS)
+ endif(SANITIZERS)
+ 
+ # Optimization level = 3, no-debug definition (turns off asserts), warnings=errors
+-set (CMAKE_C_FLAGS_RELEASE " -O3 -DNDEBUG -Werror")
+set (CMAKE_C_FLAGS_RELEASE " -O3 -DNDEBUG")
+ 
+ # DEBUG flags - optimization level = 0, generation GDB information (-g)
+ set (CMAKE_C_FLAGS_DEBUG " -O0 -g")
+diff --git a/sources/cmake/linux/GNU8.2.0.cmake b/sources/cmake/linux/GNU8.2.0.cmake
+index 96658a8d..93cd079a 100644
+--- a/sources/cmake/linux/GNU8.2.0.cmake
+++ b/sources/cmake/linux/GNU8.2.0.cmake
+@@ -96,7 +96,7 @@ if(${ARCH} MATCHES "ia32")
+ endif(${ARCH} MATCHES "ia32")
+ 
+ # Optimization level = 3, no-debug definition (turns off asserts), warnings=errors
+-set (CMAKE_C_FLAGS_RELEASE " -O3 -DNDEBUG -Werror")
+set (CMAKE_C_FLAGS_RELEASE " -O3 -DNDEBUG")
+ 
+ set(w7_opt "${w7_opt} -march=pentium4 -msse2")
+ set(s8_opt "${s8_opt} -march=core2 -mssse3")
+diff --git a/sources/cmake/linux/Intel19.0.0.cmake b/sources/cmake/linux/Intel19.0.0.cmake
+index c1d48508..133a7e18 100644
+--- a/sources/cmake/linux/Intel19.0.0.cmake
+++ b/sources/cmake/linux/Intel19.0.0.cmake
+@@ -99,7 +99,7 @@ if(CODE_COVERAGE)
+ endif()
+ 
+ # Optimization level = 3, no-debug definition (turns off asserts), warning level = 3, treat warnings as errors
+-set (CMAKE_C_FLAGS_RELEASE " -O3 -DNDEBUG -w3 -Werror")
+set (CMAKE_C_FLAGS_RELEASE " -O3 -DNDEBUG -w3")
+ # DEBUG flags Optimization level = 0, generation maximum GDB information (-g3)
+ set (CMAKE_C_FLAGS_DEBUG " -O0 -g3")
+ 
+diff --git a/sources/cmake/linux/IntelLLVM2023.1.0.cmake b/sources/cmake/linux/IntelLLVM2023.1.0.cmake
+index babc289a..59a74d10 100644
+--- a/sources/cmake/linux/IntelLLVM2023.1.0.cmake
+++ b/sources/cmake/linux/IntelLLVM2023.1.0.cmake
+@@ -95,7 +95,7 @@ if(CODE_COVERAGE)
+ endif()
+ 
+ # Optimization level = 3, no-debug definition (turns off asserts), warning level = 3, treat warnings as errors
+-set (CMAKE_C_FLAGS_RELEASE " -Ofast -DNDEBUG -Wall -Wno-unused-function -Wno-missing-braces -Werror")
+set (CMAKE_C_FLAGS_RELEASE " -Ofast -DNDEBUG -Wall -Wno-unused-function -Wno-missing-braces")
+ 
+ # Alignment for structures on byte boundaries (= 16)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Zp16")
+-- 
+2.46.0
+
--- a/92-sgx-provision.rules
+++ b/92-sgx-provision.rules
@ -0,0 +1 @@
+SUBSYSTEM=="misc",KERNEL=="sgx_provision",GROUP="sgxprv",MODE="0660"
--- a/aesmd.service
+++ b/aesmd.service
@ -0,0 +1,21 @@
+[Unit]
+Description=SGX Architectural Enclave Service Manager 
+After=syslog.target auditd.service
+ConditionPathExists=/dev/sgx_enclave
+
+[Service]
+Type=simple
+User=aesmd
+ExecStart=/usr/bin/aesmd --no-daemon
+ExecReload=/bin/kill -SIGHUP $MAINPID
+Restart=on-failure
+RestartSec=15s
+
+WorkingDirectory=/var/lib/aesmd
+InaccessibleDirectories=/home
+DevicePolicy=closed
+DeviceAllow=/dev/sgx_enclave rw
+DeviceAllow=/dev/sgx_provision rw
+
+[Install]
+WantedBy=multi-user.target
--- a/aesmd.sysusers.conf
+++ b/aesmd.sysusers.conf
@ -0,0 +1,3 @@
+u aesmd - " SGX Architectural Enclave Service Manager" /var/lib/aesmd
+m aesmd sgx
+m aesmd sgxprv
--- a/linux-sgx.spec
+++ b/linux-sgx.spec
--- a/mpa_registration.service
+++ b/mpa_registration.service
@ -0,0 +1,17 @@
+[Unit]
+Description=Intel MPA Registration
+After=auditd.service
+ConditionPathExists=/dev/sgx_enclave
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/mpa_registration
+
+InaccessibleDirectories=/home
+DevicePolicy=closed
+DeviceAllow=/dev/sgx_enclave rw
+DeviceAllow=/dev/sgx_provision rw
+
+[Install]
+WantedBy=multi-user.target
--- a/qgs.service
+++ b/qgs.service
@ -0,0 +1,28 @@
+[Unit]
+Description=Intel(R) TD Quoting Generation Service 
+After=syslog.target network.target auditd.service mpa_registration.service
+ConditionPathExists=/dev/sgx_enclave
+Requires=mpa_registration.service
+
+[Service]
+Type=simple
+User=qgs
+EnvironmentFile=-/etc/sysconfig/qgs
+ExecStartPre=+mkdir -p /var/run/tdx-qgs
+ExecStartPre=+chown qgs.qgs /var/run/tdx-qgs
+ExecStart=/usr/bin/qgs --no-daemon $QGS_ARGS
+# qgs fails to delete the socket on stop and
+# won't delete it on startup either :-(
+ExecStopPost=rm -f /var/run/tdx-qgs/qgs.socket
+ExecReload=/bin/kill -SIGHUP $MAINPID
+Restart=on-failure
+RestartSec=15s
+
+WorkingDirectory=/var/lib/qgs
+InaccessibleDirectories=/home
+DevicePolicy=closed
+DeviceAllow=/dev/sgx_enclave rw
+DeviceAllow=/dev/sgx_provision rw
+
+[Install]
+WantedBy=multi-user.target
--- a/qgs.sysconfig
+++ b/qgs.sysconfig
@ -0,0 +1,4 @@
+# To enable QGS verbose mode, or debugging (implies verbose),
+# uncomment one of these:
+#QGS_ARGS=--debug
+#QGS_ARGS=--verbose
--- a/qgs.sysusers.conf
+++ b/qgs.sysusers.conf
@ -0,0 +1,3 @@
+u qgs - "TDX Quote Generation Server" /var/lib/qgs
+m qgs sgx
+m qgs sgxprv
--- a/repack.sh
+++ b/repack.sh
@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+# @1: archive basename
+# @*: paths to strip
+function repack {
+    basename=$1
+    shift
+
+    archive=$basename.tar.gz
+    newarchive=$basename-repacked.tar.gz
+
+    echo "Re-packing $archive"
+    rm -rf repack
+    mkdir repack
+    (
+	cd repack
+	tar zxf ../$archive
+
+	echo "Begin stripping files"
+	for arg in $@
+	do
+	    find -name $arg -delete -print
+	done
+	echo "Done stripping files"
+
+	tar zcf ../$newarchive *
+    )
+    rm -rf repack
+    echo "Wrote $newarchive"
+}
+
+dcap_version=$(grep dcap_version linux-sgx*spec | head -1 | awk '{print $3}')
+
+repack prebuilt_dcap_${dcap_version} \
+       libcrypto.a \
+       policy.wasm \
+       libsgx_pce.signed.so \
+       libsgx_id_enclave.signed.so \
+       libsgx_qe3.signed.so \
+       libsgx_tdqe.signed.so \
+       libsgx_qve.signed.so
--- a/sgxprv.sysusers.conf
+++ b/sgxprv.sysusers.conf
@ -0,0 +1 @@
+g sgxprv -
--- a/13
+++ b/13
@ -0,0 +1,13 @@
+SHA512 (dcap_1.22_reproducible.tar.gz) = 1f6d79721f9b7c86a8a935429c8133db9cc24585a8fa3e8e8fbab99f5f0ffebdb206077844c83e630e2ad15d51ec7ad8ea35352f5ccbf7408dc3ced885b89b72
+SHA512 (dcap-qvl-1.21.tar.gz) = 62ab0d9f48c9a8d975cb861ac5161770b990af3bbc8ff67a8b9ca48af86565b6d445cfe87786d332a65efee22114de2e2a4589722625cbc4fc6b58647599626d
+SHA512 (dcap-qvs-1.1.0-2885.tar.gz) = 811663f713902f263e3d8ad7cc7d62e92f76f1618c5ac8b5366dc880d79509a0d349328ac2d8f9dc2170e09d80ac00ec934f7cbf3594bec9cb69b6b544ca30e6
+SHA512 (intel-sgx-ssl-3.0_Rev4.tar.gz) = 9b8bd2ec3c9eccb3fbbecdaa586b669fa68f4bf68911194dcba6f7ea9c8ec84503a86733c70019124eaeff4ac79c6f178435c2a51530104f22014760146d87fe
+SHA512 (ippcp_2021.12.1.tar.gz) = cdde7eed0f27b80663bf6a131abd8e6afcf16f0b9897ae12e251dc6bd3a9cc15c7666e4276eb4ba4b3b66fa93b5115c29537e176a6a2fb0de1b17cfcc1b7c426
+SHA512 (jwt-cpp-0.6.0.tar.gz) = b6d5ebb3a7eeb6fef9a1d41c707251d1ab05bf47920c280d5203f1b9ee5bf6f8e914cd2ffaed66550cfa6d78c34465d4cf86517a759d5f8739b429faf1c2c0ef
+SHA512 (libcbor-0.10.2.tar.gz) = 23c6177443778d4b4833ec7ed0d0e639a0d4863372e3a38d772fdce2673eae6d5cb2a31a2a021d1a699082ea53494977c907fd0e94149b97cb23a4b6d039228a
+SHA512 (linux-sgx-2.25-reproducible.tar.gz) = 5fa14448c872822916c5abe4f21e633ee2967ae605de426ccef2cdd4572427a63cf00c76160e9f54c072375d23b52342b7befd59e56816b4226799b8a627f98c
+SHA512 (openssl-3.0.14.tar.gz) = 1c59c01e60da902a20780d71f1fa5055d4037f38c4bc3fb27ed5b91f211b36a6018055409441ad4df58b5e9232b2528240d02067272c3c9ccb8c221449ca9ac0
+SHA512 (prebuilt_dcap_1.22-repacked.tar.gz) = 306ab63c28635ebee51c194087c9212a6223619a07f8bd50ba1e5d5a7bdd2325edfb40c69f7e59a937fe21bc937248c5d273790eed45ca67fcde9298d5abd2f7
+SHA512 (sgx-emm-1.0.3.tar.gz) = 0ec9f0133b3a32409c8af61568a47128a1860407170b9b274647140ac36069851638d7282649e23590131d44ca93f839fd2ffe4b9b39821631d279c1384874bf
+SHA512 (tinyxml2-10.0.0.tar.gz) = a359d33bc12fad455b53d81011dbe12727cae0aabfaa5704f1a25807ca216dd854a571291029886c0beedeca5c3b6393dd49c4718773e18a0e008abbdb3de36a
+SHA512 (wasm-micro-runtime-1.3.3.tar.gz) = 53f2ee3adf55e5b2e207287231621bef50b812c3e228c9306a03b7487ff579e2fc3ed2831da546cbcc337843e139d1add2b0276e87a58b3035eb0c2fbb73b275
				`@ -0,0 +1 @@`
				`SUBSYSTEM=="misc",KERNEL=="sgx_provision",GROUP="sgxprv",MODE="0660"`