Intel(R) SGX DCAP 1.22 Release

Upgraded Intel DCAP Quote Verification Enclave to integrate OpenSSL/SgxSSL 3.0.14. Removed Intel DCAP PCCS from repository. Added Ubuntu* 24.04 LTS 64-bit Server support. Fixed bugs. Note that PCCS is not available from this release. Please follow DCAP installation guide to use `PCCSAdminTool` to retrieve the attestation collaterals or use old version PCCS. Signed-off-by: Li, Xun <xun.li@intel.com>
intel · Sep 26, 2024 · d97fc1c · d97fc1c
1 parent fa6631c
commit d97fc1c
Show file tree

Hide file tree

Showing 461 changed files with 8,154 additions and 57,888 deletions.
diff --git a/.gitignore b/.gitignore
@@ -23,3 +23,6 @@
 /QuoteGeneration/build/
 **/Debug/
 **/Release/
+
+#prebuilt binaries
+/prebuilt/
diff --git a/QuoteGeneration/Makefile b/QuoteGeneration/Makefile
@@ -89,13 +89,6 @@ deb_sgx_dcap_quote_verify_pkg: $(CHECK_OPT) qve_wrapper
 deb_sgx_dcap_default_qpl_pkg: qcnl_wrapper qpl_wrapper
 	./installer/linux/deb/libsgx-dcap-default-qpl/build.sh
 
-.PHONY: deb_sgx_dcap_pccs_pkg
-deb_sgx_dcap_pccs_pkg:
-	$(MAKE) -C ../tools/PCKCertSelection/
-	mkdir -p pccs/lib/
-	cp ../tools/PCKCertSelection/out/libPCKCertSelection.so pccs/lib/
-	./installer/linux/deb/sgx-dcap-pccs/build.sh
-
 .PHONY: deb_sgx_ae_qe3_pkg
 deb_sgx_ae_qe3_pkg: $(CHECK_OPT)
 	./installer/linux/deb/libsgx-ae-qe3/build.sh
@@ -160,8 +153,11 @@ deb_tee_appraisal_tool_pkg:
 	./installer/linux/deb/tee-appraisal-tool/build.sh
 
 .PHONY: deb_pkg
-deb_pkg: deb_sgx_pce_logic_pkg deb_sgx_qe3_logic_pkg deb_sgx_dcap_ql_pkg deb_sgx_dcap_quote_verify_pkg deb_sgx_dcap_default_qpl_pkg deb_sgx_dcap_pccs_pkg deb_sgx_ae_qe3_pkg deb_sgx_ae_tdqe_pkg deb_sgx_ae_id_enclave_pkg deb_sgx_ae_qve_pkg deb_sgx_tdx_logic_pkg deb_sgx_tdx_qgs_pkg deb_sgx_tdx_attest_pkg deb_sgx_pck_id_retrieval_tool_pkg deb_sgx_ra_service_pkg deb_tee_appraisal_tool_pkg
-	@$(RM) -f ./installer/linux/deb/*.deb ./installer/linux/deb/*.ddeb
+deb_pkg: deb_sgx_pce_logic_pkg deb_sgx_qe3_logic_pkg deb_sgx_dcap_ql_pkg deb_sgx_dcap_quote_verify_pkg \
+         deb_sgx_dcap_default_qpl_pkg deb_sgx_ae_qe3_pkg deb_sgx_ae_tdqe_pkg deb_sgx_ae_id_enclave_pkg \
+         deb_sgx_ae_qve_pkg deb_sgx_tdx_logic_pkg deb_sgx_tdx_qgs_pkg deb_sgx_tdx_attest_pkg \
+         deb_sgx_pck_id_retrieval_tool_pkg deb_sgx_ra_service_pkg deb_tee_appraisal_tool_pkg
+	@$(RM) ./installer/linux/deb/*.deb ./installer/linux/deb/*.ddeb
 	cp `find ./installer/linux/deb/ -name "*.deb" -o -name "*.ddeb"` ./installer/linux/deb/
 	cp `find ../tools/PCKRetrievalTool/installer/deb/ -name "*.deb" -o -name "*.ddeb"` ./installer/linux/deb/
 	cp `find ../tools/SGXPlatformRegistration/build/installer/ -name "*.deb" -o -name "*.ddeb"` ./installer/linux/deb/
@@ -174,13 +170,6 @@ rpm_sgx_dcap_ql_pkg: $(CHECK_OPT) pce_logic qe3_logic qve_wrapper
 rpm_sgx_dcap_default_qpl_pkg: qcnl_wrapper qpl_wrapper
 	./installer/linux/rpm/libsgx-dcap-default-qpl/build.sh
 
-.PHONY: rpm_sgx_dcap_pccs_pkg
-rpm_sgx_dcap_pccs_pkg:
-	$(MAKE) -C ../tools/PCKCertSelection/
-	mkdir -p pccs/lib/
-	cp ../tools/PCKCertSelection/out/libPCKCertSelection.so pccs/lib/
-	./installer/linux/rpm/sgx-dcap-pccs/build.sh
-
 .PHONY: rpm_sgx_ae_qe3_pkg
 rpm_sgx_ae_qe3_pkg: $(CHECK_OPT)
 	./installer/linux/rpm/libsgx-ae-qe3/build.sh
@@ -236,8 +225,11 @@ rpm_tee_appraisal_tool_pkg:
 	./installer/linux/rpm/tee-appraisal-tool/build.sh
 
 .PHONY: rpm_pkg
-rpm_pkg: rpm_sgx_dcap_ql_pkg rpm_sgx_dcap_default_qpl_pkg rpm_sgx_dcap_pccs_pkg rpm_sgx_ae_qe3_pkg rpm_sgx_ae_tdqe_pkg rpm_sgx_ae_id_enclave_pkg rpm_sgx_ae_qve_pkg rpm_sgx_tdx_logic_pkg rpm_sgx_tdx_qgs_pkg rpm_sgx_tdx_attest_pkg rpm_sgx_dcap_quote_verify_pkg rpm_sgx_pce_logic_pkg rpm_sgx_qe3_logic_pkg rpm_sgx_pck_id_retrieval_tool_pkg rpm_sgx_ra_service_pkg rpm_tee_appraisal_tool_pkg
-	@$(RM) -f ./installer/linux/rpm/*.rpm
+rpm_pkg: rpm_sgx_dcap_ql_pkg rpm_sgx_dcap_default_qpl_pkg rpm_sgx_ae_qe3_pkg rpm_sgx_ae_tdqe_pkg rpm_sgx_ae_id_enclave_pkg \
+         rpm_sgx_ae_qve_pkg rpm_sgx_tdx_logic_pkg rpm_sgx_tdx_qgs_pkg rpm_sgx_tdx_attest_pkg rpm_sgx_dcap_quote_verify_pkg \
+         rpm_sgx_pce_logic_pkg rpm_sgx_qe3_logic_pkg rpm_sgx_pck_id_retrieval_tool_pkg rpm_sgx_ra_service_pkg \
+         rpm_tee_appraisal_tool_pkg
+	@$(RM) ./installer/linux/rpm/*.rpm
 	cp `find ./installer/linux/rpm/ -name "*.rpm"` ./installer/linux/rpm/
 	cp `find ../tools/PCKRetrievalTool/installer/rpm/ -name "*.rpm"` ./installer/linux/rpm/
 	cp `find ../tools/SGXPlatformRegistration/build/installer/ -name "*.rpm"`  ./installer/linux/rpm/
@@ -255,10 +247,10 @@ clean:
 	$(MAKE) -C ../QuoteVerification clean
 	$(MAKE) -C ../tools/PCKRetrievalTool clean
 	$(MAKE) -C ../tools/SGXPlatformRegistration clean
-	@$(RM) -rf ./build/
-	@$(RM) -f ./installer/linux/deb/*.deb
-	@$(RM) -f ./installer/linux/deb/*.ddeb
-	@$(RM) -f ./installer/linux/rpm/*.rpm
+	@$(RM) -r ./build/
+	@$(RM) ./installer/linux/deb/*.deb
+	@$(RM) ./installer/linux/deb/*.ddeb
+	@$(RM) ./installer/linux/rpm/*.rpm
 	./installer/linux/deb/libsgx-dcap-ql/clean.sh
 	./installer/linux/deb/libsgx-dcap-quote-verify/clean.sh
 	./installer/linux/deb/libsgx-ae-qe3/clean.sh
@@ -271,7 +263,6 @@ clean:
 	./installer/linux/deb/tdx-qgs/clean.sh
 	./installer/linux/deb/libtdx-attest/clean.sh
 	./installer/linux/deb/libsgx-dcap-default-qpl/clean.sh
-	./installer/linux/deb/sgx-dcap-pccs/clean.sh
 	../tools/PCKRetrievalTool/installer/deb/sgx-pck-id-retrieval-tool/clean.sh
 	./installer/linux/deb/tee-appraisal-tool/clean.sh
 	./installer/linux/rpm/libsgx-dcap-ql/clean.sh
@@ -286,7 +277,6 @@ clean:
 	./installer/linux/rpm/tdx-qgs/clean.sh
 	./installer/linux/rpm/libtdx-attest/clean.sh
 	./installer/linux/rpm/libsgx-dcap-default-qpl/clean.sh
-	./installer/linux/rpm/sgx-dcap-pccs/clean.sh
 	../tools/PCKRetrievalTool/installer/rpm/sgx-pck-id-retrieval-tool/clean.sh
 	./installer/linux/rpm/tee-appraisal-tool/clean.sh
 

diff --git a/QuoteGeneration/README.md b/QuoteGeneration/README.md
@@ -39,7 +39,7 @@ For Windows* OS
 **NOTE**:`sgx_dcap_dev.inf` is for Windows* Server 2016 LTSC and `sgx_dcap.inf` is for Windows* Server 2019 LTSC.
 
 ## How to install
-   Refer to the *"Installation Instructions"* section in the [Intel(R) Software Guard Extensions: Data Center Attestation Primitives Installation Guide For Windows* OS](https://download.01.org/intel-sgx/sgx-dcap/1.21/windows/docs/Intel_SGX_DCAP_Windows_SW_Installation_Guide.pdf) to install the right packages on your platform.
+   Refer to the *"Installation Instructions"* section in the [Intel(R) Software Guard Extensions: Data Center Attestation Primitives Installation Guide For Windows* OS](https://download.01.org/intel-sgx/sgx-dcap/1.22/windows/docs/Intel_SGX_DCAP_Windows_SW_Installation_Guide.pdf) to install the right packages on your platform.
 
 
 For Linux* OS

diff --git a/QuoteGeneration/buildenv.mk b/QuoteGeneration/buildenv.mk
@@ -48,11 +48,28 @@ my-dir = $(call parent-dir,$(lastword $(MAKEFILE_LIST)))
 ROOT_DIR              := $(call my-dir)
 COMMON_DIR            := $(ROOT_DIR)/common
 
-SGX_VER:= $(shell awk '$$2 ~ /STRFILEVER/ { print substr($$3, 2, length($$3) - 2); }' $(COMMON_DIR)/inc/internal/se_version.h)
-SGX_MAJOR_VER:= $(shell echo $(SGX_VER) |awk -F. '{print $$1}')
-SPLIT_VERSION=$(word $2,$(subst ., ,$1))
+#--------------------------------------------------------------------------------------
+# Function: get_full_version
+# Arguments: 1: the version name of library
+# Returns: Return the full version.
+#---------------------------------------------------------------------------------------
+get_full_version = $(shell awk '$$2 ~ /$1/ { print substr($$3, 2, length($$3) - 2); }' $(COMMON_DIR)/inc/internal/se_version.h)
+
+#--------------------------------------------------------------------------------------
+# Function: get_major_version
+# Arguments: 1: the version name of library
+# Returns: Return the major version.
+#---------------------------------------------------------------------------------------
+get_major_version = $(word 1,$(subst ., ,$(call get_full_version,$1)))
+
+SGX_VER:= $(call get_full_version,STRFILEVER)
+SGX_MAJOR_VER:= $(call get_major_version,STRFILEVER)
+
+# If the value of _FORTIFY_SOURCE is greater than 2, use the value, else use 2.
+FORTIFY_SOURCE_VAL:= $(lastword $(sort $(word 2,$(subst =, ,$(filter -D_FORTIFY_SOURCE=%,$(CFLAGS)))) 2))
 
 CP    := cp -f
+LN    := ln -sf
 MKDIR := mkdir -p
 STRIP := strip
 OBJCOPY := objcopy
@@ -122,7 +139,7 @@ ifdef DEBUG
     COMMON_FLAGS += -O0 -ggdb -DDEBUG -UNDEBUG
     COMMON_FLAGS += -DSE_DEBUG_LEVEL=SE_TRACE_DEBUG -DDEBUG_MODE=1
 else
-    COMMON_FLAGS += -O2 -D_FORTIFY_SOURCE=2 -UDEBUG -DNDEBUG
+    COMMON_FLAGS += -O2 -D_FORTIFY_SOURCE=$(FORTIFY_SOURCE_VAL) -UDEBUG -DNDEBUG
 endif
 
 ifdef SE_SIM

diff --git a/QuoteGeneration/common/inc/internal/se_version.h b/QuoteGeneration/common/inc/internal/se_version.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2021 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2024 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -28,21 +28,22 @@
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
-#define STRFILEVER    "1.21.100.3"
+#define STRFILEVER    "1.22.100.3"
 #define COPYRIGHT      "Copyright (C) 2024 Intel Corporation"
-#define FILEVER        1,21,100,3
-#define PRODUCTVER     1,21,100,3
-#define STRPRODUCTVER  "1.21.100.3"
+#define FILEVER        1,22,100,3
+#define PRODUCTVER     1,22,100,3
+#define STRPRODUCTVER  "1.22.100.3"
 #define COMPANYNAME    "Intel Corporation"
 #define PRODUCTNAME    "Intel® Software Guard Extensions"
 
-#define DEFAULT_QPL_VERSION          "1.13.108.3"
-#define QUOTE_VERIFIER_VERSION       "1.13.101.3"
-#define QUOTE_LOADER_VERSION         "1.11.108.3"
-#define TDQE_WRAPPER_VERSION         "1.14.108.3"
-#define PCE_WRAPPER_VERSION          "1.14.108.3"
+#define DEFAULT_QPL_VERSION          "1.13.109.3"
+#define QUOTE_VERIFIER_VERSION       "1.13.102.3"
+#define QUOTE_LOADER_VERSION         "1.11.109.3"
+#define TDQE_WRAPPER_VERSION         "1.14.109.3"
+#define PCE_WRAPPER_VERSION          "1.14.109.3"
 
-#define QE3_VERSION                  "1.19.100.1"
-#define QVE_VERSION                  "1.21.100.1"
-#define IDE_VERSION                  "1.19.100.1"
-#define TDQE_VERSION                 "1.19.100.1"
+#define QE3_VERSION                  "1.22.100.1"
+#define QVE_VERSION                  "1.22.100.1"
+#define IDE_VERSION                  "1.22.100.1"
+#define TDQE_VERSION                 "1.22.100.1"
+#define QAE_VERSION                  "1.22.100.1"
diff --git a/QuoteGeneration/download_prebuilt.bat b/QuoteGeneration/download_prebuilt.bat
@@ -29,9 +29,9 @@
 
 @echo off
 
-set ae_file_name=prebuilt_windows_dcap_1.21.zip
-set checksum_file=SHA256SUM_prebuilt_windows_dcap_1.21.cfg
-set server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.21/windows/
+set ae_file_name=prebuilt_windows_dcap_1.22.zip
+set checksum_file=SHA256SUM_prebuilt_windows_dcap_1.22.cfg
+set server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.22/windows/
 set server_ae_url=%server_url_path%/%ae_file_name%
 set server_checksum_url=%server_url_path%/%checksum_file%
 

diff --git a/QuoteGeneration/download_prebuilt.sh b/QuoteGeneration/download_prebuilt.sh
@@ -32,9 +32,9 @@
 
 top_dir=`dirname $0`
 out_dir=$top_dir
-ae_file_name=prebuilt_dcap_1.21.tar.gz
-checksum_file=SHA256SUM_prebuilt_dcap_1.21.cfg
-server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.21/linux/
+ae_file_name=prebuilt_dcap_1.22.tar.gz
+checksum_file=SHA256SUM_prebuilt_dcap_1.22.cfg
+server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.22/linux/
 server_ae_url=$server_url_path/$ae_file_name
 server_checksum_url=$server_url_path/$checksum_file
 
@@ -61,6 +61,8 @@ if [ $? -ne 0 ]; then
 fi
 
 tar -zxf $ae_file_name
+cp -f -r prebuilt ..
+rm -f -r prebuilt
 rm -f $ae_file_name
 rm -f $checksum_file
 

diff --git a/QuoteGeneration/installer/linux/common/libsgx-ae-id-enclave/Makefile b/QuoteGeneration/installer/linux/common/libsgx-ae-id-enclave/Makefile
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2011-2021 Intel Corporation. All rights reserved.
+# Copyright (C) 2011-2022 Intel Corporation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions

diff --git a/QuoteGeneration/installer/linux/common/libsgx-ae-id-enclave/createTarball.sh b/QuoteGeneration/installer/linux/common/libsgx-ae-id-enclave/createTarball.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 #
-# Copyright (C) 2011-2021 Intel Corporation. All rights reserved.
+# Copyright (C) 2011-2022 Intel Corporation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions

diff --git a/QuoteGeneration/installer/linux/common/libsgx-ae-tdqe/Makefile b/QuoteGeneration/installer/linux/common/libsgx-ae-tdqe/Makefile
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2011-2021 Intel Corporation. All rights reserved.
+# Copyright (C) 2011-2019 Intel Corporation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions

diff --git a/QuoteGeneration/installer/linux/common/libsgx-ae-tdqe/createTarball.sh b/QuoteGeneration/installer/linux/common/libsgx-ae-tdqe/createTarball.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 #
-# Copyright (C) 2011-2021 Intel Corporation. All rights reserved.
+# Copyright (C) 2011-2019 Intel Corporation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions

diff --git a/QuoteGeneration/installer/linux/common/libsgx-tdx-logic/Makefile b/QuoteGeneration/installer/linux/common/libsgx-tdx-logic/Makefile
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2011-2021 Intel Corporation. All rights reserved.
+# Copyright (C) 2011-2019 Intel Corporation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions

diff --git a/QuoteGeneration/installer/linux/common/libtdx-attest/Makefile b/QuoteGeneration/installer/linux/common/libtdx-attest/Makefile
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2011-2021 Intel Corporation. All rights reserved.
+# Copyright (C) 2011-2019 Intel Corporation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions

diff --git a/QuoteGeneration/installer/linux/common/libtdx-attest/createTarball.sh b/QuoteGeneration/installer/linux/common/libtdx-attest/createTarball.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 #
-# Copyright (C) 2011-2021 Intel Corporation. All rights reserved.
+# Copyright (C) 2011-2019 Intel Corporation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions

diff --git a/QuoteGeneration/installer/linux/common/sgx-dcap-pccs/BOMs/sgx-dcap-pccs-package.txt b/QuoteGeneration/installer/linux/common/sgx-dcap-pccs/BOMs/sgx-dcap-pccs-package.txt