From 162da63f3850e18af3c5582c40f604d068724098 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Fri, 8 Mar 2024 12:58:27 +0100
Subject: [PATCH] sgx: add /etc/sgx_default_qcnl.conf

Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
---
 modules/nixos/services/base/default.nix |  2 +-
 systems/x86_64-linux/sgx/default.nix    | 13 +++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/modules/nixos/services/base/default.nix b/modules/nixos/services/base/default.nix
index 0c5ab18..ab786c7 100644
--- a/modules/nixos/services/base/default.nix
+++ b/modules/nixos/services/base/default.nix
@@ -14,7 +14,7 @@ in
     # Configure console keymap
     console.keyMap = "us";
 
-  # Select internationalisation properties.
+    # Select internationalisation properties.
     i18n.defaultLocale = "en_US.UTF-8";
     i18n.extraLocaleSettings = {
       LC_ADDRESS = "de_DE.UTF-8";
diff --git a/systems/x86_64-linux/sgx/default.nix b/systems/x86_64-linux/sgx/default.nix
index 2536c23..8e9d3ba 100644
--- a/systems/x86_64-linux/sgx/default.nix
+++ b/systems/x86_64-linux/sgx/default.nix
@@ -35,4 +35,17 @@ with lib.plusultra;
   powerManagement.cpuFreqGovernor = "ondemand";
 
   system.stateVersion = "23.11";
+
+  environment.etc."sgx_default_qcnl.conf".text = ''
+    {
+      "pccs_url": "https://127.0.0.1:8081/sgx/certification/v4/",
+      "use_secure_cert": false,
+      "collateral_service": "https://api.trustedservices.intel.com/sgx/certification/v4/",
+      "retry_times": 6,
+      "retry_delay": 10,
+      "pck_cache_expire_hours": 168,
+      "verify_collateral_cache_expire_hours": 168,
+      "local_cache_only": false
+    }
+  '';
 }