From 946f44ee513735f8772f7e131ff4687b0db08eab Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Thu, 21 Mar 2024 21:20:22 +0100
Subject: [PATCH] sgx: don't use pccs

Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
---
 systems/x86_64-linux/sgx/default.nix | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/systems/x86_64-linux/sgx/default.nix b/systems/x86_64-linux/sgx/default.nix
index deb3edb..8acf969 100644
--- a/systems/x86_64-linux/sgx/default.nix
+++ b/systems/x86_64-linux/sgx/default.nix
@@ -16,8 +16,6 @@
     nix-ld.enable = true;
     nix.enable = true;
     aesmd_dcap.enable = true;
-    pccs.enable = true;
-    pccs.secret = config.sops.secrets.pccs.path;
     podman.enable = true;
     secureboot.enable = true;
     user.extraGroups = [ "docker" "sgx" ];
@@ -40,9 +38,8 @@
 
   environment.etc."sgx_default_qcnl.conf".text = ''
     {
-      "pccs_url": "https://127.0.0.1:8081/sgx/certification/v4/",
-      "use_secure_cert": false,
-      "collateral_service": "https://api.trustedservices.intel.com/sgx/certification/v4/",
+      "pccs_url": "https://api.trustedservices.intel.com/sgx/certification/v4/",
+      "use_secure_cert": true,
       "retry_times": 6,
       "retry_delay": 10,
       "pck_cache_expire_hours": 168,