harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

sgx: don't use pccs

Browse source 
Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
This commit is contained in:
Harald Hoyer 2024-03-21 21:20:22 +01:00
parent ad2fc117c7
commit c5452b5943
1 changed files with 4 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
systems/x86_64-linux/sgx/default.nix
View file

@ -16,8 +16,8 @@
nix-ld.enable = true; nix-ld.enable = true;
nix.enable = true; nix.enable = true;
aesmd_dcap.enable = true; aesmd_dcap.enable = true;
pccs.enable = true; #pccs.enable = false;
pccs.secret = config.sops.secrets.pccs.path; #pccs.secret = config.sops.secrets.pccs.path;
podman.enable = true; podman.enable = true;
secureboot.enable = true; secureboot.enable = true;
user.extraGroups = [ "docker" "sgx" ]; user.extraGroups = [ "docker" "sgx" ];
@ -40,9 +40,8 @@
environment.etc."sgx_default_qcnl.conf".text = '' environment.etc."sgx_default_qcnl.conf".text = ''
{ {
"pccs_url": "https://127.0.0.1:8081/sgx/certification/v4/", "pccs_url": "https://api.trustedservices.intel.com/sgx/certification/v4/",
"use_secure_cert": false, "use_secure_cert": true,
"collateral_service": "https://api.trustedservices.intel.com/sgx/certification/v4/",
"retry_times": 6, "retry_times": 6,
"retry_delay": 10, "retry_delay": 10,
"pck_cache_expire_hours": 168, "pck_cache_expire_hours": 168,