feat: initial commit

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-07-21 15:33:56 +02:00 · 2024-02-05 16:19:15 +01:00 · 2024-02-05 16:19:15 +01:00 · 1054e3dbe4
commit 1054e3dbe4
parent 6fe41c9723
51 changed files with 3521 additions and 1 deletions
--- a/packages/sgx-dcap/SGXDataCenterAttestationPrimitives-parallel-make.patch
+++ b/packages/sgx-dcap/SGXDataCenterAttestationPrimitives-parallel-make.patch
@ -0,0 +1,26 @@
+diff --git a/Makefile b/Makefile
+index 344d08e..edd287a 100644
+--- a/Makefile
+++ b/Makefile
+@@ -48,7 +48,7 @@ PCKRetrievalTool: QuoteGeneration
+ 	$(MAKE) -C tools/PCKRetrievalTool
+ 
+ SGXPlatformRegistration:
+-	$(MAKE) -C tools/SGXPlatformRegistration
+	$(MAKE) -j1 -C tools/SGXPlatformRegistration
+ 
+ WinPle:
+ 	$(MAKE) -C driver/win/PLE
+diff --git a/tools/PCKCertSelection/Makefile b/tools/PCKCertSelection/Makefile
+index c1115fe..fbdfa06 100644
+--- a/tools/PCKCertSelection/Makefile
+++ b/tools/PCKCertSelection/Makefile
+@@ -82,7 +82,7 @@ $(PROJECTS): $(BIN_DIR)
+ $(BIN_DIR):
+ 	$(PCKCERTSEL_VERBOSE)mkdir -p $@
+ 
+-$(ZIPFILE):
+$(ZIPFILE): $(PROJECTS)
+ 	bash pack.sh
+ 	$(PCKCERTSEL_VERBOSE)echo "$@ : done"
+ 	$(PCKCERTSEL_VERBOSE)echo
--- a/packages/sgx-dcap/SGXDataCenterAttestationPrimitives-tarball-repro.patch
+++ b/packages/sgx-dcap/SGXDataCenterAttestationPrimitives-tarball-repro.patch
@ -0,0 +1,191 @@
+diff --git a/QuoteGeneration/installer/linux/common/libsgx-ae-id-enclave/createTarball.sh b/QuoteGeneration/installer/linux/common/libsgx-ae-id-enclave/createTarball.sh
+index 1ee6355..249e37e 100755
+--- a/QuoteGeneration/installer/linux/common/libsgx-ae-id-enclave/createTarball.sh
+++ b/QuoteGeneration/installer/linux/common/libsgx-ae-id-enclave/createTarball.sh
+@@ -58,6 +58,6 @@ python ${SCRIPT_DIR}/gen_source.py --bom=../licenses/BOM_license.txt --cleanup=f
+ SGX_VERSION=$(awk '/IDE_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/')
+ pushd ${INSTALL_PATH} &> /dev/null
+ sed -i "s/USR_LIB_VER=.*/USR_LIB_VER=${SGX_VERSION}/" Makefile
+-tar -zcvf ${TARBALL_NAME} *
+tar -zcv --sort=name --owner=root:0 --group=root:0 --mtime='UTC 2019-01-01 00:00:00' -f ${TARBALL_NAME} *
+ popd &> /dev/null
+
+diff --git a/QuoteGeneration/installer/linux/common/libsgx-ae-qe3/createTarball.sh b/QuoteGeneration/installer/linux/common/libsgx-ae-qe3/createTarball.sh
+index 2ac7592..e525128 100755
+--- a/QuoteGeneration/installer/linux/common/libsgx-ae-qe3/createTarball.sh
+++ b/QuoteGeneration/installer/linux/common/libsgx-ae-qe3/createTarball.sh
+@@ -58,5 +58,5 @@ python ${SCRIPT_DIR}/gen_source.py --bom=../licenses/BOM_license.txt --cleanup=f
+ SGX_VERSION=$(awk '/QE3_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/')
+ pushd ${INSTALL_PATH} &> /dev/null
+ sed -i "s/USR_LIB_VER=.*/USR_LIB_VER=${SGX_VERSION}/" Makefile
+-tar -zcvf ${TARBALL_NAME} *
+tar -zcv --sort=name --owner=root:0 --group=root:0 --mtime='UTC 2019-01-01 00:00:00' -f ${TARBALL_NAME} *
+ popd &> /dev/null
+diff --git a/QuoteGeneration/installer/linux/common/libsgx-ae-qve/createTarball.sh b/QuoteGeneration/installer/linux/common/libsgx-ae-qve/createTarball.sh
+index 294706f..b86e17c 100755
+--- a/QuoteGeneration/installer/linux/common/libsgx-ae-qve/createTarball.sh
+++ b/QuoteGeneration/installer/linux/common/libsgx-ae-qve/createTarball.sh
+@@ -58,5 +58,5 @@ python ${SCRIPT_DIR}/gen_source.py --bom=../licenses/BOM_license.txt --cleanup=f
+ SGX_VERSION=$(awk '/QVE_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/')
+ pushd ${INSTALL_PATH} &> /dev/null
+ sed -i "s/USR_LIB_VER=.*/USR_LIB_VER=${SGX_VERSION}/" Makefile
+-tar -zcvf ${TARBALL_NAME} *
+tar -zcv --sort=name --owner=root:0 --group=root:0 --mtime='UTC 2019-01-01 00:00:00' -f ${TARBALL_NAME} *
+ popd &> /dev/null
+diff --git a/QuoteGeneration/installer/linux/common/libsgx-ae-tdqe/createTarball.sh b/QuoteGeneration/installer/linux/common/libsgx-ae-tdqe/createTarball.sh
+index 9f5e4df..48ee554 100755
+--- a/QuoteGeneration/installer/linux/common/libsgx-ae-tdqe/createTarball.sh
+++ b/QuoteGeneration/installer/linux/common/libsgx-ae-tdqe/createTarball.sh
+@@ -58,5 +58,5 @@ python ${SCRIPT_DIR}/gen_source.py --bom=../licenses/BOM_license.txt --cleanup=f
+ SGX_VERSION=$(awk '/TDQE_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/')
+ pushd ${INSTALL_PATH} &> /dev/null
+ sed -i "s/USR_LIB_VER=.*/USR_LIB_VER=${SGX_VERSION}/" Makefile
+-tar -zcvf ${TARBALL_NAME} *
+tar -zcv --sort=name --owner=root:0 --group=root:0 --mtime='UTC 2019-01-01 00:00:00' -f ${TARBALL_NAME} *
+ popd &> /dev/null
+diff --git a/QuoteGeneration/installer/linux/common/libsgx-dcap-default-qpl/createTarball.sh b/QuoteGeneration/installer/linux/common/libsgx-dcap-default-qpl/createTarball.sh
+index ad7de91..80940ee 100755
+--- a/QuoteGeneration/installer/linux/common/libsgx-dcap-default-qpl/createTarball.sh
+++ b/QuoteGeneration/installer/linux/common/libsgx-dcap-default-qpl/createTarball.sh
+@@ -59,6 +59,6 @@ python ${SCRIPT_DIR}/gen_source.py --bom=../licenses/BOM_license.txt --cleanup=f
+ SGX_VERSION=$(awk '/DEFAULT_QPL_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/')
+ pushd ${INSTALL_PATH} &> /dev/null
+ sed -i "s/USR_LIB_VER=.*/USR_LIB_VER=${SGX_VERSION}/" Makefile
+-tar -zcvf ${TARBALL_NAME} *
+tar -zcv --sort=name --owner=root:0 --group=root:0 --mtime='UTC 2019-01-01 00:00:00' -f ${TARBALL_NAME} *
+ popd &> /dev/null
+
+diff --git a/QuoteGeneration/installer/linux/common/libsgx-dcap-ql/createTarball.sh b/QuoteGeneration/installer/linux/common/libsgx-dcap-ql/createTarball.sh
+index f60411f..0c5cba6 100755
+--- a/QuoteGeneration/installer/linux/common/libsgx-dcap-ql/createTarball.sh
+++ b/QuoteGeneration/installer/linux/common/libsgx-dcap-ql/createTarball.sh
+@@ -61,5 +61,5 @@ python ${SCRIPT_DIR}/gen_source.py --bom=../licenses/BOM_license.txt --cleanup=f
+ SGX_VERSION=$(awk '/QUOTE_LOADER_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/')
+ pushd ${INSTALL_PATH} &> /dev/null
+ sed -i "s/USR_LIB_VER=.*/USR_LIB_VER=${SGX_VERSION}/" Makefile
+-tar -zcvf ${TARBALL_NAME} *
+tar -zcv --sort=name --owner=root:0 --group=root:0 --mtime='UTC 2019-01-01 00:00:00' -f ${TARBALL_NAME} *
+ popd &> /dev/null
+diff --git a/QuoteGeneration/installer/linux/common/libsgx-dcap-quote-verify/createTarball.sh b/QuoteGeneration/installer/linux/common/libsgx-dcap-quote-verify/createTarball.sh
+index 1e67891..af616d8 100755
+--- a/QuoteGeneration/installer/linux/common/libsgx-dcap-quote-verify/createTarball.sh
+++ b/QuoteGeneration/installer/linux/common/libsgx-dcap-quote-verify/createTarball.sh
+@@ -62,5 +62,5 @@ python ${SCRIPT_DIR}/gen_source.py --bom=../licenses/BOM_license.txt --cleanup=f
+ SGX_VERSION=$(awk '/QUOTE_VERIFIER_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/')
+ pushd ${INSTALL_PATH} &> /dev/null
+ sed -i "s/USR_LIB_VER=.*/USR_LIB_VER=${SGX_VERSION}/" Makefile
+-tar -zcvf ${TARBALL_NAME} *
+tar -zcv --sort=name --owner=root:0 --group=root:0 --mtime='UTC 2019-01-01 00:00:00' -f ${TARBALL_NAME} *
+ popd &> /dev/null
+diff --git a/QuoteGeneration/installer/linux/common/libsgx-pce-logic/createTarball.sh b/QuoteGeneration/installer/linux/common/libsgx-pce-logic/createTarball.sh
+index ebb1239..1073bd9 100755
+--- a/QuoteGeneration/installer/linux/common/libsgx-pce-logic/createTarball.sh
+++ b/QuoteGeneration/installer/linux/common/libsgx-pce-logic/createTarball.sh
+@@ -58,5 +58,5 @@ python ${SCRIPT_DIR}/gen_source.py --bom=../licenses/BOM_license.txt --cleanup=f
+ SGX_VERSION=$(awk '/PCE_WRAPPER_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/')
+ pushd ${INSTALL_PATH} &> /dev/null
+ sed -i "s/USR_LIB_VER=.*/USR_LIB_VER=${SGX_VERSION}/" Makefile
+-tar -zcvf ${TARBALL_NAME} *
+tar -zcv --sort=name --owner=root:0 --group=root:0 --mtime='UTC 2019-01-01 00:00:00' -f ${TARBALL_NAME} *
+ popd &> /dev/null
+diff --git a/QuoteGeneration/installer/linux/common/libsgx-qe3-logic/createTarball.sh b/QuoteGeneration/installer/linux/common/libsgx-qe3-logic/createTarball.sh
+index c6271d3..417cb70 100755
+--- a/QuoteGeneration/installer/linux/common/libsgx-qe3-logic/createTarball.sh
+++ b/QuoteGeneration/installer/linux/common/libsgx-qe3-logic/createTarball.sh
+@@ -56,5 +56,5 @@ python ${SCRIPT_DIR}/gen_source.py --bom=../licenses/BOM_license.txt --cleanup=f
+
+ # Create the tarball
+ pushd ${INSTALL_PATH} &> /dev/null
+-tar -zcvf ${TARBALL_NAME} *
+tar -zcv --sort=name --owner=root:0 --group=root:0 --mtime='UTC 2019-01-01 00:00:00' -f ${TARBALL_NAME} *
+ popd &> /dev/null
+diff --git a/QuoteGeneration/installer/linux/common/libsgx-tdx-logic/createTarball.sh b/QuoteGeneration/installer/linux/common/libsgx-tdx-logic/createTarball.sh
+index 80dff97..04738c3 100755
+--- a/QuoteGeneration/installer/linux/common/libsgx-tdx-logic/createTarball.sh
+++ b/QuoteGeneration/installer/linux/common/libsgx-tdx-logic/createTarball.sh
+@@ -59,5 +59,5 @@ python ${SCRIPT_DIR}/gen_source.py --bom=../licenses/BOM_license.txt --cleanup=f
+ SGX_VERSION=$(awk '/TDQE_WRAPPER_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/')
+ pushd ${INSTALL_PATH} &> /dev/null
+ sed -i "s/USR_LIB_VER=.*/USR_LIB_VER=${SGX_VERSION}/" Makefile
+-tar -zcvf ${TARBALL_NAME} *
+tar -zcv --sort=name --owner=root:0 --group=root:0 --mtime='UTC 2019-01-01 00:00:00' -f ${TARBALL_NAME} *
+ popd &> /dev/null
+diff --git a/QuoteGeneration/installer/linux/common/libtdx-attest/createTarball.sh b/QuoteGeneration/installer/linux/common/libtdx-attest/createTarball.sh
+index 4e53085..7047a49 100755
+--- a/QuoteGeneration/installer/linux/common/libtdx-attest/createTarball.sh
+++ b/QuoteGeneration/installer/linux/common/libtdx-attest/createTarball.sh
+@@ -61,5 +61,5 @@ python ${SCRIPT_DIR}/gen_source.py --bom=../licenses/BOM_license.txt --cleanup=f
+ SGX_VERSION=$(awk '/STRFILEVER/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/')
+ pushd ${INSTALL_PATH} &> /dev/null
+ sed -i "s/USR_LIB_VER=.*/USR_LIB_VER=${SGX_VERSION}/" Makefile
+-tar -zcvf ${TARBALL_NAME} *
+tar -zcv --sort=name --owner=root:0 --group=root:0 --mtime='UTC 2019-01-01 00:00:00' -f ${TARBALL_NAME} *
+ popd &> /dev/null
+diff --git a/QuoteGeneration/installer/linux/common/sgx-dcap-pccs/createTarball.sh b/QuoteGeneration/installer/linux/common/sgx-dcap-pccs/createTarball.sh
+index fa3286e..cacf5a3 100755
+--- a/QuoteGeneration/installer/linux/common/sgx-dcap-pccs/createTarball.sh
+++ b/QuoteGeneration/installer/linux/common/sgx-dcap-pccs/createTarball.sh
+@@ -57,5 +57,5 @@ python ${SCRIPT_DIR}/gen_source.py --bom=../licenses/BOM_license.txt --cleanup=f
+
+ # Create the tarball
+ pushd ${INSTALL_PATH} &> /dev/null
+-tar -zcvf ${TARBALL_NAME} *
+tar -zcv --sort=name --owner=root:0 --group=root:0 --mtime='UTC 2019-01-01 00:00:00' -f ${TARBALL_NAME} *
+ popd &> /dev/null
+diff --git a/QuoteGeneration/installer/linux/common/tdx-qgs/createTarball.sh b/QuoteGeneration/installer/linux/common/tdx-qgs/createTarball.sh
+index 6797401..0f59abf 100755
+--- a/QuoteGeneration/installer/linux/common/tdx-qgs/createTarball.sh
+++ b/QuoteGeneration/installer/linux/common/tdx-qgs/createTarball.sh
+@@ -55,5 +55,5 @@ python ${SCRIPT_DIR}/gen_source.py --bom=BOMs/tdx-qgs-package.txt --cleanup=fals
+
+ # Create the tarball
+ pushd ${INSTALL_PATH} &> /dev/null
+-tar -zcvf ${TARBALL_NAME} *
+tar -zcv --sort=name --owner=root:0 --group=root:0 --mtime='UTC 2019-01-01 00:00:00' -f ${TARBALL_NAME} *
+ popd &> /dev/null
+diff --git a/tools/PCKRetrievalTool/installer/common/sgx-pck-id-retrieval-tool/createTarball.sh b/tools/PCKRetrievalTool/installer/common/sgx-pck-id-retrieval-tool/createTarball.sh
+index f09f0d8..60a3796 100755
+--- a/tools/PCKRetrievalTool/installer/common/sgx-pck-id-retrieval-tool/createTarball.sh
+++ b/tools/PCKRetrievalTool/installer/common/sgx-pck-id-retrieval-tool/createTarball.sh
+@@ -56,5 +56,5 @@ python ${SCRIPT_DIR}/gen_source.py --bom=BOMs/pck-id-retrieval-tool-package.txt
+
+ # Create the tarball
+ pushd ${INSTALL_PATH} &> /dev/null
+-tar -zcvf ${TARBALL_NAME} *
+tar -zcv --sort=name --owner=root:0 --group=root:0 --mtime='UTC 2019-01-01 00:00:00' -f ${TARBALL_NAME} *
+ popd &> /dev/null
+diff --git a/tools/SGXPlatformRegistration/package/installer/common/libsgx-ra-network/createTarball.sh b/tools/SGXPlatformRegistration/package/installer/common/libsgx-ra-network/createTarball.sh
+index f0109c5..64a8523 100755
+--- a/tools/SGXPlatformRegistration/package/installer/common/libsgx-ra-network/createTarball.sh
+++ b/tools/SGXPlatformRegistration/package/installer/common/libsgx-ra-network/createTarball.sh
+@@ -59,6 +59,6 @@ python ${SCRIPT_DIR}/gen_source.py --bom=BOMs/../../licenses/BOM_license.txt --c
+ RA_VERSION=$(awk '/STRFILEVER/ {print $3}' ${ROOT_DIR}/../../QuoteGeneration/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/')
+ pushd ${INSTALL_PATH} &> /dev/null
+ sed -i "s/USR_LIB_VER=.*/USR_LIB_VER=${RA_VERSION}/" Makefile
+-tar -zcvf ${TARBALL_NAME} *
+tar -zcv --sort=name --owner=root:0 --group=root:0 --mtime='UTC 2019-01-01 00:00:00' -f ${TARBALL_NAME} *
+ popd &> /dev/null
+
+diff --git a/tools/SGXPlatformRegistration/package/installer/common/libsgx-ra-uefi/createTarball.sh b/tools/SGXPlatformRegistration/package/installer/common/libsgx-ra-uefi/createTarball.sh
+index d62f397..73854a1 100755
+--- a/tools/SGXPlatformRegistration/package/installer/common/libsgx-ra-uefi/createTarball.sh
+++ b/tools/SGXPlatformRegistration/package/installer/common/libsgx-ra-uefi/createTarball.sh
+@@ -59,6 +59,6 @@ python ${SCRIPT_DIR}/gen_source.py --bom=BOMs/../../licenses/BOM_license.txt --c
+ RA_VERSION=$(awk '/STRFILEVER/ {print $3}' ${ROOT_DIR}/../../QuoteGeneration/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/')
+ pushd ${INSTALL_PATH} &> /dev/null
+ sed -i "s/USR_LIB_VER=.*/USR_LIB_VER=${RA_VERSION}/" Makefile
+-tar -zcvf ${TARBALL_NAME} *
+tar -zcv --sort=name --owner=root:0 --group=root:0 --mtime='UTC 2019-01-01 00:00:00' -f ${TARBALL_NAME} *
+ popd &> /dev/null
+
+diff --git a/tools/SGXPlatformRegistration/package/installer/common/sgx-ra-service/createTarball.sh b/tools/SGXPlatformRegistration/package/installer/common/sgx-ra-service/createTarball.sh
+index de7e205..a18b930 100755
+--- a/tools/SGXPlatformRegistration/package/installer/common/sgx-ra-service/createTarball.sh
+++ b/tools/SGXPlatformRegistration/package/installer/common/sgx-ra-service/createTarball.sh
+@@ -57,5 +57,5 @@ python ${SCRIPT_DIR}/gen_source.py --bom=../licenses/BOM_license.txt --cleanup=f
+
+ # Create the tarball
+ pushd ${INSTALL_PATH} &> /dev/null
+-tar -zcvf ${TARBALL_NAME} *
+tar -zcv --sort=name --owner=root:0 --group=root:0 --mtime='UTC 2019-01-01 00:00:00' -f ${TARBALL_NAME} *
+ popd &> /dev/null
--- a/packages/sgx-dcap/default.nix
+++ b/packages/sgx-dcap/default.nix
@ -0,0 +1,217 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, fetchurl
+, cmake
+, boost
+, python3
+, openssl
+, which
+, wget
+, curl
+, zip
+, nixsgx
+,
+}:
+
+let inherit (lib) optional; in
+
+let
+  self = stdenv.mkDerivation rec {
+    pname = "sgx-dcap";
+    version = "1.20";
+
+    postUnpack =
+      let
+        dcap = rec {
+          filename = "prebuilt_dcap_${version}.tar.gz";
+          prebuilt = fetchurl {
+            url = "https://download.01.org/intel-sgx/sgx-dcap/${version}/linux/${filename}";
+            hash = "sha256-nPsI89KSBA3cSNTMWyktZP5dkf+BwL3NZ4MuUf6G98o=";
+          };
+        };
+      in
+      ''
+        # Make sure we use the correct version of prebuilt DCAP
+        grep -q 'ae_file_name=${dcap.filename}' "$sourceRoot/QuoteGeneration/download_prebuilt.sh" \
+          || (echo "Could not find expected prebuilt DCAP ${dcap.filename} in dcap source" >&2 && grep 'ae_file_name' "$sourceRoot/QuoteGeneration/download_prebuilt.sh"  && exit 1)
+
+        tar -zxf ${dcap.prebuilt} -C $sourceRoot/QuoteGeneration/
+      '';
+
+    src = fetchFromGitHub {
+      owner = "intel";
+      repo = "SGXDataCenterAttestationPrimitives";
+      rev = "DCAP_${version}";
+      hash = "sha256-gNQzV6wpoQUZ3x/RqvFLwak4HhDOiJC5mW0okGx3UGA=";
+      fetchSubmodules = true;
+    };
+
+    outputs = [
+      "out"
+      "dev"
+      "ae_id_enclave"
+      "ae_qe3"
+      "ae_qve"
+      "ae_tdqe"
+      "pce_logic"
+      "qe3_logic"
+      "default_qpl"
+      "ql"
+      "quote_verify"
+      "ra_network"
+      "ra_uefi"
+      "tdx_logic"
+      "libtdx_attest"
+    ];
+
+    patches = [
+      ./SGXDataCenterAttestationPrimitives-tarball-repro.patch
+      ./SGXDataCenterAttestationPrimitives-parallel-make.patch
+    ];
+
+    postPatch = ''
+      patchShebangs --build $(find . -name '*.sh')
+    '';
+
+    preBuild = ''
+      makeFlagsArray+=(SGX_SDK="${nixsgx.sgx-sdk}" SGXSSL_PACKAGE_PATH="${nixsgx.sgx-ssl}")
+    '';
+
+    # sigh... Intel!
+    enableParallelBuilding = true;
+    dontUseCmakeConfigure = true;
+
+    # setOutputFlags = false;
+    # moveToDev = false;
+
+    # sigh... Intel!
+    installPhase = ''
+      # set -x
+      set -e
+      runHook preInstall
+
+      # sigh... Intel!
+      mkdir -p QuoteGeneration/pccs/lib/
+      cp tools/PCKCertSelection/out/libPCKCertSelection.so QuoteGeneration/pccs/lib/
+
+      mkdir -p "$out"
+
+      dcap_pkgdirs=(
+          ./QuoteGeneration/installer/linux/common/libsgx-ae-id-enclave
+          ./QuoteGeneration/installer/linux/common/libsgx-ae-qe3
+          ./QuoteGeneration/installer/linux/common/libsgx-ae-qve
+          ./QuoteGeneration/installer/linux/common/libsgx-ae-tdqe
+          ./QuoteGeneration/installer/linux/common/libsgx-dcap-default-qpl
+          ./QuoteGeneration/installer/linux/common/libsgx-dcap-ql
+          ./QuoteGeneration/installer/linux/common/libsgx-dcap-quote-verify
+          ./QuoteGeneration/installer/linux/common/libsgx-pce-logic
+          ./QuoteGeneration/installer/linux/common/libsgx-qe3-logic
+          ./QuoteGeneration/installer/linux/common/libsgx-tdx-logic
+          ./QuoteGeneration/installer/linux/common/libtdx-attest
+          ./tools/SGXPlatformRegistration/package/installer/common/libsgx-ra-network
+          ./tools/SGXPlatformRegistration/package/installer/common/libsgx-ra-uefi
+          #./QuoteGeneration/installer/linux/common/sgx-dcap-pccs
+      )
+
+      for src in ''${dcap_pkgdirs[@]}; do
+          dst="$out/$src"
+          echo "Processing $src"
+          "$src"/createTarball.sh
+          mkdir -p "$dst"
+          make DESTDIR="$dst/output" -C "$src"/output install
+      done
+
+      dcap_map=(
+          QuoteGeneration/installer/linux/common/libsgx-ae-id-enclave/output
+          "$ae_id_enclave"
+          QuoteGeneration/installer/linux/common/libsgx-ae-qe3/output
+          "$ae_qe3"
+          QuoteGeneration/installer/linux/common/libsgx-ae-qve/output
+          "$ae_qve"
+          QuoteGeneration/installer/linux/common/libsgx-ae-tdqe/output
+          "$ae_tdqe"
+          QuoteGeneration/installer/linux/common/libsgx-pce-logic/output
+          "$pce_logic"
+          QuoteGeneration/installer/linux/common/libsgx-qe3-logic/output
+          "$qe3_logic"
+          QuoteGeneration/installer/linux/common/libsgx-dcap-default-qpl/output/libsgx-dcap-default-qpl
+          "$default_qpl"
+          QuoteGeneration/installer/linux/common/libsgx-dcap-ql/output/libsgx-dcap-ql
+          "$ql"
+          QuoteGeneration/installer/linux/common/libsgx-dcap-quote-verify/output/libsgx-dcap-quote-verify
+          "$quote_verify"
+          QuoteGeneration/installer/linux/common/libsgx-tdx-logic/output/libsgx-tdx-logic
+          "$tdx_logic"
+          QuoteGeneration/installer/linux/common/libtdx-attest/output/libtdx-attest
+          "$libtdx_attest"
+          tools/SGXPlatformRegistration/package/installer/common/libsgx-ra-network/output/libsgx-ra-network
+          "$ra_network"
+          tools/SGXPlatformRegistration/package/installer/common/libsgx-ra-uefi/output/libsgx-ra-uefi
+          "$ra_uefi"
+          #QuoteGeneration/installer/linux/common/sgx-dcap-pccs/output
+          #"$pccs"
+          #    sgx-pck-id-retrieval-tool
+          #    sgx-ra-service
+          #    tdx-qgs
+      )
+
+      for ((i = 0 ; i < ''${#dcap_map[@]} ; i+=2 )); do
+          src="''${dcap_map[i]}"
+          dst="''${dcap_map[i+1]}"
+
+          echo "Processing $src"
+
+          mkdir -p "$dst"
+
+          moveToOutput "$src" "$dst"
+          moveToOutput "$src-dev" "$dst"
+
+          mv "$dst"/$src/* "$dst"/
+
+          if [[ -d "$dst"/$src-dev ]]; then
+            cp -a "$dst"/$src-dev/. "$dst"/
+          fi
+
+          if [[ -d "$dst"/usr ]]; then
+            cp -a "$dst"/usr/. "$dst"/
+            rm -fr "$dst"/usr
+          fi
+
+          [[ -d "$dst"/lib64 ]] && mv "$dst"/lib64 "$dst"/lib
+          [[ -d "$dst"/opt ]] && rm -fr "$dst"/opt
+
+          rm -fr "$dst/''${src%%/*}"
+      done
+
+      mkdir -p "$out"/share/doc
+      echo Hello > "$out"/share/doc/README.md
+
+      runHook postInstall
+    '';
+
+    nativeBuildInputs = [
+      nixsgx.sgx-sdk
+      cmake
+      openssl
+      python3
+      boost
+      curl
+      which
+      wget
+      zip
+    ];
+
+    doCheck = false;
+
+    dontDisableStatic = false;
+
+    meta = with lib; {
+      description = "Intel(R) Software Guard Extensions Data Center Attestation Primitives";
+      homepage = "https://github.com/intel/SGXDataCenterAttestationPrimitives";
+      platforms = [ "x86_64-linux" ];
+      license = with licenses; [ bsd3 ];
+    };
+  };
+in
+self