feat: sgx-2.25 dcap-1.22

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>

packages/sgx-sdk/default.nix

@@ -27,15 +27,15 @@
 stdenv.mkDerivation rec {
   pname = "sgx-sdk";
   # Version as given in se_version.h
-  version = "2.24.100.3";
+  version = "2.25.100.3";
   # Version as used in the Git tag
-  versionTag = "2.24";
+  versionTag = "2.25";
 
   src = fetchFromGitHub {
     owner = "intel";
     repo = "linux-sgx";
     rev = "sgx_${versionTag}";
-    hash = "sha256-1urEdfMKNUqqyJ3wQ10+tvtlRuAKELpaCWIOzjCbYKw=";
+    hash = "sha256-RR+vFTd9ZM6XUn3KgQeUM+xoj1Ava4zQzFYA/nfXyaw=";
     fetchSubmodules = true;
   };
 
@@ -139,13 +139,15 @@ stdenv.mkDerivation rec {
       cp ${ipp-crypto-no_mitigation}/include/fips_cert.h inc/ippcp/
 
       rm inc/ippcp.h
-      patch ${ipp-crypto-no_mitigation}/include/ippcp.h -i ./inc/ippcp21u11.patch -o ./inc/ippcp.h
+      patch ${ipp-crypto-no_mitigation}/include/ippcp.h -i ./inc/ippcp21u12.patch -o ./inc/ippcp.h
 
       install -D ${ipp-crypto-no_mitigation.src}/LICENSE license/LICENSE
 
       popd
     '';
 
+  env.NIX_CFLAGS_COMPILE = "-Wno-error=missing-include-dirs";
+
   buildFlags = [
     "sdk_install_pkg"
   ] ++ lib.optionals debug [

packages/sgx-sdk/disable-downloads.patch

@@ -1,14 +1,16 @@
 diff --git a/Makefile b/Makefile
-index 73502a7..f24bd11 100644
+index 19bc05ab..f9ef0b75 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -50,18 +50,18 @@ tips:
+@@ -50,13 +50,13 @@ tips:
  preparation:
  # As SDK build needs to clone and patch openmp, we cannot support the mode that download the source from github as zip.
  # Only enable the download from git
 -	git submodule update --init --recursive
--	./external/dcap_source/QuoteVerification/prepare_sgxssl.sh nobuild
 +	# git submodule update --init --recursive
+ 	cd external/dcap_source/external/jwt-cpp && git apply ../0001-Add-a-macro-to-disable-time-support-in-jwt-for-SGX.patch >/dev/null 2>&1 || \
+ 	git apply ../0001-Add-a-macro-to-disable-time-support-in-jwt-for-SGX.patch -R --check
+-	./external/dcap_source/QuoteVerification/prepare_sgxssl.sh nobuild
 +	# ./external/dcap_source/QuoteVerification/prepare_sgxssl.sh nobuild
  	cd external/openmp/openmp_code && git apply ../0001-Enable-OpenMP-in-SGX.patch >/dev/null 2>&1 ||  git apply ../0001-Enable-OpenMP-in-SGX.patch --check -R
  	cd external/protobuf/protobuf_code && git apply ../sgx_protobuf.patch >/dev/null 2>&1 ||  git apply ../sgx_protobuf.patch --check -R
@@ -17,12 +19,14 @@ index 73502a7..f24bd11 100644
  	./external/sgx-emm/create_symlink.sh
  	cd external/mbedtls/mbedtls_code && git apply ../sgx_mbedtls.patch >/dev/null 2>&1 || git apply ../sgx_mbedtls.patch --check -R
  	cd external/cbor && cp -r libcbor sgx_libcbor
- 	cd external/cbor/libcbor && git apply ../raw_cbor.patch >/dev/null 2>&1 || git apply ../raw_cbor.patch --check -R
+@@ -64,8 +64,8 @@ preparation:
  	cd external/cbor/sgx_libcbor && git apply ../sgx_cbor.patch >/dev/null 2>&1 || git apply ../sgx_cbor.patch --check -R
+ 	cd external/ippcp_internal/ipp-crypto && git apply ../0001-IPP-crypto-for-SGX.patch > /dev/null 2>&1 || git apply ../0001-IPP-crypto-for-SGX.patch --check -R
+ 	cd external/ippcp_internal/ipp-crypto && mkdir -p build
 -	./download_prebuilt.sh
 -	./external/dcap_source/QuoteGeneration/download_prebuilt.sh
-+	# ./download_prebuilt.sh
-+	# ./external/dcap_source/QuoteGeneration/download_prebuilt.sh
++	#./download_prebuilt.sh
++	#./external/dcap_source/QuoteGeneration/download_prebuilt.sh
  
  psw:
  	$(MAKE) -C psw/ USE_OPT_LIBS=$(USE_OPT_LIBS)

packages/sgx-sdk/ipp-crypto.nix

@@ -8,13 +8,13 @@
 }:
 gcc11Stdenv.mkDerivation rec {
   pname = "ipp-crypto";
-  version = "2021.11.1";
+  version = "2021.12.1";
 
   src = fetchFromGitHub {
     owner = "intel";
     repo = "ipp-crypto";
     rev = "ippcp_${version}";
-    hash = "sha256-OgNrrPE8jFVD/hcv7A43Bno96r4Z/lb7/SE6TEL7RDI=";
+    hash = "sha256-voxjx9Np/8jy9XS6EvUK4aW18/DGQGaPpTKm9RzuCU8=";
   };
 
   cmakeFlags = [