feat: add sgx-dcap.pck_id_retrieval_tool

for `PCKIDRetrievalTool` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-07-21 15:33:56 +02:00 · 2024-03-13 15:21:31 +01:00 · 2024-03-13 15:21:31 +01:00 · 795851e244
commit 795851e244
parent c66c2e4343
1 changed files with 224 additions and 197 deletions
--- a/packages/sgx-dcap/default.nix
+++ b/packages/sgx-dcap/default.nix
@ -11,13 +11,9 @@
 , curl
 , zip
 , nixsgx
-,
+, makeWrapper
 }:
-
-let inherit (lib) optional; in
-
-let
-  self = stdenv.mkDerivation rec {
+stdenv.mkDerivation rec {
  pname = "sgx-dcap";
  version = "1.20";

@ -63,6 +59,7 @@ let
    "ra_uefi"
    "tdx_logic"
    "libtdx_attest"
+    "pck_id_retrieval_tool"
  ];

  patches = [
@ -87,8 +84,7 @@ let

  # sigh... Intel!
  installPhase = ''
-      # set -x
-      set -e
+    #set -xe
    runHook preInstall

    # sigh... Intel!
@ -111,6 +107,7 @@ let
        ./QuoteGeneration/installer/linux/common/libtdx-attest
        ./tools/SGXPlatformRegistration/package/installer/common/libsgx-ra-network
        ./tools/SGXPlatformRegistration/package/installer/common/libsgx-ra-uefi
+        ./tools/PCKRetrievalTool/installer/common/sgx-pck-id-retrieval-tool
        #./QuoteGeneration/installer/linux/common/sgx-dcap-pccs
    )

@ -149,9 +146,10 @@ let
        "$ra_network"
        tools/SGXPlatformRegistration/package/installer/common/libsgx-ra-uefi/output/libsgx-ra-uefi
        "$ra_uefi"
+        tools/PCKRetrievalTool/installer/common/sgx-pck-id-retrieval-tool/output
+        "$pck_id_retrieval_tool"
        #QuoteGeneration/installer/linux/common/sgx-dcap-pccs/output
        #"$pccs"
-          #    sgx-pck-id-retrieval-tool
        #    sgx-ra-service
        #    tdx-qgs
    )
@ -164,8 +162,22 @@ let

        mkdir -p "$dst"

+        if [[ -d "$out/$src/opt/intel" ]]; then 
+          find "$out/$src/opt/intel" 
+          moveToOutput "$src/opt/intel" "$dst"
+          mkdir "$dst/bin"
+          mv "$dst/$src/opt/intel"/*/* "$dst/bin/"
+        fi
+ 
+        if [[ -d "$out/$src" ]]; then 
+          find "$out/$src"
          moveToOutput "$src" "$dst"
+        fi
+
+        if [[ -d "$out/$src-dev" ]]; then 
+          find "$out/$src-dev"
          moveToOutput "$src-dev" "$dst"
+        fi

        mv "$dst"/$src/* "$dst"/

@ -187,11 +199,24 @@ let
    mkdir -p "$out"/share/doc
    echo Hello > "$out"/share/doc/README.md

+    rm "$pck_id_retrieval_tool"/bin/lib*so*
+    mkdir "$pck_id_retrieval_tool"/lib
+    cp QuoteGeneration/psw/ae/data/prebuilt/libsgx_id_enclave.signed.so "$pck_id_retrieval_tool"/lib
+    ln -fs ../lib/libsgx_id_enclave.signed.so "$pck_id_retrieval_tool"/bin/libsgx_id_enclave.signed.so.1
+    cp QuoteGeneration/psw/ae/data/prebuilt/libsgx_pce.signed.so "$pck_id_retrieval_tool"/lib
+    ln -fs ../lib/libsgx_pce.signed.so "$pck_id_retrieval_tool"/bin/libsgx_pce.signed.so.1
+
+    #set +x
    runHook postInstall
  '';

+  postFixup = ''
+    wrapProgram "$pck_id_retrieval_tool/bin/PCKIDRetrievalTool" \
+      --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ nixsgx.sgx-psw ]}:$ra_uefi/lib:$ra_network/lib"
+  '';
+
  nativeBuildInputs = [
-      nixsgx.sgx-sdk
+    makeWrapper
    cmake
    openssl
    python3
@ -202,6 +227,10 @@ let
    zip
  ];

+  buildInputs = [
+    nixsgx.sgx-sdk
+  ];
+
  doCheck = false;

  dontDisableStatic = false;
@ -212,6 +241,4 @@ let
    platforms = [ "x86_64-linux" ];
    license = with licenses; [ bsd3 ];
  };
-  };
-in
-self
+}