harald/nixsgx
1
0
Fork 0
mirror of https://github.com/matter-labs/nixsgx.git synced 2025-07-21 15:33:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: sgx-dcap.default_qpl config file

Browse source 
works now out of the box without a PCCS server and API token.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
This commit is contained in:
Harald Hoyer 2024-03-22 10:19:06 +01:00
parent 7afe2bbed7
commit 802aca6e67
Signed by: harald
GPG key ID: F519A1143B3FBE32
2 changed files with 23 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

13
packages/sgx-dcap/SGXDataCenterAttestationPrimitives-sgx_default_qcnl_conf.patch Normal file
View file

@ -0,0 +1,13 @@
diff --git a/QuoteGeneration/qcnl/linux/sgx_default_qcnl.conf b/QuoteGeneration/qcnl/linux/sgx_default_qcnl.conf
index a7c84c9..ac491b0 100644
--- a/QuoteGeneration/qcnl/linux/sgx_default_qcnl.conf
+++ b/QuoteGeneration/qcnl/linux/sgx_default_qcnl.conf
@@ -2,7 +2,7 @@
// *** ATTENTION : This file is in JSON format so the keys are case sensitive. Don't change them.
//PCCS server address
- "pccs_url": "https://localhost:8081/sgx/certification/v4/"
+ "pccs_url": "https://api.trustedservices.intel.com/sgx/certification/v4/"
// To accept insecure HTTPS certificate, set this option to false
,"use_secure_cert": true

16
packages/sgx-dcap/default.nix
View file

@ -63,8 +63,12 @@ stdenv.mkDerivation rec {
]; ];
patches = [ patches = [
# make tarballs reproducible
./SGXDataCenterAttestationPrimitives-tarball-repro.patch ./SGXDataCenterAttestationPrimitives-tarball-repro.patch
# sigh... Intel!
./SGXDataCenterAttestationPrimitives-parallel-make.patch ./SGXDataCenterAttestationPrimitives-parallel-make.patch
# make config work without a dedicated PCCS server by default
./SGXDataCenterAttestationPrimitives-sgx_default_qcnl_conf.patch
]; ];
postPatch = '' postPatch = ''
@ -153,7 +157,7 @@ stdenv.mkDerivation rec {
# sgx-ra-service # sgx-ra-service
# tdx-qgs # tdx-qgs
) )
for ((i = 0 ; i < ''${#dcap_map[@]} ; i+=2 )); do for ((i = 0 ; i < ''${#dcap_map[@]} ; i+=2 )); do
src="''${dcap_map[i]}" src="''${dcap_map[i]}"
dst="''${dcap_map[i+1]}" dst="''${dcap_map[i+1]}"
@ -162,19 +166,19 @@ stdenv.mkDerivation rec {
mkdir -p "$dst" mkdir -p "$dst"
if [[ -d "$out/$src/opt/intel" ]]; then if [[ -d "$out/$src/opt/intel" ]]; then
find "$out/$src/opt/intel" find "$out/$src/opt/intel"
moveToOutput "$src/opt/intel" "$dst" moveToOutput "$src/opt/intel" "$dst"
mkdir "$dst/bin" mkdir "$dst/bin"
mv "$dst/$src/opt/intel"/*/* "$dst/bin/" mv "$dst/$src/opt/intel"/*/* "$dst/bin/"
fi fi
if [[ -d "$out/$src" ]]; then if [[ -d "$out/$src" ]]; then
find "$out/$src" find "$out/$src"
moveToOutput "$src" "$dst" moveToOutput "$src" "$dst"
fi fi
if [[ -d "$out/$src-dev" ]]; then if [[ -d "$out/$src-dev" ]]; then
find "$out/$src-dev" find "$out/$src-dev"
moveToOutput "$src-dev" "$dst" moveToOutput "$src-dev" "$dst"
fi fi