feat: initial commit

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>

assets/Azure-DCAP-Client.patch

@@ -0,0 +1,38 @@
+diff --git a/src/dcap_provider.cpp b/src/dcap_provider.cpp
+index d23c250..34c4d9d 100644
+--- a/src/dcap_provider.cpp
++++ b/src/dcap_provider.cpp
+@@ -1333,7 +1333,7 @@ static std::string build_tcb_info_url(
+         tcb_info_url << base_url;
+     }
+     else
+-        tcb_info_url << get_base_url();
++        tcb_info_url << "https://api.trustedservices.intel.com/sgx/certification";
+ 
+     if (!version.empty())
+     {
+@@ -1426,7 +1426,7 @@ static std::string build_enclave_id_url(
+         qe_id_url << base_url;
+     }
+     else
+-        qe_id_url << get_base_url();
++        qe_id_url << "https://api.trustedservices.intel.com/sgx/certification/";
+ 
+     // Select the correct issuer header name
+     if (!version.empty())
+@@ -1521,6 +1521,7 @@ static quote3_error_t get_collateral(
+                 "Successfully fetched %s from URL: '%s'.",
+                 friendly_name.c_str(),
+                 url.c_str());
++/*
+             std::string cache_control;
+             auto get_cache_header_operation = get_unescape_header(*curl_operation, headers::CACHE_CONTROL, &cache_control);
+             retval = convert_to_intel_error(get_cache_header_operation);
+@@ -1534,6 +1535,7 @@ static quote3_error_t get_collateral(
+                     local_cache_add(issuer_chain_cache_name, expiry, issuer_chain.size(), issuer_chain.c_str());
+                 }
+             }
++*/
+         }
+ 
+         return retval;

assets/extract-sig.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: Apache-2.0
+#
+# This script is used to extract the signature of a gramine docker image.
+#
+# Usage: ./extract-sig.sh <image-name> <tee-name> <output-file>
+# Example: ./extract-sig.sh tva tee-vault-admin
+
+id=$(docker create $1)
+trap 'docker rm -v $id' EXIT
+docker cp "$id:/app/$2.sig" "$3"

assets/replace-sig.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: Apache-2.0
+#
+# This script is used to replace the signature of a gramine docker image with a new one.
+#
+# Usage: ./replace-sig.sh <image> <new-signature-file> <old-signature-file>
+# Example: ./replace-sig.sh tva tee-vault-admin.sig /app/tee-vault-admin.sig
+
+DOCKERFILE="Dockerfile-tmp-$$"
+
+trap 'rm -f $DOCKERFILE' EXIT
+
+cat > "$DOCKERFILE" <<EOF
+FROM $1
+COPY $2 $3
+EOF
+
+docker build -f "$DOCKERFILE" -t "$1" .

assets/sgx_default_qcnl.conf.json

@@ -0,0 +1,10 @@
+{
+  "pccs_url": "https://host.containers.internal:8081/sgx/certification/v4/",
+  "use_secure_cert": false,
+  "collateral_service": "https://api.trustedservices.intel.com/sgx/certification/v4/",
+  "retry_times": 6,
+  "retry_delay": 10,
+  "pck_cache_expire_hours": 168,
+  "verify_collateral_cache_expire_hours": 168,
+  "local_cache_only": false
+}

assets/vault-auth-tee.sha256

@@ -0,0 +1 @@
+7e417b65b9a4fa46dfcc72feb0f0c2e5fa4391c3f6b668cb2c5ba7174b95c43b