Linux 2.9.1 Open Source Gold Release

Supported to query Intel(R) SGX attestation key ID list.
Fixed bugwqs.

Signed-off-by: Li, Xun <[email protected]>

Author: llly

Makefile

@@ -29,7 +29,7 @@
 #
 #
 
-DCAP_VER?= 1.5
+DCAP_VER?= 1.6
 DCAP_DOWNLOAD_BASE ?= https://github.com/intel/SGXDataCenterAttestationPrimitives/archive
 
 CHECK_OPT :=
@@ -97,6 +97,14 @@ ifeq ("$(wildcard ./external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt/li
 endif
 	$(MAKE) -C external/dcap_source/QuoteGeneration deb_sgx_ae_qe3_pkg
 	$(CP) external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-ae-qe3/libsgx-ae-qe3*.deb ./linux/installer/deb/sgx-aesm-service/
+.PHONY: deb_libsgx_qe3_logic
+deb_libsgx_qe3_logic: psw
+	$(MAKE) -C external/dcap_source/QuoteGeneration deb_sgx_qe3_logic_pkg
+	$(CP) external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-qe3-logic/libsgx-qe3-logic*deb ./linux/installer/deb/sgx-aesm-service/
+.PHONY: deb_libsgx_pce_logic
+deb_libsgx_pce_logic: psw
+	$(MAKE) -C external/dcap_source/QuoteGeneration deb_sgx_pce_logic_pkg
+	$(CP) external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-pce-logic/libsgx-pce-logic*deb ./linux/installer/deb/sgx-aesm-service/
 
 .PHONY: deb_libsgx_dcap_default_qpl
 deb_libsgx_dcap_default_qpl: 
@@ -137,7 +145,7 @@ deb_libsgx_urts: psw
 	./linux/installer/deb/libsgx-urts/build.sh
 
 .PHONY: deb_psw_pkg
-deb_psw_pkg: deb_sgx_aesm_service deb_libsgx_epid deb_libsgx_launch deb_libsgx_quote_ex deb_libsgx_uae_service deb_libsgx_enclave_common deb_libsgx_urts deb_libsgx_ae_qe3 deb_libsgx_dcap_default_qpl deb_libsgx_dcap_pccs
+deb_psw_pkg: deb_libsgx_qe3_logic deb_libsgx_pce_logic deb_sgx_aesm_service deb_libsgx_epid deb_libsgx_launch deb_libsgx_quote_ex deb_libsgx_uae_service deb_libsgx_enclave_common deb_libsgx_urts deb_libsgx_ae_qe3 deb_libsgx_dcap_default_qpl deb_libsgx_dcap_pccs
 
 .PHONY: deb_local_repo
 deb_local_repo: deb_psw_pkg
@@ -150,6 +158,14 @@ ifeq ("$(wildcard ./external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt/li
 endif
 	$(MAKE) -C external/dcap_source/QuoteGeneration rpm_sgx_ae_qe3_pkg
 	$(CP) external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-ae-qe3/libsgx-ae-qe3*.rpm ./linux/installer/rpm/sgx-aesm-service/
+.PHONY: rpm_libsgx_pce_logic
+rpm_libsgx_pce_logic: psw
+	$(MAKE) -C external/dcap_source/QuoteGeneration rpm_sgx_pce_logic_pkg
+	$(CP) external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-pce-logic/libsgx-pce-logic*.rpm ./linux/installer/rpm/sgx-aesm-service/
+.PHONY: rpm_libsgx_qe3_logic
+rpm_libsgx_qe3_logic: psw
+	$(MAKE) -C external/dcap_source/QuoteGeneration rpm_sgx_qe3_logic_pkg
+	$(CP) external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-qe3-logic/libsgx-qe3-logic*.rpm ./linux/installer/rpm/sgx-aesm-service/
 
 .PHONY: rpm_sgx_aesm_service
 rpm_sgx_aesm_service: psw
@@ -184,7 +200,7 @@ rpm_sdk_pkg: sdk
 	./linux/installer/rpm/sdk/build.sh
 
 .PHONY: rpm_psw_pkg
-rpm_psw_pkg: rpm_sgx_aesm_service rpm_libsgx_epid rpm_libsgx_launch rpm_libsgx_quote_ex rpm_libsgx_uae_service rpm_libsgx_enclave_common rpm_libsgx_urts rpm_libsgx_ae_qe3
+rpm_psw_pkg: rpm_libsgx_pce_logic rpm_libsgx_qe3_logic rpm_sgx_aesm_service rpm_libsgx_epid rpm_libsgx_launch rpm_libsgx_quote_ex rpm_libsgx_uae_service rpm_libsgx_enclave_common rpm_libsgx_urts rpm_libsgx_ae_qe3
 
 .PHONY: rpm_local_repo
 rpm_local_repo: rpm_psw_pkg

README.md

@@ -11,7 +11,8 @@ Intel(R) Software Guard Extensions (Intel(R) SGX) is an Intel technology for app
 
 The Linux\* Intel(R) SGX software stack is comprised of the Intel(R) SGX driver, the Intel(R) SGX SDK, and the Intel(R) SGX Platform Software (PSW). The Intel(R) SGX SDK and Intel(R) SGX PSW are hosted in the [linux-sgx](https://github.com/01org/linux-sgx) project.
 
-The [linux-sgx-driver](https://github.com/01org/linux-sgx-driver) project hosts the out-of-tree driver for the Linux\* Intel(R) SGX software stack, which will be used until the driver upstreaming process is complete. 
+The [SGXDataCenterAttestationPrimitives](https://github.com/intel/SGXDataCenterAttestationPrimitives/) project maintains an out-of-tree driver for the Linux\* Intel(R) SGX software stack, which will be used until the driver upstreaming process is complete. It is used on the platforms with *Flexible Launch Control* and *Intel(R) AES New Instructions* support and could support both Elliptic Curve Digital Signature algorithm (ECDSA) based attestation and Enhanced Privacy Identification (EPID) based attestation.      
+The [linux-sgx-driver](https://github.com/01org/linux-sgx-driver) project hosts the other out-of-tree driver for the Linux\* Intel(R) SGX software stack, which will be used until the driver upstreaming process is complete. It is used to support Enhanced Privacy Identification (EPID) based attestation on the platforms without *Flexible Launch Control*. 
 
 The repository provides a reference implementation of a Launch Enclave for 'Flexible Launch Control' under [psw/ae/ref_le](psw/ae/ref_le). The reference LE implementation can be used as a basis for enforcing different launch control policy by the platform developer or owner. To build and try it by yourself, please refer to the [ref_le.md](psw/ae/ref_le/ref_le.md) for details.
 
@@ -28,9 +29,18 @@ Documentation
 - [Intel(R) SGX for Linux\* OS](https://01.org/intel-softwareguard-extensions) project home page on [01.org](https://01.org)
 - [Intel(R) SGX Programming Reference](https://software.intel.com/sites/default/files/managed/7c/f1/332831-sdm-vol-3d.pdf)
 
+Quick Start
+-----------------------------------------
+### Use Docker and Docker Compose
+```
+$ cd docker/build && ./build_compose_run.sh
+```
+See this [README](docker/build/README.md) for details.
+
 Build and Install the Intel(R) SGX Driver
 -----------------------------------------
-Follow the instructions in the [linux-sgx-driver](https://github.com/01org/linux-sgx-driver) project to build and install the Intel(R) SGX driver.
+Follow the [README.md](https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/driver/linux/README.md) in the [SGXDataCenterAttestationPrimitives](https://github.com/intel/SGXDataCenterAttestationPrimitives/) project to build and install the Intel(R) SGX driver.     
+**NOTE**: The above Intel(R) SGX driver requires *Flexible Launch Control* and *Intel(R) AES New Instructions* support. If your platform doesn't meet the requirement, please follow  the instructions in the [linux-sgx-driver](https://github.com/01org/linux-sgx-driver) project to build and install this version of Intel(R) SGX driver.
 
 Build the Intel(R) SGX SDK and Intel(R) SGX PSW Package
 -------------------------------------------------------
@@ -49,26 +59,26 @@ Build the Intel(R) SGX SDK and Intel(R) SGX PSW Package
 - Use the following command(s) to install the required tools to build the Intel(R) SGX SDK:  
   * On Ubuntu 16.04:
   ```
-    $ sudo apt-get install build-essential ocaml automake autoconf libtool wget python libssl-dev git
+    $ sudo apt-get install build-essential ocaml automake autoconf libtool wget python libssl-dev git cmake perl
   ```
   * On Ubuntu 18.04:
   ```
-    $ sudo apt-get install build-essential ocaml ocamlbuild automake autoconf libtool wget python libssl-dev git
+    $ sudo apt-get install build-essential ocaml ocamlbuild automake autoconf libtool wget python libssl-dev git cmake perl
   ```
   * On Red Hat Enterprise Linux 7.4, Red Hat Enterprise Linux 8.0 and CentOS 7.5:
   ```
     $ sudo yum groupinstall 'Development Tools'
-    $ sudo yum install ocaml ocaml-ocamlbuild wget python2 openssl-devel git
+    $ sudo yum install ocaml ocaml-ocamlbuild wget python2 openssl-devel git cmake perl
   ```
   * On Fedora 27:
   ```
     $ sudo yum groupinstall 'C Development Tools and Libraries'
-    $ sudo yum install ocaml ocaml-ocamlbuild redhat-rpm-config openssl-devel wget python rpm-build git
+    $ sudo yum install ocaml ocaml-ocamlbuild redhat-rpm-config openssl-devel wget python rpm-build git cmake perl
   ```
   * On SUSE Linux Enterprise Server 12:
   ```
     $ sudo zypper install --type pattern devel_basis
-    $ sudo zypper install ocaml ocaml-ocamlbuild automake autoconf libtool wget python libopenssl-devel rpm-build git
+    $ sudo zypper install ocaml ocaml-ocamlbuild automake autoconf libtool wget python libopenssl-devel rpm-build git cmake perl
   ```
    **Note**:  To build Intel(R) SGX SDK, GNU binutils version is required to be 2.26 or above. For Red Hat Enterprise Linux 7.4, you may need to update GNU binutils version using below command:
    ```

SampleCode/Cxx11SGXDemo/Enclave/Enclave_private.pem renamed to SampleCode/Cxx11SGXDemo/Enclave/Enclave_private_test.pem

@@ -256,7 +256,7 @@ $(Enclave_Name): Enclave/Enclave_t.o $(Enclave_Cpp_Objects)
 	@echo "LINK =>  $@"
 
 $(Signed_Enclave_Name): $(Enclave_Name)
-	@$(SGX_ENCLAVE_SIGNER) sign -key Enclave/Enclave_private.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File)
+	@$(SGX_ENCLAVE_SIGNER) sign -key Enclave/Enclave_private_test.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File)
 	@echo "SIGN =>  $@"
 
 .PHONY: clean

SampleCode/Cxx11SGXDemo/Makefile

@@ -45,7 +45,7 @@ ENCLAVE_NAME := libenclave_initiator.so
 SIGNED_ENCLAVE_NAME := libenclave_initiator.signed.so
 
 $(SIGNED_ENCLAVE_NAME) : $(ENCLAVE_NAME)
-	@$(SGX_ENCLAVE_SIGNER) sign -key EnclaveInitiator_private.pem -enclave $(ENCLAVE_NAME) -out $@ -config EnclaveInitiator.config.xml
+	@$(SGX_ENCLAVE_SIGNER) sign -key EnclaveInitiator_private_test.pem -enclave $(ENCLAVE_NAME) -out $@ -config EnclaveInitiator.config.xml
 	@cp $(SIGNED_ENCLAVE_NAME) $(TOPDIR)/$(OUTDIR)/
 	@echo "SIGN =>  $@"
 

SampleCode/LocalAttestation/EnclaveInitiator/EnclaveInitiator_private.pem renamed to SampleCode/LocalAttestation/EnclaveInitiator/EnclaveInitiator_private_test.pem

@@ -45,7 +45,7 @@ ENCLAVE_NAME := libenclave_responder.so
 SIGNED_ENCLAVE_NAME := libenclave_responder.signed.so
 
 $(SIGNED_ENCLAVE_NAME) : $(ENCLAVE_NAME)
-	@$(SGX_ENCLAVE_SIGNER) sign -key EnclaveResponder_private.pem -enclave $(ENCLAVE_NAME) -out $@ -config EnclaveResponder.config.xml
+	@$(SGX_ENCLAVE_SIGNER) sign -key EnclaveResponder_private_test.pem -enclave $(ENCLAVE_NAME) -out $@ -config EnclaveResponder.config.xml
 	@cp $(SIGNED_ENCLAVE_NAME) $(TOPDIR)/$(OUTDIR)/
 	@echo "SIGN =>  $@"
 

SampleCode/LocalAttestation/EnclaveInitiator/Makefile

@@ -250,7 +250,7 @@ $(Enclave_Name): $(Enclave_Objects)
 	@echo "LINK =>  $@"
 
 $(Signed_Enclave_Name): $(Enclave_Name)
-	@$(SGX_ENCLAVE_SIGNER) sign -key Enclave/Enclave_private.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File)
+	@$(SGX_ENCLAVE_SIGNER) sign -key Enclave/Enclave_private_test.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File)
 	@echo "SIGN =>  $@"