Don't supply sgx_default_qcnl.conf in the docker image

2024-06-12 18:47:18 -05:00 · 2024-06-12 18:47:18 -05:00 · 77dbb1159c
commit 77dbb1159c
parent 4aa73b4226
3 changed files with 38 additions and 30 deletions
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -127,7 +127,6 @@ RUN apt-get update && apt-get install -y \
    libsgx-dcap-default-qpl=1.21.100.3-focal1 \
    libsgx-dcap-default-qpl-dev=1.21.100.3-focal1 \
    libcurl4
-COPY docker/sgx_default_qcnl_azure.conf /etc/sgx_default_qcnl.conf
 COPY host/main /bin/svr2
 COPY enclave/releases/sgx /enclaves
 COPY host/cmd/control/control /bin/svr2control
--- a/docker/sample_sgx_default_qcnl_azure.conf
+++ b/docker/sample_sgx_default_qcnl_azure.conf
@ -0,0 +1,38 @@
+{
+  // Sample config for the DCAP quote provider library that should be provided at /etc/sgx_default_qcnl.conf. See
+  // https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/main/QuoteGeneration/qcnl/linux/sgx_default_qcnl.conf
+  // https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/main/QuoteGeneration/qcnl/linux/sgx_default_qcnl_azure.conf
+
+  // PCCS server address, where to fetch PCS certificates. On azure, this should be the global
+  // azure Trusted Hardware Identity Management cache
+  "pccs_url": "https://global.acccache.azure.net/sgx/certification/v4/"
+
+  // Where to fetch PCS collateral
+  "collateral_service": "https://api.trustedservices.intel.com/sgx/certification/v4/",
+
+  "pccs_api_version": "3.1",
+
+  "retry_times": 6,
+
+  "retry_delay": 5,
+
+  // If local_pck_url is defined, the QCNL will try to retrieve PCK cert chain from local_pck_url
+  // first, and failover to pccs_url as in legacy mode. On azure this should be the local
+  // metadata Trusted Hardware Identity Management cache
+  "local_pck_url": "http://169.254.169.254/metadata/THIM/sgx/certification/v4/",
+
+  "pck_cache_expire_hours": 48,
+
+  // custom request headers and parameters to the get certificate API
+  "custom_request_options" : {
+       "get_cert" : {
+          "headers": {
+              "metadata": "true"
+          },
+          "params": {
+             "api-version": "2021-07-22-preview"
+         }
+      }
+   }
+}
+
--- a/docker/sgx_default_qcnl_azure.conf
+++ b/docker/sgx_default_qcnl_azure.conf
@ -1,29 +0,0 @@
-{
-  "pccs_url": "https://global.acccache.azure.net/sgx/certification/v4/",
-
-  "use_secure_cert": false,
-
-  "collateral_service": "https://pccs/sgx/certification/v4/",
-
-  "pccs_api_version": "3.1",
-
-  "retry_times": 6,
-
-  "retry_delay": 5,
-
-  "local_pck_url": "http://169.254.169.254/metadata/THIM/sgx/certification/v4/",
-
-  "pck_cache_expire_hours": 48,
-
-  "custom_request_options" : {
-       "get_cert" : {
-          "headers": {
-              "metadata": "true"
-          },
-          "params": {
-             "api-version": "2021-07-22-preview"
-         }
-      }
-   }
-}
-