39 lines
1.4 KiB
Plaintext
39 lines
1.4 KiB
Plaintext
{
|
|
// Sample config for the DCAP quote provider library that should be provided at /etc/sgx_default_qcnl.conf. See
|
|
// https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/main/QuoteGeneration/qcnl/linux/sgx_default_qcnl.conf
|
|
// https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/main/QuoteGeneration/qcnl/linux/sgx_default_qcnl_azure.conf
|
|
|
|
// PCCS server address, where to fetch PCS certificates. On azure, this should be the global
|
|
// azure Trusted Hardware Identity Management cache
|
|
"pccs_url": "https://global.acccache.azure.net/sgx/certification/v4/"
|
|
|
|
// Where to fetch PCS collateral
|
|
"collateral_service": "https://api.trustedservices.intel.com/sgx/certification/v4/",
|
|
|
|
"pccs_api_version": "3.1",
|
|
|
|
"retry_times": 6,
|
|
|
|
"retry_delay": 5,
|
|
|
|
// If local_pck_url is defined, the QCNL will try to retrieve PCK cert chain from local_pck_url
|
|
// first, and failover to pccs_url as in legacy mode. On azure this should be the local
|
|
// metadata Trusted Hardware Identity Management cache
|
|
"local_pck_url": "http://169.254.169.254/metadata/THIM/sgx/certification/v4/",
|
|
|
|
"pck_cache_expire_hours": 48,
|
|
|
|
// custom request headers and parameters to the get certificate API
|
|
"custom_request_options" : {
|
|
"get_cert" : {
|
|
"headers": {
|
|
"metadata": "true"
|
|
},
|
|
"params": {
|
|
"api-version": "2021-07-22-preview"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|