Intel(R) SGX DCAP 1.17 Release

Applied CVE-2023-1255, CVE-2023-0465, and CVE-2023-0466 patches to
  SgxSSL/OpenSSL 1.1.1t.
Upgraded to Intel(R) Integrated Performance Primitives (IPP) Cryptography
  library version 2021.7.
Upgraded Intel SGX Quote Verification Enclave to integrate updated SgxSSL.
Enhanced the attestation local cache functionality by giving users the option
  to provide their own cache file.
Enabled QPL/QCNL log in DCAP samples.
Fixed bugs.

Signed-off-by: Li, Xun <xun.li@intel.com>

Author: llly

QuoteGeneration/Makefile

@@ -76,7 +76,7 @@ qve_wrapper:
 
 
 .PHONY: deb_sgx_dcap_ql_pkg
-deb_sgx_dcap_ql_pkg: $(CHECK_OPT) pce_logic qe3_logic qve_wrapper
+deb_sgx_dcap_ql_pkg: $(CHECK_OPT) pce_logic qe3_logic
 	./installer/linux/deb/libsgx-dcap-ql/build.sh
 
 .PHONY: deb_sgx_dcap_quote_verify_pkg

QuoteGeneration/README.md

@@ -39,7 +39,7 @@ For Windows* OS
 **NOTE**:`sgx_dcap_dev.inf` is for Windows* Server 2016 LTSC and `sgx_dcap.inf` is for Windows* Server 2019 LTSC.
 
 ## How to install
-   Refer to the *"Installation Instructions"* section in the [Intel(R) Software Guard Extensions: Data Center Attestation Primitives Installation Guide For Windows* OS](https://download.01.org/intel-sgx/sgx-dcap/1.16/windows/docs/Intel_SGX_DCAP_Windows_SW_Installation_Guide.pdf) to install the right packages on your platform.
+   Refer to the *"Installation Instructions"* section in the [Intel(R) Software Guard Extensions: Data Center Attestation Primitives Installation Guide For Windows* OS](https://download.01.org/intel-sgx/sgx-dcap/1.17/windows/docs/Intel_SGX_DCAP_Windows_SW_Installation_Guide.pdf) to install the right packages on your platform.
 
 
 For Linux* OS

QuoteGeneration/common/inc/internal/se_version.h

@@ -28,21 +28,21 @@
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
-#define STRFILEVER    "1.16.100.2"
+#define STRFILEVER    "1.17.100.4"
 #define COPYRIGHT      "Copyright (C) 2023 Intel Corporation"
-#define FILEVER        1,16,100,2
-#define PRODUCTVER     1,16,100,2
-#define STRPRODUCTVER  "1.16.100.2"
+#define FILEVER        1,17,100,4
+#define PRODUCTVER     1,17,100,4
+#define STRPRODUCTVER  "1.17.100.4"
 #define COMPANYNAME    "Intel Corporation"
 #define PRODUCTNAME    "Intel® Software Guard Extensions"
 
-#define DEFAULT_QPL_VERSION          "1.13.103.2"
-#define QUOTE_VERIFIER_VERSION       "1.12.103.2"
-#define QUOTE_LOADER_VERSION         "1.11.106.2"
-#define TDQE_WRAPPER_VERSION         "1.14.103.2"
-#define PCE_WRAPPER_VERSION          "1.14.103.2"
+#define DEFAULT_QPL_VERSION          "1.13.104.4"
+#define QUOTE_VERIFIER_VERSION       "1.12.104.4"
+#define QUOTE_LOADER_VERSION         "1.11.104.4"
+#define TDQE_WRAPPER_VERSION         "1.14.104.4"
+#define PCE_WRAPPER_VERSION          "1.14.104.4"
 
 #define QE3_VERSION                  "1.16.100.1"
-#define QVE_VERSION                  "1.16.100.1"
+#define QVE_VERSION                  "1.17.100.1"
 #define IDE_VERSION                  "1.16.100.1"
 #define TDQE_VERSION                 "1.16.100.1"

QuoteGeneration/download_prebuilt.bat

@@ -29,9 +29,9 @@
 
 @echo off
 
-set ae_file_name=prebuilt_windows_dcap_1.16.zip
-set checksum_file=SHA256SUM_prebuilt_windows_dcap_1.16.cfg
-set server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.16/windows/
+set ae_file_name=prebuilt_windows_dcap_1.17.zip
+set checksum_file=SHA256SUM_prebuilt_windows_dcap_1.17.cfg
+set server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.17/windows/
 set server_ae_url=%server_url_path%/%ae_file_name%
 set server_checksum_url=%server_url_path%/%checksum_file%
 

QuoteGeneration/download_prebuilt.sh

@@ -32,9 +32,9 @@
 
 top_dir=`dirname $0`
 out_dir=$top_dir
-ae_file_name=prebuilt_dcap_1.16.tar.gz
-checksum_file=SHA256SUM_prebuilt_dcap_1.16.cfg
-server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.16/linux/
+ae_file_name=prebuilt_dcap_1.17.tar.gz
+checksum_file=SHA256SUM_prebuilt_dcap_1.17.cfg
+server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.17/linux/
 server_ae_url=$server_url_path/$ae_file_name
 server_checksum_url=$server_url_path/$checksum_file
 

QuoteGeneration/installer/linux/common/sgx-dcap-pccs/Makefile

@@ -38,11 +38,11 @@ PCCS_CONF=pccs.service
 PCCS_CONF_PATH=$(if $(wildcard /run/systemd/system/.),$(if $(wildcard /lib/systemd/system/.),/lib/systemd/system,/usr/lib/systemd/system),$(if $(wildcard /etc/init/.),/etc/init/))
 
 ifeq ($(PCCS_CONF_PATH),)
-ifneq ($(shell awk -F/ '$$2 == "docker"' /proc/self/cgroup),)
+ifeq ($(BUILD_PLATFORM),docker)
 PCCS_CONF_PATH=/lib/systemd/system
 $(warning "You may need to start service manually after it's installed!")
 else
-(error "Unsupported platform - neither systemctl nor initctl is found!")
+$(error "Unsupported platform - neither systemctl nor initctl is found!")
 endif
 endif
 

QuoteGeneration/installer/linux/common/tdx-qgs/Makefile

@@ -39,7 +39,7 @@ QGSD_CONF_DEL=$(if $(wildcard /run/systemd/system/.*),qgsd.conf,$(if $(wildcard
 QGSD_CONF_PATH=$(if $(wildcard /run/systemd/system/.*),$(if $(wildcard /lib/systemd/system/.*),/lib/systemd/system,/usr/lib/systemd/system),$(if $(wildcard /etc/init/.*),/etc/init/))
 
 ifeq ($(QGSD_CONF_NAME),)
-ifneq ($(shell awk -F/ '$$2 == "docker"' /proc/self/cgroup),)
+ifeq ($(BUILD_PLATFORM),docker)
 QGSD_CONF_NAME=qgsd.service
 QGSD_CONF_DEL=qgsd.conf
 QGSD_CONF_PATH=/lib/systemd/system

QuoteGeneration/installer/linux/deb/libsgx-dcap-default-qpl/libsgx-dcap-default-qpl-1.0/debian/postrm

@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+# postrm script for libsgx-dcap-default-qpl
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postrm> `remove'
+#        * <postrm> `purge'
+#        * <old-postrm> `upgrade' <new-version>
+#        * <new-postrm> `failed-upgrade' <old-version>
+#        * <new-postrm> `abort-install'
+#        * <new-postrm> `abort-install' <old-version>
+#        * <new-postrm> `abort-upgrade' <old-version>
+#        * <disappearer's-postrm> `disappear' <overwriter>
+#          <overwriter-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    remove)
+    ;;
+
+    purge)
+        # Remove program generated files
+        # Define the directories to search
+        user_home=$(getent passwd "$SUDO_USER" | cut -d: -f6)
+        directories=("$AZDCAP_CACHE" "$XDG_CACHE_HOME" "$HOME" "$user_home" "$TMPDIR" "/tmp")
+
+        # Loop through the directories
+        for dir in "${directories[@]}"; do
+            # Check if the directory exists and is not empty
+            if [ -n "$dir" ] && [ -d "$dir" ]; then
+                # Check for the existence of the .dcap_qcnl subdirectory and delete it
+                if [ -d "$dir/.dcap-qcnl" ]; then
+                    rm -rf "$dir/.dcap-qcnl"
+                fi
+            fi
+        done
+    ;;
+
+    upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+    ;;
+
+    *)
+        echo "postrm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0

QuoteGeneration/installer/linux/deb/libsgx-dcap-ql/libsgx-dcap-ql-1.0/debian/control

@@ -9,11 +9,11 @@ Homepage: https://github.com/intel/SGXDataCenterAttestationPrimitives
 Package: libsgx-dcap-ql
 Architecture: amd64
 Depends: libsgx-qe3-logic(>= @dep_version@), libsgx-pce-logic(>= @dep_version@), ${shlibs:Depends}, ${misc:Depends}
-Recommends: libsgx-dcap-quote-verify(>= @dep_version@), libsgx-quote-ex(>= 2.19)
+Recommends: libsgx-dcap-quote-verify(>= @dep_version@), libsgx-quote-ex(>= 2.20)
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives
 
 Package: libsgx-dcap-ql-dev
 Section: devel
 Architecture: amd64
-Depends: libsgx-dcap-ql (= @dep_version@), libsgx-headers (>= 2.19)
+Depends: libsgx-dcap-ql (= @dep_version@), libsgx-headers (>= 2.20)
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives For Developers

QuoteGeneration/installer/linux/deb/libsgx-dcap-quote-verify/libsgx-dcap-quote-verify-1.0/debian/control

@@ -9,11 +9,11 @@ Homepage: https://github.com/intel/SGXDataCenterAttestationPrimitives
 Package: libsgx-dcap-quote-verify
 Architecture: amd64
 Depends: ${shlibs:Depends}, ${misc:Depends}
-Recommends: libsgx-ae-qve (>= @dep_version@), libsgx-urts (>= 2.19)
+Recommends: libsgx-ae-qve (>= @dep_version@), libsgx-urts (>= 2.20)
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives
 
 Package: libsgx-dcap-quote-verify-dev
 Section: devel
 Architecture: amd64
-Depends: libsgx-dcap-quote-verify (= @dep_version@), libsgx-headers (>= 2.19)
+Depends: libsgx-dcap-quote-verify (= @dep_version@), libsgx-headers (>= 2.20)
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives For Developers