Intel(R) SGX DCAP 1.16 Release

Upgraded Intel SGX Quote Verification Enclave to integrate SgxSSL/OpenSSL
  version 1.1.1t
Added new API in quote verification library to extract FMSPC
  (Family-Model-SteppingPlatform-CustomSKU) value from ECDSA quote
Added Rust support for SGX ECDSA quote generation
Added Linux kernel 5.19 support in TDX R3AAL (Ring 3 Attestation Abstraction
  Layer)
Removed Protobuf in TDX QGS (Quote Generation Service) and R3AAL (Ring 3
  Attestation Abstraction Layer)
Fixed bugs

Signed-off-by: Li, Xun <xun.li@intel.com>

Author: llly

Makefile

@@ -31,9 +31,9 @@
 
 CUR_MKFILE:= $(lastword $(MAKEFILE_LIST))
 
-.PHONY: all clean rebuild QuoteGeneration QuoteVerification PCKCertSelection PCKRetrievalTool SGXPlatformRegistration
+.PHONY: all clean rebuild QuoteGeneration QuoteVerification PCKCertSelection PCKRetrievalTool SGXPlatformRegistration WinPle WinPleIntel
 
-all: QuoteGeneration QuoteVerification PCKCertSelection PCKRetrievalTool SGXPlatformRegistration
+all: QuoteGeneration QuoteVerification PCKCertSelection PCKRetrievalTool SGXPlatformRegistration WinPle WinPleIntel
 
 QuoteGeneration: QuoteVerification
 	$(MAKE) -C QuoteGeneration
@@ -50,12 +50,20 @@ PCKRetrievalTool: QuoteGeneration
 SGXPlatformRegistration:
 	$(MAKE) -C tools/SGXPlatformRegistration
 
+WinPle:
+	$(MAKE) -C driver/win/PLE
+
+WinPleIntel:
+	$(MAKE) -C driver/win/PLE INTEL_SIGNED=1
+
 clean:
 	$(MAKE) -C QuoteGeneration clean
 	$(MAKE) -C QuoteVerification clean
 	$(MAKE) -C tools/PCKCertSelection clean
 	$(MAKE) -C tools/PCKRetrievalTool clean
 	$(MAKE) -C tools/SGXPlatformRegistration clean
+	$(MAKE) -C driver/win/PLE clean
+	$(MAKE) -C driver/win/PLE INTEL_SIGNED=1 clean
 
 rebuild:
 	$(MAKE) -f $(CUR_MKFILE) clean

QuoteGeneration/Makefile

@@ -117,11 +117,13 @@ tdx_qgs deb_sgx_tdx_qgs_pkg:
 tdx_attest deb_sgx_tdx_attest_pkg:
 	echo "Skip tdx_attest in ubuntu 18.04"
 else
+qgs_msg_lib:
+	$(MAKE) -C quote_wrapper/qgs_msg_lib/linux
 tdx_logic: pce_logic
 	$(MAKE) -C quote_wrapper/tdx_quote/linux
-tdx_qgs: tdx_logic
+tdx_qgs: tdx_logic qgs_msg_lib
 	$(MAKE) -C quote_wrapper/qgs
-tdx_attest:
+tdx_attest: qgs_msg_lib
 	$(MAKE) -C quote_wrapper/tdx_attest/linux
 deb_sgx_ae_tdqe_pkg: $(CHECK_OPT)
 	./installer/linux/deb/libsgx-ae-tdqe/build.sh

QuoteGeneration/README.md

@@ -39,7 +39,7 @@ For Windows* OS
 **NOTE**:`sgx_dcap_dev.inf` is for Windows* Server 2016 LTSC and `sgx_dcap.inf` is for Windows* Server 2019 LTSC.
 
 ## How to install
-   Refer to the *"Installation Instructions"* section in the [Intel(R) Software Guard Extensions: Data Center Attestation Primitives Installation Guide For Windows* OS](https://download.01.org/intel-sgx/sgx-dcap/1.15/windows/docs/Intel_SGX_DCAP_Windows_SW_Installation_Guide.pdf) to install the right packages on your platform.
+   Refer to the *"Installation Instructions"* section in the [Intel(R) Software Guard Extensions: Data Center Attestation Primitives Installation Guide For Windows* OS](https://download.01.org/intel-sgx/sgx-dcap/1.16/windows/docs/Intel_SGX_DCAP_Windows_SW_Installation_Guide.pdf) to install the right packages on your platform.
 
 
 For Linux* OS

QuoteGeneration/common/inc/internal/se_version.h

@@ -28,21 +28,21 @@
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
-#define STRFILEVER    "1.15.100.3"
-#define COPYRIGHT      "Copyright (C) 2022 Intel Corporation"
-#define FILEVER        1,15,100,3
-#define PRODUCTVER     1,15,100,3
-#define STRPRODUCTVER  "1.15.100.3"
+#define STRFILEVER    "1.16.100.2"
+#define COPYRIGHT      "Copyright (C) 2023 Intel Corporation"
+#define FILEVER        1,16,100,2
+#define PRODUCTVER     1,16,100,2
+#define STRPRODUCTVER  "1.16.100.2"
 #define COMPANYNAME    "Intel Corporation"
 #define PRODUCTNAME    "Intel® Software Guard Extensions"
 
-#define DEFAULT_QPL_VERSION          "1.13.102.3"
-#define QUOTE_VERIFIER_VERSION       "1.12.102.3"
-#define QUOTE_LOADER_VERSION         "1.11.105.3"
-#define TDQE_WRAPPER_VERSION         "1.14.102.3"
-#define PCE_WRAPPER_VERSION          "1.14.102.3"
+#define DEFAULT_QPL_VERSION          "1.13.103.2"
+#define QUOTE_VERIFIER_VERSION       "1.12.103.2"
+#define QUOTE_LOADER_VERSION         "1.11.106.2"
+#define TDQE_WRAPPER_VERSION         "1.14.103.2"
+#define PCE_WRAPPER_VERSION          "1.14.103.2"
 
-#define QE3_VERSION                  "1.15.100.1"
-#define QVE_VERSION                  "1.15.100.1"
-#define IDE_VERSION                  "1.14.100.2"
-#define TDQE_VERSION                 "1.14.100.2"
+#define QE3_VERSION                  "1.16.100.1"
+#define QVE_VERSION                  "1.16.100.1"
+#define IDE_VERSION                  "1.16.100.1"
+#define TDQE_VERSION                 "1.16.100.1"

QuoteGeneration/common/src/se_thread.c

@@ -30,7 +30,7 @@
  */
 #include "se_thread.h"
 #include "se_types.h"
-
+#include "se_memcpy.h"
 
 #if defined(_MSC_VER)
 
@@ -68,7 +68,7 @@ void se_mutex_init(se_mutex_t* mutex)
 #endif
 
     /* C doesn't allow `*mutex = PTHREAD_..._INITIALIZER'.*/
-    memcpy(mutex, &tmp, sizeof(tmp));
+    memcpy_s(mutex, sizeof(tmp), &tmp, sizeof(tmp));
 }
 
 int se_mutex_lock(se_mutex_t* mutex) { return (0 == pthread_mutex_lock(mutex)); }
@@ -78,7 +78,7 @@ int se_mutex_destroy(se_mutex_t* mutex) { return (0 == pthread_mutex_destroy(mut
 void se_thread_cond_init(se_cond_t* cond)
 {
     se_cond_t tmp = PTHREAD_COND_INITIALIZER;
-    memcpy(cond, &tmp, sizeof(tmp));
+    memcpy_s(cond, sizeof(tmp), &tmp, sizeof(tmp));
 }
 
 int se_thread_cond_wait(se_cond_t *cond, se_mutex_t *mutex){return (0 == pthread_cond_wait(cond, mutex));}

QuoteGeneration/download_prebuilt.bat

@@ -29,9 +29,9 @@
 
 @echo off
 
-set ae_file_name=prebuilt_windows_dcap_1.15.zip
-set checksum_file=SHA256SUM_prebuilt_windows_dcap_1.15.cfg
-set server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.15/windows/
+set ae_file_name=prebuilt_windows_dcap_1.16.zip
+set checksum_file=SHA256SUM_prebuilt_windows_dcap_1.16.cfg
+set server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.16/windows/
 set server_ae_url=%server_url_path%/%ae_file_name%
 set server_checksum_url=%server_url_path%/%checksum_file%
 

QuoteGeneration/download_prebuilt.sh

@@ -32,9 +32,9 @@
 
 top_dir=`dirname $0`
 out_dir=$top_dir
-ae_file_name=prebuilt_dcap_1.15.tar.gz
-checksum_file=SHA256SUM_prebuilt_dcap_1.15.cfg
-server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.15/linux/
+ae_file_name=prebuilt_dcap_1.16.tar.gz
+checksum_file=SHA256SUM_prebuilt_dcap_1.16.cfg
+server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.16/linux/
 server_ae_url=$server_url_path/$ae_file_name
 server_checksum_url=$server_url_path/$checksum_file
 

QuoteGeneration/installer/linux/deb/libsgx-dcap-ql/libsgx-dcap-ql-1.0/debian/control

@@ -9,11 +9,11 @@ Homepage: https://github.com/intel/SGXDataCenterAttestationPrimitives
 Package: libsgx-dcap-ql
 Architecture: amd64
 Depends: libsgx-qe3-logic(>= @dep_version@), libsgx-pce-logic(>= @dep_version@), ${shlibs:Depends}, ${misc:Depends}
-Recommends: libsgx-dcap-quote-verify(>= @dep_version@), libsgx-quote-ex(>= 2.18)
+Recommends: libsgx-dcap-quote-verify(>= @dep_version@), libsgx-quote-ex(>= 2.19)
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives
 
 Package: libsgx-dcap-ql-dev
 Section: devel
 Architecture: amd64
-Depends: libsgx-dcap-ql (= @dep_version@), libsgx-headers (>= 2.18)
+Depends: libsgx-dcap-ql (= @dep_version@), libsgx-headers (>= 2.19)
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives For Developers

QuoteGeneration/installer/linux/deb/libsgx-dcap-quote-verify/libsgx-dcap-quote-verify-1.0/debian/control

@@ -9,11 +9,11 @@ Homepage: https://github.com/intel/SGXDataCenterAttestationPrimitives
 Package: libsgx-dcap-quote-verify
 Architecture: amd64
 Depends: ${shlibs:Depends}, ${misc:Depends}
-Recommends: libsgx-ae-qve (>= @dep_version@), libsgx-urts (>= 2.18)
+Recommends: libsgx-ae-qve (>= @dep_version@), libsgx-urts (>= 2.19)
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives
 
 Package: libsgx-dcap-quote-verify-dev
 Section: devel
 Architecture: amd64
-Depends: libsgx-dcap-quote-verify (= @dep_version@), libsgx-headers (>= 2.18)
+Depends: libsgx-dcap-quote-verify (= @dep_version@), libsgx-headers (>= 2.19)
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives For Developers

QuoteGeneration/installer/linux/deb/libsgx-pce-logic/libsgx-pce-logic-1.0/debian/control

@@ -8,5 +8,5 @@ Homepage: https://github.com/intel/SGXDataCenterAttestationPrimitives
 
 Package: libsgx-pce-logic
 Architecture: amd64
-Depends: libsgx-urts (>= 2.18), libsgx-ae-pce(>= 2.18), ${shlibs:Depends}, ${misc:Depends}
+Depends: libsgx-urts (>= 2.19), libsgx-ae-pce(>= 2.19), ${shlibs:Depends}, ${misc:Depends}
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives