Intel(R) SGX DCAP 1.21 Release

Upgraded Intel DCAP Ring3 Abstraction Layer(R3AAL) library to support
  ConfigFS-TSM as communication channel between host and guest for TDX remote
  attestation.
Upgraded Intel DCAP Quote Verification Enclave to integrate OpenSSL/SgxSSL 3.0.13.
Upgraded new TDX attestation result “TD_RELAUNCH_ADVISED” in Intel DCAP Quote.
Verification Library(QVL) and Appraisal Engine.
Fixed bugs.

Signed-off-by: Li, Xun <xun.li@intel.com>

Author: llly

.gitmodules

@@ -1,11 +1,11 @@
 [submodule "QuoteVerification/QVL"]
 	path = QuoteVerification/QVL
 	url = https://github.com/intel/SGX-TDX-DCAP-QuoteVerificationLibrary.git
-	branch = DCAP/1.20
+	branch = DCAP/1.21
 [submodule "QuoteVerification/QuoteVerificationService"]
 	path = QuoteVerification/QuoteVerificationService
 	url = https://github.com/intel/SGX-TDX-DCAP-QuoteVerificationService.git
-	branch = stable
+	branch = DCAP/1.21
 [submodule "external/wasm-micro-runtime"]
 	path = external/wasm-micro-runtime
 	url = https://github.com/bytecodealliance/wasm-micro-runtime.git

QuoteGeneration/README.md

@@ -39,7 +39,7 @@ For Windows* OS
 **NOTE**:`sgx_dcap_dev.inf` is for Windows* Server 2016 LTSC and `sgx_dcap.inf` is for Windows* Server 2019 LTSC.
 
 ## How to install
-   Refer to the *"Installation Instructions"* section in the [Intel(R) Software Guard Extensions: Data Center Attestation Primitives Installation Guide For Windows* OS](https://download.01.org/intel-sgx/sgx-dcap/1.20/windows/docs/Intel_SGX_DCAP_Windows_SW_Installation_Guide.pdf) to install the right packages on your platform.
+   Refer to the *"Installation Instructions"* section in the [Intel(R) Software Guard Extensions: Data Center Attestation Primitives Installation Guide For Windows* OS](https://download.01.org/intel-sgx/sgx-dcap/1.21/windows/docs/Intel_SGX_DCAP_Windows_SW_Installation_Guide.pdf) to install the right packages on your platform.
 
 
 For Linux* OS

QuoteGeneration/buildenv.mk

@@ -68,10 +68,12 @@ SGX_DEBUG ?= 0
 
 ifndef SERVTD_ATTEST
     ifneq ($(origin SGX_SDK),file)
-      include $(SGX_SDK)/buildenv.mk
-	  else
-$(info You may need to set environment variables if the SGX SDK is installed.)
-$(info Use a command like 'source /opt/intel/sgxsdk/environment')
+        include $(SGX_SDK)/buildenv.mk
+    else
+        ifneq ($(SDK_NOT_REQUIRED), 1)
+            $(info You may need to set environment variables if the SGX SDK is installed.)
+            $(info Use a command like 'source /opt/intel/sgxsdk/environment')
+        endif
     endif
 endif
 

QuoteGeneration/common/inc/internal/se_version.h

@@ -28,21 +28,21 @@
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
-#define STRFILEVER    "1.20.100.2"
-#define COPYRIGHT      "Copyright (C) 2023 Intel Corporation"
-#define FILEVER        1,20,100,2
-#define PRODUCTVER     1,20,100,2
-#define STRPRODUCTVER  "1.20.100.2"
+#define STRFILEVER    "1.21.100.3"
+#define COPYRIGHT      "Copyright (C) 2024 Intel Corporation"
+#define FILEVER        1,21,100,3
+#define PRODUCTVER     1,21,100,3
+#define STRPRODUCTVER  "1.21.100.3"
 #define COMPANYNAME    "Intel Corporation"
 #define PRODUCTNAME    "Intel® Software Guard Extensions"
 
-#define DEFAULT_QPL_VERSION          "1.13.107.2"
-#define QUOTE_VERIFIER_VERSION       "1.13.100.2"
-#define QUOTE_LOADER_VERSION         "1.11.107.2"
-#define TDQE_WRAPPER_VERSION         "1.14.107.2"
-#define PCE_WRAPPER_VERSION          "1.14.107.2"
+#define DEFAULT_QPL_VERSION          "1.13.108.3"
+#define QUOTE_VERIFIER_VERSION       "1.13.101.3"
+#define QUOTE_LOADER_VERSION         "1.11.108.3"
+#define TDQE_WRAPPER_VERSION         "1.14.108.3"
+#define PCE_WRAPPER_VERSION          "1.14.108.3"
 
 #define QE3_VERSION                  "1.19.100.1"
-#define QVE_VERSION                  "1.20.100.1"
+#define QVE_VERSION                  "1.21.100.1"
 #define IDE_VERSION                  "1.19.100.1"
 #define TDQE_VERSION                 "1.19.100.1"

QuoteGeneration/download_prebuilt.bat

@@ -29,9 +29,9 @@
 
 @echo off
 
-set ae_file_name=prebuilt_windows_dcap_1.20.zip
-set checksum_file=SHA256SUM_prebuilt_windows_dcap_1.20.cfg
-set server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.20/windows/
+set ae_file_name=prebuilt_windows_dcap_1.21.zip
+set checksum_file=SHA256SUM_prebuilt_windows_dcap_1.21.cfg
+set server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.21/windows/
 set server_ae_url=%server_url_path%/%ae_file_name%
 set server_checksum_url=%server_url_path%/%checksum_file%
 

QuoteGeneration/download_prebuilt.sh

@@ -32,9 +32,9 @@
 
 top_dir=`dirname $0`
 out_dir=$top_dir
-ae_file_name=prebuilt_dcap_1.20.tar.gz
-checksum_file=SHA256SUM_prebuilt_dcap_1.20.cfg
-server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.20/linux/
+ae_file_name=prebuilt_dcap_1.21.tar.gz
+checksum_file=SHA256SUM_prebuilt_dcap_1.21.cfg
+server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.21/linux/
 server_ae_url=$server_url_path/$ae_file_name
 server_checksum_url=$server_url_path/$checksum_file
 

QuoteGeneration/installer/linux/common/sgx-dcap-pccs/BOMs/sgx-dcap-pccs.txt

@@ -43,11 +43,13 @@ DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
 <deliverydir>/pccs/middleware/auth.js	<installdir>/middleware/auth.js	0	main	STP
 <deliverydir>/pccs/middleware/error.js	<installdir>/middleware/error.js	0	main	STP
 <deliverydir>/pccs/middleware/addRequestId.js	<installdir>/middleware/addRequestId.js	0	main	STP
+<deliverydir>/pccs/middleware/filterDuplicatedParams.js	<installdir>/middleware/filterDuplicatedParams.js	0	main	STP
 <deliverydir>/pccs/migrations/00_db_initialize.up.sql	<installdir>/migrations/00_db_initialize.up.sql	0	main	STP
 <deliverydir>/pccs/migrations/01_db_version_1.js	<installdir>/migrations/01_db_version_1.js	0	main	STP
 <deliverydir>/pccs/migrations/02_db_version_2.js	<installdir>/migrations/02_db_version_2.js	0	main	STP
 <deliverydir>/pccs/migrations/03_db_version_3.js	<installdir>/migrations/03_db_version_3.js	0	main	STP
 <deliverydir>/pccs/migrations/04_db_version_4.js	<installdir>/migrations/04_db_version_4.js	0	main	STP
+<deliverydir>/pccs/migrations/05_db_version_5.js	<installdir>/migrations/05_db_version_5.js	0	main	STP
 <deliverydir>/pccs/pcs_client/pcs_client.js	<installdir>/pcs_client/pcs_client.js	0	main	STP
 <deliverydir>/pccs/routes/index.js	<installdir>/routes/index.js	0	main	STP
 <deliverydir>/pccs/services/identityService.js	<installdir>/services/identityService.js	0	main	STP

QuoteGeneration/installer/linux/common/tdx-qgs/Makefile

@@ -34,6 +34,7 @@ include installConfig
 PACKAGE_ROOT_FOLDER=pkgroot
 PACKAGES=$(notdir $(wildcard $(PACKAGE_ROOT_FOLDER)/*))
 
+VAR_OPT_PATH=/var/opt/qgsd
 QGSD_CONF_NAME=$(if $(wildcard /run/systemd/system/.*),qgsd.service,$(if $(wildcard /etc/init/.*),qgsd.conf,))
 QGSD_CONF_DEL=$(if $(wildcard /run/systemd/system/.*),qgsd.conf,$(if $(wildcard /etc/init/.*),qgsd.service,))
 QGSD_CONF_PATH=$(if $(wildcard /run/systemd/system/.*),$(if $(wildcard /lib/systemd/system/.*),/lib/systemd/system,/usr/lib/systemd/system),$(if $(wildcard /etc/init/.*),/etc/init/))
@@ -52,6 +53,7 @@ endif
 default:
 
 install: $(PACKAGES)
+	install -d $(shell readlink -m $(DESTDIR)/$(VAR_OPT_PATH))
 	install -d $(shell readlink -m $(DESTDIR)/$(QGSD_CONF_PATH))
 	sed -e "s:@qgs_folder@:$(TDX_QGS_PACKAGE_PATH)/$(TDX_QGS_PACKAGE_NAME):" \
 		$(DESTDIR)/$(TDX_QGS_PACKAGE_PATH)/$(TDX_QGS_PACKAGE_NAME)/$(QGSD_CONF_NAME) \

QuoteGeneration/installer/linux/deb/libsgx-dcap-ql/libsgx-dcap-ql-1.0/debian/control

@@ -9,11 +9,11 @@ Homepage: https://github.com/intel/SGXDataCenterAttestationPrimitives
 Package: libsgx-dcap-ql
 Architecture: amd64
 Depends: libsgx-qe3-logic(>= @dep_version@), libsgx-pce-logic(>= @dep_version@), ${shlibs:Depends}, ${misc:Depends}
-Recommends: libsgx-dcap-quote-verify(>= @dep_version@), libsgx-quote-ex(>= 2.23)
+Recommends: libsgx-dcap-quote-verify(>= @dep_version@), libsgx-quote-ex(>= 2.24)
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives
 
 Package: libsgx-dcap-ql-dev
 Section: devel
 Architecture: amd64
-Depends: libsgx-dcap-ql (= @dep_version@), libsgx-headers (>= 2.23)
+Depends: libsgx-dcap-ql (= @dep_version@), libsgx-headers (>= 2.24)
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives For Developers

QuoteGeneration/installer/linux/deb/libsgx-dcap-quote-verify/libsgx-dcap-quote-verify-1.0/debian/control

@@ -9,11 +9,11 @@ Homepage: https://github.com/intel/SGXDataCenterAttestationPrimitives
 Package: libsgx-dcap-quote-verify
 Architecture: amd64
 Depends: ${shlibs:Depends}, ${misc:Depends}
-Recommends: libsgx-ae-qve (>= @dep_version@), libsgx-urts (>= 2.23)
+Recommends: libsgx-ae-qve (>= @dep_version@), libsgx-urts (>= 2.24)
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives
 
 Package: libsgx-dcap-quote-verify-dev
 Section: devel
 Architecture: amd64
-Depends: libsgx-dcap-quote-verify (= @dep_version@), libsgx-headers (>= 2.23)
+Depends: libsgx-dcap-quote-verify (= @dep_version@), libsgx-headers (>= 2.24)
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives For Developers