intel
diff --git a/‎.gitmodules
Lines changed: 15 additions & 0 deletions b/‎.gitmodules
Lines changed: 15 additions & 0 deletions
diff --git a/‎QuoteGeneration/Makefile
Lines changed: 16 additions & 5 deletions b/‎QuoteGeneration/Makefile
Lines changed: 16 additions & 5 deletions
diff --git a/‎QuoteGeneration/README.md
Lines changed: 1 addition & 1 deletion b/‎QuoteGeneration/README.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎QuoteGeneration/buildenv.mk
Lines changed: 12 additions & 12 deletions b/‎QuoteGeneration/buildenv.mk
Lines changed: 12 additions & 12 deletions
diff --git a/‎QuoteGeneration/common/inc/internal/se_version.h
Lines changed: 10 additions & 10 deletions b/‎QuoteGeneration/common/inc/internal/se_version.h
Lines changed: 10 additions & 10 deletions
diff --git a/‎QuoteGeneration/download_prebuilt.bat
Lines changed: 3 additions & 3 deletions b/‎QuoteGeneration/download_prebuilt.bat
Lines changed: 3 additions & 3 deletions
diff --git a/‎QuoteGeneration/download_prebuilt.sh
Lines changed: 3 additions & 3 deletions b/‎QuoteGeneration/download_prebuilt.sh
Lines changed: 3 additions & 3 deletions
diff --git a/‎QuoteGeneration/installer/linux/common/libsgx-dcap-quote-verify/BOMs/libsgx-dcap-ql-dev-qvinc.txt
Lines changed: 1 addition & 0 deletions b/‎QuoteGeneration/installer/linux/common/libsgx-dcap-quote-verify/BOMs/libsgx-dcap-ql-dev-qvinc.txt
Lines changed: 1 addition & 0 deletions
diff --git a/‎QuoteGeneration/installer/linux/common/libsgx-dcap-quote-verify/BOMs/libsgx-dcap-qvl.txt
Lines changed: 1 addition & 0 deletions b/‎QuoteGeneration/installer/linux/common/libsgx-dcap-quote-verify/BOMs/libsgx-dcap-qvl.txt
Lines changed: 1 addition & 0 deletions
diff --git a/‎QuoteGeneration/installer/linux/common/libsgx-dcap-quote-verify/Makefile
Lines changed: 5 additions & 1 deletion b/‎QuoteGeneration/installer/linux/common/libsgx-dcap-quote-verify/Makefile
Lines changed: 5 additions & 1 deletion
@@ -0,0 +1,15 @@
+[submodule "QuoteVerification/QVL"]
+	path = QuoteVerification/QVL
+	url = https://github.com/intel/SGX-TDX-DCAP-QuoteVerificationLibrary.git
+	branch = DCAP/1.20
+[submodule "QuoteVerification/QuoteVerificationService"]
+	path = QuoteVerification/QuoteVerificationService
+	url = https://github.com/intel/SGX-TDX-DCAP-QuoteVerificationService.git
+	branch = stable
+[submodule "external/wasm-micro-runtime"]
+	path = external/wasm-micro-runtime
+	url = https://github.com/bytecodealliance/wasm-micro-runtime.git
+	branch = main
+[submodule "external/jwt-cpp"]
+	path = external/jwt-cpp
+	url = https://github.com/Thalhammer/jwt-cpp.git
@@ -74,8 +74,8 @@ qpl_wrapper: qcnl_wrapper
 qve_wrapper:
 	$(MAKE) -C ../QuoteVerification
 
-td_migration:
-	$(MAKE) -C quote_wrapper/td_migration/linux _TD_MIGRATION=1
+servtd_attest:
+	$(MAKE) -C quote_wrapper/servtd_attest/linux SERVTD_ATTEST=1
 
 .PHONY: deb_sgx_dcap_ql_pkg
 deb_sgx_dcap_ql_pkg: $(CHECK_OPT) pce_logic qe3_logic
@@ -154,9 +154,13 @@ deb_sgx_pck_id_retrieval_tool_pkg:
 deb_sgx_ra_service_pkg:
 	$(MAKE) -C ../tools/SGXPlatformRegistration/ deb_pkg
 
+.PHONY: deb_tee_appraisal_tool_pkg
+deb_tee_appraisal_tool_pkg:
+	$(MAKE) -C ../QuoteVerification tee_appraisal_tool
+	./installer/linux/deb/tee-appraisal-tool/build.sh
 
 .PHONY: deb_pkg
-deb_pkg: deb_sgx_pce_logic_pkg deb_sgx_qe3_logic_pkg deb_sgx_dcap_ql_pkg deb_sgx_dcap_quote_verify_pkg deb_sgx_dcap_default_qpl_pkg deb_sgx_dcap_pccs_pkg deb_sgx_ae_qe3_pkg deb_sgx_ae_tdqe_pkg deb_sgx_ae_id_enclave_pkg deb_sgx_ae_qve_pkg deb_sgx_tdx_logic_pkg deb_sgx_tdx_qgs_pkg deb_sgx_tdx_attest_pkg deb_sgx_pck_id_retrieval_tool_pkg deb_sgx_ra_service_pkg
+deb_pkg: deb_sgx_pce_logic_pkg deb_sgx_qe3_logic_pkg deb_sgx_dcap_ql_pkg deb_sgx_dcap_quote_verify_pkg deb_sgx_dcap_default_qpl_pkg deb_sgx_dcap_pccs_pkg deb_sgx_ae_qe3_pkg deb_sgx_ae_tdqe_pkg deb_sgx_ae_id_enclave_pkg deb_sgx_ae_qve_pkg deb_sgx_tdx_logic_pkg deb_sgx_tdx_qgs_pkg deb_sgx_tdx_attest_pkg deb_sgx_pck_id_retrieval_tool_pkg deb_sgx_ra_service_pkg deb_tee_appraisal_tool_pkg
 	@$(RM) -f ./installer/linux/deb/*.deb ./installer/linux/deb/*.ddeb
 	cp `find ./installer/linux/deb/ -name "*.deb" -o -name "*.ddeb"` ./installer/linux/deb/
 	cp `find ../tools/PCKRetrievalTool/installer/deb/ -name "*.deb" -o -name "*.ddeb"` ./installer/linux/deb/
@@ -226,8 +230,13 @@ rpm_sgx_pck_id_retrieval_tool_pkg:
 rpm_sgx_ra_service_pkg:
 	$(MAKE) -C ../tools/SGXPlatformRegistration/ rpm_pkg
 
+.PHONY: rpm_tee_appraisal_tool_pkg
+rpm_tee_appraisal_tool_pkg:
+	$(MAKE) -C ../QuoteVerification tee_appraisal_tool
+	./installer/linux/rpm/tee-appraisal-tool/build.sh
+
 .PHONY: rpm_pkg
-rpm_pkg: rpm_sgx_dcap_ql_pkg rpm_sgx_dcap_default_qpl_pkg rpm_sgx_dcap_pccs_pkg rpm_sgx_ae_qe3_pkg rpm_sgx_ae_tdqe_pkg rpm_sgx_ae_id_enclave_pkg rpm_sgx_ae_qve_pkg rpm_sgx_tdx_logic_pkg rpm_sgx_tdx_qgs_pkg rpm_sgx_tdx_attest_pkg rpm_sgx_dcap_quote_verify_pkg rpm_sgx_pce_logic_pkg rpm_sgx_qe3_logic_pkg rpm_sgx_pck_id_retrieval_tool_pkg rpm_sgx_ra_service_pkg
+rpm_pkg: rpm_sgx_dcap_ql_pkg rpm_sgx_dcap_default_qpl_pkg rpm_sgx_dcap_pccs_pkg rpm_sgx_ae_qe3_pkg rpm_sgx_ae_tdqe_pkg rpm_sgx_ae_id_enclave_pkg rpm_sgx_ae_qve_pkg rpm_sgx_tdx_logic_pkg rpm_sgx_tdx_qgs_pkg rpm_sgx_tdx_attest_pkg rpm_sgx_dcap_quote_verify_pkg rpm_sgx_pce_logic_pkg rpm_sgx_qe3_logic_pkg rpm_sgx_pck_id_retrieval_tool_pkg rpm_sgx_ra_service_pkg rpm_tee_appraisal_tool_pkg
 	@$(RM) -f ./installer/linux/rpm/*.rpm
 	cp `find ./installer/linux/rpm/ -name "*.rpm"` ./installer/linux/rpm/
 	cp `find ../tools/PCKRetrievalTool/installer/rpm/ -name "*.rpm"` ./installer/linux/rpm/
@@ -240,7 +249,7 @@ clean:
 	$(MAKE) -C quote_wrapper/tdx_quote/linux clean
 	$(MAKE) -C quote_wrapper/tdx_attest/linux clean
 	$(MAKE) -C quote_wrapper/tdx_verify/linux clean
-	$(MAKE) -C quote_wrapper/td_migration/linux clean
+	$(MAKE) -C quote_wrapper/servtd_attest/linux clean
 	$(MAKE) -C qcnl/linux clean
 	$(MAKE) -C qpl/linux clean
 	$(MAKE) -C ../QuoteVerification clean
@@ -264,6 +273,7 @@ clean:
 	./installer/linux/deb/libsgx-dcap-default-qpl/clean.sh
 	./installer/linux/deb/sgx-dcap-pccs/clean.sh
 	../tools/PCKRetrievalTool/installer/deb/sgx-pck-id-retrieval-tool/clean.sh
+	./installer/linux/deb/tee-appraisal-tool/clean.sh
 	./installer/linux/rpm/libsgx-dcap-ql/clean.sh
 	./installer/linux/rpm/libsgx-ae-qe3/clean.sh
 	./installer/linux/rpm/libsgx-ae-tdqe/clean.sh
@@ -278,6 +288,7 @@ clean:
 	./installer/linux/rpm/libsgx-dcap-default-qpl/clean.sh
 	./installer/linux/rpm/sgx-dcap-pccs/clean.sh
 	../tools/PCKRetrievalTool/installer/rpm/sgx-pck-id-retrieval-tool/clean.sh
+	./installer/linux/rpm/tee-appraisal-tool/clean.sh
 
 rebuild:
 	$(MAKE) -f $(CUR_MKFILE) clean
 
@@ -39,7 +39,7 @@ For Windows* OS
 **NOTE**:`sgx_dcap_dev.inf` is for Windows* Server 2016 LTSC and `sgx_dcap.inf` is for Windows* Server 2019 LTSC.
 
 ## How to install
-   Refer to the *"Installation Instructions"* section in the [Intel(R) Software Guard Extensions: Data Center Attestation Primitives Installation Guide For Windows* OS](https://download.01.org/intel-sgx/sgx-dcap/1.19/windows/docs/Intel_SGX_DCAP_Windows_SW_Installation_Guide.pdf) to install the right packages on your platform.
+   Refer to the *"Installation Instructions"* section in the [Intel(R) Software Guard Extensions: Data Center Attestation Primitives Installation Guide For Windows* OS](https://download.01.org/intel-sgx/sgx-dcap/1.20/windows/docs/Intel_SGX_DCAP_Windows_SW_Installation_Guide.pdf) to install the right packages on your platform.
 
 
 For Linux* OS
 
@@ -66,10 +66,10 @@ SGX_MODE ?= HW
 SGX_ARCH ?= x64
 SGX_DEBUG ?= 0
 
-ifndef _TD_MIGRATION
+ifndef SERVTD_ATTEST
     ifneq ($(origin SGX_SDK),file)
-    include $(SGX_SDK)/buildenv.mk
-    else
+      include $(SGX_SDK)/buildenv.mk
+	  else
 $(info You may need to set environment variables if the SGX SDK is installed.)
 $(info Use a command like 'source /opt/intel/sgxsdk/environment')
     endif
@@ -193,8 +193,8 @@ ifneq ($(MITIGATION-CVE-2020-0551), LOAD)
     endif
 endif
 
-ifdef _TD_MIGRATION
-COMMON_FLAGS += -D_TD_MIGRATION
+ifdef SERVTD_ATTEST
+COMMON_FLAGS += -DSERVTD_ATTEST
 endif
 
 CFLAGS   += $(COMMON_FLAGS)
@@ -220,11 +220,11 @@ ENCLAVE_LDFLAGS  = $(COMMON_LDFLAGS) -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefi
                    -Wl,-pie,-eenclave_entry -Wl,--export-dynamic  \
                    -Wl,--defsym,__ImageBase=0
 
-TD_MIGRATION_LINUX_TRUNK_ROOT_PATH := $(ROOT_DIR)/../../..
-TD_MIGRATION_STD_INC_PATH := $(TD_MIGRATION_LINUX_TRUNK_ROOT_PATH)/common/inc
-TD_MIGRATION_STD_LIB_PATH := $(TD_MIGRATION_LINUX_TRUNK_ROOT_PATH)/build/linux
-TD_MIGRATION_CFLAGS := $(CFLAGS) -ffreestanding -nostdinc -fPIC -fvisibility=hidden -D_TD_MIGRATION
-TD_MIGRATION_CXXFLAGS := $(TD_MIGRATION_CFLAGS) -nostdinc++
-TD_MIGRATION_LDFLAGS := -nostdlib -nodefaultlibs -nostartfiles  \
+SERVTD_ATTEST_LINUX_TRUNK_ROOT_PATH := $(ROOT_DIR)/../../..
+SERVTD_ATTEST_STD_INC_PATH := $(SERVTD_ATTEST_LINUX_TRUNK_ROOT_PATH)/common/inc
+SERVTD_ATTEST_STD_LIB_PATH := $(SERVTD_ATTEST_LINUX_TRUNK_ROOT_PATH)/build/linux
+SERVTD_ATTEST_CFLAGS := $(CFLAGS) -ffreestanding -nostdinc -fPIC -fvisibility=hidden -DSERVTD_ATTEST
+SERVTD_ATTEST_CXXFLAGS := $(SERVTD_ATTEST_CFLAGS) -nostdinc++
+SERVTD_ATTEST_LDFLAGS := -nostdlib -nodefaultlibs -nostartfiles  \
                         -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--export-dynamic -Wl,--gc-sections -g
-TD_MIGRATION_BUILD_DIR := $(BUILD_DIR)/td_migration
+SERVTD_ATTEST_BUILD_DIR := $(BUILD_DIR)/servtd_attest
@@ -28,21 +28,21 @@
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
-#define STRFILEVER    "1.19.100.3"
+#define STRFILEVER    "1.20.100.2"
 #define COPYRIGHT      "Copyright (C) 2023 Intel Corporation"
-#define FILEVER        1,19,100,3
-#define PRODUCTVER     1,19,100,3
-#define STRPRODUCTVER  "1.19.100.3"
+#define FILEVER        1,20,100,2
+#define PRODUCTVER     1,20,100,2
+#define STRPRODUCTVER  "1.20.100.2"
 #define COMPANYNAME    "Intel Corporation"
 #define PRODUCTNAME    "Intel® Software Guard Extensions"
 
-#define DEFAULT_QPL_VERSION          "1.13.106.3"
-#define QUOTE_VERIFIER_VERSION       "1.12.106.3"
-#define QUOTE_LOADER_VERSION         "1.11.106.3"
-#define TDQE_WRAPPER_VERSION         "1.14.106.3"
-#define PCE_WRAPPER_VERSION          "1.14.106.3"
+#define DEFAULT_QPL_VERSION          "1.13.107.2"
+#define QUOTE_VERIFIER_VERSION       "1.13.100.2"
+#define QUOTE_LOADER_VERSION         "1.11.107.2"
+#define TDQE_WRAPPER_VERSION         "1.14.107.2"
+#define PCE_WRAPPER_VERSION          "1.14.107.2"
 
 #define QE3_VERSION                  "1.19.100.1"
-#define QVE_VERSION                  "1.19.100.1"
+#define QVE_VERSION                  "1.20.100.1"
 #define IDE_VERSION                  "1.19.100.1"
 #define TDQE_VERSION                 "1.19.100.1"
@@ -29,9 +29,9 @@
 
 @echo off
 
-set ae_file_name=prebuilt_windows_dcap_1.19.zip
-set checksum_file=SHA256SUM_prebuilt_windows_dcap_1.19.cfg
-set server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.19/windows/
+set ae_file_name=prebuilt_windows_dcap_1.20.zip
+set checksum_file=SHA256SUM_prebuilt_windows_dcap_1.20.cfg
+set server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.20/windows/
 set server_ae_url=%server_url_path%/%ae_file_name%
 set server_checksum_url=%server_url_path%/%checksum_file%
 
 
@@ -32,9 +32,9 @@
 
 top_dir=`dirname $0`
 out_dir=$top_dir
-ae_file_name=prebuilt_dcap_1.19.tar.gz
-checksum_file=SHA256SUM_prebuilt_dcap_1.19.cfg
-server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.19/linux/
+ae_file_name=prebuilt_dcap_1.20.tar.gz
+checksum_file=SHA256SUM_prebuilt_dcap_1.20.cfg
+server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.20/linux/
 server_ae_url=$server_url_path/$ae_file_name
 server_checksum_url=$server_url_path/$checksum_file
 
 
@@ -1,3 +1,4 @@
 DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
 <deliverydir>/dcap_quoteverify/inc/sgx_dcap_quoteverify.h	<installdir>/include/sgx_dcap_quoteverify.h	0	main	STP
 <deliverydir>/QvE/Include/sgx_qve_header.h	<installdir>/include/sgx_qve_header.h	0	main	STP
+<deliverydir>/appraisal/qal/sgx_dcap_qal.h	<installdir>/include/sgx_dcap_qal.h	0	main	STP
@@ -1,2 +1,3 @@
 DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
 <deliverydir>/build/linux/libsgx_dcap_quoteverify.so	<installdir>/lib/libsgx_dcap_quoteverify.so	0	main	STP
+<deliverydir>/build/linux/tee_appraisal_policy.wasm	<installdir>/share/sgx/tee_appraisal_policy.wasm	0	main	STP
@@ -36,6 +36,7 @@ PACKAGES=$(notdir $(wildcard $(PACKAGE_ROOT_FOLDER)/*))
 
 USR_LIB_PATH=/usr/$(notdir $(shell gcc -print-multi-os-directory))/$(shell dpkg-architecture -qDEB_HOST_MULTIARCH 2> /dev/null)
 USR_INC_PATH=/usr/$(INC_DIR)
+USR_SHARE_PATH=/usr/$(SHARE_DIR)
 
 USR_LIB_VER=1.0.0
 SPLIT_VERSION=$(word $2,$(subst ., ,$1))
@@ -46,6 +47,7 @@ install: $(PACKAGES)
 	cd $(shell readlink -m $(DESTDIR)/$(DCAP_QVL_PACKAGE_NAME)/$(USR_LIB_PATH)) && \
 	mv libsgx_dcap_quoteverify.so libsgx_dcap_quoteverify.so.$(USR_LIB_VER) && \
 	ln -fs libsgx_dcap_quoteverify.so.$(USR_LIB_VER) libsgx_dcap_quoteverify.so.$(call SPLIT_VERSION,$(USR_LIB_VER),1)
+	install -d $(shell readlink -m $(DESTDIR)/$(DCAP_QVL_DEV_PACKAGE_NAME)/$(USR_LIB_PATH))
 	cd $(shell readlink -m $(DESTDIR)/$(DCAP_QVL_DEV_PACKAGE_NAME)/$(USR_LIB_PATH)) && \
 	ln -fs libsgx_dcap_quoteverify.so.$(call SPLIT_VERSION,$(USR_LIB_VER),1) libsgx_dcap_quoteverify.so
 
@@ -56,5 +58,7 @@ $(PACKAGES):
 		mv $(PACKAGE_ROOT_FOLDER)/$@/$(LIB_DIR)/*.so $(DESTDIR)/$@/$(USR_LIB_PATH))
 	$(if $(wildcard $(PACKAGE_ROOT_FOLDER)/$@/$(INC_DIR)/.*), \
 		install -d $(shell readlink -m $(DESTDIR)/$@/$(USR_INC_PATH)) && \
-		install -d $(shell readlink -m $(DESTDIR)/$@/$(USR_LIB_PATH)) && \
 		mv $(PACKAGE_ROOT_FOLDER)/$@/$(INC_DIR)/* $(DESTDIR)/$@/$(USR_INC_PATH))
+	$(if $(wildcard $(PACKAGE_ROOT_FOLDER)/$@/$(SHARE_DIR)/.*), \
+		install -d $(shell readlink -m $(DESTDIR)/$@/$(USR_SHARE_PATH)) && \
+		mv $(PACKAGE_ROOT_FOLDER)/$@/$(SHARE_DIR)/* $(DESTDIR)/$@/$(USR_SHARE_PATH))
Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,3 @@`
`1`	`1`	`DeliveryName InstallName FileCheckSum FileFeature FileOwner`
`2`	`2`	`<deliverydir>/build/linux/libsgx_dcap_quoteverify.so <installdir>/lib/libsgx_dcap_quoteverify.so 0 main STP`
	`3`	`+<deliverydir>/build/linux/tee_appraisal_policy.wasm <installdir>/share/sgx/tee_appraisal_policy.wasm 0 main STP`