Update SGX SDK to 2.21.100.1

.devcontainer/Dockerfile

@@ -12,14 +12,14 @@ RUN  apt-get update \
   && rm -r /var/lib/apt/lists
 
 # Install SGX_SDK
-ARG SGX_URL=https://download.01.org/intel-sgx/sgx-linux/2.20/distro/ubuntu22.04-server/sgx_linux_x64_sdk_2.20.100.4.bin
+ARG SGX_URL=https://download.01.org/intel-sgx/sgx-linux/2.21/distro/ubuntu22.04-server/sgx_linux_x64_sdk_2.21.100.1.bin
 RUN  curl -o sgx.bin "${SGX_URL}" \
   && chmod +x ./sgx.bin \
   && ./sgx.bin --prefix=/opt/intel \
   && rm ./sgx.bin
 
 # Install DCAP libraries
-ARG DCAP_VERSION=1.17.100.4-jammy1
+ARG DCAP_VERSION=1.18.100.1-jammy1
 RUN mkdir -p /etc/apt/keyrings \
   && wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | gpg --dearmor | tee /etc/apt/keyrings/intel-sgx.gpg > /dev/null \
   && echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main" | tee /etc/apt/sources.list.d/intel-sgx.list \

.github/workflows/ci.yaml

@@ -69,7 +69,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: mobilecoinfoundation/actions/dcap-libs@main
         with:
-          version: 1.17.100.4-jammy1
+          version: 1.18.100.1-jammy1
       - id: suppression
         run: |
           if [ "${{ matrix.rust }}" == "stable" ]; then
@@ -98,10 +98,10 @@ jobs:
       - uses: actions/checkout@v4
       - uses: mobilecoinfoundation/actions/sgxsdk@main
         with:
-          version: 2.20.100.4
+          version: 2.21.100.1
       - uses: mobilecoinfoundation/actions/dcap-libs@main
         with:
-          version: 1.17.100.4-jammy1
+          version: 1.18.100.1-jammy1
       - uses: dtolnay/rust-toolchain@master
         with:
           toolchain: ${{ matrix.rust }}
@@ -122,10 +122,10 @@ jobs:
       - uses: actions/checkout@v4
       - uses: mobilecoinfoundation/actions/sgxsdk@main
         with:
-          version: 2.20.100.4
+          version: 2.21.100.1
       - uses: mobilecoinfoundation/actions/dcap-libs@main
         with:
-          version: 1.17.100.4-jammy1
+          version: 1.18.100.1-jammy1
       - uses: dtolnay/rust-toolchain@master
         with:
           toolchain: ${{ matrix.rust }}
@@ -146,10 +146,10 @@ jobs:
       - uses: actions/checkout@v4
       - uses: mobilecoinfoundation/actions/sgxsdk@main
         with:
-          version: 2.20.100.4
+          version: 2.21.100.1
       - uses: mobilecoinfoundation/actions/dcap-libs@main
         with:
-          version: 1.17.100.4-jammy1
+          version: 1.18.100.1-jammy1
       - uses: dtolnay/rust-toolchain@master
         with:
           toolchain: ${{ matrix.rust }}
@@ -187,10 +187,10 @@ jobs:
       - uses: actions/checkout@v4
       - uses: mobilecoinfoundation/actions/sgxsdk@main
         with:
-          version: 2.20.100.4
+          version: 2.21.100.1
       - uses: mobilecoinfoundation/actions/dcap-libs@main
         with:
-          version: 1.17.100.4-jammy1
+          version: 1.18.100.1-jammy1
       - uses: dtolnay/rust-toolchain@stable
         with:
           components: llvm-tools-preview

CHANGELOG.md

@@ -11,7 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- The SGX SDK version is now 2.20.100.4
+- The SGX SDK version is now 2.21.100.1
 
 ## [0.8.0] - 2023-09-21
 

core/build/headers/sgx_dcap_quoteverify.h

@@ -49,18 +49,23 @@ extern "C" {
  * When the Quoting Verification Library is linked to a process, it needs to know the proper enclave loading policy.
  * The library may be linked with a long lived process, such as a service, where it can load the enclaves and leave
  * them loaded (persistent). This better ensures that the enclaves will be available upon quote requests and not subject
- * to EPC limitations if loaded on demand. However, if the Quoting library is linked with an application process, there
- * may be many applications with the Quoting library and a better utilization of EPC is to load and unloaded the quoting
- * enclaves on demand (ephemeral).  The library will be shipped with a default policy of loading enclaves and leaving
- * them loaded until the library is unloaded (PERSISTENT). If the policy is set to EPHEMERAL, then the QE and PCE will
- * be loaded and unloaded on-demand.  If either enclave is already loaded when the policy is change to EPHEMERAL, the
- * enclaves will be unloaded before returning.
+ * to EPC limitations if loaded on demand. However, if the QVL is linked with an application process, there may be many
+ * applications with the QVL and a better utilization of EPC is to load and unloaded the quote verification enclaves on
+ * demand (ephemeral).  The library will be shipped with a default policy of loading enclaves and leaving
+ * them loaded until the library is unloaded (PERSISTENT). If the policy is set to EPHEMERAL, then the QvE will
+ * be loaded and unloaded on-demand.
+ * Supported policies:
+ *  SGX_QL_EPHEMERAL - Default policy. QvE is initialized and terminated on every quote verification function call.
+ *  SGX_QL_PERSISTENT - All the threads will share single QvE instance, and QvE is initialized on first use and reused until process ends.
+ *  SGX_QL_EPHEMERAL_QVE_MULTI_THREAD - QvE is loaded per thread and be unloaded before function exit.
+ *  SGX_QL_PERSISTENT_QVE_MULTI_THREAD - QvE is loaded per thread and only be unloaded before thread exit.
+ *
+ * NOTE: QvE load policy should be only set once in one process, change the policy means all threads will be impacted.
  *
  * @param policy Sets the requested enclave loading policy to either SGX_QL_PERSISTENT, SGX_QL_EPHEMERAL or SGX_QL_DEFAULT.
  *
  * @return SGX_QL_SUCCESS Successfully set the enclave loading policy for the quoting library's enclaves.
  * @return SGX_QL_UNSUPPORTED_LOADING_POLICY The selected policy is not support by the quoting library.
- * @return SGX_QL_ERROR_UNEXPECTED Unexpected internal error.
  *
  **/
 quote3_error_t sgx_qv_set_enclave_load_policy(sgx_ql_request_policy_t policy);

core/build/headers/sgx_pce.h

@@ -73,6 +73,9 @@ typedef enum _sgx_ql_request_policy
     SGX_QL_PERSISTENT, ///< QE is initialized on first use and reused until process ends.
     SGX_QL_EPHEMERAL,  ///< QE is initialized and terminated on every quote.
                        ///< If a previous QE exists, it is stopped & restarted before quoting.
+    SGX_QL_EPHEMERAL_QVE_MULTI_THREAD,  ///< Only used for quote verification, QvE is loaded per thread and be unloaded before function exit.
+    SGX_QL_PERSISTENT_QVE_MULTI_THREAD, ///< Only used for quote verification, QvE is loaded per thread and be unloaded before thread exit.
+
     SGX_QL_DEFAULT = SGX_QL_PERSISTENT
 } sgx_ql_request_policy_t;
 

core/build/headers/sgx_quote_4.h

@@ -46,7 +46,7 @@
 
 #pragma pack(push, 1)
 
-#define TD_INFO_RESERVED_BYTES 112
+#define TD_INFO_RESERVED_BYTES_V1 112
 typedef struct _tee_info_t                    /* 512 bytes */
 {
     tee_attributes_t     attributes;          /* (  0) TD's attributes */
@@ -56,7 +56,7 @@ typedef struct _tee_info_t                    /* 512 bytes */
     tee_measurement_t    mr_owner;            /* (112) Software defined ID for the guest TD's owner */
     tee_measurement_t    mr_owner_config;     /* (160) Software defined ID for owner-defined configuration of the guest TD, e.g., specific to the workload rather than the runtime or OS */
     tee_measurement_t    rt_mr[4];            /* (208) Array of 4(TDX1: NUM_RTMRS is 4) runtime extendable measurement registers */
-    uint8_t reserved[TD_INFO_RESERVED_BYTES]; /* (400) Reserved, must be zero */
+    uint8_t reserved[TD_INFO_RESERVED_BYTES_V1]; /* (400) Reserved, must be zero */
 } tee_info_t;
 
 
@@ -66,7 +66,7 @@ typedef struct _tee_tcb_svn_t
     uint8_t  tcb_svn[TEE_TCB_SVN_SIZE];
 } tee_tcb_svn_t;
 
-#define TD_TEE_TCB_INFO_RESERVED_BYTES 111
+#define TD_TEE_TCB_INFO_RESERVED_BYTES_V1 111
 typedef struct _tee_tcb_info_t
 {
     uint8_t           valid[8];                                   /* (  0) Indicates TEE_TCB_INFO fields which are valid
@@ -77,7 +77,7 @@ typedef struct _tee_tcb_info_t
     tee_measurement_t mr_seam;                                    /* ( 24) Measurement of the SEAM module */
     tee_measurement_t mr_seam_signer;                             /* ( 72) Measurement of SEAM module signer. (Not populated for Intel SEAM modules) */
     tee_attributes_t  attributes;                                 /* (120) Additional configuration attributes.(Not populated for Intel SEAM modules) */
-    uint8_t           reserved[TD_TEE_TCB_INFO_RESERVED_BYTES];   /* (128) Reserved, must be zero */
+    uint8_t           reserved[TD_TEE_TCB_INFO_RESERVED_BYTES_V1];/* (128) Reserved, must be zero */
 } tee_tcb_info_t;
 
 /** The SGX_QL_SGX_QL_ALG_ECDSA_P256 specific data structure.  Appears in the signature_data[] of the sgx_quote3_t
@@ -123,7 +123,7 @@ typedef struct _sgx_quote4_header_t {
 typedef struct _sgx_report2_body_t {
     tee_tcb_svn_t       tee_tcb_svn;          ///<  0:  TEE_TCB_SVN Array
     tee_measurement_t   mr_seam;              ///< 16:  Measurement of the SEAM module
-    tee_measurement_t   mrsigner_seam;        ///< 64:  Measurement of a 3rd party SEAM module’s signer (SHA384 hash). 
+    tee_measurement_t   mrsigner_seam;        ///< 64:  Measurement of a 3rd party SEAM module’s signer (SHA384 hash).
                                               ///       The value is 0’ed for Intel SEAM module
     tee_attributes_t    seam_attributes;      ///< 112: MBZ: TDX 1.0
     tee_attributes_t    td_attributes;        ///< 120: TD's attributes
@@ -141,12 +141,12 @@ typedef struct _sgx_report2_body_t {
 typedef struct _sgx_quote4_t {
     sgx_quote4_header_t header;               ///< 0:   The quote header.
     sgx_report2_body_t  report_body;          ///< 48:  The REPORT of the TD that is attesting remotely.
-    uint32_t            signature_data_len;   ///< 656: The length of the signature_data.  Varies depending on the type of sign_type.
+    uint32_t            signature_data_len;   ///< 632: The length of the signature_data.  Varies depending on the type of sign_type.
 #ifdef _MSC_VER
 #pragma warning(push)
 #pragma warning ( disable:4200 )
 #endif
-    uint8_t             signature_data[];     ///< 660: Contains the variable length containing the quote signature and support data for the signature.
+    uint8_t             signature_data[];     ///< 636: Contains the variable length containing the quote signature and support data for the signature.
 #ifdef _MSC_VER
 #pragma warning(pop)
 #endif

core/build/headers/sgx_report2.h

@@ -36,6 +36,8 @@
 #ifndef _SGX_REPORT2_H_
 #define _SGX_REPORT2_H_
 
+#include <stdint.h>
+
 #define TEE_HASH_384_SIZE       48 /* SHA384 */
 #define TEE_MAC_SIZE            32 /* Message SHA 256 HASH Code - 32 bytes */
 
@@ -67,6 +69,7 @@ typedef struct _tee_attributes_t
 #define TEE_REPORT2_TYPE        0x81    /* TEE Report Type2 */
 #define TEE_REPORT2_SUBTYPE     0x0     /* SUBTYPE for Report Type2 is 0 */
 #define TEE_REPORT2_VERSION     0x0     /* VERSION for Report Type2 is 0 */
+#define TEE_REPORT2_VERSION_SERVICETD 0x1 /* VERSION for Report Type2 which mr_servicetd is used */
 
 typedef struct _tee_report_type_t {
     uint8_t type;       /* Trusted Execution Environment(TEE) type:

dcap/types/src/request_policy.rs

@@ -17,6 +17,12 @@ pub enum RequestPolicy {
     /// previous quoting enclave exists, it is stopped and restarted before
     /// quoting.
     Ephemeral,
+    /// Only used for quote verification, QvE is loaded per thread and be
+    /// unloaded before thread exit.
+    PersistentQveMultiThread,
+    /// Only used for quote verification, QvE is loaded per thread and be
+    /// unloaded before function exit.
+    EphemeralQveMultiThread,
 }
 
 impl TryFrom<sgx_ql_request_policy_t> for RequestPolicy {
@@ -26,6 +32,12 @@ impl TryFrom<sgx_ql_request_policy_t> for RequestPolicy {
         match p {
             sgx_ql_request_policy_t::SGX_QL_PERSISTENT => Ok(Self::Persistent),
             sgx_ql_request_policy_t::SGX_QL_EPHEMERAL => Ok(Self::Ephemeral),
+            sgx_ql_request_policy_t::SGX_QL_PERSISTENT_QVE_MULTI_THREAD => {
+                Ok(Self::PersistentQveMultiThread)
+            }
+            sgx_ql_request_policy_t::SGX_QL_EPHEMERAL_QVE_MULTI_THREAD => {
+                Ok(Self::EphemeralQveMultiThread)
+            }
             p => Err(FfiError::UnknownEnumValue(p.0.into())),
         }
     }
@@ -36,6 +48,12 @@ impl From<RequestPolicy> for sgx_ql_request_policy_t {
         match p {
             RequestPolicy::Persistent => sgx_ql_request_policy_t::SGX_QL_PERSISTENT,
             RequestPolicy::Ephemeral => sgx_ql_request_policy_t::SGX_QL_EPHEMERAL,
+            RequestPolicy::PersistentQveMultiThread => {
+                sgx_ql_request_policy_t::SGX_QL_PERSISTENT_QVE_MULTI_THREAD
+            }
+            RequestPolicy::EphemeralQveMultiThread => {
+                sgx_ql_request_policy_t::SGX_QL_EPHEMERAL_QVE_MULTI_THREAD
+            }
         }
     }
 }
@@ -48,6 +66,8 @@ mod test {
     #[parameterized(
     persistent = { sgx_ql_request_policy_t::SGX_QL_PERSISTENT, RequestPolicy::Persistent },
     ephemeral = { sgx_ql_request_policy_t::SGX_QL_EPHEMERAL, RequestPolicy::Ephemeral },
+    persistent_qve_multi_thread = { sgx_ql_request_policy_t::SGX_QL_PERSISTENT_QVE_MULTI_THREAD, RequestPolicy::PersistentQveMultiThread },
+    ephemeral_qve_multi_thread = { sgx_ql_request_policy_t::SGX_QL_EPHEMERAL_QVE_MULTI_THREAD, RequestPolicy::EphemeralQveMultiThread },
     defualt = { sgx_ql_request_policy_t::SGX_QL_DEFAULT, RequestPolicy::Persistent },
     )]
     fn from_sgx_to_policy(sgx_policy: sgx_ql_request_policy_t, expected: RequestPolicy) {
@@ -58,14 +78,16 @@ mod test {
     #[parameterized(
     persistent = { RequestPolicy::Persistent, sgx_ql_request_policy_t::SGX_QL_PERSISTENT },
     ephemeral = { RequestPolicy::Ephemeral, sgx_ql_request_policy_t::SGX_QL_EPHEMERAL },
+    persistent_qve_multi_thread = { RequestPolicy::PersistentQveMultiThread, sgx_ql_request_policy_t::SGX_QL_PERSISTENT_QVE_MULTI_THREAD },
+    ephemeral_qve_multi_thread = { RequestPolicy::EphemeralQveMultiThread, sgx_ql_request_policy_t::SGX_QL_EPHEMERAL_QVE_MULTI_THREAD },
     )]
     fn from_policy_to_sgx(policy: RequestPolicy, expected: sgx_ql_request_policy_t) {
         let sgx_policy: sgx_ql_request_policy_t = policy.into();
         assert_eq!(sgx_policy, expected);
     }
     #[test]
     fn sgx_policy_out_of_bounds_panics() {
-        let result = RequestPolicy::try_from(sgx_ql_request_policy_t(2));
+        let result = RequestPolicy::try_from(sgx_ql_request_policy_t(4));
         assert!(result.is_err());
     }
 }