configure-qpl: use optimized config on Azure

Signed-off-by: Thomas Tendyck <[email protected]>
edgelesssys · Jun 20, 2024 · a1bd397 · a1bd397
1 parent 572a174
commit a1bd397
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 5 deletions.
diff --git a/dockerfiles/Dockerfile b/dockerfiles/Dockerfile
@@ -32,6 +32,7 @@ LABEL description="Containerized SGX for release"
 ARG PSW_VERSION=2.24.100.3-jammy1
 ARG DCAP_VERSION=1.21.100.3-jammy1
 RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates libcurl4 wget \
+  && wget -Petc https://github.com/intel/SGXDataCenterAttestationPrimitives/raw/DCAP_1.21/QuoteGeneration/qcnl/linux/sgx_default_qcnl_azure.conf \
   && wget -qO /etc/apt/keyrings/intel-sgx-keyring.asc https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key \
   && echo 'deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' > /etc/apt/sources.list.d/intel-sgx.list \
   && apt-get update && apt-get install -y --no-install-recommends \

diff --git a/dockerfiles/configure-qpl b/dockerfiles/configure-qpl
@@ -5,12 +5,10 @@ if [ -n "${PCCS_ADDR}" ]; then
 	PCCS_URL=https://${PCCS_ADDR}/sgx/certification/v4/
 fi
 
-# if PCCS_URL isn't set and we're on Azure, use Azure PCCS
+# if PCCS_URL isn't set and we're on Azure, use config with Azure PCCS and local PCK URL
 if [ -z "${PCCS_URL}" ] && [ "$(cat /sys/devices/virtual/dmi/id/chassis_asset_tag)" = 7783-7084-3265-9085-8269-3286-77 ]; then
-	PCCS_URL=https://global.acccache.azure.net/sgx/certification/v4/
-	if [ -z "${PCCS_USE_SECURE_CERT}" ]; then
-		PCCS_USE_SECURE_CERT=true
-	fi
+	mv /etc/sgx_default_qcnl_azure.conf /etc/sgx_default_qcnl.conf
+	exit
 fi
 
 if [ -z "${PCCS_USE_SECURE_CERT}" ]; then