Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Pal/Linux-SGX] Remove SGX token dependency for DCAP enclaves
The SGX Launch Token (aka EINITTOKEN) file is required for EPID-based (more specifically, for non-FLC-based) SGX platforms. On these platforms, the token file is generated by the Quoting Enclave (QE) right-before the startup of the application in Gramine (Gramine sends a request for generation of the token to QE via the AESM service, using the `gramine-sgx-get-token` Python tool). Later, during enclave initialization at Gramine startup, this token file is read and its contents are provided as an arg to `SGX_IOC_ENCLAVE_INIT` ioctl. However, this token file is not required for DCAP-based (more specifically, for FLC-based) SGX platforms. Previously, Gramine still required to use the `gramine-sgx-get-token` Python tool even on these platforms, which generated a dummy token file. Generating this dummy token file may be problematic: (a) this cannot work on read-only FS mounts, and (b) it requires Python installed on the system. So this commit removes this dummy token file completely on DCAP machines. Co-authored-by: Dmitrii Kuvaiskii <[email protected]> Signed-off-by: Frieder Paape, Integritee AG <[email protected]> Signed-off-by: Dmitrii Kuvaiskii <[email protected]>
- Loading branch information