[Curated-Apps] Add generic DCAP attestation support

Signed-off-by: jkr0103 <jitender.kumar@intel.com>

Intel-Confidential-Compute-for-X/README.md

@@ -34,41 +34,53 @@ application, and adjusting the settings and templates as needed.
 - Any regular system with a Linux distribution is sufficient.
 - Install the necessary build dependencies and adjust the permissions of `/var/run/docker.sock` for
   the current user:
-   - Ubuntu 18.04
+   - Ubuntu 20.04
         ```sh
         sudo apt-get update && sudo apt-get install -y docker.io python3 python3-pip
         python3 -m pip install docker jinja2 tomli tomli-w pyyaml
         sudo chown $USER /var/run/docker.sock
         ```
 
-
 ### For executing an "Intel® Confidential Compute for X" image
 
-- Hardware requirements: This project currently only works for SGX-enabled Azure VMs. With some
-  modifications, it will work on any Intel® SGX-enabled bare metal machine or VM.
-   - At Azure, VMs of the [DCsv3 and DCdsv3-series](https://learn.microsoft.com/en-us/azure/virtual-machines/dcv3-series)
-     should be used. Azure provides a
-     [quickstart guide](https://learn.microsoft.com/en-us/azure/confidential-computing/quick-create-portal)
-     to setup such VMs. During the selection of the VM, one has to carefully select a machine
-     providing the necessary amount of EPC memory suiting the application. A table with the
-     provided EPC memory size can be found on the
-     [DCsv3 and DCdsv3-series overview](https://learn.microsoft.com/en-us/azure/virtual-machines/dcv3-series).
-
-- Install the necessary build dependencies:
-    - Ubuntu 18.04:
-        ```sh
-        sudo apt-get update && sudo apt-get install -y docker.io
-        sudo chown $USER /var/run/docker.sock
-        echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main' |
-            sudo tee /etc/apt/sources.list.d/intel-sgx.list
-        wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key |
-            sudo apt-key add -
-        sudo apt-key adv --fetch-keys https://packages.microsoft.com/keys/microsoft.asc
-        sudo apt-add-repository 'https://packages.microsoft.com/ubuntu/18.04/prod main'
-        sudo apt update && sudo apt install -y az-dcap-client
-        sudo apt-get install -y -f libsgx-dcap-ql
-        ```
+#### Hardware requirements
+
+- SGX-enabled Azure VMs:
+
+  At Azure, VMs of the [DCsv3 and DCdsv3-series](https://learn.microsoft.com/en-us/azure/virtual-machines/dcv3-series)
+  should be used. Azure provides a
+  [quickstart guide](https://learn.microsoft.com/en-us/azure/confidential-computing/quick-create-portal)
+  to setup such VMs. During the selection of the VM, one has to carefully select a machine
+  providing the necessary amount of EPC memory suiting the application. A table with the
+  provided EPC memory size can be found on the
+  [DCsv3 and DCdsv3-series overview](https://learn.microsoft.com/en-us/azure/virtual-machines/dcv3-series).
 
+- Bare-metal systems:
+
+  User is expected to have DCAP remote attestation infrastructure with PCCS setup and system
+  provisioned. Please follow instructions [here](https://www.intel.com/content/www/us/en/developer/articles/guide/intel-software-guard-extensions-data-center-attestation-primitives-quick-install-guide.html)
+  for DCAP remote attestation setup.
+
+#### Install the necessary build dependencies:
+
+Below commands are specific to Ubuntu 20.04. Please follow the instructions under
+`"Intel® SGX Application User"` section in document [here](https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_SW_Installation_Guide_for_Linux.pdf)
+for other distro specific commands.
+
+```sh
+sudo apt-get update && sudo apt-get install -y docker.io
+sudo chown $USER /var/run/docker.sock
+
+echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' |
+    sudo tee /etc/apt/sources.list.d/intel-sgx.list
+wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key |
+    sudo apt-key add -
+sudo apt-get install -y -f libsgx-dcap-ql libsgx-dcap-default-qpl=1.16.100.2-focal1
+
+# Execute below command (only on Azure VM) to change PCCS_URL to Azure PCCS
+sudo sed -i "s|^\(  \"pccs_url\": \"https://\).*\(/sgx/certification.*\)|\1global.acccache.azure.net\2|g" \
+    /etc/sgx_default_qcnl.conf
+```
 
 ## Usage of the interactive script
 

Intel-Confidential-Compute-for-X/curate.py

@@ -258,15 +258,6 @@ def get_attestation_input(user_console, guide_win):
                 continue
         return attestation_input
 
-def is_azure_instance():
-    service_cmd = "systemctl --type=service --state=running"
-    service_output = subprocess.run(service_cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
-                                    universal_newlines=True, shell=True)
-    re_pattern='wa.*?agent.service.*?Azure.*'
-    rec_pattern = re.compile(re_pattern, re.VERBOSE)
-
-    return len(rec_pattern.findall(service_output.stdout)) > 0
-
 def get_file_contents(in_file):
     try:
         with open(in_file, 'r') as pfile:
@@ -386,10 +377,6 @@ def create_custom_image(stdscr, docker_socket, workload_type, base_image_name, i
     update_user_and_commentary_win_array(user_console, guide_win, introduction, index)
     update_user_input()
 
-    if not is_azure_instance():
-        update_user_and_commentary_win_array(user_console, guide_win, azure_warning, azure_help)
-        update_user_input()
-
     # 1. Provide command-line arguments
     args = get_insecure_args(workload_type)
     if args:
@@ -497,10 +484,13 @@ def create_custom_image(stdscr, docker_socket, workload_type, base_image_name, i
     if host_net and host_net not in flags:
         flags = flags + " " + host_net
     commands_fp = open(commands_file, 'w')
+
     if attestation_required == 'y':
-        debug_enclave_env_ver_ext = ''
-        if config == 'test' or debug_flag == 'y':
-            debug_enclave_env_ver_ext = debug_enclave_env_verifier
+        verifier_env_vars = ' -e RA_TLS_ALLOW_SW_HARDENING_NEEDED=1 '
+        if attestation_input == 'test':
+            verifier_env_vars += ' -e RA_TLS_ALLOW_OUTDATED_TCB_INSECURE=1 '
+        if debug_flag == 'y':
+            verifier_env_vars += ' -e RA_TLS_ALLOW_DEBUG_ENCLAVE_INSECURE=1 '
 
         ssl_folder_abs_path_on_host = os.path.abspath(ssl_folder_path_on_host)
         verifier_cert_mount_str = verifier_cert_mount.format(ssl_folder_abs_path_on_host)
@@ -535,7 +525,7 @@ def create_custom_image(stdscr, docker_socket, workload_type, base_image_name, i
                                 f'$ docker run {host_net} --device=/dev/sgx/enclave '
                                 f'-e RA_TLS_MRENCLAVE={mr_enclave} -e RA_TLS_MRSIGNER={mr_signer} '
                                 f'-e RA_TLS_ISV_PROD_ID={isv_prod_id} -e RA_TLS_ISV_SVN={isv_svn} '
-                                f'{debug_enclave_env_ver_ext}' + verifier_cert_mount_str + ' ' +
+                                f'{verifier_env_vars}' + verifier_cert_mount_str + ' ' +
                                 enc_keys_mount_str + ' -it verifier:latest')
         custom_image_dns_info = ''
         if config != 'test':

Intel-Confidential-Compute-for-X/util/constants.py

@@ -26,8 +26,8 @@
 test_image_msg = ('\nYour test GSC image is being generated. This image is not supposed to be'
                    ' used in production\n')
 
-test_run_instr = ('Run the {} docker image in an Azure Confidential Compute'
-                  ' instance using the below command.\n\n'
+test_run_instr = ('Run the {} docker image in an SGX enabled'
+                  ' system using the below command.\n\n'
                   'Host networking (--net=host) is optional\n\n{}\n\n'
                   'Above command is saved to command.txt as well.\n')
 test_run_cmd = ('$ docker run --net=host --device=/dev/sgx/enclave {} -it {}')
@@ -46,8 +46,8 @@
                 ' more context for each of the steps.', 'Do not resize this terminal window.',
                 'Press CTRL+G to get started!']
 
-index = ['The target deployment environment is assumed to be an Azure Confidential compute'
-         ' instance.','Following stages are involved in the GSC image curation:',
+index = ['The target deployment environment is assumed to be an SGX enabled system'
+         ,'Following stages are involved in the GSC image curation:',
          '1. Command-line arguments',
          '2. Environment variables',
          '3. Additional docker run flags',
@@ -67,8 +67,8 @@
                     + color_set]
 verifier_build_messg = 'Building the RA-TLS Verifier image, this might take couple of minutes'
 verifier_log_help = 'You may monitor verifier/{} for progress'
-attestation_prompt = ['>> Remote Attestation:' , 'To enable remote attestation using Azure DCAP'
-                      ' client libs, use another terminal to copy the ca.crt, server.crt, and'
+attestation_prompt = ['>> Remote Attestation:' , 'To enable remote attestation using Intel SGX DCAP'
+                      ' libs, use another terminal to copy the ca.crt, server.crt, and'
                       ' server.key certificates to Intel-Confidential-Compute-for-X/verifier/ssl'
                       ' directory',
                       'NOTE: Encrypted Filesystem of Gramine requires Attestation to provision'
@@ -80,8 +80,8 @@
                       ' option is thus insecure and must not be used in production environments!',
                       'Press CTRL+G when done']
 attestation_help = ['This step enables the enclave to communicate to a remote verifier over'
-                    ' an Remote Attestation TLS (RA-TLS) link. This remote verifier uses Azure'
-                    ' DCAP client libs to verify the Quote supplied by the enclave. RA-TLS'
+                    ' an Remote Attestation TLS (RA-TLS) link. This remote verifier uses'
+                    ' Intel SGX DCAP libs to verify the Quote supplied by the enclave. RA-TLS'
                     ' attestation flow requires you to provide a set of certificates and keys to'
                     ' enable the attestation flow. The CA certificate will be used to TLS'
                     ' authenticate the verifier during the RA-TLS flow. A test sample set of'
@@ -133,8 +133,7 @@
 
 wait_message = ['Image Creation:', 'Your Gramine Shielded Container image is being created.'
                 ' This might take a few minutes.']
-system_config_message = ['System config by default is assumed to be an Azure Confidential compute'
-                         ' instance.']
+system_config_message = ['System config by default is assumed to be an SGX enabled system.']
 run_command_no_att = '$ docker run {} --device=/dev/sgx/enclave -it {}'
 run_with_debug = 'python3 curate.py {} {} debug' + color_set
 extra_debug_instr = ("It's also possible that you may run into issues resulting from lack of"
@@ -155,14 +154,6 @@
 enc_key_path = '/keys/{}'
 ssl_folder_path_on_host = 'verifier/ssl_common'
 verifier_cert_mount = '-v {}:/ra-tls-secret-prov/ssl'
-debug_enclave_env_verifier = (' -e RA_TLS_ALLOW_DEBUG_ENCLAVE_INSECURE=1 -e'
-                              ' RA_TLS_ALLOW_OUTDATED_TCB_INSECURE=1 ')
-azure_warning = ['Warning: You are building'
-                 ' these images on a non Azure Confidential Compute instance' + color_set,
-                 'Please ensure you run the final images on an Azure VM or in the AKS cluster only'
-                 ,'Press CTRL+G to continue']
-azure_help = ['The target deployment environment is assumed to be an Azure Confidential compute'
-              ' instance.']
 verifier_log_file = 'verifier.log'
 file_not_found_error = 'Error: {} file does not exist.'
 CTRL_G = 7

Intel-Confidential-Compute-for-X/util/curation_script.sh

@@ -30,7 +30,7 @@
 # -- arg8    : verifier's ca certificate path
 # -- arg9    : y or n (environment variables available?)
 # -- arg10   : Actual environment variable string
-# -- arg11   : y or n (encrypted files as part of base image?)
+# -- arg11   : y or n (encrypted files to be used with workload?)
 # -- arg12   : Path to the encrypted files in the image
 # -- arg13   : encryption key used for encrypting sensitive files such as models, data etc.
 # -- arg14   : Passphrase to the enclave signing key (if applicable)

Intel-Confidential-Compute-for-X/verifier/ca_config.conf

@@ -0,0 +1,15 @@
+[ req ]
+default_bits       = 4096
+default_md         = sha512
+default_keyfile    = example.com.key
+prompt             = no
+encrypt_key        = no
+distinguished_name = req_distinguished_name
+
+[ req_distinguished_name ]
+countryName            = "XX"             # C=
+localityName           = "XXXXX"          # L=
+organizationName       = "My Company"     # O=
+organizationalUnitName = "Department"     # OU=
+commonName             = "localhost"      # CN=
+emailAddress           = "me@example.com" # email

Intel-Confidential-Compute-for-X/verifier/helper.sh

@@ -6,45 +6,46 @@
 # The script is called only when attestation is required by the user.
 
 # The input parameters in sequence are below:
-# -- arg1    : 'done' means user provided his own certs in verifier/ssl directory, else the default
-#               non-production ready certs will be used. The certs are finally copied to ssl_common
-#               directory for future use by GSC image and the verifier image.
-# -- arg2    :  encryption key path. When this variable is set, then `CMD ["key-path"]` will be
-#               appended to verifier.dockerfile
+# -- arg1    : 'done' means user provided his own certs in verifier/ssl directory or
+#              'test' means non-production ready certs will be used.
+#              The certs are finally copied to ssl_common directory for future use by GSC image and
+#              the verifier image.
+# -- arg2    : y or n (encrypted files to be used with workload?)
+# -- arg3    : Encryption key path. `CMD ["key-path"]` instruction will be appended to
+#              verifier.dockerfile when this variable is set.
+
+set -e
 echo printing args $0 $@
 
+MY_PATH=$(dirname "$0")
+pushd ${MY_PATH}
+
+docker rmi -f verifier >/dev/null 2>&1
 rm -rf  ssl_common >/dev/null 2>&1
 mkdir -p ssl_common
 
 if [ "$1" = "done" ]; then
-    cd ssl
-    cp ca.crt server.crt server.key ../ssl_common
-    cd ..
+    cp ssl/ca.crt ssl/server.crt ssl/server.key ssl_common/
 else
-    rm -rf gramine >/dev/null 2>&1
-    git clone --depth 1 --branch v1.5 https://github.com/gramineproject/gramine.git
-
-    cd gramine/CI-Examples/ra-tls-secret-prov
-    make clean && make ssl/server.crt
-    cd ssl
-    cp ca.crt server.crt server.key ../../../../ssl_common
-    cd ../../../../
-    rm -rf gramine >/dev/null 2>&1
+    openssl genrsa -out ssl_common/ca.key 2048
+    openssl req -x509 -new -nodes -key ssl_common/ca.key -sha256 -days 1024 -out ssl_common/ca.crt -config ca_config.conf
+    openssl genrsa -out ssl_common/server.key 2048
+    openssl req -new -key ssl_common/server.key -out ssl_common/server.csr -config ca_config.conf
+    openssl x509 -req -days 360 -in ssl_common/server.csr -CA ssl_common/ca.crt -CAkey ssl_common/ca.key -CAcreateserial -out ssl_common/server.crt
 fi
 
 cp verifier.dockerfile.template verifier.dockerfile
 
 args=''
 # Use `secret_prov_pf` if base image has encrypted files
 if [ "$2" = "y" ]; then
-    sed -i 's|secret_prov_minimal|secret_prov_pf|g' verifier.dockerfile
-    args="--build-arg server_dcap_pf=y"
+    args="--build-arg server_dcap_type=secret_prov_pf"
 fi
 
+# Add encryption key path
 if [ ! -z "$3" ]; then
     echo 'CMD ["'$3'"]' >> verifier.dockerfile
 fi
 
-docker rmi -f verifier_image >/dev/null 2>&1
 cd ..
 docker build -f verifier/verifier.dockerfile -t verifier $args .

Intel-Confidential-Compute-for-X/verifier/verifier.dockerfile.template

@@ -3,24 +3,14 @@
 
 FROM ubuntu:22.04
 
-RUN echo "deb http://security.ubuntu.com/ubuntu focal-security main" | tee /etc/apt/sources.list.d/focal-security.list
-
 RUN env DEBIAN_FRONTEND=noninteractive apt-get update \
     && env DEBIAN_FRONTEND=noninteractive apt-get install -y \
     build-essential \
     git \
-    libssl1.1 \
     pkg-config
 
 COPY keys/* /usr/share/keyrings/
 
-# Installing Azure DCAP Quote Provider Library (az-dcap-client).
-# Here, the version of az-dcap-client should be in sync with the az-dcap-client
-# version used for quote generation. User can replace the below package with the
-# latest package.
-RUN echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.asc] https://packages.microsoft.com/ubuntu/20.04/prod focal main" \
-    | tee /etc/apt/sources.list.d/msprod.list
-
 RUN echo "deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx-deb.asc] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main" \
     | tee /etc/apt/sources.list.d/intel-sgx.list
 
@@ -29,24 +19,27 @@ RUN echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/gramine-keyring.gpg] htt
 
 RUN env DEBIAN_FRONTEND=noninteractive apt-get update \
     && env DEBIAN_FRONTEND=noninteractive apt-get install -y \
-    az-dcap-client \
+    libsgx-dcap-default-qpl=1.16.100.2-jammy1 \
     gramine=1.5
 
+RUN sed -i "s|^\(  \"pccs_url\": \"https://\).*\(/sgx/certification.*\)|\1api.trustedservices.intel.com\2|g" \
+    /etc/sgx_default_qcnl.conf
+
 RUN git clone --depth 1 --branch v1.5 https://github.com/gramineproject/gramine.git
 
-ARG server_dcap_pf="n"
-RUN if [ $server_dcap_pf="y" ]; then \
+ARG server_dcap_type="secret_prov_minimal"
+RUN if [ $server_dcap_type="secret_prov_pf" ]; then \
         sed -i "s|verify_measurements_callback,|NULL,|g" \
         "gramine/CI-Examples/ra-tls-secret-prov/secret_prov_pf/server.c"; \
     fi
 
-RUN mkdir -p /ra-tls-secret-prov/secret_prov_minimal
+RUN mkdir -p /ra-tls-secret-prov/$server_dcap_type
 RUN cd gramine/CI-Examples/ra-tls-secret-prov/ \
     && make clean && make dcap \
-    && cp secret_prov_minimal/server_dcap /ra-tls-secret-prov/secret_prov_minimal/
+    && cp $server_dcap_type/server_dcap /ra-tls-secret-prov/$server_dcap_type/
 
 RUN rm -rf gramine >/dev/null 2>&1
 
-WORKDIR /ra-tls-secret-prov/secret_prov_minimal
+WORKDIR /ra-tls-secret-prov/$server_dcap_type
 
 ENTRYPOINT ["./server_dcap"]