diff --git a/cmd/sgx_plugin/README.md b/cmd/sgx_plugin/README.md index 37278e7d3..7daad6903 100644 --- a/cmd/sgx_plugin/README.md +++ b/cmd/sgx_plugin/README.md @@ -64,8 +64,7 @@ The component has the same basic dependancies as the [generic plugin framework dependencies](../../README.md#about). The SGX device plugin requires Linux Kernel SGX drivers to be available. These drivers -are currently available via [RFC patches on Linux Kernel Mailing List](https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-sgx.git). -RFC *v41* was used to validate what is written in this document. +are available in Linux 5.11. The hardware platform must support SGX Flexible Launch Control. diff --git a/demo/sgx-sdk-demo/Dockerfile b/demo/sgx-sdk-demo/Dockerfile index ee2360501..ee6abea23 100644 --- a/demo/sgx-sdk-demo/Dockerfile +++ b/demo/sgx-sdk-demo/Dockerfile @@ -23,8 +23,8 @@ RUN apt-get update && \ # SGX SDK is installed in /opt/intel directory. WORKDIR /opt/intel -ARG SGX_SDK_INSTALLER=sgx_linux_x64_sdk_2.12.100.3.bin -ARG DCAP_VERSION=DCAP_1.9 +ARG SGX_SDK_INSTALLER=sgx_linux_x64_sdk_2.13.100.4.bin +ARG DCAP_VERSION=DCAP_1.10 RUN echo "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main" >> /etc/apt/sources.list.d/intel-sgx.list \ && wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - \ @@ -35,7 +35,7 @@ RUN echo "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu bio libsgx-quote-ex-dev # Install SGX SDK -RUN wget https://download.01.org/intel-sgx/sgx-linux/2.12/distro/ubuntu18.04-server/$SGX_SDK_INSTALLER \ +RUN wget https://download.01.org/intel-sgx/sgx-linux/2.13/distro/ubuntu18.04-server/$SGX_SDK_INSTALLER \ && chmod +x $SGX_SDK_INSTALLER \ && echo "yes" | ./$SGX_SDK_INSTALLER \ && rm $SGX_SDK_INSTALLER diff --git a/deployments/operator/samples/deviceplugin_v1_sgxdeviceplugin.yaml b/deployments/operator/samples/deviceplugin_v1_sgxdeviceplugin.yaml index 1129917d2..6b80ae988 100644 --- a/deployments/operator/samples/deviceplugin_v1_sgxdeviceplugin.yaml +++ b/deployments/operator/samples/deviceplugin_v1_sgxdeviceplugin.yaml @@ -9,4 +9,4 @@ spec: provisionLimit: 110 logLevel: 4 nodeSelector: - feature.node.kubernetes.io/sgx: 'true' + feature.node.kubernetes.io/custom-intel.sgx: 'true' diff --git a/deployments/sgx_aesmd/base/sgx_default_qcnl.conf b/deployments/sgx_aesmd/base/sgx_default_qcnl.conf index ca2acda39..67cb3aff4 100644 --- a/deployments/sgx_aesmd/base/sgx_default_qcnl.conf +++ b/deployments/sgx_aesmd/base/sgx_default_qcnl.conf @@ -1,2 +1,2 @@ -PCCS_URL=https://localhost:8081/sgx/certification/v2/ +PCCS_URL=https://localhost:8081/sgx/certification/v3/ USE_SECURE_CERT=FALSE diff --git a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/sgx_default_qcnl.conf b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/sgx_default_qcnl.conf index ca2acda39..67cb3aff4 100644 --- a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/sgx_default_qcnl.conf +++ b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/sgx_default_qcnl.conf @@ -1,2 +1,2 @@ -PCCS_URL=https://localhost:8081/sgx/certification/v2/ +PCCS_URL=https://localhost:8081/sgx/certification/v3/ USE_SECURE_CERT=FALSE diff --git a/deployments/sgx_nfd/nfd-worker.conf b/deployments/sgx_nfd/nfd-worker.conf index a0090d2bc..6dfc01622 100644 --- a/deployments/sgx_nfd/nfd-worker.conf +++ b/deployments/sgx_nfd/nfd-worker.conf @@ -1,6 +1,6 @@ sources: - cpu: - cpuid: - attributeWhitelist: - - "SGX" - - "SGXLC" + custom: + - name: "intel.sgx" + matchOn: + - kConfig: ["X86_SGX"] + cpuId: ["SGX", "SGXLC"]