SGX Verification Service is a web service whose job is to verify SGX ECDSA Quotes

• Verify if PCK Certificate in a quote is valid
• Verify TcbInfo, PCKCRL, QEIdentity for a platform
• RESTful APIs for easy and versatile access to above features

• RHEL 8.4 or ubuntu 20.04
• Epel 8 Repo
• Proxy settings if applicable

• git
• make
• makeself
• Go 1.18.8

sudo dnf install -y git wget makeself

The SGX Verification Service requires Go version 1.18.8 that has support for go modules. please keep in mind that the product has been validated with 1.18.8 and newer versions of go may introduce compatibility issues. You can use the following to install go.

wget https://dl.google.com/go/go1.18.8.linux-amd64.tar.gz
tar -xzf go1.18.8.linux-amd64.tar.gz
sudo mv go /usr/local
export GOROOT=/usr/local/go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH

• Git clone the SGX Verification service
• Run scripts to build the SGX Verification service

git clone https://github.com/intel-secl/sgx-verification-service.git
cd sgx-verification-service
git checkout v5.1.0
make

Update sqvs.env present in dist/linux folder with required env values and then run below command to deploy SQVS.

NOTE: Retrieve appropriate Trusted RootCA certificate files for SGX platform (trusted_rootca_icx_preprod.pem for IceLake Sandbox PCS, trusted_rootca_icx_prod.pem for IceLake Live PCS and trusted_rootca_clx_prod.pem for CascadeLake Live PCS Server) from dist/linux directory in SQVS repository.

> ./out/sqvs-*.bin

• Start service

  • sqvs start

• Stop service

  • sqvs stop

• Restart service

  • sqvs restart

• Status of service

  • sqvs status

• Certificate Management Service

• Authentication and Authorization Service

Note: All dependencies are listed in go.mod