SGX Verification Service
is a web service whose job is to verify SGX ECDSA Quotes
- Verify if PCK Certificate in a quote is valid
- Verify TcbInfo, PCKCRL, QEIdentity for a platform
- RESTful APIs for easy and versatile access to above features
- RHEL 8.4 or ubuntu 20.04
- Epel 8 Repo
- Proxy settings if applicable
- git
- make
- makeself
- Go 1.18.8
sudo dnf install -y git wget makeself
The SGX Verification Service
requires Go version 1.18.8 that has support for go modules
. please keep in mind that the product has been validated with 1.18.8 and newer versions of go
may introduce compatibility issues. You can use the following to install go
.
wget https://dl.google.com/go/go1.18.8.linux-amd64.tar.gz
tar -xzf go1.18.8.linux-amd64.tar.gz
sudo mv go /usr/local
export GOROOT=/usr/local/go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
- Git clone the SGX Verification service
- Run scripts to build the SGX Verification service
git clone https://github.com/intel-secl/sgx-verification-service.git
cd sgx-verification-service
git checkout v5.1.0
make
Update sqvs.env present in dist/linux folder with required env values and then run below command to deploy SQVS.
NOTE: Retrieve appropriate Trusted RootCA certificate files for SGX platform (trusted_rootca_icx_preprod.pem for IceLake Sandbox PCS, trusted_rootca_icx_prod.pem for IceLake Live PCS and trusted_rootca_clx_prod.pem for CascadeLake Live PCS Server) from dist/linux directory in SQVS repository.
> ./out/sqvs-*.bin
-
Start service
- sqvs start
-
Stop service
- sqvs stop
-
Restart service
- sqvs restart
-
Status of service
- sqvs status
-
Certificate Management Service
-
Authentication and Authorization Service
Name | Repo URL | Minimum Version Required |
---|---|---|
handlers | github.com/gorilla/handlers | v1.4.2 |
mux | github.com/gorilla/mux | v1.7.4 |
errors | github.com/pkg/errors | v0.9.1 |
logrus | github.com/sirupsen/logrus | v1.7.0 |
testify | github.com/stretchr/testify | v1.6.1 |
yaml.v3 | gopkg.in/yaml.v3 | v3.0.1 |
restruct | gopkg.in/restruct | v1.0.0 |
common | github.com/intel-secl/common | v5.1.0 |
clients | github.com/intel-secl/clients | v5.1.0 |
Note: All dependencies are listed in go.mod