search

intel / SGXDataCenterAttestationPrimitives

Other
281 stars 166 forks source link

Linux installation of "sgx-pck-id-retrieval-tool" question #132

Open jurobystricky opened 4 years ago

jurobystricky commented 4 years ago

Currently the "sgx-pck-id-retrieval-tool" RPM package installs the following files: /opt/intel/sgx-pck-id-retrieval-tool/License.txt /opt/intel/sgx-pck-id-retrieval-tool/PCKIDRetrievalTool /opt/intel/sgx-pck-id-retrieval-tool/README.txt /opt/intel/sgx-pck-id-retrieval-tool/libdcap_quoteprov.so.1 /opt/intel/sgx-pck-id-retrieval-tool/network_setting.conf /opt/intel/sgx-pck-id-retrieval-tool/pck_id_retrieval_tool_enclave.signed.so

and one additional symlink in /usr/local/bin PCKIDRetrievalTool -> /opt/intel/sgx-pck-id-retrieval-tool/PCKIDRetrievalTool

Is there any particular reason these files are not installed in standard Linux locations?

/usr/bin/PCKIDRetrievalTool /usr/lib64/libdcap_quoteprov.so.1 /usr/lib64/pck_id_retrieval_tool_enclave.signed.so /etc/sgx-pck-id-retrieval-tool/network_setting.conf %{_licensedir}/sgx-pck-id-retrieval-tool/License.txt %{_docdir}/sgx-pck-id-retrieval-tool/README.txt

I am aware placing network_settings in /etc/ folder would require code change, but the change is rather trivial.

Also, the README.txt file says:

 Please install these Debian or RPM packages, you can download it from [01.org](https://01.org/intel-software-guard-extensions/downloads)
             a. libsgx-enclave-common_{version}-{revision}_{arch}.deb or libsgx-enclave-common_{version}-{revision}_{arch}.rpm
             b. libsgx-dcap-ql_{version}-{revision}_{arch}.deb or libsgx-dcap-ql_{version}-{revision}_{arch}.rpm

The sgx-pck-id-retrieval-tool.spec file already contains:

Recommends:     libsgx-urts >= 2.11, libsgx-dcap-ql >= %{version}-%{release}, libsgx-ra-uefi >= %{version}-%{release}

Considering there are users that may not read the README.txt, the .spec file should probably contain:

Recommends:     libsgx-urts >= 2.11,  libsgx-ra-uefi >= %{version}-%{release}
Requires: libsgx-enclave-common >= 2.11
Requires: libsgx-dcap-ql >= %{version}-%{release}

The README.txt "_{version}-{revision}" is a bit confusing as well, as DCAP version/revision differs form SDK/PSW /version/revision

jsun39 commented 4 years ago

Thanks a lot for your comments.

  1. libdcap_quoteprov.so.1 this library is specific for this tool, if we put this library to the system folder/path, it will impact DCAP users. This is why I didn't install in standard Linux locations. For other files, yes, maybe installing them in standard Linux location is better.

  2. For the spec file issue, I have added this tool to the repo(or local repo). In fact, these libraries have some dependency relationship. Just one example, libsgx-urts will depend on libsgx-enclave-common, so In current spec file: it is enough. If you use the repo way t install this tool, you didn't need install these depended package manually. Maybe I need update the README.

  3. "_{version}-{revision}", I will check it.

jsun39 commented 3 years ago

for item 3, maybe it is a litter confusing for user. But we don't have plan to unify these version information between DCAP and SDK/PSW.

jsun39 commented 3 years ago

do you have further comments? Could we close this issue?