diff --git a/QuoteGeneration/README.md b/QuoteGeneration/README.md
index b66dc486..d952f770 100644
--- a/QuoteGeneration/README.md
+++ b/QuoteGeneration/README.md
@@ -37,7 +37,7 @@ For Windows* OS
**NOTE**:`sgx_dcap_dev.inf` is for Windows* Server 2016 LTSC and `sgx_dcap.inf` is for Windows* Server 2019 LTSC.
## How to install
- Refer to the *"Installation Instructions"* section in the [Intel(R) Software Guard Extensions: Data Center Attestation Primitives Installation Guide For Windows* OS](https://download.01.org/intel-sgx/sgx-dcap/1.12/windows/docs/Intel_SGX_DCAP_Windows_SW_Installation_Guide.pdf) to install the right packages on your platform.
+ Refer to the *"Installation Instructions"* section in the [Intel(R) Software Guard Extensions: Data Center Attestation Primitives Installation Guide For Windows* OS](https://download.01.org/intel-sgx/sgx-dcap/1.12.1/windows/docs/Intel_SGX_DCAP_Windows_SW_Installation_Guide.pdf) to install the right packages on your platform.
For Linux* OS
diff --git a/QuoteGeneration/common/inc/internal/se_version.h b/QuoteGeneration/common/inc/internal/se_version.h
index 48f7e886..94ae83ae 100644
--- a/QuoteGeneration/common/inc/internal/se_version.h
+++ b/QuoteGeneration/common/inc/internal/se_version.h
@@ -28,11 +28,11 @@
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
-#define STRFILEVER "1.12.100.3"
-#define COPYRIGHT "Copyright (C) 2020 Intel Corporation"
-#define FILEVER 1,12,100,3
-#define PRODUCTVER 1,12,100,3
-#define STRPRODUCTVER "1.12.100.3"
+#define STRFILEVER "1.12.101.1"
+#define COPYRIGHT "Copyright (C) 2021 Intel Corporation"
+#define FILEVER 1,12,101,1
+#define PRODUCTVER 1,12,101,1
+#define STRPRODUCTVER "1.12.101.1"
#define COMPANYNAME "Intel Corporation"
#define PRODUCTNAME "IntelĀ® Software Guard Extensions"
diff --git a/QuoteGeneration/download_prebuilt.bat b/QuoteGeneration/download_prebuilt.bat
index a88c1d58..ef7a6b43 100644
--- a/QuoteGeneration/download_prebuilt.bat
+++ b/QuoteGeneration/download_prebuilt.bat
@@ -29,9 +29,9 @@
@echo off
-set ae_file_name=prebuilt_windows_dcap_1.12.zip
-set checksum_file=SHA256SUM_prebuilt_windows_dcap_1.12.cfg
-set server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.12/windows/
+set ae_file_name=prebuilt_windows_dcap_1.12.1.zip
+set checksum_file=SHA256SUM_prebuilt_windows_dcap_1.12.1.cfg
+set server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.12.1/windows/
set server_ae_url=%server_url_path%/%ae_file_name%
set server_checksum_url=%server_url_path%/%checksum_file%
diff --git a/QuoteGeneration/download_prebuilt.sh b/QuoteGeneration/download_prebuilt.sh
index bf940e90..1db24336 100755
--- a/QuoteGeneration/download_prebuilt.sh
+++ b/QuoteGeneration/download_prebuilt.sh
@@ -32,9 +32,9 @@
top_dir=`dirname $0`
out_dir=$top_dir
-ae_file_name=prebuilt_dcap_1.12.tar.gz
-checksum_file=SHA256SUM_prebuilt_dcap_1.12.cfg
-server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.12/linux
+ae_file_name=prebuilt_dcap_1.12.1.tar.gz
+checksum_file=SHA256SUM_prebuilt_dcap_1.12.1.cfg
+server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.12.1/linux
server_ae_url=$server_url_path/$ae_file_name
server_checksum_url=$server_url_path/$checksum_file
diff --git a/QuoteGeneration/installer/win/DCAP_Components/DCAP_Components.nuspec b/QuoteGeneration/installer/win/DCAP_Components/DCAP_Components.nuspec
index dab77256..c1e10b9c 100644
--- a/QuoteGeneration/installer/win/DCAP_Components/DCAP_Components.nuspec
+++ b/QuoteGeneration/installer/win/DCAP_Components/DCAP_Components.nuspec
@@ -10,7 +10,7 @@
DCAP Components
Copyright (C) 2021 Intel Corporation
-
+
diff --git a/QuoteGeneration/pccs/container/Dockerfile b/QuoteGeneration/pccs/container/Dockerfile
index 0bb385e3..fd8d0d42 100644
--- a/QuoteGeneration/pccs/container/Dockerfile
+++ b/QuoteGeneration/pccs/container/Dockerfile
@@ -1,7 +1,7 @@
FROM ubuntu:20.04 AS builder
# DCAP version (github repo branch, tag or commit hash)
-ARG DCAP_VERSION=DCAP_1.12
+ARG DCAP_VERSION=DCAP_1.12.1
# update and install packages
RUN DEBIAN_FRONTEND=noninteractive \
diff --git a/QuoteGeneration/pccs/dao/fmspcTcbDao.js b/QuoteGeneration/pccs/dao/fmspcTcbDao.js
index d2341b5f..18284e8b 100644
--- a/QuoteGeneration/pccs/dao/fmspcTcbDao.js
+++ b/QuoteGeneration/pccs/dao/fmspcTcbDao.js
@@ -33,6 +33,7 @@ import Constants from '../constants/index.js';
import PccsError from '../utils/PccsError.js';
import PccsStatus from '../constants/pccs_status_code.js';
import { FmspcTcbs, sequelize } from './models/index.js';
+import Sequelize from 'sequelize';
// Update or insert a record in JSON format
export async function upsertFmspcTcb(tcbinfoJson) {
@@ -75,5 +76,22 @@ export async function getTcbInfo(type, fmspc) {
//Query all TCBInfos
export async function getAllTcbs() {
- return await FmspcTcbs.findAll();
+ return await FmspcTcbs.findAll({
+ where: {
+ type: {
+ [Sequelize.Op.not]: null,
+ },
+ },
+ });
+}
+
+//Delete TCBInfos whose type is null
+export async function deleteInvalidTcbs() {
+ return await FmspcTcbs.destroy({
+ where: {
+ type: {
+ [Sequelize.Op.is]: null,
+ },
+ },
+ });
}
diff --git a/QuoteGeneration/pccs/migrations/02_db_version_2.js b/QuoteGeneration/pccs/migrations/02_db_version_2.js
index 72e8f0bb..ef93a270 100644
--- a/QuoteGeneration/pccs/migrations/02_db_version_2.js
+++ b/QuoteGeneration/pccs/migrations/02_db_version_2.js
@@ -43,7 +43,7 @@ async function up(sequelize) {
// this is done by 1.Create new table 2.Copy data 3.Drop old table 4.Rename new into old
logger.debug('DB Migration -- update fmspc_tcbs');
sql =
- 'CREATE TABLE IF NOT EXISTS fmspc_tcbs_temp (fmspc VARCHAR(255) , type INTEGER, ' +
+ 'CREATE TABLE IF NOT EXISTS fmspc_tcbs_temp (fmspc VARCHAR(255) NOT NULL, type INTEGER NOT NULL, ' +
' tcbinfo BLOB, root_cert_id INTEGER, signing_cert_id INTEGER, ' +
' created_time DATETIME NOT NULL, updated_time DATETIME NOT NULL, PRIMARY KEY(fmspc, type));';
await sequelize.query(sql);
diff --git a/QuoteGeneration/pccs/services/refreshService.js b/QuoteGeneration/pccs/services/refreshService.js
index 6e4648f2..7179c6a3 100644
--- a/QuoteGeneration/pccs/services/refreshService.js
+++ b/QuoteGeneration/pccs/services/refreshService.js
@@ -266,6 +266,7 @@ async function refresh_one_tcb(fmspc) {
// Then refresh cache DB
await fmspcTcbDao.upsertFmspcTcb({
fmspc: fmspc,
+ type: Constants.PROD_TYPE_SGX,
tcbinfo: pck_server_res.rawBody,
});
// update or insert certificate chain
@@ -282,6 +283,9 @@ async function refresh_one_tcb(fmspc) {
// Refresh all TCBs in the table
async function refresh_all_tcbs() {
+ // hotfix : delete type==null records
+ await fmspcTcbDao.deleteInvalidTcbs();
+
const tcbs = await fmspcTcbDao.getAllTcbs();
for (let tcb of tcbs) {
// refresh each tcb
diff --git a/QuoteGeneration/psw/ae/data/prebuilt/README.md b/QuoteGeneration/psw/ae/data/prebuilt/README.md
index f2f8566a..1d2f65f8 100644
--- a/QuoteGeneration/psw/ae/data/prebuilt/README.md
+++ b/QuoteGeneration/psw/ae/data/prebuilt/README.md
@@ -5,4 +5,4 @@ The PCE is part of Intel(R) Software Guard Extensions for Linux\* OS which is pu
The QE3 is part of [Intel(R) Software Guard Extensions Data Center Attestation Primitives](https://github.com/intel/SGXDataCenterAttestationPrimitives/) Github repository. The libsgx_qe3.signed.so in prebuilt package is built by [qe3](https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master/QuoteGeneration/quote_wrapper/quote/enclave) with branch [sgx_2.15_reproducible](https://github.com/intel/linux-sgx/tree/sgx_2.15_reproducible) and signed by Intel.
# QVE source code
-The QVE is part of [Intel(R) Software Guard Extensions Data Center Attestation Primitives](https://github.com/intel/SGXDataCenterAttestationPrimitives/) Github repository. The libsgx_qve.signed.so in prebuilt package is built by [qve](https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master/QuoteVerification/QvE/Enclave) with branch [sgx_2.15_reproducible](https://github.com/intel/linux-sgx/tree/sgx_2.15_reproducible)and signed by Intel.
+The QVE is part of [Intel(R) Software Guard Extensions Data Center Attestation Primitives](https://github.com/intel/SGXDataCenterAttestationPrimitives/) Github repository. The libsgx_qve.signed.so in prebuilt package is built by [qve](https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master/QuoteVerification/QvE/Enclave) with branch [sgx_2.15.101_reproducible](https://github.com/intel/linux-sgx/tree/sgx_2.15.101_reproducible)and signed by Intel.
diff --git a/QuoteVerification/QvE/Enclave/qve.cpp b/QuoteVerification/QvE/Enclave/qve.cpp
index ceda50cf..6353f509 100644
--- a/QuoteVerification/QvE/Enclave/qve.cpp
+++ b/QuoteVerification/QvE/Enclave/qve.cpp
@@ -205,6 +205,7 @@ static quote3_error_t status_error_to_quote3_error(Status status_err) {
case STATUS_SGX_ENCLAVE_IDENTITY_EXPIRED:
return SGX_QL_SGX_ENCLAVE_IDENTITY_EXPIRED;
case STATUS_PCK_REVOKED:
+ case STATUS_SGX_PCK_REVOKED:
case STATUS_SGX_INTERMEDIATE_CA_REVOKED:
case STATUS_SGX_TCB_SIGNING_CERT_REVOKED:
return SGX_QL_PCK_REVOKED;
@@ -252,9 +253,9 @@ static sgx_ql_qv_result_t status_error_to_ql_qve_result(Status status_err) {
case STATUS_TCB_INFO_INVALID_SIGNATURE:
return SGX_QL_QV_RESULT_INVALID_SIGNATURE;
case STATUS_PCK_REVOKED:
+ case STATUS_SGX_PCK_REVOKED:
case STATUS_TCB_REVOKED:
case STATUS_SGX_TCB_SIGNING_CERT_REVOKED:
- case STATUS_SGX_PCK_REVOKED:
case STATUS_SGX_INTERMEDIATE_CA_REVOKED:
return SGX_QL_QV_RESULT_REVOKED;
case STATUS_TCB_CONFIGURATION_NEEDED:
diff --git a/QuoteVerification/prepare_sgxssl.cmd b/QuoteVerification/prepare_sgxssl.cmd
index 05a3ec74..f59868bf 100644
--- a/QuoteVerification/prepare_sgxssl.cmd
+++ b/QuoteVerification/prepare_sgxssl.cmd
@@ -39,7 +39,7 @@ set top_dir=%~dp0
set sgxssl_dir=%top_dir%\sgxssl
set openssl_out_dir=%sgxssl_dir%\openssl_source
-set openssl_ver_name=openssl-1.1.1k
+set openssl_ver_name=openssl-1.1.1l
set sgxssl_github_archive=https://github.com/intel/intel-sgx-ssl/archive
set sgxssl_ver_name=win_2.13_1.1.1k
set sgxssl_ver=%sgxssl_ver_name%
@@ -49,7 +49,8 @@ set server_url_path=https://www.openssl.org/source/
set full_openssl_url=%server_url_path%/%openssl_ver_name%.tar.gz
set sgxssl_chksum=9DA2BBEEDA00F5F65A1D624F55F96E222EA84AE483411264ABC2DB73E1ABE704
-set openssl_chksum=892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5
+set openssl_chksum=0B7A3E5E59C34827FE0C3A74B7EC8BAEF302B98FA80088D7F9153AA16FA76BD1
+
if not exist %sgxssl_dir% (
mkdir %sgxssl_dir%
diff --git a/QuoteVerification/prepare_sgxssl.sh b/QuoteVerification/prepare_sgxssl.sh
index 9dbd9bc3..8a3c9e46 100755
--- a/QuoteVerification/prepare_sgxssl.sh
+++ b/QuoteVerification/prepare_sgxssl.sh
@@ -34,7 +34,7 @@ ARG1=${1:-build}
top_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
sgxssl_dir=$top_dir/sgxssl
openssl_out_dir=$sgxssl_dir/openssl_source
-openssl_ver_name=openssl-1.1.1k
+openssl_ver_name=openssl-1.1.1l
sgxssl_github_archive=https://github.com/01org/intel-sgx-ssl/archive
sgxssl_file_name=lin_2.14_1.1.1k
build_script=$sgxssl_dir/Linux/build_openssl.sh
@@ -43,7 +43,7 @@ full_openssl_url=$server_url_path/$openssl_ver_name.tar.gz
full_openssl_url_old=$server_url_path/old/1.1.1/$openssl_ver_name.tar.gz
sgxssl_chksum=825e58823f2ec39bcfb69c2c62cc4e769bdac057ade10b362cdeac1f5a563954
-openssl_chksum=892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5
+openssl_chksum=0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1
rm -f check_sum_sgxssl.txt check_sum_openssl.txt
if [ ! -f $build_script ]; then
wget $sgxssl_github_archive/$sgxssl_file_name.zip -P $sgxssl_dir/ || exit 1
diff --git a/prebuilt/openssl/inc/openssl/e_os2.h b/prebuilt/openssl/inc/openssl/e_os2.h
index cf308eee..5c88e519 100644
--- a/prebuilt/openssl/inc/openssl/e_os2.h
+++ b/prebuilt/openssl/inc/openssl/e_os2.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -279,7 +279,8 @@ typedef unsigned __int64 uint64_t;
# define ossl_inline inline
# endif
-# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && \
+ !defined(__cplusplus)
# define ossl_noreturn _Noreturn
# elif defined(__GNUC__) && __GNUC__ >= 2
# define ossl_noreturn __attribute__((noreturn))
diff --git a/prebuilt/openssl/inc/openssl/opensslv.h b/prebuilt/openssl/inc/openssl/opensslv.h
index 0cd6b2f9..cbbfab12 100644
--- a/prebuilt/openssl/inc/openssl/opensslv.h
+++ b/prebuilt/openssl/inc/openssl/opensslv.h
@@ -39,8 +39,8 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x101010bfL
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1k 25 Mar 2021"
+# define OPENSSL_VERSION_NUMBER 0x101010cfL
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1l 24 Aug 2021"
/*-
* The macros below are to be used for shared library (.so, .dll, ...)
diff --git a/prebuilt/openssl/inc/openssl/sslerr.h b/prebuilt/openssl/inc/openssl/sslerr.h
index 82983d3c..701d61c6 100644
--- a/prebuilt/openssl/inc/openssl/sslerr.h
+++ b/prebuilt/openssl/inc/openssl/sslerr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -70,6 +70,7 @@ int ERR_load_SSL_strings(void);
# define SSL_F_FINAL_EMS 486
# define SSL_F_FINAL_KEY_SHARE 503
# define SSL_F_FINAL_MAXFRAGMENTLEN 557
+# define SSL_F_FINAL_PSK 639
# define SSL_F_FINAL_RENEGOTIATE 483
# define SSL_F_FINAL_SERVER_NAME 558
# define SSL_F_FINAL_SIG_ALGS 497
@@ -592,6 +593,7 @@ int ERR_load_SSL_strings(void);
# define SSL_R_MISSING_ECDSA_SIGNING_CERT 381
# define SSL_R_MISSING_FATAL 256
# define SSL_R_MISSING_PARAMETERS 290
+# define SSL_R_MISSING_PSK_KEX_MODES_EXTENSION 310
# define SSL_R_MISSING_RSA_CERTIFICATE 168
# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
# define SSL_R_MISSING_RSA_SIGNING_CERT 170
@@ -633,6 +635,7 @@ int ERR_load_SSL_strings(void);
# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403
# define SSL_R_NULL_SSL_CTX 195
# define SSL_R_NULL_SSL_METHOD_PASSED 196
+# define SSL_R_OCSP_CALLBACK_FAILURE 294
# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
# define SSL_R_OVERFLOW_ERROR 237
diff --git a/prebuilt/openssl/inc/openssl/x509v3err.h b/prebuilt/openssl/inc/openssl/x509v3err.h
index 5f25442f..3b9f7139 100644
--- a/prebuilt/openssl/inc/openssl/x509v3err.h
+++ b/prebuilt/openssl/inc/openssl/x509v3err.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -38,6 +38,7 @@ int ERR_load_X509V3_strings(void);
# define X509V3_F_I2S_ASN1_IA5STRING 149
# define X509V3_F_I2S_ASN1_INTEGER 120
# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138
+# define X509V3_F_I2V_AUTHORITY_KEYID 173
# define X509V3_F_LEVEL_ADD_NODE 168
# define X509V3_F_NOTICE_SECTION 132
# define X509V3_F_NREF_NOS 133
@@ -78,6 +79,7 @@ int ERR_load_X509V3_strings(void);
# define X509V3_F_V2I_TLS_FEATURE 165
# define X509V3_F_V3_GENERIC_EXTENSION 116
# define X509V3_F_X509V3_ADD1_I2D 140
+# define X509V3_F_X509V3_ADD_LEN_VALUE 174
# define X509V3_F_X509V3_ADD_VALUE 105
# define X509V3_F_X509V3_EXT_ADD 104
# define X509V3_F_X509V3_EXT_ADD_ALIAS 106
diff --git a/prebuilt/openssl/lib/linux64/libcrypto.a b/prebuilt/openssl/lib/linux64/libcrypto.a
index c0bc8aac..2a731441 100644
Binary files a/prebuilt/openssl/lib/linux64/libcrypto.a and b/prebuilt/openssl/lib/linux64/libcrypto.a differ
diff --git a/prebuilt/openssl/lib/win64/libcrypto.lib b/prebuilt/openssl/lib/win64/libcrypto.lib
index 894b3fec..febdb9ae 100644
Binary files a/prebuilt/openssl/lib/win64/libcrypto.lib and b/prebuilt/openssl/lib/win64/libcrypto.lib differ
diff --git a/tools/PCKRetrievalTool/README_standalone.txt b/tools/PCKRetrievalTool/README_standalone.txt
new file mode 100644
index 00000000..a9b6b9d9
--- /dev/null
+++ b/tools/PCKRetrievalTool/README_standalone.txt
@@ -0,0 +1,71 @@
+Intel(R) Software Guard Extensions Data Center Attestation Primitives (Intel(R) SGX DCAP): PCK Cert ID Retrieval Tool
+===============================================
+
+## Prerequisites
+- Ensure that you have the following required hardware:
+ * 8th Generation Intel(R) Core(TM) Processor or newer with **Flexible Launch Control** support*
+ * Intel(R) Atom(TM) Processor with **Flexible Launch Control** support*
+
+- Configure the system with the **Intel(R) SGX hardware enabled** option.
+
+For Linux version:
+- Now this tool supports two modes:
+ a. enclave mode: it means that to retrieve the platform's information, enclave load is needed.
+ - Please install Intel(R) Software Guard Extensions driver for Intel(R) Software Guard Extensions Data Center Attestation Primitives:
+ sudo ./sgx_linux_x64_driver_1.41.bin
+ or you can use Linux kernel 5.11 or higher version kernel
+ b. non-enclave mode: in this mode, this tool is used to retrieve the platform manifest for multi-package. command line: -platform_id is used, and
+ user need provide the platform_id.
+
+For Windows version:
+- Now this tool supports two modes:
+ a. enclave mode: it means that to retrieve the platform's information, enclave load is needed.
+ If your platform is connected with internet, you don't do anything, otherwise you need install SGX base driver manually.
+ b. non-enclave mode: in this mode, this tool is used to retrieve the platform manifest for multi-package. command line: -platform_id is used, and
+ user need provide the platform_id.
+
+## Usage
+PCKIDRetrievalTool [OPTION]
+Example: PCKIDRetrievalTool -f retrieval_result.csv -url https://localhost:8081 -user_token 123456 -use_secure_cert true
+
+Options:
+ -f filename - output the retrieval result to the "filename"
+ -url cache_server_address - cache server's address
+ -user_token token_string - user token to access the cache server
+ -proxy_type proxy_type - proxy setting when access the cache server
+ -proxy_url proxy_server_address - proxy server's address
+ -use_secure_cert [true | false] - accept secure/insecure https cert,default value is true
+ -platform_id \"platform_id_string\" - in this mode, enclave is not needed to load, but platform id need to input
+ -? - show command help
+ -h - show command help
+ -help - show command help
+
+If option is not specified, it will write the retrieved data to file: pckid_retrieval.csv
+
+user can also use the configuration file(network_configuration.conf) to configure these options, but
+command line option has higher priority.
+
+## Output file
+If the retrieved data is saved to file:
+ the outputed file is CSV format and the values are CSV delimited Base16(HEX):
+
+in enclave mode:
+ EncryptedPPID(384 byte array),PCE_ID (16 bit integer),CPUSVN (16 byte array),PCE ISVSVN (16 bit integer),QE_ID (16 byte array)[,PLATFORM_MANIFEST (variable length byte array)]
+ Big Endian Little Endian Big Endian Little Endian Big Endian Big Endian
+
+in non-enclave mode:
+ ,PCE_ID (16 bit integer),,,PLATFORM_ID (variable length byte array),PLATFORM_MANIFEST (variable length byte array)
+ Little Endian Big Endian Big Endian
+
+And the retrieved data can also be uploaded to cache server if user provide the cache server's url and access token.
+
+#Notes:
+ 1. If you are using DCAP driver 1.41 or higher version to drive SGX,
+ you need run this tool with root permission or add your account to sgx_prv group like:
+ $ sudo usermod -a -G sgx_prv
+ 2. If you are using Linux Kernel 5.11 or higher version to drive SGX,
+ you need run this tool with root permission or add your account to sgx_prv group like:
+ $ sudo usermod -a -G sgx_prv
+ 3. If you are using this tool in Ubuntu 20.04, please execute the following command:
+ $ sudo mount -o remount,exec /dev
+
diff --git a/tools/PCKRetrievalTool/gen_release.bat b/tools/PCKRetrievalTool/gen_release.bat
index 55aa1711..ee79ba95 100644
--- a/tools/PCKRetrievalTool/gen_release.bat
+++ b/tools/PCKRetrievalTool/gen_release.bat
@@ -53,7 +53,7 @@ CALL :COPY_FILE ..\..\x64\release\sgx_dcap_ql.dll %rel_dir_name%
CALL :COPY_FILE ..\..\QuoteGeneration\psw\ae\data\prebuilt\win\pce.signed.dll %rel_dir_name%
CALL :COPY_FILE ..\..\QuoteGeneration\psw\ae\data\prebuilt\win\qe3.signed.dll %rel_dir_name%
CALL :COPY_FILE network_setting.conf %rel_dir_name%
-CALL :COPY_FILE README.txt %rel_dir_name%
+CALL :COPY_FILE README_standalone.txt %rel_dir_name%\README.txt
CALL :COPY_FILE License.txt %rel_dir_name%
diff --git a/tools/PCKRetrievalTool/gen_release.sh b/tools/PCKRetrievalTool/gen_release.sh
index 360e899d..0a7b3337 100755
--- a/tools/PCKRetrievalTool/gen_release.sh
+++ b/tools/PCKRetrievalTool/gen_release.sh
@@ -54,7 +54,7 @@ cp ../../QuoteGeneration/build/linux/libsgx_pce_logic.so $rel_dir_name
cp ../SGXPlatformRegistration/build/lib64/libmpa_uefi.so $rel_dir_name/libmpa_uefi.so.1
cp ../../../../build/linux/libsgx_enclave_common.so $rel_dir_name/libsgx_enclave_common.so.1
cp ../../../../build/linux/libsgx_urts.so $rel_dir_name/libsgx_urts.so
-cp README.txt $rel_dir_name
+cp README_standalone.txt $rel_dir_name/README.txt
cp License.txt $rel_dir_name
cd $rel_dir_name
ln -s libsgx_urts.so libsgx_urts.so.1