[{release/4.x}] Cherry pick: {Update SGX PSW from 2.18 to 2.20 (#5616)…

…} (#5645)
microsoft · Sep 11, 2023 · f64b647 · f64b647
1 parent f40bc6b
commit f64b647
Show file tree

Hide file tree

Showing 13 changed files with 19 additions and 18 deletions.
diff --git a/.azure-pipelines-gh-pages.yml b/.azure-pipelines-gh-pages.yml
@@ -11,7 +11,7 @@ jobs:
     variables:
       Codeql.SkipTaskAutoInjection: true
       skipComponentGovernanceDetection: true
-    container: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-virtual-clang15
+    container: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-virtual-clang15
     pool:
       vmImage: ubuntu-20.04
 

diff --git a/.azure-pipelines-templates/deploy_aci.yml b/.azure-pipelines-templates/deploy_aci.yml
@@ -50,7 +50,7 @@ jobs:
       - script: |
           set -ex
           docker login -u $ACR_TOKEN_NAME -p $ACR_CI_PUSH_TOKEN_PASSWORD $ACR_REGISTRY
-          docker pull $ACR_REGISTRY/ccf/ci:16-08-2023-1-snp-clang15
+          docker pull $ACR_REGISTRY/ccf/ci:05-09-2023-snp-clang15
           docker build -f docker/ccf_ci_built . --build-arg="base=$BASE_IMAGE" --build-arg="platform=snp" -t $ACR_REGISTRY/ccf/ci:pr-`git rev-parse HEAD`
           docker push $ACR_REGISTRY/ccf/ci:pr-`git rev-parse HEAD`
         name: build_ci_image
@@ -59,7 +59,7 @@ jobs:
           ACR_TOKEN_NAME: ci-push-token
           ACR_CI_PUSH_TOKEN_PASSWORD: $(ACR_CI_PUSH_TOKEN_PASSWORD)
           ACR_REGISTRY: ccfmsrc.azurecr.io
-          BASE_IMAGE: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-snp-clang15
+          BASE_IMAGE: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-snp-clang15
 
       - script: |
           set -ex

diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml
@@ -29,15 +29,15 @@ schedules:
 resources:
   containers:
     - container: virtual
-      image: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-virtual-clang15
+      image: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-virtual-clang15
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
 
     - container: snp
-      image: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-snp-clang15
+      image: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-snp-clang15
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
 
     - container: sgx
-      image: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-sgx
+      image: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-sgx
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx -v /lib/modules:/lib/modules:ro
 
 variables:

diff --git a/.azure_pipelines_snp.yml b/.azure_pipelines_snp.yml
@@ -31,7 +31,7 @@ schedules:
 resources:
   containers:
     - container: virtual
-      image: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-virtual-clang15
+      image: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-virtual-clang15
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
 
 jobs:

diff --git a/.daily.yml b/.daily.yml
@@ -25,15 +25,15 @@ schedules:
 resources:
   containers:
     - container: virtual
-      image: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-virtual-clang15
+      image: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-virtual-clang15
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE
 
     - container: snp
-      image: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-snp-clang15
+      image: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-snp-clang15
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
 
     - container: sgx
-      image: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-sgx
+      image: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-sgx
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx
 
 jobs:

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -1,6 +1,6 @@
 {
   "name": "CCF Development Environment",
-  "image": "ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-virtual-clang15",
+  "image": "ccfmsrc.azurecr.io/ccf/ci:05-09-2023-virtual-clang15",
   "runArgs": [],
   "extensions": [
     "eamodio.gitlens",

diff --git a/.github/workflows/ci-checks.yml b/.github/workflows/ci-checks.yml
@@ -9,7 +9,7 @@ on:
 jobs:
   checks:
     runs-on: ubuntu-latest
-    container: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-virtual-clang15
+    container: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-virtual-clang15
 
     steps:
       - run: git config --global --add safe.directory "$GITHUB_WORKSPACE"

diff --git a/.multi-thread.yml b/.multi-thread.yml
@@ -16,7 +16,7 @@ pr:
 resources:
   containers:
     - container: virtual
-      image: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-virtual-clang15
+      image: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-virtual-clang15
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
 
 jobs:

diff --git a/.stress.yml b/.stress.yml
@@ -20,7 +20,7 @@ schedules:
 resources:
   containers:
     - container: sgx
-      image: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-sgx
+      image: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-sgx
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx
 
 jobs:

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -16,6 +16,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Updated `fmt` library from `9.1.0` to `10.1.1`.
 - Updated QCBOR from `1.1` to `1.2`.
 - Updated `nghttp2` from `1.51.0` to `1.55.1`.
+- Updated Intel SGX PSW from 2.17 to 2.20 (#5616)
 
 ## [4.0.7]
 

diff --git a/docker/ccf_ci_built b/docker/ccf_ci_built
@@ -4,7 +4,7 @@
 
 # Latest image as of this change
 ARG platform=sgx
-ARG base=ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-snp-clang-15
+ARG base=ccfmsrc.azurecr.io/ccf/ci:05-09-2023-snp-clang-15
 FROM ${base}
 
 # SSH. Note that this could (should) be done in the base ccf_ci image instead

diff --git a/docker/sgx_deps_pin.sh b/docker/sgx_deps_pin.sh
@@ -10,7 +10,7 @@ mkdir -p /etc/init
 echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries
 
 UBUNTU=focal
-PSW_VERSION=2.17.100
+PSW_VERSION=2.20.100
 
 if [ -z "$PSW_VERSION" ]; then 
     echo "Please set PSW_VERSION (e.g. 2.11)." >&2; 
@@ -23,5 +23,5 @@ apt-get update && apt-get install -y wget gnupg
 # Reference https://manpages.debian.org/buster/apt/apt_preferences.5.en.html
 # Download the pref file from https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/
 # Assuming file name to follow *sgx_<PSW_VERSION>_${UBUNTU}_custom_version.cfg convention
-wget -r -l1 --no-parent -nd -A "*sgx_${PSW_VERSION//./_}_${UBUNTU}_custom_version.cfg" "https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files"
+wget -r -l1 --no-parent -nd -A "*sgx_${PSW_VERSION//./_}_${UBUNTU}_custom_version.cfg" "https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/"
 mv ./*"sgx_${PSW_VERSION//./_}_${UBUNTU}_custom_version.cfg" "/etc/apt/preferences.d/intel-sgx.pref"
diff --git a/scripts/azure_deployment/arm_aci.py b/scripts/azure_deployment/arm_aci.py
@@ -132,7 +132,7 @@ def parse_aci_args(parser: ArgumentParser) -> Namespace:
         "--aci-image",
         help="The name of the image to deploy in the ACI",
         type=str,
-        default="ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-snp",
+        default="ccfmsrc.azurecr.io/ccf/ci:05-09-2023-snp",
     )
     parser.add_argument(
         "--aci-type",