Intel(R) SGX DCAP 1.16 Release

Upgraded Intel SGX Quote Verification Enclave to integrate SgxSSL/OpenSSL version 1.1.1t Added new API in quote verification library to extract FMSPC (Family-Model-SteppingPlatform-CustomSKU) value from ECDSA quote Added Rust support for SGX ECDSA quote generation Added Linux kernel 5.19 support in TDX R3AAL (Ring 3 Attestation Abstraction Layer) Removed Protobuf in TDX QGS (Quote Generation Service) and R3AAL (Ring 3 Attestation Abstraction Layer) Fixed bugs Signed-off-by: Li, Xun <[email protected]>
intel · Mar 9, 2023 · 71557c7 · 71557c7
1 parent cc582e8
commit 71557c7
Show file tree

Hide file tree

Showing 287 changed files with 23,402 additions and 1,369 deletions.
diff --git a/Makefile b/Makefile
@@ -31,9 +31,9 @@
 
 CUR_MKFILE:= $(lastword $(MAKEFILE_LIST))
 
-.PHONY: all clean rebuild QuoteGeneration QuoteVerification PCKCertSelection PCKRetrievalTool SGXPlatformRegistration
+.PHONY: all clean rebuild QuoteGeneration QuoteVerification PCKCertSelection PCKRetrievalTool SGXPlatformRegistration WinPle WinPleIntel
 
-all: QuoteGeneration QuoteVerification PCKCertSelection PCKRetrievalTool SGXPlatformRegistration
+all: QuoteGeneration QuoteVerification PCKCertSelection PCKRetrievalTool SGXPlatformRegistration WinPle WinPleIntel
 
 QuoteGeneration: QuoteVerification
 	$(MAKE) -C QuoteGeneration
@@ -50,12 +50,20 @@ PCKRetrievalTool: QuoteGeneration
 SGXPlatformRegistration:
 	$(MAKE) -C tools/SGXPlatformRegistration
 
+WinPle:
+	$(MAKE) -C driver/win/PLE
+
+WinPleIntel:
+	$(MAKE) -C driver/win/PLE INTEL_SIGNED=1
+
 clean:
 	$(MAKE) -C QuoteGeneration clean
 	$(MAKE) -C QuoteVerification clean
 	$(MAKE) -C tools/PCKCertSelection clean
 	$(MAKE) -C tools/PCKRetrievalTool clean
 	$(MAKE) -C tools/SGXPlatformRegistration clean
+	$(MAKE) -C driver/win/PLE clean
+	$(MAKE) -C driver/win/PLE INTEL_SIGNED=1 clean
 
 rebuild:
 	$(MAKE) -f $(CUR_MKFILE) clean

diff --git a/QuoteGeneration/Makefile b/QuoteGeneration/Makefile
@@ -117,11 +117,13 @@ tdx_qgs deb_sgx_tdx_qgs_pkg:
 tdx_attest deb_sgx_tdx_attest_pkg:
 	echo "Skip tdx_attest in ubuntu 18.04"
 else
+qgs_msg_lib:
+	$(MAKE) -C quote_wrapper/qgs_msg_lib/linux
 tdx_logic: pce_logic
 	$(MAKE) -C quote_wrapper/tdx_quote/linux
-tdx_qgs: tdx_logic
+tdx_qgs: tdx_logic qgs_msg_lib
 	$(MAKE) -C quote_wrapper/qgs
-tdx_attest:
+tdx_attest: qgs_msg_lib
 	$(MAKE) -C quote_wrapper/tdx_attest/linux
 deb_sgx_ae_tdqe_pkg: $(CHECK_OPT)
 	./installer/linux/deb/libsgx-ae-tdqe/build.sh

diff --git a/QuoteGeneration/README.md b/QuoteGeneration/README.md
@@ -39,7 +39,7 @@ For Windows* OS
 **NOTE**:`sgx_dcap_dev.inf` is for Windows* Server 2016 LTSC and `sgx_dcap.inf` is for Windows* Server 2019 LTSC.
 
 ## How to install
-   Refer to the *"Installation Instructions"* section in the [Intel(R) Software Guard Extensions: Data Center Attestation Primitives Installation Guide For Windows* OS](https://download.01.org/intel-sgx/sgx-dcap/1.15/windows/docs/Intel_SGX_DCAP_Windows_SW_Installation_Guide.pdf) to install the right packages on your platform.
+   Refer to the *"Installation Instructions"* section in the [Intel(R) Software Guard Extensions: Data Center Attestation Primitives Installation Guide For Windows* OS](https://download.01.org/intel-sgx/sgx-dcap/1.16/windows/docs/Intel_SGX_DCAP_Windows_SW_Installation_Guide.pdf) to install the right packages on your platform.
 
 
 For Linux* OS

diff --git a/QuoteGeneration/common/inc/internal/se_version.h b/QuoteGeneration/common/inc/internal/se_version.h
@@ -28,21 +28,21 @@
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
-#define STRFILEVER    "1.15.100.3"
-#define COPYRIGHT      "Copyright (C) 2022 Intel Corporation"
-#define FILEVER        1,15,100,3
-#define PRODUCTVER     1,15,100,3
-#define STRPRODUCTVER  "1.15.100.3"
+#define STRFILEVER    "1.16.100.2"
+#define COPYRIGHT      "Copyright (C) 2023 Intel Corporation"
+#define FILEVER        1,16,100,2
+#define PRODUCTVER     1,16,100,2
+#define STRPRODUCTVER  "1.16.100.2"
 #define COMPANYNAME    "Intel Corporation"
 #define PRODUCTNAME    "Intel® Software Guard Extensions"
 
-#define DEFAULT_QPL_VERSION          "1.13.102.3"
-#define QUOTE_VERIFIER_VERSION       "1.12.102.3"
-#define QUOTE_LOADER_VERSION         "1.11.105.3"
-#define TDQE_WRAPPER_VERSION         "1.14.102.3"
-#define PCE_WRAPPER_VERSION          "1.14.102.3"
+#define DEFAULT_QPL_VERSION          "1.13.103.2"
+#define QUOTE_VERIFIER_VERSION       "1.12.103.2"
+#define QUOTE_LOADER_VERSION         "1.11.106.2"
+#define TDQE_WRAPPER_VERSION         "1.14.103.2"
+#define PCE_WRAPPER_VERSION          "1.14.103.2"
 
-#define QE3_VERSION                  "1.15.100.1"
-#define QVE_VERSION                  "1.15.100.1"
-#define IDE_VERSION                  "1.14.100.2"
-#define TDQE_VERSION                 "1.14.100.2"
+#define QE3_VERSION                  "1.16.100.1"
+#define QVE_VERSION                  "1.16.100.1"
+#define IDE_VERSION                  "1.16.100.1"
+#define TDQE_VERSION                 "1.16.100.1"
diff --git a/QuoteGeneration/common/src/se_thread.c b/QuoteGeneration/common/src/se_thread.c
@@ -30,7 +30,7 @@
  */
 #include "se_thread.h"
 #include "se_types.h"
-
+#include "se_memcpy.h"
 
 #if defined(_MSC_VER)
 
@@ -68,7 +68,7 @@ void se_mutex_init(se_mutex_t* mutex)
 #endif
 
     /* C doesn't allow `*mutex = PTHREAD_..._INITIALIZER'.*/
-    memcpy(mutex, &tmp, sizeof(tmp));
+    memcpy_s(mutex, sizeof(tmp), &tmp, sizeof(tmp));
 }
 
 int se_mutex_lock(se_mutex_t* mutex) { return (0 == pthread_mutex_lock(mutex)); }
@@ -78,7 +78,7 @@ int se_mutex_destroy(se_mutex_t* mutex) { return (0 == pthread_mutex_destroy(mut
 void se_thread_cond_init(se_cond_t* cond)
 {
     se_cond_t tmp = PTHREAD_COND_INITIALIZER;
-    memcpy(cond, &tmp, sizeof(tmp));
+    memcpy_s(cond, sizeof(tmp), &tmp, sizeof(tmp));
 }
 
 int se_thread_cond_wait(se_cond_t *cond, se_mutex_t *mutex){return (0 == pthread_cond_wait(cond, mutex));}

diff --git a/QuoteGeneration/download_prebuilt.bat b/QuoteGeneration/download_prebuilt.bat
@@ -29,9 +29,9 @@
 
 @echo off
 
-set ae_file_name=prebuilt_windows_dcap_1.15.zip
-set checksum_file=SHA256SUM_prebuilt_windows_dcap_1.15.cfg
-set server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.15/windows/
+set ae_file_name=prebuilt_windows_dcap_1.16.zip
+set checksum_file=SHA256SUM_prebuilt_windows_dcap_1.16.cfg
+set server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.16/windows/
 set server_ae_url=%server_url_path%/%ae_file_name%
 set server_checksum_url=%server_url_path%/%checksum_file%
 

diff --git a/QuoteGeneration/download_prebuilt.sh b/QuoteGeneration/download_prebuilt.sh
@@ -32,9 +32,9 @@
 
 top_dir=`dirname $0`
 out_dir=$top_dir
-ae_file_name=prebuilt_dcap_1.15.tar.gz
-checksum_file=SHA256SUM_prebuilt_dcap_1.15.cfg
-server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.15/linux/
+ae_file_name=prebuilt_dcap_1.16.tar.gz
+checksum_file=SHA256SUM_prebuilt_dcap_1.16.cfg
+server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.16/linux/
 server_ae_url=$server_url_path/$ae_file_name
 server_checksum_url=$server_url_path/$checksum_file
 

diff --git a/QuoteGeneration/installer/linux/deb/libsgx-dcap-ql/libsgx-dcap-ql-1.0/debian/control b/QuoteGeneration/installer/linux/deb/libsgx-dcap-ql/libsgx-dcap-ql-1.0/debian/control
@@ -9,11 +9,11 @@ Homepage: https://github.com/intel/SGXDataCenterAttestationPrimitives
 Package: libsgx-dcap-ql
 Architecture: amd64
 Depends: libsgx-qe3-logic(>= @dep_version@), libsgx-pce-logic(>= @dep_version@), ${shlibs:Depends}, ${misc:Depends}
-Recommends: libsgx-dcap-quote-verify(>= @dep_version@), libsgx-quote-ex(>= 2.18)
+Recommends: libsgx-dcap-quote-verify(>= @dep_version@), libsgx-quote-ex(>= 2.19)
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives
 
 Package: libsgx-dcap-ql-dev
 Section: devel
 Architecture: amd64
-Depends: libsgx-dcap-ql (= @dep_version@), libsgx-headers (>= 2.18)
+Depends: libsgx-dcap-ql (= @dep_version@), libsgx-headers (>= 2.19)
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives For Developers
diff --git a/.../installer/linux/deb/libsgx-dcap-quote-verify/libsgx-dcap-quote-verify-1.0/debian/control b/.../installer/linux/deb/libsgx-dcap-quote-verify/libsgx-dcap-quote-verify-1.0/debian/control
@@ -9,11 +9,11 @@ Homepage: https://github.com/intel/SGXDataCenterAttestationPrimitives
 Package: libsgx-dcap-quote-verify
 Architecture: amd64
 Depends: ${shlibs:Depends}, ${misc:Depends}
-Recommends: libsgx-ae-qve (>= @dep_version@), libsgx-urts (>= 2.18)
+Recommends: libsgx-ae-qve (>= @dep_version@), libsgx-urts (>= 2.19)
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives
 
 Package: libsgx-dcap-quote-verify-dev
 Section: devel
 Architecture: amd64
-Depends: libsgx-dcap-quote-verify (= @dep_version@), libsgx-headers (>= 2.18)
+Depends: libsgx-dcap-quote-verify (= @dep_version@), libsgx-headers (>= 2.19)
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives For Developers
diff --git a/QuoteGeneration/installer/linux/deb/libsgx-pce-logic/libsgx-pce-logic-1.0/debian/control b/QuoteGeneration/installer/linux/deb/libsgx-pce-logic/libsgx-pce-logic-1.0/debian/control
@@ -8,5 +8,5 @@ Homepage: https://github.com/intel/SGXDataCenterAttestationPrimitives
 
 Package: libsgx-pce-logic
 Architecture: amd64
-Depends: libsgx-urts (>= 2.18), libsgx-ae-pce(>= 2.18), ${shlibs:Depends}, ${misc:Depends}
+Depends: libsgx-urts (>= 2.19), libsgx-ae-pce(>= 2.19), ${shlibs:Depends}, ${misc:Depends}
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives
diff --git a/QuoteGeneration/installer/linux/deb/libsgx-qe3-logic/libsgx-qe3-logic-1.0/debian/control b/QuoteGeneration/installer/linux/deb/libsgx-qe3-logic/libsgx-qe3-logic-1.0/debian/control
@@ -8,5 +8,5 @@ Homepage: https://github.com/intel/SGXDataCenterAttestationPrimitives
 
 Package: libsgx-qe3-logic
 Architecture: amd64
-Depends: libsgx-urts (>= 2.18), libsgx-ae-qe3(>= @dep_version@), libsgx-ae-id-enclave(>= @dep_version@), ${shlibs:Depends}, ${misc:Depends}
+Depends: libsgx-urts (>= 2.19), libsgx-ae-qe3(>= @dep_version@), libsgx-ae-id-enclave(>= @dep_version@), ${shlibs:Depends}, ${misc:Depends}
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives
diff --git a/QuoteGeneration/installer/linux/deb/libsgx-tdx-logic/libsgx-tdx-logic-1.0/debian/control b/QuoteGeneration/installer/linux/deb/libsgx-tdx-logic/libsgx-tdx-logic-1.0/debian/control
@@ -8,11 +8,11 @@ Homepage: https://github.com/intel/SGXDataCenterAttestationPrimitives
 
 Package: libsgx-tdx-logic
 Architecture: amd64
-Depends: libsgx-urts (>= 2.18), libsgx-pce-logic(>= @dep_version@), libsgx-ae-tdqe(>= @dep_version@), libsgx-ae-id-enclave(>= @dep_version@), ${shlibs:Depends}, ${misc:Depends}
+Depends: libsgx-urts (>= 2.19), libsgx-pce-logic(>= @dep_version@), libsgx-ae-tdqe(>= @dep_version@), libsgx-ae-id-enclave(>= @dep_version@), ${shlibs:Depends}, ${misc:Depends}
 Description: Intel(R) Trust Domain Extensions QE logic library
 
 Package: libsgx-tdx-logic-dev
 Section: devel
 Architecture: amd64
-Depends: libsgx-tdx-logic (= @dep_version@)
+Depends: libsgx-tdx-logic (= @dep_version@), libsgx-headers (>= 2.19)
 Description: Intel(R) Trust Domain Extensions QE logic library For Developers
diff --git a/QuoteGeneration/installer/linux/rpm/libsgx-dcap-ql/libsgx-dcap-ql.spec b/QuoteGeneration/installer/linux/rpm/libsgx-dcap-ql/libsgx-dcap-ql.spec
@@ -37,7 +37,7 @@ Release:        1%{?dist}
 Summary:        Intel(R) Software Guard Extensions Data Center Attestation Primitives
 Group:          Development/Libraries
 Requires:       libsgx-qe3-logic >= %{version}-%{release} libsgx-pce-logic >= %{version}-%{release}
-Recommends:     libsgx-dcap-quote-verify >= %{version}-%{release} libsgx-quote-ex >= 2.18
+Recommends:     libsgx-dcap-quote-verify >= %{version}-%{release} libsgx-quote-ex >= 2.19
 
 License:        BSD License
 URL:            https://github.com/intel/SGXDataCenterAttestationPrimitives
@@ -49,7 +49,7 @@ Intel(R) Software Guard Extensions Data Center Attestation Primitives
 %package devel
 Summary:        Intel(R) Software Guard Extensions Data Center Attestation Primitives for Developers
 Group:          Development/Libraries
-Requires:       %{name} = %{version}-%{release} libsgx-headers >= 2.18
+Requires:       %{name} = %{version}-%{release} libsgx-headers >= 2.19
 
 %description devel
 Intel(R) Software Guard Extensions Data Center Attestation Primitives for Developers

diff --git a/QuoteGeneration/installer/linux/rpm/libsgx-dcap-quote-verify/libsgx-dcap-quote-verify.spec b/QuoteGeneration/installer/linux/rpm/libsgx-dcap-quote-verify/libsgx-dcap-quote-verify.spec
@@ -36,7 +36,7 @@ Version:        @version@
 Release:        1%{?dist}
 Summary:        Intel(R) Software Guard Extensions Data Center Attestation Primitives
 Group:          Development/Libraries
-Recommends:     libsgx-ae-qve >= %{version}-%{release} libsgx-urts >= 2.18
+Recommends:     libsgx-ae-qve >= %{version}-%{release} libsgx-urts >= 2.19
 
 License:        BSD License
 URL:            https://github.com/intel/SGXDataCenterAttestationPrimitives
@@ -48,7 +48,7 @@ Intel(R) Software Guard Extensions Data Center Attestation Primitives
 %package devel
 Summary:        Intel(R) Software Guard Extensions Data Center Attestation Primitives for Developers
 Group:          Development/Libraries
-Requires:       %{name} = %{version}-%{release} libsgx-headers >= 2.18
+Requires:       %{name} = %{version}-%{release} libsgx-headers >= 2.19
 
 %description devel
 Intel(R) Software Guard Extensions Data Center Attestation Primitives for Developers

diff --git a/QuoteGeneration/installer/linux/rpm/libsgx-pce-logic/libsgx-pce-logic.spec b/QuoteGeneration/installer/linux/rpm/libsgx-pce-logic/libsgx-pce-logic.spec
@@ -36,7 +36,7 @@ Version:        @version@
 Release:        1%{?dist}
 Summary:        Intel(R) Software Guard Extensions PCE logic
 Group:          Development/Libraries
-Requires:       libsgx-urts >= 2.18 libsgx-ae-pce >= 2.18
+Requires:       libsgx-urts >= 2.19 libsgx-ae-pce >= 2.19
 
 License:        BSD License
 URL:            https://github.com/intel/SGXDataCenterAttestationPrimitives

diff --git a/QuoteGeneration/installer/linux/rpm/libsgx-qe3-logic/libsgx-qe3-logic.spec b/QuoteGeneration/installer/linux/rpm/libsgx-qe3-logic/libsgx-qe3-logic.spec
@@ -36,7 +36,7 @@ Version:        @version@
 Release:        1%{?dist}
 Summary:        Intel(R) Software Guard Extensions QE3 logic
 Group:          Development/Libraries
-Requires:       libsgx-urts >= 2.18 libsgx-ae-qe3 >= %{version}-%{release} libsgx-ae-id-enclave >= %{version}-%{release}
+Requires:       libsgx-urts >= 2.19 libsgx-ae-qe3 >= %{version}-%{release} libsgx-ae-id-enclave >= %{version}-%{release}
 
 License:        BSD License
 URL:            https://github.com/intel/SGXDataCenterAttestationPrimitives

diff --git a/QuoteGeneration/installer/linux/rpm/libsgx-tdx-logic/libsgx-tdx-logic.spec b/QuoteGeneration/installer/linux/rpm/libsgx-tdx-logic/libsgx-tdx-logic.spec
@@ -36,7 +36,7 @@ Version:        @version@
 Release:        1%{?dist}
 Summary:        Intel(R) Trust Domain Extensions QE logic library
 Group:          Development/Libraries
-Requires:       libsgx-urts >= 2.18 libsgx-ae-tdqe >= %{version}-%{release}  libsgx-ae-id-enclave >= %{version}-%{release} libsgx-pce-logic >= %{version}-%{release}
+Requires:       libsgx-urts >= 2.19 libsgx-ae-tdqe >= %{version}-%{release}  libsgx-ae-id-enclave >= %{version}-%{release} libsgx-pce-logic >= %{version}-%{release}
 
 License:        BSD License
 URL:            https://github.com/intel/SGXDataCenterAttestationPrimitives
@@ -49,7 +49,7 @@ Intel(R) Trust Domain Extensions QE logic library
 %package devel
 Summary:        Intel(R) Trust Domain Extensions QE logic library For Developers 
 Group:          Development/Libraries
-Requires:       %{name} = %{version}-%{release}
+Requires:       %{name} = %{version}-%{release} libsgx-headers >= 2.19
 %description devel
 Intel(R) Trust Domain Extensions QE logic library For Developers
 %prep

diff --git a/QuoteGeneration/installer/win/DCAP_Components.bat b/QuoteGeneration/installer/win/DCAP_Components.bat
@@ -5,7 +5,7 @@ set QGFOLDER="..\..\"
 set QVFOLDER="%TOPFOLDER%\QuoteVerification"
 set DEBUGFILEFOLDER="..\..\..\x64\Debug\"
 set RELEASEFILEFOLDER="..\..\..\x64\Release\"
-set PACKAGETNAME=DCAP_Components.1.14.100.0
+set PACKAGETNAME=DCAP_Components.1.16.100.0
 set pwd=%~dp0DCAP_Components
 
 pushd "%~dp0"

diff --git a/QuoteGeneration/installer/win/DCAP_Components/DCAP_Components.nuspec b/QuoteGeneration/installer/win/DCAP_Components/DCAP_Components.nuspec
@@ -2,15 +2,15 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2010/07/nuspec.xsd">
   <metadata>
     <id>DCAP_Components</id>
-    <version>1.15.100.3</version>
+    <version>1.16.100.2</version>
     <title>DCAP Components</title>
     <authors>Intel(R) SGX</authors>
     <owners>Intel</owners>
     <requireLicenseAcceptance>false</requireLicenseAcceptance>
     <description>DCAP Components</description>
-    <copyright>Copyright (C) 2022 Intel Corporation</copyright>
+    <copyright>Copyright (C) 2023 Intel Corporation</copyright>
     <dependencies>
-      <dependency id="SgxHeaders" version="2.17.100.1" />
+      <dependency id="SgxHeaders" version="2.18.100.2" />
     </dependencies>
   </metadata>
   <files>

diff --git a/QuoteGeneration/pccs/config/default.json b/QuoteGeneration/pccs/config/default.json
@@ -36,6 +36,7 @@
         "password" : "mypass",
         "options" : {
             "host": "localhost",
+            "port": "3306",
             "dialect": "mysql",
             "pool": {
                 "max": 5,

diff --git a/QuoteGeneration/pccs/container/Dockerfile b/QuoteGeneration/pccs/container/Dockerfile
@@ -1,7 +1,7 @@
 FROM ubuntu:20.04 AS builder
 
 # DCAP version (github repo branch, tag or commit hash)
-ARG DCAP_VERSION=DCAP_1.15
+ARG DCAP_VERSION=DCAP_1.16
 
 # update and install packages
 RUN DEBIAN_FRONTEND=noninteractive \

diff --git a/QuoteGeneration/pccs/controllers/crlController.js b/QuoteGeneration/pccs/controllers/crlController.js
@@ -43,6 +43,13 @@ export async function getCrl(req, res, next) {
       throw new PccsError(PccsStatus.PCCS_STATUS_INVALID_REQ);
     }
 
+    // validate uri
+    let found_root = uri.match(/https:\/\/([a-zA-Z0-9-]*certificates\.trustedservices\.intel\.com|certprx\.adsdcsp\.com)\/IntelSGXRootCA\..*/);
+    let found_intermediate = uri.match(/https:\/\/([a-zA-Z0-9-]*\.?api\.trustedservices\.intel\.com|[a-zA-Z0-9-]+\.az\.sgx(prod|np)\.adsdcsp\.com)\/sgx\/certification\/v([1-9][0-9]*)\/pckcrl\?.*/);
+    if (!found_root && !found_intermediate) {
+      throw new PccsError(PccsStatus.PCCS_STATUS_INVALID_REQ);
+    }
+
     // call service
     let crl = await crlService.getCrl(uri);
 

diff --git a/QuoteGeneration/pccs/dao/models/index.js b/QuoteGeneration/pccs/dao/models/index.js
@@ -44,6 +44,7 @@ import PlatformsRegistered from './platforms_registered.js';
 import Platforms from './platforms.js';
 import EnclaveIdentities from './enclave_identities.js';
 import CrlCache from './crl_cache.js';
+import mysqlPromise from 'mysql2/promise.js';
 
 const pccs_namespace = clshooked.createNamespace('pccs-namespace');
 Sequelize.useCLS(pccs_namespace);
@@ -62,6 +63,33 @@ const sequelize = new Sequelize(
   db_opt
 );
 
+try {
+  // Test connection
+  await sequelize.authenticate();
+} catch (err) {
+  if (Config.get('DB_CONFIG') == 'mysql') {
+    logger.error('Failed to connect DB. Try to create it ...');
+    try {
+      // For MySQL, maybe the database doesn't exist. Try to create it
+      const connection = await mysqlPromise.createConnection({
+        host: db_opt.host,
+        port: db_opt.port,
+        user: db_conf.username,
+        password: db_conf.password,
+      });
+      await connection.query(
+        `CREATE DATABASE IF NOT EXISTS \`${db_conf.database}\` CHARACTER SET utf8 COLLATE utf8_general_ci;`
+      );
+    } catch (err2) {
+      logger.error(err2);
+      process.exit(1);
+    }
+  } else {
+    logger.error(err);
+    process.exit(1);
+  }
+}
+
 FmspcTcbs.init(sequelize);
 PckCert.init(sequelize);
 PckCertchain.init(sequelize);

diff --git a/QuoteGeneration/pccs/utils/apputil.js b/QuoteGeneration/pccs/utils/apputil.js
@@ -71,14 +71,6 @@ export function startup_check() {
   return true;
 }
 
-async function test_connection() {
-  try {
-    return await sequelize.authenticate();
-  } catch (err) {
-    throw new Error('Failed to connect to the database.');
-  }
-}
-
 async function test_db_status() {
   const sql = 'select * from pck_crl';
   try {
@@ -143,8 +135,6 @@ async function db_migration() {
 
 export async function database_check() {
   try {
-    await test_connection();
-
     if (Config.has('init_db') && Config.get('init_db') == false) {
       return true;
     }