Intel(R) SGX DCAP 1.13 Release

Enhanced QPL (Quote Provider Library) to support caching Intel PCK
  (Provisioning Certificate Key) certificate chain in local memory, or
  retrieving Intel PCK cert chain from local HTTP/S address.
Upgraded Intel ECDSA Quote Verification Enclave to integrate SgxSSL/OpenSSL
  version 1.1.1m.
Introduced Intel ID enclave for QE identity generation.
Fixed bug.

Signed-off-by: Li, Xun <[email protected]>

Makefile

@@ -31,9 +31,9 @@
 
 CUR_MKFILE:= $(lastword $(MAKEFILE_LIST))
 
-.PHONY: all clean rebuild QuoteGeneration QuoteVerification PCKCertSelection PCKRetrievalTool
+.PHONY: all clean rebuild QuoteGeneration QuoteVerification PCKCertSelection PCKRetrievalTool SGXPlatformRegistration
 
-all: QuoteGeneration QuoteVerification PCKCertSelection PCKRetrievalTool
+all: QuoteGeneration QuoteVerification PCKCertSelection PCKRetrievalTool SGXPlatformRegistration
 
 QuoteGeneration: QuoteVerification
 	$(MAKE) -C QuoteGeneration
@@ -47,11 +47,15 @@ PCKCertSelection:
 PCKRetrievalTool: QuoteGeneration
 	$(MAKE) -C tools/PCKRetrievalTool
 
+SGXPlatformRegistration:
+	$(MAKE) -C tools/SGXPlatformRegistration
+
 clean:
 	$(MAKE) -C QuoteGeneration clean
 	$(MAKE) -C QuoteVerification clean
 	$(MAKE) -C tools/PCKCertSelection clean
 	$(MAKE) -C tools/PCKRetrievalTool clean
+	$(MAKE) -C tools/SGXPlatformRegistration clean
 
 rebuild:
 	$(MAKE) -f $(CUR_MKFILE) clean

QuoteGeneration/Makefile

@@ -87,6 +87,10 @@ deb_sgx_dcap_pccs_pkg:
 deb_sgx_ae_qe3_pkg: $(CHECK_OPT)
 	./installer/linux/deb/libsgx-ae-qe3/build.sh
 
+.PHONY: deb_sgx_ae_id_enclave_pkg
+deb_sgx_ae_id_enclave_pkg: $(CHECK_OPT)
+	./installer/linux/deb/libsgx-ae-id-enclave/build.sh
+
 .PHONY: deb_sgx_ae_qve_pkg qve_wrapper
 deb_sgx_ae_qve_pkg: $(CHECK_OPT)
 	./installer/linux/deb/libsgx-ae-qve/build.sh
@@ -110,7 +114,7 @@ deb_sgx_ra_service_pkg:
 
 
 .PHONY: deb_pkg
-deb_pkg: deb_sgx_pce_logic_pkg deb_sgx_qe3_logic_pkg deb_sgx_dcap_ql_pkg deb_sgx_dcap_quote_verify_pkg deb_sgx_dcap_default_qpl_pkg deb_sgx_dcap_pccs_pkg deb_sgx_ae_qe3_pkg deb_sgx_ae_qve_pkg deb_sgx_pck_id_retrieval_tool_pkg deb_sgx_ra_service_pkg
+deb_pkg: deb_sgx_pce_logic_pkg deb_sgx_qe3_logic_pkg deb_sgx_dcap_ql_pkg deb_sgx_dcap_quote_verify_pkg deb_sgx_dcap_default_qpl_pkg deb_sgx_dcap_pccs_pkg deb_sgx_ae_qe3_pkg deb_sgx_ae_id_enclave_pkg deb_sgx_ae_qve_pkg deb_sgx_pck_id_retrieval_tool_pkg deb_sgx_ra_service_pkg
 	@$(RM) -f ./installer/linux/deb/*.deb ./installer/linux/deb/*.ddeb
 	cp `find ./installer/linux/deb/ -name "*.deb" -o -name "*.ddeb"` ./installer/linux/deb/
 	cp `find ../tools/PCKRetrievalTool/installer/deb/ -name "*.deb" -o -name "*.ddeb"` ./installer/linux/deb/
@@ -135,6 +139,10 @@ rpm_sgx_dcap_pccs_pkg:
 rpm_sgx_ae_qe3_pkg: $(CHECK_OPT)
 	./installer/linux/rpm/libsgx-ae-qe3/build.sh
 
+.PHONY: rpm_sgx_ae_id_enclave_pkg
+rpm_sgx_ae_id_enclave_pkg: $(CHECK_OPT)
+	./installer/linux/rpm/libsgx-ae-id-enclave/build.sh
+
 .PHONY: rpm_sgx_ae_qve_pkg
 rpm_sgx_ae_qve_pkg: $(CHECK_OPT) qve_wrapper
 	./installer/linux/rpm/libsgx-ae-qve/build.sh
@@ -161,7 +169,7 @@ rpm_sgx_ra_service_pkg:
 	$(MAKE) -C ../tools/SGXPlatformRegistration/ rpm_pkg
 
 .PHONY: rpm_pkg
-rpm_pkg: rpm_sgx_dcap_ql_pkg rpm_sgx_dcap_default_qpl_pkg rpm_sgx_dcap_pccs_pkg rpm_sgx_ae_qe3_pkg rpm_sgx_ae_qve_pkg rpm_sgx_dcap_quote_verify_pkg rpm_sgx_pce_logic_pkg rpm_sgx_qe3_logic_pkg rpm_sgx_pck_id_retrieval_tool_pkg rpm_sgx_ra_service_pkg
+rpm_pkg: rpm_sgx_dcap_ql_pkg rpm_sgx_dcap_default_qpl_pkg rpm_sgx_dcap_pccs_pkg rpm_sgx_ae_qe3_pkg rpm_sgx_ae_id_enclave_pkg rpm_sgx_ae_qve_pkg rpm_sgx_dcap_quote_verify_pkg rpm_sgx_pce_logic_pkg rpm_sgx_qe3_logic_pkg rpm_sgx_pck_id_retrieval_tool_pkg rpm_sgx_ra_service_pkg
 	@$(RM) -f ./installer/linux/rpm/*.rpm
 	cp `find ./installer/linux/rpm/ -name "*.rpm"` ./installer/linux/rpm/
 	cp `find ../tools/PCKRetrievalTool/installer/rpm/ -name "*.rpm"` ./installer/linux/rpm/
@@ -182,6 +190,7 @@ clean:
 	./installer/linux/deb/libsgx-dcap-ql/clean.sh
 	./installer/linux/deb/libsgx-dcap-quote-verify/clean.sh
 	./installer/linux/deb/libsgx-ae-qe3/clean.sh
+	./installer/linux/deb/libsgx-ae-id-enclave/clean.sh
 	./installer/linux/deb/libsgx-ae-qve/clean.sh
 	./installer/linux/deb/libsgx-pce-logic/clean.sh
 	./installer/linux/deb/libsgx-qe3-logic/clean.sh
@@ -190,6 +199,7 @@ clean:
 	../tools/PCKRetrievalTool/installer/deb/sgx-pck-id-retrieval-tool/clean.sh
 	./installer/linux/rpm/libsgx-dcap-ql/clean.sh
 	./installer/linux/rpm/libsgx-ae-qe3/clean.sh
+	./installer/linux/rpm/libsgx-ae-id-enclave/clean.sh
 	./installer/linux/rpm/libsgx-ae-qve/clean.sh
 	./installer/linux/rpm/libsgx-dcap-quote-verify/clean.sh
 	./installer/linux/rpm/libsgx-pce-logic/clean.sh

QuoteGeneration/README.md

@@ -37,7 +37,7 @@ For Windows* OS
 **NOTE**:`sgx_dcap_dev.inf` is for Windows* Server 2016 LTSC and `sgx_dcap.inf` is for Windows* Server 2019 LTSC.
 
 ## How to install
-   Refer to the *"Installation Instructions"* section in the [Intel(R) Software Guard Extensions: Data Center Attestation Primitives Installation Guide For Windows* OS](https://download.01.org/intel-sgx/sgx-dcap/1.12.1/windows/docs/Intel_SGX_DCAP_Windows_SW_Installation_Guide.pdf) to install the right packages on your platform.
+   Refer to the *"Installation Instructions"* section in the [Intel(R) Software Guard Extensions: Data Center Attestation Primitives Installation Guide For Windows* OS](https://download.01.org/intel-sgx/sgx-dcap/1.13/windows/docs/Intel_SGX_DCAP_Windows_SW_Installation_Guide.pdf) to install the right packages on your platform.
 
 
 For Linux* OS
@@ -136,13 +136,13 @@ A `README.md` is provided in the Intel(R) SGX driver package for Intel(R) SGX DC
 - Install prebuilt Intel(R) SGX common loader and other prerequisites from [01.org](https://01.org/intel-software-guard-extensions/downloads)
   * On Ubuntu 18.04 and Ubuntu 20.04:
   ```
-    $ sudo dpkg -i --force-overwrite libsgx-ae-pce_*.deb libsgx-ae-qe3_*.deb libsgx-ae-qve_*.deb libsgx-enclave-common_*.deb libsgx-urts_*.deb
+    $ sudo dpkg -i --force-overwrite libsgx-ae-pce_*.deb libsgx-ae-qe3_*.deb libsgx-ae-id-enclave_*.deb libsgx-ae-qve_*.deb libsgx-enclave-common_*.deb libsgx-urts_*.deb
   ```
   **NOTE**: Sometimes we will split old package into smaller ones or move files between different packages. In such cases, you need to add `--force-overwrite` to overwrite existing files. If you're doing a fresh install, you can omit this option.
 
   * On Red Hat Enterprise Linux 8.2 and CentOS 8.2:
   ```
-    $ sudo rpm -ivh libsgx-ae-pce*.rpm libsgx-ae-qe3*.rpm libsgx-ae-qve*.rpm libsgx-enclave-common*.rpm libsgx-urts*.rpm
+    $ sudo rpm -ivh libsgx-ae-pce*.rpm libsgx-ae-qe3*.rpm libsgx-ae-id-enclave*.rpm libsgx-ae-qve*.rpm libsgx-enclave-common*.rpm libsgx-urts*.rpm
   ```
   **NOTE**: If you're not doing a fresh install, please replace option `-i` to `-U` to avoid some conflict errors.
 

QuoteGeneration/ae/buildenv.mk

@@ -58,8 +58,8 @@ LDTFLAGS_NO_CRYPTO = -L$(SGX_LIBRARY_PATH) -Wl,--whole-archive $(TRTSLIB) -Wl,--
             -Wl,--start-group $(EXTERNAL_LIB_NO_CRYPTO) -Wl,--end-group                    \
             -Wl,--version-script=$(WORK_DIR)/enclave.lds $(ENCLAVE_LDFLAGS)
 
-LDTFLAGS += -fuse-ld=gold -Wl,--rosegment -Wl,-Map=out.map -Wl,--undefined=version -Wl,--gc-sections
-LDTFLAGS_NO_CRYPTO += -fuse-ld=gold -Wl,--rosegment -Wl,-Map=out.map -Wl,--undefined=version -Wl,--gc-sections
+LDTFLAGS += -Wl,-Map=out.map -Wl,--undefined=version -Wl,--gc-sections
+LDTFLAGS_NO_CRYPTO += -Wl,-Map=out.map -Wl,--undefined=version -Wl,--gc-sections
 
 
 vpath %.cpp $(COMMON_DIR)/src:$(LINUX_PSW_DIR)/ae/common

QuoteGeneration/buildenv.mk

@@ -96,6 +96,13 @@ INCLUDE :=
 # this will return the path to the file that included the buildenv.mk file
 CUR_DIR := $(realpath $(call parent-dir,$(lastword $(wordlist 2,$(words $(MAKEFILE_LIST)),x $(MAKEFILE_LIST)))))
 
+CET_FLAGS :=
+CC_VERSION := $(shell $(CC) -dumpversion)
+CC_NO_LESS_THAN_8 := $(shell expr $(CC_VERSION) \>\= "8")
+ifeq ($(CC_NO_LESS_THAN_8), 1)
+    CET_FLAGS += -fcf-protection
+endif
+
 # turn on stack protector for SDK
 CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9")
 ifeq ($(CC_BELOW_4_9), 1)
@@ -130,7 +137,7 @@ CFLAGS += -Wjump-misses-init -Wstrict-prototypes -Wunsuffixed-float-constants
 # additional warnings flags for C++
 CXXFLAGS += -Wnon-virtual-dtor
 
-CXXFLAGS += -std=c++11
+CXXFLAGS += -std=c++14
 
 .DEFAULT_GOAL := all
 # this turns off the RCS / SCCS implicit rules of GNU Make
@@ -175,6 +182,12 @@ else
 COMMON_FLAGS += -DITT_ARCH_IA64
 endif
 
+ifneq ($(MITIGATION-CVE-2020-0551), LOAD)
+    ifneq ($(MITIGATION-CVE-2020-0551), CF)
+        COMMON_FLAGS += $(CET_FLAGS)
+    endif
+endif
+
 CFLAGS   += $(COMMON_FLAGS)
 CXXFLAGS += $(COMMON_FLAGS)
 
@@ -189,7 +202,7 @@ COMMON_LDFLAGS := -Wl,-z,relro,-z,now,-z,noexecstack
 # When `pie' is enabled, the linker (both BFD and Gold) under Ubuntu 14.04
 # will hide all symbols from dynamic symbol table even if they are marked
 # as `global' in the LD version script.
-ENCLAVE_CFLAGS   = -ffreestanding -nostdinc -fvisibility=hidden -fpie $(MITIGATION_CFLAGS)
+ENCLAVE_CFLAGS   = -ffreestanding -nostdinc -fvisibility=hidden -fpie -fno-strict-overflow -fno-delete-null-pointer-checks $(MITIGATION_CFLAGS)
 ENCLAVE_CXXFLAGS = $(ENCLAVE_CFLAGS) -nostdinc++
 ENCLAVE_LDFLAGS  = $(COMMON_LDFLAGS) -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
                    -Wl,-pie,-eenclave_entry -Wl,--export-dynamic  \

QuoteGeneration/common/inc/internal/se_version.h

@@ -28,14 +28,18 @@
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
-#define STRFILEVER    "1.12.101.1"
-#define COPYRIGHT      "Copyright (C) 2021 Intel Corporation"
-#define FILEVER        1,12,101,1
-#define PRODUCTVER     1,12,101,1
-#define STRPRODUCTVER  "1.12.101.1"
+#define STRFILEVER    "1.13.100.4"
+#define COPYRIGHT      "Copyright (C) 2022 Intel Corporation"
+#define FILEVER        1,13,100,4
+#define PRODUCTVER     1,13,100,4
+#define STRPRODUCTVER  "1.13.100.4"
 #define COMPANYNAME    "Intel Corporation"
 #define PRODUCTNAME    "Intel® Software Guard Extensions"
 
-#define DEFAULT_QPL_VERSION          "1.11.101.1"
-#define QUOTE_VERIFIER_VERSION       "1.11.101.1"
-#define QUOTE_LOADER_VERSION         "1.11.101.1"
+#define DEFAULT_QPL_VERSION          "1.12.102.0"
+#define QUOTE_VERIFIER_VERSION       "1.11.102.0"
+#define QUOTE_LOADER_VERSION         "1.11.102.1"
+
+#define QE3_VERSION                  "1.11.101.1"
+#define QVE_VERSION                  "1.11.101.1"
+#define IDE_VERSION                  "1.11.101.1"

QuoteGeneration/download_prebuilt.bat

@@ -29,9 +29,9 @@
 
 @echo off
 
-set ae_file_name=prebuilt_windows_dcap_1.12.1.zip
-set checksum_file=SHA256SUM_prebuilt_windows_dcap_1.12.1.cfg
-set server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.12.1/windows/
+set ae_file_name=prebuilt_windows_dcap_1.13.zip
+set checksum_file=SHA256SUM_prebuilt_windows_dcap_1.13.cfg
+set server_url_path=https://download.01.org//intel-sgx/sgx-dcap/1.13/windows/
 set server_ae_url=%server_url_path%/%ae_file_name%
 set server_checksum_url=%server_url_path%/%checksum_file%
 

QuoteGeneration/download_prebuilt.sh

@@ -32,9 +32,9 @@
 
 top_dir=`dirname $0`
 out_dir=$top_dir
-ae_file_name=prebuilt_dcap_1.12.1.tar.gz
-checksum_file=SHA256SUM_prebuilt_dcap_1.12.1.cfg
-server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.12.1/linux
+ae_file_name=prebuilt_dcap_1.13.tar.gz
+checksum_file=SHA256SUM_prebuilt_dcap_1.13.cfg
+server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.13/linux
 server_ae_url=$server_url_path/$ae_file_name
 server_checksum_url=$server_url_path/$checksum_file
 

QuoteGeneration/installer/linux/common/libsgx-ae-id-enclave/BOMs/libsgx-ae-id-enclave-package.txt

@@ -0,0 +1,3 @@
+DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
+<deliverydir>/installer/linux/common/libsgx-ae-id-enclave/installConfig	<installdir>/installConfig	0	main	STP
+<deliverydir>/installer/linux/common/libsgx-ae-id-enclave/Makefile	<installdir>/Makefile	0	main	STP

QuoteGeneration/installer/linux/common/libsgx-ae-id-enclave/BOMs/libsgx-ae-id-enclave.txt

@@ -0,0 +1,2 @@
+DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
+<deliverydir>/psw/ae/data/prebuilt/libsgx_id_enclave.signed.so	<installdir>/lib/libsgx_id_enclave.signed.so	0	main	STP

QuoteGeneration/installer/linux/common/libsgx-ae-id-enclave/Makefile

@@ -0,0 +1,46 @@
+#
+# Copyright (C) 2011-2021 Intel Corporation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+#   * Redistributions of source code must retain the above copyright
+#     notice, this list of conditions and the following disclaimer.
+#   * Redistributions in binary form must reproduce the above copyright
+#     notice, this list of conditions and the following disclaimer in
+#     the documentation and/or other materials provided with the
+#     distribution.
+#   * Neither the name of Intel Corporation nor the names of its
+#     contributors may be used to endorse or promote products derived
+#     from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+#
+
+include installConfig
+
+USR_LIB_PATH=$(shell readlink -m $(DESTDIR)/usr/$(notdir $(shell gcc -print-multi-os-directory))/$(shell dpkg-architecture -qDEB_HOST_MULTIARCH 2> /dev/null))
+
+USR_LIB_VER=1.0.0
+SPLIT_VERSION=$(word $2,$(subst ., ,$1))
+
+default:
+
+install:
+	install -d $(USR_LIB_PATH)
+	install ${LIB_DIR}/* $(USR_LIB_PATH)
+	cd $(USR_LIB_PATH) && \
+	mv libsgx_id_enclave.signed.so libsgx_id_enclave.signed.so.$(USR_LIB_VER) && \
+	ln -fs libsgx_id_enclave.signed.so.$(USR_LIB_VER) libsgx_id_enclave.signed.so.$(call SPLIT_VERSION,$(USR_LIB_VER),1)

QuoteGeneration/installer/linux/common/libsgx-ae-id-enclave/createTarball.sh

@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+#
+# Copyright (C) 2011-2021 Intel Corporation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+#   * Redistributions of source code must retain the above copyright
+#     notice, this list of conditions and the following disclaimer.
+#   * Redistributions in binary form must reproduce the above copyright
+#     notice, this list of conditions and the following disclaimer in
+#     the documentation and/or other materials provided with the
+#     distribution.
+#   * Neither the name of Intel Corporation nor the names of its
+#     contributors may be used to endorse or promote products derived
+#     from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+#
+
+
+set -e
+
+SCRIPT_DIR=$(dirname "$0")
+ROOT_DIR="${SCRIPT_DIR}/../../../../"
+LINUX_INSTALLER_DIR="${ROOT_DIR}/installer/linux"
+LINUX_INSTALLER_COMMON_DIR="${LINUX_INSTALLER_DIR}/common"
+
+INSTALL_PATH=${SCRIPT_DIR}/output
+
+# Cleanup
+rm -fr ${INSTALL_PATH}
+
+# Get the configuration for this package
+source ${SCRIPT_DIR}/installConfig
+
+# Fetch the gen_source script
+cp ${LINUX_INSTALLER_COMMON_DIR}/gen_source/gen_source.py ${SCRIPT_DIR}
+
+# Copy the files according to the BOM
+python ${SCRIPT_DIR}/gen_source.py --bom=BOMs/libsgx-ae-id-enclave.txt
+python ${SCRIPT_DIR}/gen_source.py --bom=BOMs/libsgx-ae-id-enclave-package.txt  --cleanup=false
+python ${SCRIPT_DIR}/gen_source.py --bom=../licenses/BOM_license.txt --cleanup=false
+
+# Create the tarball
+SGX_VERSION=$(awk '/IDE_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/')
+pushd ${INSTALL_PATH} &> /dev/null
+sed -i "s/USR_LIB_VER=.*/USR_LIB_VER=${SGX_VERSION}/" Makefile
+tar -zcvf ${TARBALL_NAME} *
+popd &> /dev/null
+

QuoteGeneration/installer/linux/common/libsgx-ae-id-enclave/installConfig

@@ -0,0 +1,6 @@
+AE_ID_ENCLAVE_VERSION="1.0"
+TARBALL_NAME=libsgx-ae-id-enclave_1.0.orig.tar.gz
+
+AE_ID_ENCLAVE_PACKAGE_NAME=libsgx-ae-id-enclave
+
+LIB_DIR=lib

QuoteGeneration/installer/linux/common/libsgx-ae-qe3/Makefile

@@ -33,8 +33,15 @@ include installConfig
 
 USR_LIB_PATH=$(shell readlink -m $(DESTDIR)/usr/$(notdir $(shell gcc -print-multi-os-directory))/$(shell dpkg-architecture -qDEB_HOST_MULTIARCH 2> /dev/null))
 
+USR_LIB_VER=1.0.0
+SPLIT_VERSION=$(word $2,$(subst ., ,$1))
+
 default:
 
 install:
 	install -d $(USR_LIB_PATH)
 	install ${LIB_DIR}/* $(USR_LIB_PATH)
+	cd $(USR_LIB_PATH) && \
+	mv libsgx_qe3.signed.so libsgx_qe3.signed.so.$(USR_LIB_VER) && \
+	ln -fs libsgx_qe3.signed.so.$(USR_LIB_VER) libsgx_qe3.signed.so.$(call SPLIT_VERSION,$(USR_LIB_VER),1) && \
+	ln -fs libsgx_qe3.signed.so.$(call SPLIT_VERSION,$(USR_LIB_VER),1) libsgx_qe3.signed.so

QuoteGeneration/installer/linux/common/libsgx-ae-qe3/createTarball.sh

@@ -55,6 +55,8 @@ python ${SCRIPT_DIR}/gen_source.py --bom=BOMs/libsgx-ae-qe3-package.txt  --clean
 python ${SCRIPT_DIR}/gen_source.py --bom=../licenses/BOM_license.txt --cleanup=false
 
 # Create the tarball
+SGX_VERSION=$(awk '/QE3_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/')
 pushd ${INSTALL_PATH} &> /dev/null
+sed -i "s/USR_LIB_VER=.*/USR_LIB_VER=${SGX_VERSION}/" Makefile
 tar -zcvf ${TARBALL_NAME} *
 popd &> /dev/null

QuoteGeneration/installer/linux/common/libsgx-ae-qve/Makefile

@@ -33,8 +33,15 @@ include installConfig
 
 USR_LIB_PATH=$(shell readlink -m $(DESTDIR)/usr/$(notdir $(shell gcc -print-multi-os-directory))/$(shell dpkg-architecture -qDEB_HOST_MULTIARCH 2> /dev/null))
 
+USR_LIB_VER=1.0.0
+SPLIT_VERSION=$(word $2,$(subst ., ,$1))
+
 default:
 
 install:
 	install -d $(USR_LIB_PATH)
 	install ${LIB_DIR}/* $(USR_LIB_PATH)
+	cd $(USR_LIB_PATH) && \
+	mv libsgx_qve.signed.so libsgx_qve.signed.so.$(USR_LIB_VER) && \
+	ln -fs libsgx_qve.signed.so.$(USR_LIB_VER) libsgx_qve.signed.so.$(call SPLIT_VERSION,$(USR_LIB_VER),1) && \
+	ln -fs libsgx_qve.signed.so.$(call SPLIT_VERSION,$(USR_LIB_VER),1) libsgx_qve.signed.so

QuoteGeneration/installer/linux/common/libsgx-ae-qve/createTarball.sh

@@ -55,6 +55,8 @@ python ${SCRIPT_DIR}/gen_source.py --bom=BOMs/libsgx-ae-qve-package.txt  --clean
 python ${SCRIPT_DIR}/gen_source.py --bom=../licenses/BOM_license.txt --cleanup=false
 
 # Create the tarball
+SGX_VERSION=$(awk '/QVE_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/')
 pushd ${INSTALL_PATH} &> /dev/null
+sed -i "s/USR_LIB_VER=.*/USR_LIB_VER=${SGX_VERSION}/" Makefile
 tar -zcvf ${TARBALL_NAME} *
 popd &> /dev/null