confidential-containers · fitzthum · Jun 21, 2024 · Jun 21, 2024 · Jun 21, 2024 · Jun 21, 2024
@@ -51,36 +51,27 @@ jobs:
           sudo curl -L https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
           sudo echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
           sudo apt-get update
-          sudo apt-get install -y libsgx-dcap-quote-verify-dev
+          sudo apt-get install -y libsgx-dcap-quote-verify-dev libsgx-dcap-default-qpl
 
       - name: Install Rust toolchain (${{ env.RUSTC_VERSION }})
-        uses: actions-rs/toolchain@v1
-        with:
-          profile: minimal
-          toolchain: ${{ env.RUSTC_VERSION }}
-          override: true
-          components: rustfmt, clippy
+        run: |
+          rustup update --no-self-update ${{ env.RUSTC_VERSION }}
+          rustup component add --toolchain ${{ env.RUSTC_VERSION }} rustfmt rustc clippy
+          rustup default ${{ env.RUSTC_VERSION }}
 
       - name: Build
         working-directory: attestation-service
         run: |
           make
 
       - name: Run cargo test
-        uses: actions-rs/cargo@v1
-        with:
-          command: test
-          args: -p attestation-service -p reference-value-provider-service -p verifier
+        run: |
+          sudo -E PATH="$PATH" -s cargo test -p attestation-service -p reference-value-provider-service -p verifier
 
       - name: Run cargo fmt check
-        uses: actions-rs/cargo@v1
-        with:
-          command: fmt
-          args: -p attestation-service -p reference-value-provider-service --check
+        run: |
+          sudo -E PATH="$PATH" -s cargo fmt -p attestation-service -p reference-value-provider-service --check
 
       - name: Run rust lint check
-        uses: actions-rs/cargo@v1
-        with:
-          command: clippy
-          # We are getting error in generated code due to derive_partial_eq_without_eq check, so ignore it for now
-          args: -p attestation-service -p reference-value-provider-service -- -D warnings -A clippy::derive_partial_eq_without_eq
+        run: |
+          sudo -E PATH="$PATH" -s cargo clippy -p attestation-service -p reference-value-provider-service -- -D warnings -A clippy::derive_partial_eq_without_eq
@@ -528,6 +528,29 @@ mod tests {
         let _ = fs::write(format!("{quote_path}.txt"), parsed_quote);
     }
 
+    /// Test to verify the TDX quote, both in v4 and v5 format.
+    ///
+    /// This unit test requires two packages, s.t. `libsgx-dcap-quote-verify-dev` and `libsgx-dcap-default-qpl`
+    /// On ubuntu 22.04, you need to run the following scripts to install.
+    /// ```shell
+    /// curl -L https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | tee intel-sgx-deb.key | apt-key add - && \
+    /// echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | tee /etc/apt/sources.list.d/intel-sgx.list && \
+    /// apt-get update && \
+    /// apt-get install -y libsgx-dcap-default-qpl libsgx-dcap-quote-verify
+    /// ```
+    ///
+    /// Also, you need to configure DCAP to work with alibaba cloud's PCCS.
+    /// edit `/etc/sgx_default_qcnl.conf` and replace the whole content with
+    /// ```json
+    /// {"pccs_url" :"https://sgx-dcap-server.cn-beijing.aliyuncs.com/sgx/certification/v4/"}
+    /// ```
+    ///
+    /// The manual modification upon `sgx_default_qcnl.conf` could be promoted after
+    /// https://github.com/intel/SGXDataCenterAttestationPrimitives/issues/409 is resolved.
+    ///
+    /// Finally, DCAP only provides packages on x86-64 platform, thus we only test this on x86-64
+    /// platforms.
+    #[cfg(target_arch = "x86_64")]
     #[rstest]
     #[ignore]
     #[tokio::test]