Remove support for OOT (out-of-tree) SGX driver

Signed-off-by: Wojtek Porczyk <[email protected]>

.ci/lib/stage-build-sgx-vm.jenkinsfile

@@ -57,7 +57,6 @@ stage('build') {
                 -Ddirect=disabled \
                 -Dsgx=enabled \
                 -Dtests=enabled \
-                -Dsgx_driver=upstream \
                 $MESON_OPTIONS
             ninja -vC build/
         '''

.ci/lib/stage-build-sgx.jenkinsfile

@@ -15,19 +15,6 @@ stage('build') {
         env.MESON_OPTIONS += ' -Ddcap=enabled'
     }
 
-    if (env.SGX_DRIVER == null) {
-        env.SGX_DRIVER = 'upstream'
-    }
-    if (env.SGX_DRIVER == 'oot') {
-        sh '''
-            git clone https://github.com/intel/linux-sgx-driver.git
-            cd linux-sgx-driver
-            git checkout 276c5c6a064d22358542f5e0aa96b1c0ace5d695
-        '''
-
-        env.MESON_OPTIONS += ' -Dsgx_driver_include_path=' + env.WORKSPACE + '/linux-sgx-driver'
-    }
-
     try {
         sh '''
             meson setup build/ \
@@ -37,7 +24,6 @@ stage('build') {
                 -Ddirect=disabled \
                 -Dsgx=enabled \
                 -Dtests=enabled \
-                -Dsgx_driver="$SGX_DRIVER" \
                 $MESON_OPTIONS
             ninja -vC build/
         '''

.ci/lib/stage-clean-check.jenkinsfile

@@ -20,9 +20,6 @@ stage('clean-check') {
         # root, and keeps cache there
         rm -rf .pytest_cache
 
-        # We downloaded the OOT SGX driver during build stage
-        rm -rf linux-sgx-driver
-
         make -C libos/test/regression clean
         make -C libos/test/fs clean
 
@@ -67,7 +64,6 @@ stage('clean-check') {
      * Gramine source tree.
      */
     sh 'rm -rf "$PREFIX"'
-    sh 'rm -rf linux-sgx-driver'
     sh '''
         ./scripts/gitignore-test
     '''

.gitignore

@@ -30,9 +30,7 @@ __pycache__
 # sgx
 *.manifest.sgx
 *.sig
-*.token
 *.cached
-.output.sgx_get_token.*
 .output.sgx_sign.*
 
 # gnu global

.pylintrc

@@ -168,7 +168,6 @@ ignored-classes=
 # and thus existing member attributes cannot be deduced by static analysis. It
 # supports qualified module names, as well as Unix pattern matching.
 ignored-modules=
-    aesm_pb2,
 
 # Show a hint with possible names when a member name was not found. The aspect
 # of finding the hint is based on edit distance.

CI-Examples/.gitignore

@@ -1,7 +1,6 @@
 *.manifest
 *.manifest.sgx
 *.sig
-*.token
 *.o
 *~
 *.swp

CI-Examples/README.md

@@ -45,8 +45,8 @@ addition, your application sample should have the following elements:
   command. If your application needs extra building steps, please document them
   in the `README.md`. In addition, we ask you to provide sufficient comments in
   the `Makefile` to help users understand the build process. If your application
-  also runs on Gramine-SGX, please include the commands for signing and
-  retrieving the token in the `Makefile`.
+  also runs on Gramine-SGX, please include the command for signing in the
+  `Makefile`.
 
 - Manifest:
   Please provide the manifest needed for running your application sample. Do not

CI-Examples/bash/Makefile

@@ -63,7 +63,7 @@ regression: all
 
 .PHONY: clean
 clean:
-	$(RM) *.manifest *.manifest.sgx *.token *.sig OUTPUT scripts/testdir/*
+	$(RM) *.manifest *.manifest.sgx *.sig OUTPUT scripts/testdir/*
 
 .PHONY: distclean
 distclean: clean

CI-Examples/blender/Makefile

@@ -65,8 +65,7 @@ check: all
 .PHONY: clean
 clean:
 	$(RM) -r \
-		$(RUN_DIR) $(DATA_DIR)/images blender.manifest blender.manifest.sgx blender.sig \
-		blender.token
+		$(RUN_DIR) $(DATA_DIR)/images blender.manifest blender.manifest.sgx blender.sig
 
 .PHONY: distclean
 distclean: clean

CI-Examples/busybox/Makefile

@@ -47,7 +47,7 @@ check: all
 
 .PHONY: clean
 clean:
-	$(RM) *.token *.sig *.manifest.sgx *.manifest OUTPUT
+	$(RM) *.sig *.manifest.sgx *.manifest OUTPUT
 
 .PHONY: distclean
 distclean: clean

CI-Examples/helloworld/Makefile

@@ -47,7 +47,7 @@ check: all
 
 .PHONY: clean
 clean:
-	$(RM) *.token *.sig *.manifest.sgx *.manifest helloworld.o helloworld OUTPUT
+	$(RM) *.sig *.manifest.sgx *.manifest helloworld.o helloworld OUTPUT
 
 .PHONY: distclean
 distclean: clean

CI-Examples/lighttpd/Makefile

@@ -108,7 +108,7 @@ start-gramine-server: all
 .PHONY: clean
 clean:
 	$(RM) \
-		*.manifest *.manifest.sgx *.token *.sig OUTPUT result-* $(CONF_FILES)
+		*.manifest *.manifest.sgx *.sig OUTPUT result-* $(CONF_FILES)
 
 .PHONY: distclean
 distclean: clean

CI-Examples/memcached/Makefile

@@ -64,7 +64,7 @@ start-gramine-server: all
 
 .PHONY: clean
 clean:
-	$(RM) *.token *.sig *.manifest.sgx *.manifest memcached .lck
+	$(RM) *.sig *.manifest.sgx *.manifest memcached .lck
 
 .PHONY: distclean
 distclean: clean

CI-Examples/nginx/Makefile

@@ -128,7 +128,7 @@ start-gramine-server: all
 
 .PHONY: clean
 clean:
-	$(RM) *.manifest *.manifest.sgx *.token *.sig OUTPUT result-* tmp nginx_args
+	$(RM) *.manifest *.manifest.sgx *.sig OUTPUT result-* tmp nginx_args
 
 .PHONY: distclean
 distclean: clean

CI-Examples/python/Makefile

@@ -48,7 +48,7 @@ endif
 
 .PHONY: clean
 clean:
-	$(RM) *.manifest *.manifest.sgx *.token *.sig OUTPUT* *.PID TEST_STDOUT TEST_STDERR
+	$(RM) *.manifest *.manifest.sgx *.sig OUTPUT* *.PID TEST_STDOUT TEST_STDERR
 	$(RM) -r scripts/__pycache__
 
 .PHONY: distclean

CI-Examples/ra-tls-mbedtls/Makefile

@@ -151,7 +151,7 @@ check_dcap_fail: app dcap
 .PHONY: clean
 clean:
 	$(RM) -r \
-		*.token *.sig *.manifest.sgx *.manifest server client *.so *.so.* OUTPUT
+		*.sig *.manifest.sgx *.manifest server client *.so *.so.* OUTPUT
 
 .PHONY: distclean
 distclean: clean

CI-Examples/ra-tls-nginx/Makefile

@@ -41,5 +41,4 @@ clean:
 	$(RM) -r \
 		*.manifest \
 		*.manifest.sgx \
-		*.sig \
-		*.token
+		*.sig

CI-Examples/ra-tls-secret-prov/Makefile

@@ -216,9 +216,9 @@ check_dcap: app dcap
 .PHONY: clean
 clean:
 	$(RM) OUTPUT
-	cd secret_prov_minimal; $(RM) client server_* *.token *.sig *.manifest.sgx *.manifest
-	cd secret_prov;         $(RM) client server_* *.token *.sig *.manifest.sgx *.manifest
-	cd secret_prov_pf;      $(RM) client server_* *.token *.sig *.manifest.sgx *.manifest
+	cd secret_prov_minimal; $(RM) client server_* *.sig *.manifest.sgx *.manifest
+	cd secret_prov;         $(RM) client server_* *.sig *.manifest.sgx *.manifest
+	cd secret_prov_pf;      $(RM) client server_* *.sig *.manifest.sgx *.manifest
 
 .PHONY: distclean
 distclean: clean

CI-Examples/redis/Makefile

@@ -116,7 +116,7 @@ start-gramine-server: all
 
 .PHONY: clean
 clean:
-	$(RM) *.token *.sig *.manifest.sgx *.manifest redis-server *.rdb
+	$(RM) *.sig *.manifest.sgx *.manifest redis-server *.rdb
 
 .PHONY: distclean
 distclean: clean

CI-Examples/rust/Makefile

@@ -49,7 +49,7 @@ start-gramine-server: all
 
 .PHONY: clean
 clean:
-	$(RM) -rf *.token *.sig *.manifest.sgx *.manifest result-* OUTPUT
+	$(RM) -rf *.sig *.manifest.sgx *.manifest result-* OUTPUT
 
 .PHONY: distclean
 distclean: clean

CI-Examples/sqlite/Makefile

@@ -50,7 +50,7 @@ regression: all
 
 .PHONY: clean
 clean:
-	$(RM) *.manifest *.manifest.sgx *.token *.sig OUTPUT db/*
+	$(RM) *.manifest *.manifest.sgx *.sig OUTPUT db/*
 
 .PHONY: distclean
 distclean: clean

Documentation/conf.py

@@ -189,7 +189,6 @@
     ('manpages/gramine-manifest-check', 'gramine-manifest-check', 'Gramine manifest schema validator', [author], 1),
     ('manpages/gramine-ratls', 'gramine-ratls', 'RA-TLS wrapper', [author], 1),
     ('manpages/gramine-sgx-gen-private-key', 'gramine-sgx-gen-private-key', 'Gramine SGX key generator', [author], 1),
-    ('manpages/gramine-sgx-get-token', 'gramine-sgx-get-token', 'Gramine SGX Token generator', [author], 1),
     ('manpages/gramine-sgx-ias-request', 'gramine-sgx-ias-request', 'Submit Intel Attestation Service request', [author], 1),
     ('manpages/gramine-sgx-ias-verify-report', 'gramine-sgx-ias-verify-report', 'Verify Intel Attestation Service report', [author], 1),
     ('manpages/gramine-sgx-quote-view', 'gramine-sgx-quote-view', 'Display SGX quote', [author], 1),