remove enclave inspection from virtual image

microsoft · Sep 12, 2023 · 8cdfa81 · 8cdfa81
1 parent 3885c7b
commit 8cdfa81
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 11 deletions.
diff --git a/build.sh b/build.sh
@@ -62,11 +62,7 @@ CC="$CC" CXX="$CXX" \
 ninja -C build/app ${NINJA_FLAGS} --verbose
 ninja -C build/app ${NINJA_FLAGS} install
 
-echo "Dumping enclave details:"
 if [ "$PLATFORM" = "sgx" ]; then
+    echo "Dumping enclave details:"
     /opt/openenclave/bin/oesign dump -e $install_dir/lib/libscitt.enclave.so.signed
-elif [ "$PLATFORM" = "virtual" ]; then
-    /opt/openenclave/bin/oesign dump -e $install_dir/lib/libscitt.virtual.so
-else
-    echo "Unknown platform: $PLATFORM, must be 'sgx' or 'virtual'"
 fi
diff --git a/docker/build.sh b/docker/build.sh
@@ -28,7 +28,7 @@ DOCKER_BUILDKIT=1 docker build \
     --build-arg SCITT_VERSION_OVERRIDE="$SCITT_VERSION_OVERRIDE" \
     .
 
-echo "MRENCLAVE:"
+echo "mrenclave.txt"
 docker run --rm --entrypoint /bin/cat "$DOCKER_TAG" /usr/src/app/mrenclave.txt
 
 if [ -n "$SAVE_IMAGE_PATH" ]; then

diff --git a/docker/virtual.Dockerfile b/docker/virtual.Dockerfile
@@ -28,10 +28,6 @@ RUN mkdir /tmp/app-build && \
     /tmp/app && \
     ninja && ninja install
 
-# Save MRENCLAVE
-WORKDIR /usr/src/app
-RUN /opt/openenclave/bin/oesign dump -e lib/libscitt.virtual.so | sed -n "s/mrenclave=//p" > mrenclave.txt
-
 FROM mcr.microsoft.com/ccf/app/run:${CCF_VERSION}-virtual
 ARG CCF_VERSION
 
@@ -41,7 +37,6 @@ RUN apt-get update && apt-get install -y python3 \
 WORKDIR /usr/src/app
 COPY --from=builder /usr/src/app/lib/libscitt.virtual.so libscitt.virtual.so
 COPY --from=builder /usr/src/app/share/VERSION VERSION
-COPY --from=builder /usr/src/app/mrenclave.txt mrenclave.txt
 
 COPY app/fetch-did-web-doc.py /tmp/scitt/fetch-did-web-doc.py
 COPY --from=builder /usr/src/app/attested-fetch /tmp/scitt/