Clean up configuration files

Remove the expand-config script as it's unused. Remove verify-pre-conf as it is now obsolete. Update common config to remove unused/unecessary variables. Remove the enclave.toml files and other obsolete toml. Update the documentation to remove unused variables. Signed-off-by: Bruno Vavala <[email protected]>
hyperledger-labs · Apr 9, 2024 · dc66961 · dc66961
1 parent c011c99
commit dc66961
Show file tree

Hide file tree

Showing 8 changed files with 11 additions and 459 deletions.
diff --git a/build/__tools__/expand-config b/build/__tools__/expand-config
diff --git a/build/__tools__/verify-pre-conf.sh b/build/__tools__/verify-pre-conf.sh
diff --git a/build/cmake/Test.cmake b/build/cmake/Test.cmake
@@ -34,8 +34,8 @@ SET(PDO_TEST_CONTRACT
   --logfile ${TEST_LOG_FILE})
 
 # NOTE: we override the default configuration here because clients
-# do not have the full configuration files (eservice1.toml and
-# enclave.toml) and when running with services these are not required.
+# do not have the full configuration file (eservice1.toml) and
+# when running with services these are not required.
 SET(PDO_TEST_CONTRACT_WITH_SERVICES
   ${PDO_TEST_CONTRACT}
   --ledger ${TEST_LEDGER}

diff --git a/build/common-config.sh b/build/common-config.sh
@@ -113,37 +113,11 @@ var_set() {
     env_val[PDO_SGX_KEY_ROOT]="${PDO_SGX_KEY_ROOT:-${SCRIPTDIR}/keys/sgx_mode_${SGX_MODE,,}}"
 	env_desc[PDO_SGX_KEY_ROOT]="
 		PDO_SGX_KEY_ROOT is the root directory where SGX & IAS related keys are stored.
-		The default points to a directory which contains values which are good
-		enough for SGX simulator mode.  However, for SGX HW mode you
-		should provide your own version, at least for PDO_SPID and PDO_SPID_API_KEY
+		If SGX_MODE=SIM, the default folder contains mock files that are good for simulation mode.
+		If SGX_MODE=HW, the default (or custom) folder must be filled with legitimate SGX & IAS keys.
 	"
 	env_key_sort[$i]="PDO_SGX_KEY_ROOT"; i=$i+1; export PDO_SGX_KEY_ROOT=${env_val[PDO_SGX_KEY_ROOT]}
 
-	env_val[PDO_ENCLAVE_CODE_SIGN_PEM]="${PDO_ENCLAVE_CODE_SIGN_PEM:-${PDO_SGX_KEY_ROOT}/enclave_code_sign.pem}"
-	env_desc[PDO_ENCLAVE_CODE_SIGN_PEM]="
-		PDO_ENCLAVE_CODE_SIGN_PEM contains the name of the file containing the key
-		used to sign the enclave. This key must be white-listed with IAS to work for
-                production-mode/default launch-control.  For non-production use, in simulator or HW mode,
-                the key can generated by the command:
-		    openssl genrsa -3 -out ${PDO_ENCLAVE_CODE_SIGN_PEM} 3072.
-                The default path points to a key which is generated during built on-demand.
-	"
-	env_key_sort[$i]="PDO_ENCLAVE_CODE_SIGN_PEM"; i=$i+1; export PDO_ENCLAVE_CODE_SIGN_PEM=${env_val[PDO_ENCLAVE_CODE_SIGN_PEM]}
-
-	env_val[PDO_SPID]="${PDO_SPID:-$(cat ${PDO_SGX_KEY_ROOT}/sgx_spid.txt)}"
-	env_desc[PDO_SPID]="
-		PDO_SPID is the ID that accompanies the certificate registered
-		with the Intel Attestation Service. This should be a 32 character
-		hex string.
-	"
-	env_key_sort[$i]="PDO_SPID"; i=$i+1; export PDO_SPID=${env_val[PDO_SPID]}
-
-	env_val[PDO_SPID_API_KEY]="${PDO_SPID_API_KEY:-$(cat ${PDO_SGX_KEY_ROOT}/sgx_spid_api_key.txt)}"
-	env_desc[PDO_SPID_API_KEY]="
-		PDO_SPID_API_KEY is API-key associated with the SPID.
-	"
-	env_key_sort[$i]="PDO_SPID_API_KEY"; i=$i+1; export PDO_SPID_API_KEY=${env_val[PDO_SPID_API_KEY]}
-
 	env_val[PDO_LEDGER_KEY_ROOT]="${PDO_LEDGER_KEY_ROOT:-${PDO_INSTALL_ROOT}/opt/pdo/etc/keys/ledger}"
 	env_desc[PDO_LEDGER_KEY_ROOT]="
 		PDO_LEDGER_KEY_ROOT is the root directory where the system keys are stored
@@ -173,7 +147,7 @@ print_export() {
 }
 
 help() {
-    echo 'common-config.sh -[--reset-keys|-r] [--evalable-export|-e] [--help|-h|-?]
+    echo 'common-config.sh [--evalable-export|-e] [--help|-h|-?]
 
 This script can be used to set the environment variables that are used
 in the build, installation & execution process. While the build should
@@ -200,9 +174,6 @@ and before buidling it you call script as
 If passed the parameter --evalable-export it will
 return a list of export commands of the variables
 instead of directly exporting them to the environment.
-Passing parameter --reset-keys will unset keying variables
-PDO_ENCLAVE_CODE_SIGN_PEM,
-PDO_SPID and PDO_SPID_API_KEY before setting variables.
 
 The list of variables set (in order they are defined, their defaults
 and semantics is as follows:
@@ -222,16 +193,6 @@ while [[ $# > 0 ]]
 do
     opt=$1
     case $opt in
-        --reset-keys|-r)
-	    # -----------------------------------------------------------------
-	    # if you change either PDO_SGX_KEY_ROOT or PDO_LEDGER_KEY_ROOT variable
-            # and re-source this file you should unset all of the variables that
-            # depend on those variables
-	    # -----------------------------------------------------------------
-	    unset PDO_ENCLAVE_CODE_SIGN_PEM
-	    unset PDO_SPID
-	    unset PDO_SPID_API_KEY
-            ;;
         --evalable-export|-e)
 	    is_sourced=0
 	    ;;

diff --git a/build/template/enclave.toml b/build/template/enclave.toml