Added
-
Added the ability to verify v5 TDX quotes
-
Added the ability to change the SGX QL load policy via an environment variable
OE_INTEL_QVL_LOAD_POLICY. It is recommended that applications on Icelake servers with high EPC memory setOE_INTEL_QVL_LOAD_POLICY=SGX_QL_PERSISTENT_QVE_MULTI_THREADto improve the performance for TDX quote validation. The following are the possible values you can use for this environment variable.- SGX_QL_EPHEMERAL (Default) – Same as behavior used for TDX quote verification in previous releases. Also used when OE_INTEL_QVL_LOAD_POLICY is not defined
- Only allow one QVL thread when QvE is used. Limits EPC usage to 1 QvE (one QvE instance).
- QvE is unloaded after QvE ECALL completes
- SGX_QL_PERSISTENT
- Only allow one QVL Thread when QvE is used. Limits EPC usage to 1 QvE.
- QvE is kept loaded for as long as the process lives.
- SGX_QL_PERSISTENT_QVE_MULTI_THREAD
- Allow a new QvE instance per thread.
- QvE is unloaded when thread is deleted.
- EPC usage is controlled by the number of extant threads called into the DCAP QVL w/QvE
- Provides the highest performance
- SGX_QL_EPHEMERAL_QVE_MULTI_THREAD –
- Allow a new QvE instance per thread.
- QvE is unloaded once QvE ECALL completes.
- EPC usage is controlled by the number of simultaneous threads calling into the DCAP QVL w/QvE
- Performance is impacted by the loading/unloading of QvE
- SGX_QL_EPHEMERAL (Default) – Same as behavior used for TDX quote verification in previous releases. Also used when OE_INTEL_QVL_LOAD_POLICY is not defined
Packages this release was tested against
On Ubuntu 20.04: DCAP: 1.18.100.1-focal1 PSW: 2.21.100.1-focal1 SGXDriver: 1.41
On Windows Server 2019: DCAP: v1.18.100.1 PSW 2.20.100.1