diff --git a/kbs/docker/rhel-ubi/Dockerfile b/kbs/docker/rhel-ubi/Dockerfile index bcbf02a46f..0e8213d06d 100644 --- a/kbs/docker/rhel-ubi/Dockerfile +++ b/kbs/docker/rhel-ubi/Dockerfile @@ -9,47 +9,25 @@ RUN if [[ -n "${ACTIVATION_KEY}" && -n "${ORG_ID}" ]]; then \ # Install build dependencies from CentOS or RHEL repos. -RUN subscription-manager repos --enable codeready-builder-for-rhel-9-${ARCH/amd64/x86_64}-rpms; \ +RUN subscription-manager repos --enable codeready-builder-for-rhel-10-${ARCH/amd64/x86_64}-rpms; \ dnf -y update && \ dnf -y --setopt=install_weak_deps=0 install \ cargo pkg-config perl-FindBin openssl-devel perl-lib perl-IPC-Cmd perl-File-Compare perl-File-Copy clang-devel \ rust gcc gcc-c++ \ cmake glibc-static perl device-mapper-devel \ tpm2-tss-devel \ - protobuf-compiler \ - # This is needed to build the stub. - meson + protobuf-compiler # Build. WORKDIR /usr/src/kbs COPY . . ARG KBS_FEATURES=coco-as-builtin,intel-trust-authority-as -RUN \ -# Build sgx_dcap_quoteverify stub. -pushd sgx_dcap_quoteverify_stubs && \ -meson setup build --prefix=/usr && \ -meson compile -C build && \ -meson install -C build && \ -popd # Build KBS. ENV OPENSSL_NO_VENDOR=1 -# RUN ARCH=$(uname -m) && \ -# if [ ${ARCH} = "s390x" ]; then \ -# export OPENSSL_NO_VENDOR=1; \ -# fi && \ RUN ARCH=$(uname -m) && \ pushd kbs && make AS_FEATURE=${KBS_FEATURES} ALIYUN=${ALIYUN} ARCH=${ARCH} && make ARCH=${ARCH} install-kbs && popd - -# Check the sha256sum of the Intel provided RPMs on x86_64. -RUN if [ $(uname -m) = "x86_64" ]; then \ - pushd sgx_dcap_quoteverify_stubs && \ - echo "2621eac23cb756bc238f88d6db5401f7efed55d87855fc2b7e446ddfc1bd37ca" libsgx-dcap-default-qpl-1.21.100.3-1.el9.x86_64.rpm | sha256sum --check && \ - echo "57da5fb2253a99bb2483d19b6f30d1170ebc384e2891937e2c89fa55886b7034" libsgx-dcap-quote-verify-1.21.100.3-1.el9.x86_64.rpm | sha256sum --check && \ - popd; \ -fi - # Package UBI image. FROM registry.access.redhat.com/ubi10:10.1-1769521623 @@ -57,17 +35,6 @@ FROM registry.access.redhat.com/ubi10:10.1-1769521623 RUN dnf -y update && dnf clean all COPY --from=builder /usr/local/bin/kbs /usr/local/bin/kbs -COPY --from=builder /usr/src/kbs/sgx_dcap_quoteverify_stubs/libsgx-dcap-quote-verify-1.21.100.3-1.el9.x86_64.rpm /tmp/libsgx-dcap-quote-verify-1.21.100.3-1.el9.x86_64.rpm -COPY --from=builder /usr/src/kbs/sgx_dcap_quoteverify_stubs/libsgx-dcap-default-qpl-1.21.100.3-1.el9.x86_64.rpm /tmp/libsgx-dcap-default-qpl-1.21.100.3-1.el9.x86_64.rpm - -# Install Intel binaries -RUN \ -if [ $(uname -m) = "x86_64" ]; then \ - dnf -y --nogpgcheck --setopt=install_weak_deps=0 localinstall \ - /tmp/libsgx-dcap-quote-verify-1.21.100.3-1.el9.x86_64.rpm \ - /tmp/libsgx-dcap-default-qpl-1.21.100.3-1.el9.x86_64.rpm; \ -fi && \ -rm -f /tmp/libsgx-dcap-quote-verify-1.21.100.3-1.el9.x86_64.rpm /tmp/libsgx-dcap-default-qpl-1.21.100.3-1.el9.x86_64.rpm # Declare build-time variables. ARG NAME="trustee" diff --git a/rpm/redhat.repo b/rpm/redhat.repo index 1182f3aed7..4d5cfd727d 100644 --- a/rpm/redhat.repo +++ b/rpm/redhat.repo @@ -1,35 +1,3846 @@ +# +# Certificate-Based Repositories +# Managed by (rhsm) subscription-manager +# +# *** This file is auto-generated. Changes made here will be overwritten. *** +# *** Use "subscription-manager repo-override --help" if you wish to make changes. *** +# +# If this file is empty and this system is subscribed, consider +# running "dnf repolist" to refresh the available repositories. +# + +[satellite-6-client-2-for-rhel-10-$basearch-eus-source-rpms] +name = Red Hat Satellite 6 Client 2 for RHEL 10 $basearch - Extended Update Support (Source RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/sat-client-2/6/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-client-6-for-rhel-10-$basearch-e4s-debug-rpms] +name = Red Hat Satellite Client 6 for RHEL 10 $basearch - 4 years of updates (Debug RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/sat-client/6/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-highavailability-eus-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - High Availability - Extended Update Support (Source RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/highavailability/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[soa-textonly-1-for-middleware-rpms] +name = Red Hat JBoss SOA Text-Only Advisories +baseurl = https://cdn.redhat.com/content/dist/middleware/soa/1.0/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:// +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-solutions-rhui-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP Solutions (RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/sap-solutions/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[fast-datapath-for-rhel-10-$basearch-debug-rpms] +name = Fast Datapath for RHEL 10 $basearch (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/lvms/4.12/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhboac-hwt-textonly-1-for-middleware-rpms] +name = Red Hat Build of Apache Camel HawtIO Text-Only Advisories +baseurl = https://cdn.redhat.com/content/dist/middleware/rhboac-hwt/1/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-e6s-rhui-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream - 6 years of updates from RHUI (RPMs) +baseurl = https://cdn.redhat.com/content/e6s/rhel10/rhui/$releasever/$basearch/appstream/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-e4s-rhui-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS - 4 years of updates from RHUI (RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/rhui/$releasever/$basearch/baseos/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-solutions-e4s-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP Solutions - 4 years of updates (RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/sap-solutions/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-e6s-rhui-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS - 6 years of updates from RHUI (Debug RPMs) +baseurl = https://cdn.redhat.com/content/e6s/rhel10/rhui/$releasever/$basearch/baseos/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-netweaver-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP NetWeaver (RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/sap/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-rhui-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS from RHUI (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/baseos/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-client-6-for-rhel-10-$basearch-e4s-source-rpms] +name = Red Hat Satellite Client 6 for RHEL 10 $basearch - 4 years of updates (Source RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/sat-client/6/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-supplementary-eus-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Supplementary - Extended Update Support (Debug RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/supplementary/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[codeready-builder-for-rhel-10-$basearch-eus-rhui-rpms] +name = Red Hat CodeReady Linux Builder for RHEL 10 $basearch - Extended Update Support from RHUI (RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/rhui/$releasever/$basearch/codeready-builder/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[codeready-builder-for-rhel-10-$basearch-eus-rhui-debug-rpms] +name = Red Hat CodeReady Linux Builder for RHEL 10 $basearch - Extended Update Support from RHUI (Debug RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/rhui/$releasever/$basearch/codeready-builder/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[discovery-2-for-rhel-10-$basearch-debug-rpms] +name = Red Hat Discovery 2 for RHEL 10 $basearch (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/discovery/2/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/baseos/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-netweaver-e4s-rhui-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP NetWeaver - 4 years of updates from RHUI (Source RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/rhui/$releasever/$basearch/sap/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-nfv-eus-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time for NFV - Extended Update Support (RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/nfv/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-supplementary-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Supplementary (RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/supplementary/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-highavailability-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - High Availability (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/highavailability/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-solutions-rhui-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP Solutions (Source RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/sap-solutions/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-highavailability-e4s-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - High Availability - 4 years of updates (Debug RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/highavailability/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[ansible-automation-platform-2.6-for-rhel-10-$basearch-debug-rpms] +name = Red Hat Ansible Automation Platform 2.6 for RHEL 10 $basearch (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/ansible-automation-platform/2.6/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-solutions-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP Solutions (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/sap-solutions/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[jb-coreservices-textonly-1-for-middleware-rpms] +name = Red Hat JBoss Core Services Text-Only Advisories +baseurl = https://cdn.redhat.com/content/dist/middleware/jbcs/1.0/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:// +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-eus-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream - Extended Update Support (Debug RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/appstream/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-e4s-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS - 4 years of updates (Debug RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/baseos/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-extensions-rhui-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Extensions (Debug RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/extensions/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhocp-4.21-for-rhel-10-$basearch-rpms] +name = Red Hat OpenShift Container Platform 4.21 for RHEL 10 $basearch (RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/rhocp/4.21/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[jws-textonly-1-for-middleware-rpms] +name = Red Hat JBoss Web Server Text-Only Advisories +baseurl = https://cdn.redhat.com/content/dist/middleware/jws/1.0/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-3.16-rpms] +name = Red Hat Container Development Kit 3.16 /(RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.16/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-netweaver-eus-rhui-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP NetWeaver - Extended Update Support from RHUI (Source RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/rhui/$releasever/$basearch/sap/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-highavailability-eus-rhui-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - High Availability - Extended Update Support from RHUI (Debug RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/rhui/$releasever/$basearch/highavailability/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[jon-textonly-1-for-middleware-rpms] +name = Red Hat JBoss Operations Network Text-Only Advisories +baseurl = https://cdn.redhat.com/content/dist/middleware/jon/1.0/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:// +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/baseos/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-supplementary-eus-rhui-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Supplementary - Extended Update Support from RHUI (RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/rhui/$releasever/$basearch/supplementary/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-solutions-eus-rhui-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP Solutions - Extended Update Support from RHUI (RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/rhui/$releasever/$basearch/sap-solutions/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-eus-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS - Extended Update Support (Source RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/baseos/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-eus-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS - Extended Update Support (RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/baseos/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-e4s-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS - 4 years of updates (Source RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/baseos/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-3.6-debug-rpms] +name = Red Hat Container Development Kit 3.6 /(Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.6/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-e6s-rhui-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream - 6 years of updates from RHUI (Source RPMs) +baseurl = https://cdn.redhat.com/content/e6s/rhel10/rhui/$releasever/$basearch/appstream/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[discovery-2-for-rhel-10-$basearch-rpms] +name = Red Hat Discovery 2 for RHEL 10 $basearch (RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/discovery/2/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-extensions-rhui-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Extensions (RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/extensions/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[quarkus-textonly-1-for-middleware-rpms] +name = Red Hat build of Quarkus Text-Only Advisories +baseurl = https://cdn.redhat.com/content/dist/middleware/quarkus/1.0/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:// +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-6-client-2-for-rhel-10-$basearch-eus-debug-rpms] +name = Red Hat Satellite 6 Client 2 for RHEL 10 $basearch - Extended Update Support (Debug RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/sat-client-2/6/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-supplementary-eus-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Supplementary - Extended Update Support (RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/supplementary/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-highavailability-eus-rhui-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - High Availability - Extended Update Support from RHUI (Source RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/rhui/$releasever/$basearch/highavailability/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[ansible-automation-platform-2.6-for-rhel-10-$basearch-rpms] +name = Red Hat Ansible Automation Platform 2.6 for RHEL 10 $basearch (RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/ansible-automation-platform/2.6/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[discovery-2-for-rhel-10-$basearch-source-rpms] +name = Red Hat Discovery 2 for RHEL 10 $basearch (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/discovery/2/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-rt-rhui-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time (RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/rt/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-e4s-rhui-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream - 4 years of updates from RHUI (Debug RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/rhui/$releasever/$basearch/appstream/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-e6s-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS - 6 years of updates (Debug RPMs) +baseurl = https://cdn.redhat.com/content/e6s/rhel10/$releasever/$basearch/baseos/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-3.5-rpms] +name = Red Hat Container Development Kit 3.5 /(RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.5/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-highavailability-rhui-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - High Availability (RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/highavailability/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-rt-eus-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time - Extended Update Support (RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/rt/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-client-6-for-rhel-10-$basearch-e4s-rpms] +name = Red Hat Satellite Client 6 for RHEL 10 $basearch - 4 years of updates (RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/sat-client/6/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-netweaver-e4s-rhui-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP NetWeaver - 4 years of updates from RHUI (Debug RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/rhui/$releasever/$basearch/sap/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-3.14-rpms] +name = Red Hat Container Development Kit 3.14 /(RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.14/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[ansible-developer-1.3-for-rhel-10-$basearch-rpms] +name = Red Hat Ansible Developer 1.3 for RHEL 10 $basearch (RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/ansible-developer/1.3/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-3.3-rpms] +name = Red Hat Container Development Kit 3.3 /(RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.3/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-rt-rhui-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time (Source RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/rt/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[dirsrv-13-for-rhel-10-$basearch-rpms] +name = Red Hat Directory Server 13 for RHEL 10 $basearch (RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/dirsrv/13/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[fast-datapath-for-rhel-10-$basearch-rpms] +name = Fast Datapath for RHEL 10 $basearch (RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/fast-datapath/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[codeready-builder-for-rhel-10-$basearch-rpms] +name = Red Hat CodeReady Linux Builder for RHEL 10 $basearch (RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/codeready-builder/os +enabled = 1 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-3.5-source-rpms] +name = Red Hat Container Development Kit 3.5 /(Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.5/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-3.11-rpms] +name = Red Hat Container Development Kit 3.11 /(RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.11/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[jws-6-for-rhel-10-$basearch-source-rpms] +name = JBoss Web Server 6 (RHEL 10) (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/jws/6/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhacm-2.14-for-rhel-10-$basearch-source-rpms] +name = Red Hat Advanced Cluster Management for Kubernetes 2.14 for RHEL 10 $basearch (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/rhacm/2.14/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-supplementary-rhui-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Supplementary (Debug RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/supplementary/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/appstream/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-eus-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS - Extended Update Support (Debug RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/baseos/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-3.4-source-rpms] +name = Red Hat Container Development Kit 3.4 /(Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.4/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-supplementary-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Supplementary (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/supplementary/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhsi-textonly-1-for-middleware-rpms] +name = Red Hat Service Interconnect Text-Only Advisories +baseurl = https://cdn.redhat.com/content/dist/middleware/rhsi/1/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-6-client-2-for-rhel-10-$basearch-e4s-debug-rpms] +name = Red Hat Satellite 6 Client 2 for RHEL 10 $basearch - 4 years of updates (Debug RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/sat-client-2/6/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-solutions-e4s-rhui-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP Solutions - 4 years of updates from RHUI (Debug RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/rhui/$releasever/$basearch/sap-solutions/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-nfv-e4s-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time for NFV - 4 years of updates (Source RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/nfv/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-solutions-eus-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP Solutions - Extended Update Support (Source RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/sap-solutions/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-rt-rhui-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time (Debug RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/rt/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-6-client-2-for-rhel-10-$basearch-e6s-rpms] +name = Red Hat Satellite 6 Client 2 for RHEL 10 $basearch - 6 years of updates (RPMs) +baseurl = https://cdn.redhat.com/content/e6s/rhel10/$releasever/$basearch/sat-client-2/6/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-netweaver-eus-rhui-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP NetWeaver - Extended Update Support from RHUI (RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/rhui/$releasever/$basearch/sap/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-eus-rhui-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream - Extended Update Support from RHUI (RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/rhui/$releasever/$basearch/appstream/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhose-textonly-1-for-middleware-rpms] +name = Red Hat Middleware Container Advisories +baseurl = https://cdn.redhat.com/content/dist/middleware/rhose-middleware/1.0/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[codeready-builder-for-rhel-10-$basearch-eus-rhui-source-rpms] +name = Red Hat CodeReady Linux Builder for RHEL 10 $basearch - Extended Update Support from RHUI (Source RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/rhui/$releasever/$basearch/codeready-builder/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[jws-6-for-rhel-10-$basearch-debug-rpms] +name = JBoss Web Server 6 (RHEL 10) (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/jws/6/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-2.3-rpms] +name = Red Hat Container Development Kit 2.3 /(RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/2.3/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-eus-rhui-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS - Extended Update Support from RHUI (RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/rhui/$releasever/$basearch/baseos/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-netweaver-eus-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP NetWeaver - Extended Update Support (RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/sap/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-extensions-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Extensions (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/extensions/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-e4s-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream - 4 years of updates (Debug RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/appstream/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-client-6-for-rhel-10-$basearch-debug-rpms] +name = Red Hat Satellite Client 6 for RHEL 10 $basearch (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/sat-client/6/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-solutions-e4s-rhui-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP Solutions - 4 years of updates from RHUI (RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/rhui/$releasever/$basearch/sap-solutions/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-rhui-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS from RHUI (RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/baseos/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-highavailability-eus-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - High Availability - Extended Update Support (RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/highavailability/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-3.6-source-rpms] +name = Red Hat Container Development Kit 3.6 /(Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.6/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-rt-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time (RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/rt/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[codeready-builder-for-rhel-10-$basearch-source-rpms] +name = Red Hat CodeReady Linux Builder for RHEL 10 $basearch (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/codeready-builder/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/appstream/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-e6s-rhui-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream - 6 years of updates from RHUI (Debug RPMs) +baseurl = https://cdn.redhat.com/content/e6s/rhel10/rhui/$releasever/$basearch/appstream/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-rt-e4s-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time - 4 years of updates (RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/rt/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-client-6-for-rhel-10-$basearch-source-rpms] +name = Red Hat Satellite Client 6 for RHEL 10 $basearch (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/sat-client/6/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-6-client-2-for-rhel-10-$basearch-eus-rpms] +name = Red Hat Satellite 6 Client 2 for RHEL 10 $basearch - Extended Update Support (RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/sat-client-2/6/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-rt-eus-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time - Extended Update Support (Source RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/rt/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhocp-4.21-for-rhel-10-$basearch-debug-rpms] +name = Red Hat OpenShift Container Platform 4.21 for RHEL 10 $basearch (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/rhocp/4.21/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[ansible-developer-1.3-for-rhel-10-$basearch-source-rpms] +name = Red Hat Ansible Developer 1.3 for RHEL 10 $basearch (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/ansible-developer/1.3/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[dirsrv-13-for-rhel-10-$basearch-debug-rpms] +name = Red Hat Directory Server 13 for RHEL 10 $basearch (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/dirsrv/13/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-e6s-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS - 6 years of updates (RPMs) +baseurl = https://cdn.redhat.com/content/e6s/rhel10/$releasever/$basearch/baseos/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-nfv-e4s-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time for NFV - 4 years of updates (RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/nfv/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-solutions-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP Solutions (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/sap-solutions/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[dirsrv-13-for-rhel-10-$basearch-source-rpms] +name = Red Hat Directory Server 13 for RHEL 10 $basearch (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/dirsrv/13/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[codeready-builder-for-rhel-10-$basearch-eus-rpms] +name = Red Hat CodeReady Linux Builder for RHEL 10 $basearch - Extended Update Support (RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/codeready-builder/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhocp-4.21-for-rhel-10-$basearch-source-rpms] +name = Red Hat OpenShift Container Platform 4.21 for RHEL 10 $basearch (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/rhocp/4.21/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream (RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/appstream/os +enabled = 1 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 1 + +[rhel-10-for-$basearch-sap-netweaver-rhui-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP NetWeaver (Source RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/sap/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhocp-4.20-for-rhel-10-$basearch-rpms] +name = Red Hat OpenShift Container Platform 4.20 for RHEL 10 $basearch (RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/rhocp/4.20/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[integration-camel-quarkus-textonly-1-for-middleware-rpms] +name = Red Hat Integration - Camel Extensions for Quarkus +baseurl = https://cdn.redhat.com/content/dist/middleware/integration-quarkus/1.0/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-client-6-for-rhel-10-$basearch-eus-source-rpms] +name = Red Hat Satellite Client 6 for RHEL 10 $basearch - Extended Update Support (Source RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/sat-client/6/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-6-client-2-for-rhel-10-$basearch-e4s-rpms] +name = Red Hat Satellite 6 Client 2 for RHEL 10 $basearch - 4 years of updates (RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/sat-client-2/6/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-nfv-e4s-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time for NFV - 4 years of updates (Debug RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/nfv/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[jpp-textonly-1-for-middleware-rpms] +name = Red Hat JBoss Portal Text-Only Advisories +baseurl = https://cdn.redhat.com/content/dist/middleware/jpp/1.0/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:// +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-highavailability-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - High Availability (RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/highavailability/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[dirsrv-13-for-rhel-10-$basearch-eus-debug-rpms] +name = Red Hat Directory Server 13 for RHEL 10 $basearch - Extended Update Support (Debug RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/dirsrv/13/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhacm-2.14-for-rhel-10-$basearch-rpms] +name = Red Hat Advanced Cluster Management for Kubernetes 2.14 for RHEL 10 $basearch (RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/rhacm/2.14/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-client-6-for-rhel-10-$basearch-e6s-debug-rpms] +name = Red Hat Satellite Client 6 for RHEL 10 $basearch - 6 years of updates (Debug RPMs) +baseurl = https://cdn.redhat.com/content/e6s/rhel10/$releasever/$basearch/sat-client/6/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-client-6-for-rhel-10-$basearch-e6s-rpms] +name = Red Hat Satellite Client 6 for RHEL 10 $basearch - 6 years of updates (RPMs) +baseurl = https://cdn.redhat.com/content/e6s/rhel10/$releasever/$basearch/sat-client/6/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-extensions-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Extensions (RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/extensions/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-solutions-e4s-rhui-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP Solutions - 4 years of updates from RHUI (Source RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/rhui/$releasever/$basearch/sap-solutions/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-highavailability-rhui-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - High Availability (Debug RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/highavailability/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-nfv-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time for NFV (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/nfv/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-extensions-rhui-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Extensions (Source RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/extensions/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-6-client-2-for-rhel-10-$basearch-debug-rpms] +name = Red Hat Satellite 6 Client 2 for RHEL 10 $basearch (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/sat-client-2/6/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-nfv-eus-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time for NFV - Extended Update Support (Source RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/nfv/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-e4s-rhui-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS - 4 years of updates from RHUI (Debug RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/rhui/$releasever/$basearch/baseos/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhacm-2.15-for-rhel-10-$basearch-debug-rpms] +name = Red Hat Advanced Cluster Management for Kubernetes 2.15 for RHEL 10 $basearch (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/rhacm/2.15/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[cert-1-for-rhel-10-$basearch-source-rpms] +name = Red Hat Certification for RHEL 10 $basearch (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/cert/1/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-netweaver-e4s-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP NetWeaver - 4 years of updates (Debug RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/sap/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[codeready-builder-for-rhel-10-$basearch-rhui-debug-rpms] +name = Red Hat CodeReady Linux Builder for RHEL 10 $basearch (Debug RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/codeready-builder/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[cert-1-for-rhel-10-$basearch-rpms] +name = Red Hat Certification for RHEL 10 $basearch (RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/cert/1/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-client-6-for-rhel-10-$basearch-rpms] +name = Red Hat Satellite Client 6 for RHEL 10 $basearch (RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/sat-client/6/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rh-sso-textonly-1-for-middleware-rpms] +name = Single Sign-On Text-Only Advisories +baseurl = https://cdn.redhat.com/content/dist/middleware/rh-sso/1.0/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:// +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhceph-9-tools-for-rhel-10-$basearch-source-rpms] +name = Red Hat Ceph Storage Tools 9 for RHEL 10 $basearch (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/rhceph-tools/9/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-nfv-eus-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time for NFV - Extended Update Support (Debug RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/nfv/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-eus-rhui-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS - Extended Update Support from RHUI (Source RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/rhui/$releasever/$basearch/baseos/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[jws-6-for-rhel-10-$basearch-rpms] +name = JBoss Web Server 6 (RHEL 10) (RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/jws/6/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-nfv-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time for NFV (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/nfv/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-6-client-2-for-rhel-10-$basearch-e6s-source-rpms] +name = Red Hat Satellite 6 Client 2 for RHEL 10 $basearch - 6 years of updates (Source RPMs) +baseurl = https://cdn.redhat.com/content/e6s/rhel10/$releasever/$basearch/sat-client-2/6/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-3.6-rpms] +name = Red Hat Container Development Kit 3.6 /(RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.6/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[openjdk-textonly-1-for-middleware-rpms] +name = OpenJDK Text-Only Advisories +baseurl = https://cdn.redhat.com/content/dist/middleware/openjdk/1.0/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:// +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[wfk-textonly-1-for-middleware-rpms] +name = Red Hat JBoss Web Framework Kit Text-Only Advisories +baseurl = https://cdn.redhat.com/content/dist/middleware/wfk/1.0/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:// +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-netweaver-e4s-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP NetWeaver - 4 years of updates (RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/sap/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-6-client-2-for-rhel-10-$basearch-e6s-debug-rpms] +name = Red Hat Satellite 6 Client 2 for RHEL 10 $basearch - 6 years of updates (Debug RPMs) +baseurl = https://cdn.redhat.com/content/e6s/rhel10/$releasever/$basearch/sat-client-2/6/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-netweaver-rhui-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP NetWeaver (Debug RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/sap/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-supplementary-rhui-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Supplementary (Source RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/supplementary/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-6-client-2-for-rhel-10-$basearch-source-rpms] +name = Red Hat Satellite 6 Client 2 for RHEL 10 $basearch (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/sat-client-2/6/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-6-client-2-for-rhel-10-$basearch-rpms] +name = Red Hat Satellite 6 Client 2 for RHEL 10 $basearch (RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/sat-client-2/6/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-solutions-eus-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP Solutions - Extended Update Support (RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/sap-solutions/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhocp-4.20-for-rhel-10-$basearch-debug-rpms] +name = Red Hat OpenShift Container Platform 4.20 for RHEL 10 $basearch (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/rhocp/4.20/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-3.5-debug-rpms] +name = Red Hat Container Development Kit 3.5 /(Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.5/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-netweaver-e4s-rhui-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP NetWeaver - 4 years of updates from RHUI (RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/rhui/$releasever/$basearch/sap/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + [rhel-10-for-$basearch-baseos-rpms] name = Red Hat Enterprise Linux 10 for $basearch - BaseOS (RPMs) -baseurl = https://cdn.redhat.com/content/dist/rhel10/10/$basearch/baseos/os +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/baseos/os enabled = 1 gpgcheck = 1 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release sslverify = 1 -sslcacert = /work/rhsm/ca/redhat-uep.pem -sslclientkey = /work/entitlement/4706421509388240716-key.pem -sslclientcert = /work/entitlement/4706421509388240716.pem -sslverifystatus = 0 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 1 + +[amq-interconnect-textonly-1-for-middleware-rpms] +name = Red Hat AMQ Interconnect Text-Only Advisories +baseurl = https://cdn.redhat.com/content/dist/middleware/amq-interconnect/1.0/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:// +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-e6s-rhui-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS - 6 years of updates from RHUI (Source RPMs) +baseurl = https://cdn.redhat.com/content/e6s/rhel10/rhui/$releasever/$basearch/baseos/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-3.15-rpms] +name = Red Hat Container Development Kit 3.15 /(RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.15/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-rt-e4s-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time - 4 years of updates (Source RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/rt/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-highavailability-e4s-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - High Availability - 4 years of updates (RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/highavailability/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-e4s-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS - 4 years of updates (RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/baseos/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-supplementary-eus-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Supplementary - Extended Update Support (Source RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/supplementary/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[jdv-textonly-1-for-middleware-rpms] +name = Red Hat JBoss Data Virtualization Text-Only Advisories +baseurl = https://cdn.redhat.com/content/dist/middleware/jdv/1.0/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:// +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[jb-datagrid-textonly-1-for-middleware-rpms] +name = Red Hat JBoss Data Grid Text-Only Advisories +baseurl = https://cdn.redhat.com/content/dist/middleware/jb-datagrid/1.0/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:// +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-netweaver-rhui-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP NetWeaver (RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/sap/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rh-sso-textonly-1-for-middleware-rhui-rpms] +name = Single Sign-On Text-Only Advisories from RHUI +baseurl = https://cdn.redhat.com/content/dist/middleware/rhui/rh-sso/1.0/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:// +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-3.4-rpms] +name = Red Hat Container Development Kit 3.4 /(RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.4/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[fast-datapath-for-rhel-10-$basearch-source-rpms] +name = Fast Datapath for RHEL 10 $basearch (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/fast-datapath/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-supplementary-eus-rhui-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Supplementary - Extended Update Support from RHUI (Source RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/rhui/$releasever/$basearch/supplementary/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-eus-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream - Extended Update Support (Source RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/appstream/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-rhui-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream from RHUI (RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/appstream/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[edge-manager-1.0-for-rhel-10-$basearch-source-rpms] +name = Red Hat Edge Manager 1.0 for RHEL 10 $basearch (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/edge-manager/1.0/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-rt-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/rt/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-solutions-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP Solutions (RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/sap-solutions/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-netweaver-eus-rhui-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP NetWeaver - Extended Update Support from RHUI (Debug RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/rhui/$releasever/$basearch/sap/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-3.4-debug-rpms] +name = Red Hat Container Development Kit 3.4 /(Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.4/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-extensions-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Extensions (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/extensions/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[fsw-textonly-1-for-middleware-rpms] +name = Red Hat JBoss Fuse Service Works Text-Only Advisories +baseurl = https://cdn.redhat.com/content/dist/middleware/fsw/1.0/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:// +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[codeready-builder-for-rhel-10-$basearch-eus-debug-rpms] +name = Red Hat CodeReady Linux Builder for RHEL 10 $basearch - Extended Update Support (Debug RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/codeready-builder/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-eus-rhui-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream - Extended Update Support from RHUI (Debug RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/rhui/$releasever/$basearch/appstream/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[openliberty-textonly-1-for-middleware-rpms] +name = Open Liberty Text-Only Advisories +baseurl = https://cdn.redhat.com/content/dist/middleware/openliberty/1.0/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:// +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-highavailability-eus-rhui-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - High Availability - Extended Update Support from RHUI (RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/rhui/$releasever/$basearch/highavailability/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[ansible-automation-platform-2.6-for-rhel-10-$basearch-source-rpms] +name = Red Hat Ansible Automation Platform 2.6 for RHEL 10 $basearch (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/ansible-automation-platform/2.6/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-3.8-rpms] +name = Red Hat Container Development Kit 3.8 /(RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.8/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-client-6-for-rhel-10-$basearch-e6s-source-rpms] +name = Red Hat Satellite Client 6 for RHEL 10 $basearch - 6 years of updates (Source RPMs) +baseurl = https://cdn.redhat.com/content/e6s/rhel10/$releasever/$basearch/sat-client/6/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-eus-rhui-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream - Extended Update Support from RHUI (Source RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/rhui/$releasever/$basearch/appstream/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-solutions-rhui-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP Solutions (Debug RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/sap-solutions/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-nfv-rhui-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time for NFV (Debug RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/nfv/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[cert-1-for-rhel-10-$basearch-debug-rpms] +name = Red Hat Certification for RHEL 10 $basearch (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/cert/1/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[edge-manager-1.0-for-rhel-10-$basearch-rpms] +name = Red Hat Edge Manager 1.0 for RHEL 10 $basearch (RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/edge-manager/1.0/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-highavailability-e4s-rhui-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - High Availability - 4 years of updates from RHUI (Debug RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/rhui/$releasever/$basearch/highavailability/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-rhui-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream from RHUI (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/appstream/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[dirsrv-13-for-rhel-10-$basearch-eus-rpms] +name = Red Hat Directory Server 13 for RHEL 10 $basearch - Extended Update Support (RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/dirsrv/13/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-rt-e4s-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time - 4 years of updates (Debug RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/rt/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-3.10-rpms] +name = Red Hat Container Development Kit 3.10 /(RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.10/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-3.3-source-rpms] +name = Red Hat Container Development Kit 3.3 /(Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.3/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-highavailability-e4s-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - High Availability - 4 years of updates (Source RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/highavailability/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[codeready-builder-for-rhel-10-$basearch-eus-source-rpms] +name = Red Hat CodeReady Linux Builder for RHEL 10 $basearch - Extended Update Support (Source RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/codeready-builder/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-e4s-rhui-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream - 4 years of updates from RHUI (Source RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/rhui/$releasever/$basearch/appstream/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-rhui-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream from RHUI (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/appstream/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 -[rhel-10-for-$basearch-appstream-rpms] -name = Red Hat Enterprise Linux 10 for $basearch - AppStream (RPMs) -baseurl = https://cdn.redhat.com/content/dist/rhel10/10/$basearch/appstream/os -enabled = 1 +[codeready-builder-for-rhel-10-$basearch-debug-rpms] +name = Red Hat CodeReady Linux Builder for RHEL 10 $basearch (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/codeready-builder/debug +enabled = 0 gpgcheck = 1 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release sslverify = 1 -sslcacert = /work/rhsm/ca/redhat-uep.pem -sslclientkey = /work/entitlement/4706421509388240716-key.pem -sslclientcert = /work/entitlement/4706421509388240716.pem -sslverifystatus = 0 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 -[codeready-builder-for-rhel-10-$basearch-rpms] -name = Red Hat CodeReady Linux Builder for RHEL 10 $basearch (RPMs) -baseurl = https://cdn.redhat.com/content/dist/rhel10/10/$basearch/codeready-builder/os -enabled = 1 +[rhel-atomic-7-cdk-3.3-debug-rpms] +name = Red Hat Container Development Kit 3.3 /(Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.3/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-solutions-eus-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP Solutions - Extended Update Support (Debug RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/sap-solutions/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-e6s-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream - 6 years of updates (Source RPMs) +baseurl = https://cdn.redhat.com/content/e6s/rhel10/$releasever/$basearch/appstream/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[amq-textonly-1-for-middleware-rpms] +name = Red Hat JBoss AMQ Text-Only Advisories +baseurl = https://cdn.redhat.com/content/dist/middleware/amq/1.0/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:// +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-3.9-rpms] +name = Red Hat Container Development Kit 3.9 /(RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.9/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-3.17-rpms] +name = Red Hat Container Development Kit 3.17 /(RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.17/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-solutions-eus-rhui-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP Solutions - Extended Update Support from RHUI (Debug RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/rhui/$releasever/$basearch/sap-solutions/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[jb-coreservices-textonly-1-for-middleware-rhui-rpms] +name = Red Hat JBoss Core Services Text-Only Advisories from RHUI +baseurl = https://cdn.redhat.com/content/dist/middleware/rhui/jbcs/1.0/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:// +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-netweaver-eus-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP NetWeaver - Extended Update Support (Source RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/sap/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[ansible-developer-1.3-for-rhel-10-$basearch-debug-rpms] +name = Red Hat Ansible Developer 1.3 for RHEL 10 $basearch (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/ansible-developer/1.3/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhacm-2.15-for-rhel-10-$basearch-rpms] +name = Red Hat Advanced Cluster Management for Kubernetes 2.15 for RHEL 10 $basearch (RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/rhacm/2.15/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-e4s-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream - 4 years of updates (Source RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/appstream/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-solutions-eus-rhui-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP Solutions - Extended Update Support from RHUI (Source RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/rhui/$releasever/$basearch/sap-solutions/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-e4s-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream - 4 years of updates (RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/appstream/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-e4s-rhui-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream - 4 years of updates from RHUI (RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/rhui/$releasever/$basearch/appstream/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-solutions-e4s-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP Solutions - 4 years of updates (Debug RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/sap-solutions/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhbop-textonly-1-for-middleware-rpms] +name = Red Hat Build of OptaPlanner Text-Only Advisories +baseurl = https://cdn.redhat.com/content/dist/rhel/server/6/6Server/$basearch/rhbop-textonly/1/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-netweaver-e4s-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP NetWeaver - 4 years of updates (Source RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/sap/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-solutions-e4s-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP Solutions - 4 years of updates (Source RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/sap-solutions/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhceph-9-tools-for-rhel-10-$basearch-debug-rpms] +name = Red Hat Ceph Storage Tools 9 for RHEL 10 $basearch (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/rhceph-tools/9/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-supplementary-rhui-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Supplementary (RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/supplementary/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhceph-9-tools-for-rhel-10-$basearch-rpms] +name = Red Hat Ceph Storage Tools 9 for RHEL 10 $basearch (RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/rhceph-tools/9/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhacm-2.14-for-rhel-10-$basearch-debug-rpms] +name = Red Hat Advanced Cluster Management for Kubernetes 2.14 for RHEL 10 $basearch (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/rhacm/2.14/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhosds-textonly-3-for-middleware-rpms] +name = Red Hat OpenShift Dev Spaces 3 Container Advisories +baseurl = https://cdn.redhat.com/content/dist/middleware/rhosds/3.0/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-2.3-source-rpms] +name = Red Hat Container Development Kit 2.3 /(Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/2.3/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-netweaver-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP NetWeaver (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/sap/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-supplementary-eus-rhui-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Supplementary - Extended Update Support from RHUI (Debug RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/rhui/$releasever/$basearch/supplementary/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-e6s-rhui-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS - 6 years of updates from RHUI (RPMs) +baseurl = https://cdn.redhat.com/content/e6s/rhel10/rhui/$releasever/$basearch/baseos/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-eus-rhui-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS - Extended Update Support from RHUI (Debug RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/rhui/$releasever/$basearch/baseos/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-highavailability-eus-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - High Availability - Extended Update Support (Debug RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/highavailability/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[jb-eap-textonly-1-for-middleware-rpms] +name = Red Hat JBoss Enterprise Application Platform Text-Only Advisories +baseurl = https://cdn.redhat.com/content/dist/middleware/jbeap/1.0/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:// +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-2.3-debug-rpms] +name = Red Hat Container Development Kit 2.3 /(Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/2.3/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-rt-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/rt/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-nfv-rhui-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time for NFV (RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/nfv/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-highavailability-rhui-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - High Availability (Source RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/highavailability/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-e4s-rhui-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS - 4 years of updates from RHUI (Source RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/rhui/$releasever/$basearch/baseos/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhacm-2.15-for-rhel-10-$basearch-source-rpms] +name = Red Hat Advanced Cluster Management for Kubernetes 2.15 for RHEL 10 $basearch (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/rhacm/2.15/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-highavailability-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - High Availability (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/highavailability/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-3.7-rpms] +name = Red Hat Container Development Kit 3.7 /(RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.7/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[codeready-builder-for-rhel-10-$basearch-rhui-source-rpms] +name = Red Hat CodeReady Linux Builder for RHEL 10 $basearch (Source RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/codeready-builder/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-e6s-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS - 6 years of updates (Source RPMs) +baseurl = https://cdn.redhat.com/content/e6s/rhel10/$releasever/$basearch/baseos/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-client-6-for-rhel-10-$basearch-eus-debug-rpms] +name = Red Hat Satellite Client 6 for RHEL 10 $basearch - Extended Update Support (Debug RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/sat-client/6/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[edge-manager-1.0-for-rhel-10-$basearch-debug-rpms] +name = Red Hat Edge Manager 1.0 for RHEL 10 $basearch (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/edge-manager/1.0/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[jb-eap-7.4-els-textonly-for-middleware-rpms] +name = JBoss Enterprise Application Platform 7.4 ELS Text-Only Advisories +baseurl = https://cdn.redhat.com/content/dist/middleware/jbeap-els/7.4/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[codeready-builder-for-rhel-10-$basearch-rhui-rpms] +name = Red Hat CodeReady Linux Builder for RHEL 10 $basearch (RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/codeready-builder/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-supplementary-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Supplementary (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/supplementary/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-nfv-rhui-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time for NFV (Source RPMs) from RHUI +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/nfv/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-3.13-rpms] +name = Red Hat Container Development Kit 3.13 /(RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.13/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-nfv-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time for NFV (RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/nfv/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-eus-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream - Extended Update Support (RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/appstream/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-6-client-2-for-rhel-10-$basearch-e4s-source-rpms] +name = Red Hat Satellite 6 Client 2 for RHEL 10 $basearch - 4 years of updates (Source RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/$releasever/$basearch/sat-client-2/6/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[dirsrv-13-for-rhel-10-$basearch-eus-source-rpms] +name = Red Hat Directory Server 13 for RHEL 10 $basearch - Extended Update Support (Source RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/dirsrv/13/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-rt-eus-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - Real Time - Extended Update Support (Debug RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/rt/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-baseos-rhui-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - BaseOS from RHUI (Debug RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/rhui/$releasever/$basearch/baseos/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhocp-4.20-for-rhel-10-$basearch-source-rpms] +name = Red Hat OpenShift Container Platform 4.20 for RHEL 10 $basearch (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/layered/rhel10/$basearch/rhocp/4.20/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[satellite-client-6-for-rhel-10-$basearch-eus-rpms] +name = Red Hat Satellite Client 6 for RHEL 10 $basearch - Extended Update Support (RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/sat-client/6/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-netweaver-eus-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP NetWeaver - Extended Update Support (Debug RPMs) +baseurl = https://cdn.redhat.com/content/eus/rhel10/$releasever/$basearch/sap/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-e6s-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream - 6 years of updates (RPMs) +baseurl = https://cdn.redhat.com/content/e6s/rhel10/$releasever/$basearch/appstream/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-atomic-7-cdk-3.12-rpms] +name = Red Hat Container Development Kit 3.12 /(RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/3.12/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-highavailability-e4s-rhui-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - High Availability - 4 years of updates from RHUI (RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/rhui/$releasever/$basearch/highavailability/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-highavailability-e4s-rhui-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - High Availability - 4 years of updates from RHUI (Source RPMs) +baseurl = https://cdn.redhat.com/content/e4s/rhel10/rhui/$releasever/$basearch/highavailability/source/SRPMS +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhcl-textonly-1-for-middleware-rpms] +name = Red Hat Connectivity Link Text-Only Advisories +baseurl = https://cdn.redhat.com/content/dist/middleware/rhcl/1/$basearch/os +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-appstream-e6s-debug-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - AppStream - 6 years of updates (Debug RPMs) +baseurl = https://cdn.redhat.com/content/e6s/rhel10/$releasever/$basearch/appstream/debug +enabled = 0 +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +sslverify = 1 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 + +[rhel-10-for-$basearch-sap-netweaver-source-rpms] +name = Red Hat Enterprise Linux 10 for $basearch - SAP NetWeaver (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel10/$releasever/$basearch/sap/source/SRPMS +enabled = 0 gpgcheck = 1 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release sslverify = 1 -sslcacert = /work/rhsm/ca/redhat-uep.pem -sslclientkey = /work/entitlement/4706421509388240716-key.pem -sslclientcert = /work/entitlement/4706421509388240716.pem -sslverifystatus = 0 +sslcacert = /etc/rhsm/ca/redhat-uep.pem +sslclientkey = /etc/pki/entitlement/2159453540538343757-key.pem +sslclientcert = /etc/pki/entitlement/2159453540538343757.pem +sslverifystatus = 1 +metadata_expire = 86400 +enabled_metadata = 0 diff --git a/rpm/rpms.in.yaml b/rpm/rpms.in.yaml index b4e0a99caf..39a3abb035 100644 --- a/rpm/rpms.in.yaml +++ b/rpm/rpms.in.yaml @@ -18,6 +18,12 @@ packages: - device-mapper-devel - tpm2-tss-devel - protobuf-compiler + - name: sgx-libs + arches: + only: x86_64 + - name: sgx-common + arches: + only: x86_64 # - git # - tar # - gzip @@ -27,7 +33,7 @@ packages: contentOrigin: repofiles: - ./ubi.repo - - ./rhel-10-local.repo + - ./redhat.repo arches: - x86_64 diff --git a/sgx_dcap_quoteverify_stubs/libsgx-dcap-default-qpl-1.21.100.3-1.el9.x86_64.rpm b/sgx_dcap_quoteverify_stubs/libsgx-dcap-default-qpl-1.21.100.3-1.el9.x86_64.rpm deleted file mode 100644 index c4e05be5b8..0000000000 Binary files a/sgx_dcap_quoteverify_stubs/libsgx-dcap-default-qpl-1.21.100.3-1.el9.x86_64.rpm and /dev/null differ diff --git a/sgx_dcap_quoteverify_stubs/libsgx-dcap-quote-verify-1.21.100.3-1.el9.x86_64.rpm b/sgx_dcap_quoteverify_stubs/libsgx-dcap-quote-verify-1.21.100.3-1.el9.x86_64.rpm deleted file mode 100644 index 602ae9c600..0000000000 Binary files a/sgx_dcap_quoteverify_stubs/libsgx-dcap-quote-verify-1.21.100.3-1.el9.x86_64.rpm and /dev/null differ diff --git a/sgx_dcap_quoteverify_stubs/meson.build b/sgx_dcap_quoteverify_stubs/meson.build deleted file mode 100644 index e7d13be84b..0000000000 --- a/sgx_dcap_quoteverify_stubs/meson.build +++ /dev/null @@ -1,41 +0,0 @@ -project( - 'sgx_dcap_quoteverify_stubs', 'cpp', - default_options: ['warning_level=3'], -) - -stub_headers = files([ - 'sgx_attributes.h', - 'sgx_dcap_qal.h', - 'sgx_dcap_quoteverify.h', - 'sgx_defs.h', - 'sgx_eid.h', - 'sgx_error.h', - 'sgx_key.h', - 'sgx_pce.h', - 'sgx_ql_lib_common.h', - 'sgx_ql_quote.h', - 'sgx_quote.h', - 'sgx_quote_3.h', - 'sgx_quote_4.h', - 'sgx_quote_5.h', - 'sgx_qve_header.h', - 'sgx_report.h', - 'sgx_report2.h', - 'sgx_urts.h', -]) - -install_headers(stub_headers) - -extra_args = [ - '-Werror', - '-Wno-pedantic', - '-Wno-padded', -] - -library( - 'sgx_dcap_quoteverify', - 'sgx_dcap_quoteverify_stub.cpp', - cpp_args: extra_args, - soversion: '1', - install: true, -) diff --git a/sgx_dcap_quoteverify_stubs/sgx_attributes.h b/sgx_dcap_quoteverify_stubs/sgx_attributes.h deleted file mode 100644 index 5de45376fd..0000000000 --- a/sgx_dcap_quoteverify_stubs/sgx_attributes.h +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#ifndef _SGX_ATTRIBUTES_H_ -#define _SGX_ATTRIBUTES_H_ - -#include - -/* Enclave Flags Bit Masks */ -#define SGX_FLAGS_INITTED 0x0000000000000001ULL /* If set, then the enclave is initialized */ -#define SGX_FLAGS_DEBUG 0x0000000000000002ULL /* If set, then the enclave is debug */ -#define SGX_FLAGS_MODE64BIT 0x0000000000000004ULL /* If set, then the enclave is 64 bit */ -#define SGX_FLAGS_PROVISION_KEY 0x0000000000000010ULL /* If set, then the enclave has access to provision key */ -#define SGX_FLAGS_EINITTOKEN_KEY 0x0000000000000020ULL /* If set, then the enclave has access to EINITTOKEN key */ -#define SGX_FLAGS_KSS 0x0000000000000080ULL /* If set, then the enclave uses KSS */ -#define SGX_FLAGS_AEX_NOTIFY 0x0000000000000400ULL /* If set, then the enclave enables AEX Notify */ - - -#define SGX_FLAGS_NON_CHECK_BITS 0x00FF000000000000ULL /* BIT[55-48] will not be checked */ - -/* XSAVE Feature Request Mask */ -#define SGX_XFRM_LEGACY 0x0000000000000003ULL /* Legacy XFRM which includes the basic feature bits required by SGX, x87 state(0x01) and SSE state(0x02) */ -#define SGX_XFRM_AVX 0x0000000000000006ULL /* AVX XFRM which includes AVX state(0x04) and SSE state(0x02) required by AVX */ -#define SGX_XFRM_AVX512 0x00000000000000E6ULL /* AVX-512 XFRM */ -#define SGX_XFRM_MPX 0x0000000000000018ULL /* MPX XFRM - not supported */ -#define SGX_XFRM_PKRU 0x0000000000000200ULL /* PKRU state */ -#define SGX_XFRM_AMX 0x0000000000060000ULL /* AMX XFRM, including XTILEDATA(0x40000) and XTILECFG(0x20000) */ - -#define SGX_XFRM_RESERVED (~(SGX_XFRM_LEGACY | SGX_XFRM_AVX | SGX_XFRM_AVX512 | SGX_XFRM_PKRU | SGX_XFRM_AMX)) - -typedef struct _attributes_t -{ - uint64_t flags; - uint64_t xfrm; -} sgx_attributes_t; - -/* Define MISCSELECT - * bit 0: EXINFO - * bit 31-1: reserved(0) */ -typedef uint32_t sgx_misc_select_t; - -typedef struct _sgx_misc_attribute_t { - sgx_attributes_t secs_attr; - sgx_misc_select_t misc_select; -} sgx_misc_attribute_t; - -#endif/* _SGX_ATTRIBUTES_H_ */ diff --git a/sgx_dcap_quoteverify_stubs/sgx_dcap_qal.h b/sgx_dcap_quoteverify_stubs/sgx_dcap_qal.h deleted file mode 100644 index 68992fd6ad..0000000000 --- a/sgx_dcap_quoteverify_stubs/sgx_dcap_qal.h +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#ifndef _SGX_DCAP_QAL_H_ -#define _SGX_DCAP_QAL_H_ - -#include "sgx_report.h" -#include "sgx_ql_lib_common.h" -#include "sgx_ql_quote.h" -#include - -typedef enum _tee_platform_policy_type_t -{ - DEFAULT_STRICT = 0, - CUSTOMIZED -} tee_platform_policy_type_t; - -typedef struct _tee_platform_policy_t -{ - tee_platform_policy_type_t pt; - const uint8_t* p_policy; -} tee_platform_policy_t; - -typedef struct _tee_policy_bundle_t -{ - const uint8_t *p_tenant_identity_policy; - tee_platform_policy_t platform_policy; - - tee_platform_policy_t tdqe_policy; /* For tdqe. Only for TDX and only need to be set when user uses a seperate tdqe_policy - * instead of an integrated platform_policy including both TDX platform policy and TDQE. */ - - tee_platform_policy_t reserved[2]; /* Reserved for future usage */ -} tee_policy_bundle_t; - -typedef enum _tee_policy_auth_result_t -{ - TEE_AUTH_INCOMPLET = -1, /* Only part of the policies are provided and authenticated successfully. For example, you only input - * SGX platform policy for an SGX appraisal token, and the platform policy is authenticated successfully */ - TEE_AUTH_SUCCESS = 0, /* All the policies are authenticated successfully. For SGX, both SGX platform policies are provided and successfully */ - TEE_AUTH_FAILURE = 1, /* At least one of the input policies are authenticated failed */ -} tee_policy_auth_result_t; - -#if defined(__cplusplus) -extern "C" { -#endif - - -/** - * Appraise a Verification Result JWT against one or more Quote Appraisal Policies - * - * @param p_verification_result_token[IN] - Points to a null-terminated string containing the input Verification Result JWT. - * @param p_qaps[IN] - Points to an array of pointers, with each pointer pointing to a buffer holding a quote appraisal policy JWT token. - * Each token is a null-terminated string holding a JWT. - * @param qaps_count[IN] - The number of pointers in the p_qaps array. - * @param appraisal_check_date[IN] - - User input, used by the appraisal engine as its “current time” for expiration dates check. - * @param p_qae_report_info[IN, OUT] - The parameter is optional. - * @param p_appraisal_result_token_buffer_size[OUT] - Points to hold the size of the p_appraisal_result_token buffer. - * @param p_appraisal_result_token[OUT] - Points to the output Appraisal result JWT. - * - * @return Status code of the operation. SGX_QL_SUCCESS or failure as defined in sgx_ql_lib_common.h - **/ -quote3_error_t tee_appraise_verification_token( - const uint8_t *p_verification_result_token, - uint8_t **p_qaps, - uint8_t qaps_count, - const time_t appraisal_check_date, - sgx_ql_qe_report_info_t *p_qae_report_info, - uint32_t *p_appraisal_result_token_buffer_size, - uint8_t **p_appraisal_result_token); - -/** - * Free the appraisal result token that allocated in the "tee_appraise_verification_token" API - * @param p_appraisal_result_token[IN] - Points to the output Appraisal result JWT. - * - * @return Status code of the operation. SGX_QL_SUCCESS or failure as defined in sgx_ql_lib_common.h -**/ -quote3_error_t tee_free_appraisal_token(uint8_t *p_appraisal_result_token); - -/** - * Check whether the input policies are used in the appraisal process by comparing the policies with the appraisal result - * - * @param p_appraisal_result_token[IN] - Points to the Appraisal result JWT that generated by the "tee_appraise_verification_token" API - * @param p_policies[IN] - A structure that contains the target policies - * @param result[OUT] - the authentication result - * - * @return Status code of the operation. SGX_QL_SUCCESS or failure as defined in sgx_ql_lib_common.h -**/ -quote3_error_t tee_authenticate_appraisal_result(const uint8_t *p_appraisal_result_token, const tee_policy_bundle_t *p_policies, tee_policy_auth_result_t *result); - -#if defined(__cplusplus) -} -#endif - -#endif \ No newline at end of file diff --git a/sgx_dcap_quoteverify_stubs/sgx_dcap_quoteverify.h b/sgx_dcap_quoteverify_stubs/sgx_dcap_quoteverify.h deleted file mode 100644 index e39332a895..0000000000 --- a/sgx_dcap_quoteverify_stubs/sgx_dcap_quoteverify.h +++ /dev/null @@ -1,379 +0,0 @@ -/* - * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ -/** - * File: sgx_dcap_quoteverify.h - * - * Description: Definitions and prototypes for Intel(R) SGX/TDX DCAP Quote Verification Library - * - */ - -#ifndef _SGX_DCAP_QV_H_ -#define _SGX_DCAP_QV_H_ - -#include "sgx_qve_header.h" -#include "sgx_ql_quote.h" - -#if defined(__cplusplus) -extern "C" { -#endif - -/** - * When the Quoting Verification Library is linked to a process, it needs to know the proper enclave loading policy. - * The library may be linked with a long lived process, such as a service, where it can load the enclaves and leave - * them loaded (persistent). This better ensures that the enclaves will be available upon quote requests and not subject - * to EPC limitations if loaded on demand. However, if the QVL is linked with an application process, there may be many - * applications with the QVL and a better utilization of EPC is to load and unloaded the quote verification enclaves on - * demand (ephemeral). The library will be shipped with a default policy of loading enclaves and leaving - * them loaded until the library is unloaded (PERSISTENT). If the policy is set to EPHEMERAL, then the QvE will - * be loaded and unloaded on-demand. - * Supported policies: - * SGX_QL_EPHEMERAL - Default policy. QvE is initialized and terminated on every quote verification function call. - * SGX_QL_PERSISTENT - All the threads will share single QvE instance, and QvE is initialized on first use and reused until process ends. - * SGX_QL_EPHEMERAL_QVE_MULTI_THREAD - QvE is loaded per thread and be unloaded before function exit. - * SGX_QL_PERSISTENT_QVE_MULTI_THREAD - QvE is loaded per thread and only be unloaded before thread exit. - * - * NOTE: QvE load policy should be only set once in one process, otherwise, this function will return error SGX_QL_UNSUPPORTED_LOADING_POLICY. - * - * @param policy Sets the requested enclave loading policy to either SGX_QL_PERSISTENT, SGX_QL_EPHEMERAL or SGX_QL_DEFAULT. - * - * @return SGX_QL_SUCCESS Successfully set the enclave loading policy for the quoting library's enclaves. - * @return SGX_QL_UNSUPPORTED_LOADING_POLICY The selected policy is not supported or it has been set once. - * - **/ -quote3_error_t sgx_qv_set_enclave_load_policy(sgx_ql_request_policy_t policy); - - -/** - * Get supplemental data required size. - * @param p_data_size[OUT] - Pointer to hold the size of the buffer in bytes required to contain all of the supplemental data. - * - * @return Status code of the operation, one of: - * - SGX_QL_SUCCESS - * - SGX_QL_ERROR_INVALID_PARAMETER - * - SGX_QL_ERROR_QVL_QVE_MISMATCH - * - SGX_QL_ENCLAVE_LOAD_ERROR - **/ -quote3_error_t sgx_qv_get_quote_supplemental_data_size(uint32_t *p_data_size); - - -/** - * Perform ECDSA quote verification. - * - * @param p_quote[IN] - Pointer to SGX Quote. - * @param quote_size[IN] - Size of the buffer pointed to by p_quote (in bytes). - * @param p_quote_collateral[IN] - This is a pointer to the Quote Certification Collateral provided by the caller. - * @param expiration_check_date[IN] - This is the date that the QvE will use to determine if any of the inputted collateral have expired. - * @param p_collateral_expiration_status[OUT] - Address of the outputted expiration status. This input must not be NULL. - * @param p_quote_verification_result[OUT] - Address of the outputted quote verification result. - * @param p_qve_report_info[IN/OUT] - This parameter can be used in 2 ways. - * If p_qve_report_info is NOT NULL, the API will use Intel QvE to perform quote verification, and QvE will generate a report using the target_info in sgx_ql_qe_report_info_t structure. - * if p_qve_report_info is NULL, the API will use QVL library to perform quote verification, note that the results can not be cryptographically authenticated in this mode. - * @param supplemental_data_size[IN] - Size of the buffer pointed to by p_quote (in bytes). - * @param p_supplemental_data[OUT] - The parameter is optional. If it is NULL, supplemental_data_size must be 0. - * - * @return Status code of the operation, one of: - * - SGX_QL_SUCCESS - * - SGX_QL_ERROR_INVALID_PARAMETER - * - SGX_QL_QUOTE_FORMAT_UNSUPPORTED - * - SGX_QL_QUOTE_CERTIFICATION_DATA_UNSUPPORTED - * - SGX_QL_UNABLE_TO_GENERATE_REPORT - * - SGX_QL_CRL_UNSUPPORTED_FORMAT - * - SGX_QL_ERROR_UNEXPECTED - **/ -quote3_error_t sgx_qv_verify_quote( - const uint8_t *p_quote, - uint32_t quote_size, - const sgx_ql_qve_collateral_t *p_quote_collateral, - const time_t expiration_check_date, - uint32_t *p_collateral_expiration_status, - sgx_ql_qv_result_t *p_quote_verification_result, - sgx_ql_qe_report_info_t *p_qve_report_info, - uint32_t supplemental_data_size, - uint8_t *p_supplemental_data); - - -/** - * Call quote provider library to get QvE identity. - * - * @param pp_qveid[OUT] - Pointer to the pointer of QvE identity - * @param p_qveid_size[OUT] - Pointer to the size of QvE identity - * @param pp_qveid_issue_chain[OUT] - Pointer to the pointer QvE identity certificate chain - * @param p_qveid_issue_chain_size[OUT] - Pointer to the QvE identity certificate chain size - * @param pp_root_ca_crl[OUT] - Pointer to the pointer of Intel Root CA CRL - * @param p_root_ca_crl_size[OUT] - Pointer to the Intel Root CA CRL size - * - * @return Status code of the operation, one of: - * - SGX_QL_SUCCESS - * - SGX_QL_ERROR_INVALID_PARAMETER - * - SGX_QL_NO_QVE_IDENTITY_DATA - * - SGX_QL_ERROR_OUT_OF_MEMORY - * - SGX_QL_NETWORK_ERROR - * - SGX_QL_MESSAGE_ERROR - * - SGX_QL_ERROR_UNEXPECTED - **/ -quote3_error_t sgx_qv_get_qve_identity( - uint8_t **pp_qveid, - uint32_t *p_qveid_size, - uint8_t **pp_qveid_issue_chain, - uint32_t *p_qveid_issue_chain_size, - uint8_t **pp_root_ca_crl, - uint16_t *p_root_ca_crl_size); - -/** - * Call quote provider library to free the p_qve_id, p_qveid_issuer_chain buffer and p_root_ca_crl allocated by sgx_qv_get_qve_identity - **/ -quote3_error_t sgx_qv_free_qve_identity(uint8_t *p_qveid, - uint8_t *p_qveid_issue_chain, - uint8_t *p_root_ca_crl); - - -#ifndef _MSC_VER -typedef enum -{ - SGX_QV_QVE_PATH, - SGX_QV_QPL_PATH -} sgx_qv_path_type_t; - -quote3_error_t sgx_qv_set_path(sgx_qv_path_type_t path_type, - const char *p_path); - -/** - * Perform ECDSA quote verification and get quote verification result token. - * - * @param p_quote[IN] - Pointer to SGX or TDX Quote. - * @param quote_size[IN] - Size of the buffer pointed to by p_quote (in bytes). - * @param p_quote_collateral[IN] - The parameter is optional. This is a pointer to the Quote Certification Collateral provided by the caller. - * @param p_qve_report_info[IN/OUT] - This parameter can be used in 2 ways. - * If p_qve_report_info is NOT NULL, the API will use Intel QvE to perform quote verification, and QvE will generate a report using the target_info in sgx_ql_qe_report_info_t structure. - * if p_qve_report_info is NULL, the API will use QVL library to perform quote verification, note that the results can not be cryptographically authenticated in this mode. - * @param p_user_data[IN] - User data. - * @param p_verification_result_token_buffer_size[OUT] - Size of the buffer pointed to by verification_result_token (in bytes). - * @param p_verification_result_token[OUT] - Pointer to the verification_result_token. - * - * @return Status code of the operation, one of: - * - SGX_QL_SUCCESS - * - SGX_QL_ERROR_INVALID_PARAMETER - * - SGX_QL_QUOTE_FORMAT_UNSUPPORTED - * - SGX_QL_QUOTE_CERTIFICATION_DATA_UNSUPPORTED - * - SGX_QL_UNABLE_TO_GENERATE_REPORT - * - SGX_QL_CRL_UNSUPPORTED_FORMAT - * - SGX_QL_ERROR_UNEXPECTED - **/ -quote3_error_t tee_verify_quote_qvt( - const uint8_t *p_quote, - uint32_t quote_size, - const sgx_ql_qve_collateral_t *p_quote_collateral, - sgx_ql_qe_report_info_t *p_qve_report_info, - const uint8_t *p_user_data, - uint32_t *p_verification_result_token_buffer_size, - uint8_t **p_verification_result_token); - -/** - * Free quote verification result token buffer, which returned by `tee_verify_quote_qvt` - * - * @param p_verification_result_token[IN] - Pointer to verification result token - * @param p_verification_result_token_buffer_size[IN] - Pointer to verification result token size - * - * @return Status code of the operation, one of: - * - SGX_QL_SUCCESS - * - SGX_QL_ERROR_INVALID_PARAMETER - **/ -quote3_error_t tee_free_verify_quote_qvt( - uint8_t *p_verification_result_token, - uint32_t *p_verification_result_token_buffer_size); -#endif - - -/** - * Get TDX supplemental data required size. - * @param p_data_size[OUT] - Pointer to hold the size of the buffer in bytes required to contain all of the supplemental data. - * - * @return Status code of the operation, one of: - * - SGX_QL_SUCCESS - * - SGX_QL_ERROR_INVALID_PARAMETER - * - SGX_QL_ERROR_QVL_QVE_MISMATCH - * - SGX_QL_ENCLAVE_LOAD_ERROR - **/ -quote3_error_t tdx_qv_get_quote_supplemental_data_size(uint32_t *p_data_size); - - -/** - * Perform TDX ECDSA quote verification. - * - * @param p_quote[IN] - Pointer to TDX Quote. - * @param quote_size[IN] - Size of the buffer pointed to by p_quote (in bytes). - * @param p_quote_collateral[IN] - This is a pointer to the Quote Certification Collateral provided by the caller. - * @param expiration_check_date[IN] - This is the date that the QvE will use to determine if any of the inputted collateral have expired. - * @param p_collateral_expiration_status[OUT] - Address of the outputted expiration status. This input must not be NULL. - * @param p_quote_verification_result[OUT] - Address of the outputted quote verification result. - * @param p_qve_report_info[IN/OUT] - This parameter can be used in 2 ways. - * If p_qve_report_info is NOT NULL, the API will use Intel QvE to perform quote verification, and QvE will generate a report using the target_info in sgx_ql_qe_report_info_t structure. - * if p_qve_report_info is NULL, the API will use QVL library to perform quote verification, note that the results can not be cryptographically authenticated in this mode. - * @param supplemental_data_size[IN] - Size of the buffer pointed to by p_quote (in bytes). - * @param p_supplemental_data[OUT] - The parameter is optional. If it is NULL, supplemental_data_size must be 0. - * - * @return Status code of the operation, one of: - * - SGX_QL_SUCCESS - * - SGX_QL_ERROR_INVALID_PARAMETER - * - SGX_QL_QUOTE_FORMAT_UNSUPPORTED - * - SGX_QL_QUOTE_CERTIFICATION_DATA_UNSUPPORTED - * - SGX_QL_UNABLE_TO_GENERATE_REPORT - * - SGX_QL_CRL_UNSUPPORTED_FORMAT - * - SGX_QL_ERROR_UNEXPECTED - **/ -quote3_error_t tdx_qv_verify_quote( - const uint8_t *p_quote, - uint32_t quote_size, - const tdx_ql_qv_collateral_t *p_quote_collateral, - const time_t expiration_check_date, - uint32_t *p_collateral_expiration_status, - sgx_ql_qv_result_t *p_quote_verification_result, - sgx_ql_qe_report_info_t *p_qve_report_info, - uint32_t supplemental_data_size, - uint8_t *p_supplemental_data); - - -/** - * Get quote verification collateral. - * - * @param p_quote[IN] - Pointer to TDX/SGX Quote. - * @param quote_size[IN] - Size of the buffer pointed to by p_quote (in bytes). - * @param p_quote_collateral[OUT] - This is a pointer to the Quote Certification Collateral retrieved based on Quote - * @param p_collateral_size[OUT] - This is the sizeof collateral including the size of nested fileds - * - * @return Status code of the operation, one of: - * - SGX_QL_SUCCESS - * - SGX_QL_ERROR_INVALID_PARAMETER - * - SGX_QL_PLATFORM_LIB_UNAVAILABLE - * - SGX_QL_PCK_CERT_CHAIN_ERROR - * - SGX_QL_PCK_CERT_UNSUPPORTED_FORMAT - * - SGX_QL_QUOTE_FORMAT_UNSUPPORTED - * - SGX_QL_OUT_OF_MEMORY - * - SGX_QL_NO_QUOTE_COLLATERAL_DATA - * - SGX_QL_ERROR_UNEXPECTED - **/ -quote3_error_t tee_qv_get_collateral( - const uint8_t *p_quote, - uint32_t quote_size, - uint8_t **pp_quote_collateral, - uint32_t *p_collateral_size); - - -/** - * Free quote verification collateral buffer, which returned by `tee_qv_get_collateral` - * - * @param p_quote_collateral[IN] - Pointer to collateral - * - * @return Status code of the operation, one of: - * - SGX_QL_SUCCESS - * - SGX_QL_ERROR_INVALID_PARAMETER - * - SGX_QL_QUOTE_FORMAT_UNSUPPORTED - **/ -quote3_error_t tee_qv_free_collateral(uint8_t *p_quote_collateral); - - -/** - * Get supplemental data latest version and required size, support both SGX and TDX - * - * @param p_quote[IN] - Pointer to SGX or TDX Quote. - * @param quote_size[IN] - Size of the buffer pointed to by p_quote (in bytes). - * @param p_version[OUT] - Optional. Pointer to hold latest version of the supplemental data. - * @param p_data_size[OUT] - Optional. Pointer to hold the size of the buffer in bytes required to contain all of the supplemental data. - **/ -quote3_error_t tee_get_supplemental_data_version_and_size( - const uint8_t *p_quote, - uint32_t quote_size, - uint32_t *p_version, - uint32_t *p_data_size); - - -/** - * Perform quote verification for SGX and TDX - * This API works the same as the old one, but takes a new parameter to describe the supplemental data (p_supp_data_descriptor) - * - * @param p_quote[IN] - Pointer to SGX or TDX Quote. - * @param quote_size[IN] - Size of the buffer pointed to by p_quote (in bytes). - * @param p_quote_collateral[IN] - This is a pointer to the Quote Certification Collateral provided by the caller. - * @param expiration_check_date[IN] - This is the date that the QvE will use to determine if any of the inputted collateral have expired. - * @param p_collateral_expiration_status[OUT] - Address of the outputted expiration status. This input must not be NULL. - * @param p_quote_verification_result[OUT] - Address of the outputted quote verification result. - * @param p_qve_report_info[IN/OUT] - This parameter can be used in 2 ways. - * If p_qve_report_info is NOT NULL, the API will use Intel QvE to perform quote verification, and QvE will generate a report using the target_info in sgx_ql_qe_report_info_t structure. - * if p_qve_report_info is NULL, the API will use QVL library to perform quote verification, not that the results can not be cryptographically authenticated in this mode. - * @param p_supp_datal_descriptor[IN/OUT] - Pointer to tee_supp_data_descriptor_t structure - * You can specify the major version of supplemental data by setting p_supp_datal_descriptor->major_version - * If p_supp_datal_descriptor == NULL, no supplemental data is returned - * If p_supp_datal_descriptor->major_version == 0, then return the latest version of the sgx_ql_qv_supplemental_t structure - * If p_supp_datal_descriptor <= latest supported version, return the latest minor version associated with that major version - * If p_supp_datal_descriptor > latest supported version, return an error SGX_QL_SUPPLEMENTAL_DATA_VERSION_NOT_SUPPORTED - * - * @return Status code of the operation, one of: - * - SGX_QL_SUCCESS - * - SGX_QL_ERROR_INVALID_PARAMETER - * - SGX_QL_QUOTE_FORMAT_UNSUPPORTED - * - SGX_QL_QUOTE_CERTIFICATION_DATA_UNSUPPORTED - * - SGX_QL_UNABLE_TO_GENERATE_REPORT - * - SGX_QL_CRL_UNSUPPORTED_FORMAT - * - SGX_QL_SUPPLEMENTAL_DATA_VERSION_NOT_SUPPORTED - * - SGX_QL_ERROR_UNEXPECTED - **/ -quote3_error_t tee_verify_quote( - const uint8_t *p_quote, - uint32_t quote_size, - const uint8_t *p_quote_collateral, - const time_t expiration_check_date, - uint32_t *p_collateral_expiration_status, - sgx_ql_qv_result_t *p_quote_verification_result, - sgx_ql_qe_report_info_t *p_qve_report_info, - tee_supp_data_descriptor_t *p_supp_data_descriptor); - -/** - * Extrace FMSPC from a given quote - * @param p_quote[IN] - Pointer to a quote buffer. - * @param quote_size[IN] - Size of input quote buffer. - * @param p_fmspc_from_quote[IN/OUT] - Pointer to a buffer to write fmspc to. - * @param fmspc_from_quote_size[IN] - Size of fmspc buffer. - * - * @return Status code of the operation, one of: - * - SGX_QL_SUCCESS - * - SGX_QL_ERROR_INVALID_PARAMETER - * - SGX_QL_ERROR_UNEXPECTED - * - SGX_QL_PCK_CERT_CHAIN_ERROR - * - SGX_QL_QUOTE_CERTIFICATION_DATA_UNSUPPORTED - */ -quote3_error_t tee_get_fmspc_from_quote(const uint8_t* p_quote, uint32_t quote_size, - uint8_t* p_fmspc_from_quote, uint32_t fmspc_from_quote_size); - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SGX_DCAP_QV_H_*/ diff --git a/sgx_dcap_quoteverify_stubs/sgx_dcap_quoteverify_stub.cpp b/sgx_dcap_quoteverify_stubs/sgx_dcap_quoteverify_stub.cpp deleted file mode 100644 index a9905df511..0000000000 --- a/sgx_dcap_quoteverify_stubs/sgx_dcap_quoteverify_stub.cpp +++ /dev/null @@ -1,247 +0,0 @@ -/* - * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - /** - * File: sgx_dcap_quoteverify.cpp - * - * Description: Quote Verification Library - */ - -#include -#include "sgx_dcap_quoteverify.h" - -quote3_error_t sgx_qv_set_enclave_load_policy( - sgx_ql_request_policy_t policy __attribute__((unused))) -{ - std::cout << "Not implemented" << std::endl; - return SGX_QL_ERROR_UNEXPECTED; -} - -/** - * Get supplemental data latest version and required size. - **/ -quote3_error_t tee_get_supplemental_data_version_and_size( - const uint8_t *p_quote __attribute__((unused)), - uint32_t quote_size __attribute__((unused)), - uint32_t *p_version __attribute__((unused)), - uint32_t *p_data_size __attribute__((unused))) -{ - std::cout << "Not implemented" << std::endl; - return SGX_QL_ERROR_UNEXPECTED; -} - -/** - * Get SGX QvE identity and Root CA CRL - **/ -quote3_error_t sgx_qv_get_qve_identity( - uint8_t **pp_qveid __attribute__((unused)), - uint32_t *p_qveid_size __attribute__((unused)), - uint8_t **pp_qveid_issue_chain __attribute__((unused)), - uint32_t *p_qveid_issue_chain_size __attribute__((unused)), - uint8_t **pp_root_ca_crl __attribute__((unused)), - uint16_t *p_root_ca_crl_size __attribute__((unused))) -{ - std::cout << "Not implemented" << std::endl; - return SGX_QL_ERROR_UNEXPECTED; -} - - -/** - * Free SGX QvE identity and Root CA CRL - **/ -quote3_error_t sgx_qv_free_qve_identity( - uint8_t *p_qveid __attribute__((unused)), - uint8_t *p_qveid_issue_chain __attribute__((unused)), - uint8_t *p_root_ca_crl __attribute__((unused))) -{ - std::cout << "Not implemented" << std::endl; - return SGX_QL_ERROR_UNEXPECTED; -} - -/** - * Get SGX supplemental data required size. - **/ -quote3_error_t sgx_qv_get_quote_supplemental_data_size(uint32_t *p_data_size __attribute__((unused))) -{ - std::cout << "Not implemented" << std::endl; - return SGX_QL_ERROR_UNEXPECTED; -} - -/** - * Perform SGX ECDSA quote verification - **/ -quote3_error_t sgx_qv_verify_quote( - const uint8_t *p_quote __attribute__((unused)), - uint32_t quote_size __attribute__((unused)), - const sgx_ql_qve_collateral_t *p_quote_collateral __attribute__((unused)), - const time_t expiration_check_date __attribute__((unused)), - uint32_t *p_collateral_expiration_status __attribute__((unused)), - sgx_ql_qv_result_t *p_quote_verification_result __attribute__((unused)), - sgx_ql_qe_report_info_t *p_qve_report_info __attribute__((unused)), - uint32_t supplemental_data_size __attribute__((unused)), - uint8_t *p_supplemental_data __attribute__((unused))) -{ - std::cout << "Not implemented" << std::endl; - return SGX_QL_ERROR_UNEXPECTED; -} - -/** - * Get TDX supplemental data required size. - **/ -quote3_error_t tdx_qv_get_quote_supplemental_data_size(uint32_t *p_data_size __attribute__((unused))) -{ - std::cout << "Not implemented" << std::endl; - return SGX_QL_ERROR_UNEXPECTED; -} - -/** - * Perform TDX ECDSA quote verification - **/ -quote3_error_t tdx_qv_verify_quote( - const uint8_t *p_quote __attribute__((unused)), - uint32_t quote_size __attribute__((unused)), - const tdx_ql_qv_collateral_t *p_quote_collateral __attribute__((unused)), - const time_t expiration_check_date __attribute__((unused)), - uint32_t *p_collateral_expiration_status __attribute__((unused)), - sgx_ql_qv_result_t *p_quote_verification_result __attribute__((unused)), - sgx_ql_qe_report_info_t *p_qve_report_info __attribute__((unused)), - uint32_t supplemental_data_size __attribute__((unused)), - uint8_t *p_supplemental_data __attribute__((unused))) -{ - std::cout << "Not implemented" << std::endl; - return SGX_QL_ERROR_UNEXPECTED; -} - -/** - * @brief retrieve verification colloateral - * - */ -quote3_error_t tee_qv_get_collateral( - const uint8_t *p_quote __attribute__((unused)), - uint32_t quote_size __attribute__((unused)), - uint8_t **pp_quote_collateral __attribute__((unused)), - uint32_t *p_collateral_size __attribute__((unused))) -{ - std::cout << "Not implemented" << std::endl; - return SGX_QL_ERROR_UNEXPECTED; -} - -/** - * @brief free verification colloateral - * - */ -quote3_error_t tee_qv_free_collateral(uint8_t *p_quote_collateral __attribute__((unused))) -{ - std::cout << "Not implemented" << std::endl; - return SGX_QL_ERROR_UNEXPECTED; -} - -/** - * Perform quote verification for SGX and TDX - * This API works the same as the old one __attribute__((unused)), but takes a new parameter to describe the supplemental data (p_supp_data_descriptor) - **/ -quote3_error_t tee_verify_quote( - const uint8_t *p_quote __attribute__((unused)), - uint32_t quote_size __attribute__((unused)), - const uint8_t *p_quote_collateral __attribute__((unused)), - const time_t expiration_check_date __attribute__((unused)), - uint32_t *p_collateral_expiration_status __attribute__((unused)), - sgx_ql_qv_result_t *p_quote_verification_result __attribute__((unused)), - sgx_ql_qe_report_info_t *p_qve_report_info __attribute__((unused)), - tee_supp_data_descriptor_t *p_supp_data_descriptor __attribute__((unused))) -{ - std::cout << "Not implemented" << std::endl; - return SGX_QL_ERROR_UNEXPECTED; -} - -/** - * @brief Extrace FMSPC from a given quote with cert type 5 - * @param p_quote[IN] - Pointer to a quote buffer. - * @param quote_size[IN] - Size of input quote buffer. - * @param p_fmspc_from_quote[IN/OUT] - Pointer to a buffer to write fmspc to. - * @param fmspc_from_quote_size[IN] - Size of fmspc buffer. - * - * @return Status code of the operation __attribute__((unused)), one of: - * - SGX_QL_SUCCESS - * - SGX_QL_ERROR_INVALID_PARAMETER - * - SGX_QL_ERROR_UNEXPECTED - * - SGX_QL_PCK_CERT_CHAIN_ERROR - * - SGX_QL_QUOTE_CERTIFICATION_DATA_UNSUPPORTED - */ -quote3_error_t tee_get_fmspc_from_quote(const uint8_t *p_quote __attribute__((unused)), - uint32_t quote_size __attribute__((unused)), - uint8_t *p_fmspc_from_quote __attribute__((unused)), - uint32_t fmspc_from_quote_size __attribute__((unused))) -{ - std::cout << "Not implemented" << std::endl; - return SGX_QL_ERROR_UNEXPECTED; -} - - -/** - * This API can be used to set the full path of QVE and QPL library. - * - * The function takes the enum and the corresponding full path. - * - * @param path_type The type of binary being passed in. - * @param p_path It should be a valid full path. - * - * @return SGX_QL_SUCCESS Successfully set the full path. - * @return SGX_QL_ERROR_INVALID_PARAMETER p_path is not a valid full path or the path is too long. - */ - -quote3_error_t sgx_qv_set_path( - sgx_qv_path_type_t path_type __attribute__((unused)), - const char *p_path __attribute__((unused))) -{ - std::cout << "Not implemented" << std::endl; - return SGX_QL_ERROR_UNEXPECTED; -} - -quote3_error_t tee_verify_quote_qvt( - const uint8_t *p_quote __attribute__((unused)), - uint32_t quote_size __attribute__((unused)), - const sgx_ql_qve_collateral_t *p_quote_collateral __attribute__((unused)), - sgx_ql_qe_report_info_t *p_qve_report_info __attribute__((unused)), - const uint8_t *p_user_data __attribute__((unused)), - uint32_t *p_verification_result_token_buffer_size __attribute__((unused)), - uint8_t **p_verification_result_token __attribute__((unused))) -{ - std::cout << "Not implemented" << std::endl; - return SGX_QL_ERROR_UNEXPECTED; -} - -quote3_error_t tee_free_verify_quote_qvt( - uint8_t *p_verification_result_token __attribute__((unused)), - uint32_t *p_verification_result_token_buffer_size __attribute__((unused))) -{ - std::cout << "Not implemented" << std::endl; - return SGX_QL_ERROR_UNEXPECTED; -} diff --git a/sgx_dcap_quoteverify_stubs/sgx_defs.h b/sgx_dcap_quoteverify_stubs/sgx_defs.h deleted file mode 100644 index b3e3a532be..0000000000 --- a/sgx_dcap_quoteverify_stubs/sgx_defs.h +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#ifndef _SGX_DEFS_H_ -#define _SGX_DEFS_H_ - -/* The following macros are for GCC only */ - -#define SGXAPI - -#ifdef linux - #undef linux -#endif -#define SGX_CXX_NATIVE_HEADER(header) - -#define SGX_CDECL -#define SGX_STDCALL -#define SGX_FASTCALL - -#define SGX_DLLIMPORT -#define SGX_UBRIDGE(attr, fname, args...) attr fname args - -#define SGX_DEPRECATED __attribute__((deprecated)) - - -#define SGX_NOCONVENTION /* Empty. No calling convention specified. */ - -#endif /* !_SGX_DEFS_H_ */ diff --git a/sgx_dcap_quoteverify_stubs/sgx_eid.h b/sgx_dcap_quoteverify_stubs/sgx_eid.h deleted file mode 100644 index 12de3d7466..0000000000 --- a/sgx_dcap_quoteverify_stubs/sgx_eid.h +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#ifndef _SGX_EID_H_ -#define _SGX_EID_H_ - -#include - -typedef uint64_t sgx_enclave_id_t; - -#endif diff --git a/sgx_dcap_quoteverify_stubs/sgx_error.h b/sgx_dcap_quoteverify_stubs/sgx_error.h deleted file mode 100644 index 725f8aab11..0000000000 --- a/sgx_dcap_quoteverify_stubs/sgx_error.h +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#ifndef _SGX_ERROR_H_ -#define _SGX_ERROR_H_ - -#define SGX_MK_ERROR(x) (0x00000000|(x)) - -typedef enum _status_t -{ - SGX_SUCCESS = SGX_MK_ERROR(0x0000), - - SGX_ERROR_UNEXPECTED = SGX_MK_ERROR(0x0001), /* Unexpected error */ - SGX_ERROR_INVALID_PARAMETER = SGX_MK_ERROR(0x0002), /* The parameter is incorrect */ - SGX_ERROR_OUT_OF_MEMORY = SGX_MK_ERROR(0x0003), /* Not enough memory is available to complete this operation */ - SGX_ERROR_ENCLAVE_LOST = SGX_MK_ERROR(0x0004), /* Enclave lost after power transition or used in child process created by linux:fork() */ - SGX_ERROR_INVALID_STATE = SGX_MK_ERROR(0x0005), /* SGX API is invoked in incorrect order or state */ - SGX_ERROR_FEATURE_NOT_SUPPORTED = SGX_MK_ERROR(0x0008), /* Feature is not supported on this platform */ - SGX_PTHREAD_EXIT = SGX_MK_ERROR(0x0009), /* Enclave is exited with pthread_exit() */ - SGX_ERROR_MEMORY_MAP_FAILURE = SGX_MK_ERROR(0x000a), /* Failed to reserve memory for the enclave */ - - SGX_ERROR_INVALID_FUNCTION = SGX_MK_ERROR(0x1001), /* The ecall/ocall index is invalid */ - SGX_ERROR_OUT_OF_TCS = SGX_MK_ERROR(0x1003), /* The enclave is out of TCS */ - SGX_ERROR_ENCLAVE_CRASHED = SGX_MK_ERROR(0x1006), /* The enclave is crashed */ - SGX_ERROR_ECALL_NOT_ALLOWED = SGX_MK_ERROR(0x1007), /* The ECALL is not allowed at this time, e.g. ecall is blocked by the dynamic entry table, or nested ecall is not allowed during initialization */ - SGX_ERROR_OCALL_NOT_ALLOWED = SGX_MK_ERROR(0x1008), /* The OCALL is not allowed at this time, e.g. ocall is not allowed during exception handling */ - SGX_ERROR_STACK_OVERRUN = SGX_MK_ERROR(0x1009), /* The enclave is running out of stack */ - - SGX_ERROR_UNDEFINED_SYMBOL = SGX_MK_ERROR(0x2000), /* The enclave image has undefined symbol. */ - SGX_ERROR_INVALID_ENCLAVE = SGX_MK_ERROR(0x2001), /* The enclave image is not correct. */ - SGX_ERROR_INVALID_ENCLAVE_ID = SGX_MK_ERROR(0x2002), /* The enclave id is invalid */ - SGX_ERROR_INVALID_SIGNATURE = SGX_MK_ERROR(0x2003), /* The signature is invalid */ - SGX_ERROR_NDEBUG_ENCLAVE = SGX_MK_ERROR(0x2004), /* The enclave is signed as product enclave, and can not be created as debuggable enclave. */ - SGX_ERROR_OUT_OF_EPC = SGX_MK_ERROR(0x2005), /* Not enough EPC is available to load the enclave */ - SGX_ERROR_NO_DEVICE = SGX_MK_ERROR(0x2006), /* Can't open SGX device */ - SGX_ERROR_MEMORY_MAP_CONFLICT= SGX_MK_ERROR(0x2007), /* Page mapping failed in driver. Deprecated */ - SGX_ERROR_INVALID_METADATA = SGX_MK_ERROR(0x2009), /* The metadata is incorrect. */ - SGX_ERROR_DEVICE_BUSY = SGX_MK_ERROR(0x200c), /* Device is busy, mostly EINIT failed. */ - SGX_ERROR_INVALID_VERSION = SGX_MK_ERROR(0x200d), /* Metadata version is inconsistent between uRTS and sgx_sign or uRTS is incompatible with current platform. */ - SGX_ERROR_MODE_INCOMPATIBLE = SGX_MK_ERROR(0x200e), /* The target enclave 32/64 bit mode or sim/hw mode is incompatible with the mode of current uRTS. */ - SGX_ERROR_ENCLAVE_FILE_ACCESS = SGX_MK_ERROR(0x200f), /* Can't open enclave file. */ - SGX_ERROR_INVALID_MISC = SGX_MK_ERROR(0x2010), /* The MiscSelct/MiscMask settings are not correct.*/ - SGX_ERROR_INVALID_LAUNCH_TOKEN = SGX_MK_ERROR(0x2011), /* The launch token is not correct.*/ - - SGX_ERROR_MAC_MISMATCH = SGX_MK_ERROR(0x3001), /* Indicates verification error for reports, sealed datas, etc */ - SGX_ERROR_INVALID_ATTRIBUTE = SGX_MK_ERROR(0x3002), /* The enclave is not authorized, e.g., requesting invalid attribute or launch key access on legacy SGX platform without FLC */ - SGX_ERROR_INVALID_CPUSVN = SGX_MK_ERROR(0x3003), /* The cpu svn is beyond platform's cpu svn value */ - SGX_ERROR_INVALID_ISVSVN = SGX_MK_ERROR(0x3004), /* The isv svn is greater than the enclave's isv svn */ - SGX_ERROR_INVALID_KEYNAME = SGX_MK_ERROR(0x3005), /* The key name is an unsupported value */ - SGX_ERROR_UNSUPPORTED_FUNCTION = SGX_MK_ERROR(0x3006), /* The functionality is not supported */ - - SGX_ERROR_SERVICE_UNAVAILABLE = SGX_MK_ERROR(0x4001), /* Indicates aesm didn't respond or the requested service is not supported */ - SGX_ERROR_SERVICE_TIMEOUT = SGX_MK_ERROR(0x4002), /* The request to aesm timed out */ - SGX_ERROR_AE_INVALID_EPIDBLOB = SGX_MK_ERROR(0x4003), /* Indicates epid blob verification error */ - SGX_ERROR_SERVICE_INVALID_PRIVILEGE = SGX_MK_ERROR(0x4004), /* Enclave not authorized to run, .e.g. provisioning enclave hosted in an app without access rights to /dev/sgx_provision */ - SGX_ERROR_EPID_MEMBER_REVOKED = SGX_MK_ERROR(0x4005), /* The EPID group membership is revoked. */ - SGX_ERROR_UPDATE_NEEDED = SGX_MK_ERROR(0x4006), /* SGX needs to be updated */ - SGX_ERROR_NETWORK_FAILURE = SGX_MK_ERROR(0x4007), /* Network connecting or proxy setting issue is encountered */ - SGX_ERROR_AE_SESSION_INVALID = SGX_MK_ERROR(0x4008), /* Session is invalid or ended by server */ - SGX_ERROR_BUSY = SGX_MK_ERROR(0x400a), /* The requested service is temporarily not available */ - SGX_ERROR_MC_NOT_FOUND = SGX_MK_ERROR(0x400c), /* The Monotonic Counter doesn't exist or has been invalided */ - SGX_ERROR_MC_NO_ACCESS_RIGHT = SGX_MK_ERROR(0x400d), /* Caller doesn't have the access right to specified VMC */ - SGX_ERROR_MC_USED_UP = SGX_MK_ERROR(0x400e), /* Monotonic counters are used out */ - SGX_ERROR_MC_OVER_QUOTA = SGX_MK_ERROR(0x400f), /* Monotonic counters exceeds quota limitation */ - SGX_ERROR_KDF_MISMATCH = SGX_MK_ERROR(0x4011), /* Key derivation function doesn't match during key exchange */ - SGX_ERROR_UNRECOGNIZED_PLATFORM = SGX_MK_ERROR(0x4012), /* EPID Provisioning failed due to platform not recognized by backend server*/ - SGX_ERROR_UNSUPPORTED_CONFIG = SGX_MK_ERROR(0x4013), /* The config for trigging EPID Provisiong or PSE Provisiong<P is invalid*/ - - SGX_ERROR_NO_PRIVILEGE = SGX_MK_ERROR(0x5002), /* Not enough privilege to perform the operation */ - - /* SGX Protected Code Loader Error codes*/ - SGX_ERROR_PCL_ENCRYPTED = SGX_MK_ERROR(0x6001), /* trying to encrypt an already encrypted enclave */ - SGX_ERROR_PCL_NOT_ENCRYPTED = SGX_MK_ERROR(0x6002), /* trying to load a plain enclave using sgx_create_encrypted_enclave */ - SGX_ERROR_PCL_MAC_MISMATCH = SGX_MK_ERROR(0x6003), /* section mac result does not match build time mac */ - SGX_ERROR_PCL_SHA_MISMATCH = SGX_MK_ERROR(0x6004), /* Unsealed key MAC does not match MAC of key hardcoded in enclave binary */ - SGX_ERROR_PCL_GUID_MISMATCH = SGX_MK_ERROR(0x6005), /* GUID in sealed blob does not match GUID hardcoded in enclave binary */ - - /* SGX errors are only used in the file API when there is no appropriate EXXX (EINVAL, EIO etc.) error code */ - SGX_ERROR_FILE_BAD_STATUS = SGX_MK_ERROR(0x7001), /* The file is in bad status, run sgx_clearerr to try and fix it */ - SGX_ERROR_FILE_NO_KEY_ID = SGX_MK_ERROR(0x7002), /* The Key ID field is all zeros, can't re-generate the encryption key */ - SGX_ERROR_FILE_NAME_MISMATCH = SGX_MK_ERROR(0x7003), /* The current file name is different then the original file name (not allowed, substitution attack) */ - SGX_ERROR_FILE_NOT_SGX_FILE = SGX_MK_ERROR(0x7004), /* The file is not an SGX file */ - SGX_ERROR_FILE_CANT_OPEN_RECOVERY_FILE = SGX_MK_ERROR(0x7005), /* A recovery file can't be opened, so flush operation can't continue (only used when no EXXX is returned) */ - SGX_ERROR_FILE_CANT_WRITE_RECOVERY_FILE = SGX_MK_ERROR(0x7006), /* A recovery file can't be written, so flush operation can't continue (only used when no EXXX is returned) */ - SGX_ERROR_FILE_RECOVERY_NEEDED = SGX_MK_ERROR(0x7007), /* When openeing the file, recovery is needed, but the recovery process failed */ - SGX_ERROR_FILE_FLUSH_FAILED = SGX_MK_ERROR(0x7008), /* fflush operation (to disk) failed (only used when no EXXX is returned) */ - SGX_ERROR_FILE_CLOSE_FAILED = SGX_MK_ERROR(0x7009), /* fclose operation (to disk) failed (only used when no EXXX is returned) */ - - - SGX_ERROR_UNSUPPORTED_ATT_KEY_ID = SGX_MK_ERROR(0x8001), /* platform quoting infrastructure does not support the key.*/ - SGX_ERROR_ATT_KEY_CERTIFICATION_FAILURE = SGX_MK_ERROR(0x8002), /* Failed to generate and certify the attestation key.*/ - SGX_ERROR_ATT_KEY_UNINITIALIZED = SGX_MK_ERROR(0x8003), /* The platform quoting infrastructure does not have the attestation key available to generate quote.*/ - SGX_ERROR_INVALID_ATT_KEY_CERT_DATA = SGX_MK_ERROR(0x8004), /* TThe data returned by the platform library's sgx_get_quote_config() is invalid.*/ - SGX_ERROR_PLATFORM_CERT_UNAVAILABLE = SGX_MK_ERROR(0x8005), /* The PCK Cert for the platform is not available.*/ - - SGX_ERROR_TLS_X509_INVALID_EXTENSION = SGX_MK_ERROR(0x9001), /* error of RA-TLS x509 invalid extension */ - SGX_INTERNAL_ERROR_ENCLAVE_CREATE_INTERRUPTED = SGX_MK_ERROR(0xF001), /* The ioctl for enclave_create unexpectedly failed with EINTR. */ - -} sgx_status_t; - -#endif diff --git a/sgx_dcap_quoteverify_stubs/sgx_key.h b/sgx_dcap_quoteverify_stubs/sgx_key.h deleted file mode 100644 index 6be442113d..0000000000 --- a/sgx_dcap_quoteverify_stubs/sgx_key.h +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - - - -/* - * This file is to define Enclave's keys -*/ - -#ifndef _SGX_KEY_H_ -#define _SGX_KEY_H_ - -#include -#include "sgx_attributes.h" - -/* Key Name */ -#define SGX_KEYSELECT_EINITTOKEN 0x0000 -#define SGX_KEYSELECT_PROVISION 0x0001 -#define SGX_KEYSELECT_PROVISION_SEAL 0x0002 -#define SGX_KEYSELECT_REPORT 0x0003 -#define SGX_KEYSELECT_SEAL 0x0004 - -/* Key Policy */ -#define SGX_KEYPOLICY_MRENCLAVE 0x0001 /* Derive key using the enclave's ENCLAVE measurement register */ -#define SGX_KEYPOLICY_MRSIGNER 0x0002 /* Derive key using the enclave's SIGNER measurement register */ -#define SGX_KEYPOLICY_NOISVPRODID 0x0004 /* Derive key without the enclave's ISVPRODID */ -#define SGX_KEYPOLICY_CONFIGID 0x0008 /* Derive key with the enclave's CONFIGID */ -#define SGX_KEYPOLICY_ISVFAMILYID 0x0010 /* Derive key with the enclave's ISVFAMILYID */ -#define SGX_KEYPOLICY_ISVEXTPRODID 0x0020 /* Derive key with the enclave's ISVEXTPRODID */ - -#define SGX_KEYID_SIZE 32 -#define SGX_CPUSVN_SIZE 16 -#define SGX_CONFIGID_SIZE 64 - -typedef uint8_t sgx_key_128bit_t[16]; -typedef uint16_t sgx_isv_svn_t; -typedef uint16_t sgx_config_svn_t; -typedef uint8_t sgx_config_id_t[SGX_CONFIGID_SIZE]; - - -typedef struct _sgx_cpu_svn_t -{ - uint8_t svn[SGX_CPUSVN_SIZE]; -} sgx_cpu_svn_t; - -typedef struct _sgx_key_id_t -{ - uint8_t id[SGX_KEYID_SIZE]; -} sgx_key_id_t; - -#define SGX_KEY_REQUEST_RESERVED2_BYTES 434 - -typedef struct _key_request_t -{ - uint16_t key_name; /* Identifies the key required */ - uint16_t key_policy; /* Identifies which inputs should be used in the key derivation */ - sgx_isv_svn_t isv_svn; /* Security Version of the Enclave */ - uint16_t reserved1; /* Must be 0 */ - sgx_cpu_svn_t cpu_svn; /* Security Version of the CPU */ - sgx_attributes_t attribute_mask; /* Mask which ATTRIBUTES Seal keys should be bound to */ - sgx_key_id_t key_id; /* Value for key wear-out protection */ - sgx_misc_select_t misc_mask; /* Mask what MISCSELECT Seal keys bound to */ - sgx_config_svn_t config_svn; /* CONFIGSVN */ - uint8_t reserved2[SGX_KEY_REQUEST_RESERVED2_BYTES]; /* Struct size is 512 bytes */ -} sgx_key_request_t; - - -#endif diff --git a/sgx_dcap_quoteverify_stubs/sgx_pce.h b/sgx_dcap_quoteverify_stubs/sgx_pce.h deleted file mode 100644 index 467aaceec5..0000000000 --- a/sgx_dcap_quoteverify_stubs/sgx_pce.h +++ /dev/null @@ -1,133 +0,0 @@ -/* - * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/** - * File: sgx_pce.h - * Description: Definition for pce interface. - * - * PCE interface and supporting structure definitions. - */ -#ifndef _SGX_PCE_H_ -#define _SGX_PCE_H_ - -#include "sgx_key.h" -#include "sgx_report.h" - -#define SGX_PCE_MK_ERROR(x) (0x0000F000|(x)) -typedef enum _sgx_pce_error_t -{ - SGX_PCE_SUCCESS = SGX_PCE_MK_ERROR(0x0000), - SGX_PCE_UNEXPECTED = SGX_PCE_MK_ERROR(0x0001), /* Unexpected error */ - SGX_PCE_INVALID_PARAMETER = SGX_PCE_MK_ERROR(0x0002), /* The parameter is incorrect */ - SGX_PCE_OUT_OF_EPC = SGX_PCE_MK_ERROR(0x0003), /* Not enough memory is available to complete this operation */ - SGX_PCE_INTERFACE_UNAVAILABLE = SGX_PCE_MK_ERROR(0x0004), /* SGX API is unavailable */ - SGX_PCE_INVALID_REPORT = SGX_PCE_MK_ERROR(0x0005), /* the report cannot be verified */ - SGX_PCE_CRYPTO_ERROR = SGX_PCE_MK_ERROR(0x0006), /* Cannot decrypt or verify ciphertext */ - SGX_PCE_INVALID_PRIVILEGE = SGX_PCE_MK_ERROR(0x0007), /* Not enough privilege to perform the operation */ - SGX_PCE_INVALID_TCB = SGX_PCE_MK_ERROR(0x0008), /* PCE could not sign at the requested TCB */ -} sgx_pce_error_t; - - -/* PCE ID for the PCE in this library */ -#define PCE_ID 0 - -/* Crypto_suite */ -#define PCE_ALG_RSA_OAEP_3072 1 - -/* Signature_scheme */ -#define PCE_NIST_P256_ECDSA_SHA256 0 - - -//TODO: in qe pce common header -/** Typedef enum _sgx_ql_request_policy */ -typedef enum _sgx_ql_request_policy -{ - SGX_QL_PERSISTENT, ///< QE is initialized on first use and reused until process ends. - SGX_QL_EPHEMERAL, ///< QE is initialized and terminated on every quote. - ///< If a previous QE exists, it is stopped & restarted before quoting. - SGX_QL_EPHEMERAL_QVE_MULTI_THREAD, ///< Only used for quote verification, QvE is loaded per thread and be unloaded before function exit. - SGX_QL_PERSISTENT_QVE_MULTI_THREAD, ///< Only used for quote verification, QvE is loaded per thread and be unloaded before thread exit. - - SGX_QL_DEFAULT = SGX_QL_PERSISTENT -} sgx_ql_request_policy_t; - -#pragma pack(push, 1) -/** Structure for the Platform Certificate Enclave identity information */ -typedef struct _sgx_pce_info_t { - sgx_isv_svn_t pce_isv_svn; ///< PCE ISVSVN - uint16_t pce_id; ///< PCE ID. It will change when something in the PCE would cause the PPID generation to change on the same platform -}sgx_pce_info_t; -#pragma pack(pop) - -#if defined(__cplusplus) -extern "C" { -#endif - -sgx_pce_error_t sgx_set_pce_enclave_load_policy( - sgx_ql_request_policy_t policy); - -sgx_pce_error_t sgx_pce_get_target( - sgx_target_info_t *p_pce_target, - sgx_isv_svn_t *p_pce_isv_svn); - -sgx_pce_error_t sgx_get_pce_info( - const sgx_report_t* p_report, - const uint8_t *p_public_key, - uint32_t key_size, - uint8_t crypto_suite, - uint8_t *p_encrypted_ppid, - uint32_t encrypted_ppid_buf_size, - uint32_t *p_encrypted_ppid_out_size, - sgx_isv_svn_t* p_pce_isvn, - uint16_t* p_pce_id, - uint8_t *p_signature_scheme); - -sgx_pce_error_t sgx_pce_sign_report( - const sgx_isv_svn_t* isv_svn, - const sgx_cpu_svn_t* cpu_svn, - const sgx_report_t* p_report, - uint8_t *p_signature, - uint32_t signature_buf_size, - uint32_t *p_signature_out_size); - -sgx_pce_error_t sgx_get_pce_info_without_ppid( - sgx_isv_svn_t* p_pce_isvsvn, - uint16_t* p_pce_id); - -sgx_pce_error_t sgx_set_pce_path( - const char* p_path); -#if defined(__cplusplus) -} -#endif - -#endif - - diff --git a/sgx_dcap_quoteverify_stubs/sgx_ql_lib_common.h b/sgx_dcap_quoteverify_stubs/sgx_ql_lib_common.h deleted file mode 100644 index 10338a8ee7..0000000000 --- a/sgx_dcap_quoteverify_stubs/sgx_ql_lib_common.h +++ /dev/null @@ -1,267 +0,0 @@ -/* - * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ -/** -* File: sgx_ql_lib_common.h -* -* Description: Common defintions for high-level quote APIs -* -*/ - -/* User defined types */ -#ifndef _SGX_QL_LIB_COMMON_H_ -#define _SGX_QL_LIB_COMMON_H_ - -#include "sgx_key.h" - -#define TEE_MK_ERROR(x) (0x0000E000|(x)) - -/** Possible errors generated by the quote interface. */ -typedef enum _quote3_error_t { - SGX_QL_SUCCESS = 0x0000, TEE_SUCCESS = 0x0000, ///< Success - SGX_QL_ERROR_MIN = TEE_MK_ERROR(0x0001), TEE_ERROR_MIN = TEE_MK_ERROR(0x0001), ///< Indicate min error to allow better translation. - SGX_QL_ERROR_UNEXPECTED = TEE_MK_ERROR(0x0001), TEE_ERROR_UNEXPECTED = TEE_MK_ERROR(0x0001), ///< Unexpected error - SGX_QL_ERROR_INVALID_PARAMETER = TEE_MK_ERROR(0x0002), TEE_ERROR_INVALID_PARAMETER = TEE_MK_ERROR(0x0002), ///< The parameter is incorrect - SGX_QL_ERROR_OUT_OF_MEMORY = TEE_MK_ERROR(0x0003), TEE_ERROR_OUT_OF_MEMORY = TEE_MK_ERROR(0x0003), ///< Not enough memory is available to complete this operation - SGX_QL_ERROR_ECDSA_ID_MISMATCH = TEE_MK_ERROR(0x0004), TEE_ERROR_ECDSA_ID_MISMATCH = TEE_MK_ERROR(0x0004), ///< Expected ECDSA_ID does not match the value stored in the ECDSA Blob - SGX_QL_PATHNAME_BUFFER_OVERFLOW_ERROR = TEE_MK_ERROR(0x0005), TEE_PATHNAME_BUFFER_OVERFLOW_ERROR = TEE_MK_ERROR(0x0005), ///< The ECDSA blob pathname is too large - SGX_QL_FILE_ACCESS_ERROR = TEE_MK_ERROR(0x0006), TEE_FILE_ACCESS_ERROR = TEE_MK_ERROR(0x0006), ///< Error accessing ECDSA blob - SGX_QL_ERROR_STORED_KEY = TEE_MK_ERROR(0x0007), TEE_ERROR_STORED_KEY = TEE_MK_ERROR(0x0007), ///< Cached ECDSA key is invalid - SGX_QL_ERROR_PUB_KEY_ID_MISMATCH = TEE_MK_ERROR(0x0008), TEE_ERROR_PUB_KEY_ID_MISMATCH = TEE_MK_ERROR(0x0008), ///< Cached ECDSA key does not match requested key - SGX_QL_ERROR_INVALID_PCE_SIG_SCHEME = TEE_MK_ERROR(0x0009), TEE_ERROR_INVALID_PCE_SIG_SCHEME = TEE_MK_ERROR(0x0009), ///< PCE use the incorrect signature scheme - SGX_QL_ATT_KEY_BLOB_ERROR = TEE_MK_ERROR(0x000a), TEE_ATT_KEY_BLOB_ERROR = TEE_MK_ERROR(0x000a), ///< There is a problem with the attestation key blob. - SGX_QL_UNSUPPORTED_ATT_KEY_ID = TEE_MK_ERROR(0x000b), TEE_UNSUPPORTED_ATT_KEY_ID = TEE_MK_ERROR(0x000b), ///< Unsupported attestation key ID. - SGX_QL_UNSUPPORTED_LOADING_POLICY = TEE_MK_ERROR(0x000c), TEE_UNSUPPORTED_LOADING_POLICY = TEE_MK_ERROR(0x000c), ///< Unsupported enclave loading policy. - SGX_QL_INTERFACE_UNAVAILABLE = TEE_MK_ERROR(0x000d), TEE_INTERFACE_UNAVAILABLE = TEE_MK_ERROR(0x000d), ///< Unable to load the PCE enclave - SGX_QL_PLATFORM_LIB_UNAVAILABLE = TEE_MK_ERROR(0x000e), TEE_PLATFORM_LIB_UNAVAILABLE = TEE_MK_ERROR(0x000e), ///< Unable to find the platform library with the dependent APIs. Not fatal. - SGX_QL_ATT_KEY_NOT_INITIALIZED = TEE_MK_ERROR(0x000f), TEE_ATT_KEY_NOT_INITIALIZED = TEE_MK_ERROR(0x000f), ///< The attestation key doesn't exist or has not been certified. - SGX_QL_ATT_KEY_CERT_DATA_INVALID = TEE_MK_ERROR(0x0010), TEE_ATT_KEY_CERT_DATA_INVALID = TEE_MK_ERROR(0x0010), ///< The certification data retrieved from the platform library is invalid. - SGX_QL_NO_PLATFORM_CERT_DATA = TEE_MK_ERROR(0x0011), TEE_NO_PLATFORM_CERT_DATA = TEE_MK_ERROR(0x0011), ///< The platform library doesn't have any platfrom cert data. - SGX_QL_OUT_OF_EPC = TEE_MK_ERROR(0x0012), TEE_OUT_OF_EPC = TEE_MK_ERROR(0x0012), ///< Not enough memory in the EPC to load the enclave. - SGX_QL_ERROR_REPORT = TEE_MK_ERROR(0x0013), TEE_ERROR_REPORT = TEE_MK_ERROR(0x0013), ///< There was a problem verifying an SGX REPORT. - SGX_QL_ENCLAVE_LOST = TEE_MK_ERROR(0x0014), TEE_ENCLAVE_LOST = TEE_MK_ERROR(0x0014), ///< Interfacing to the enclave failed due to a power transition. - SGX_QL_INVALID_REPORT = TEE_MK_ERROR(0x0015), TEE_INVALID_REPORT = TEE_MK_ERROR(0x0015), ///< Error verifying the application enclave's report. - SGX_QL_ENCLAVE_LOAD_ERROR = TEE_MK_ERROR(0x0016), TEE_ENCLAVE_LOAD_ERROR = TEE_MK_ERROR(0x0016), ///< Unable to load the enclaves. Could be due to file I/O error, loading infrastructure error, or non-SGX capable system - SGX_QL_UNABLE_TO_GENERATE_QE_REPORT = TEE_MK_ERROR(0x0017), TEE_UNABLE_TO_GENERATE_QE_REPORT = TEE_MK_ERROR(0x0017), ///< The QE was unable to generate its own report targeting the application enclave either - ///< because the QE doesn't support this feature there is an enclave compatibility issue. - ///< Please call again with the p_qe_report_info to NULL. - SGX_QL_KEY_CERTIFCATION_ERROR = TEE_MK_ERROR(0x0018), TEE_KEY_CERTIFCATION_ERROR = TEE_MK_ERROR(0x0018), ///< Caused when the provider library returns an invalid TCB (too high). - SGX_QL_NETWORK_ERROR = TEE_MK_ERROR(0x0019), TEE_NETWORK_ERROR = TEE_MK_ERROR(0x0019), ///< Network error when retrieving PCK certs - SGX_QL_MESSAGE_ERROR = TEE_MK_ERROR(0x001a), TEE_MESSAGE_ERROR = TEE_MK_ERROR(0x001a), ///< Message error when retrieving PCK certs - SGX_QL_NO_QUOTE_COLLATERAL_DATA = TEE_MK_ERROR(0x001b), TEE_NO_QUOTE_COLLATERAL_DATA = TEE_MK_ERROR(0x001b), ///< The platform does not have the quote verification collateral data available. - SGX_QL_QUOTE_CERTIFICATION_DATA_UNSUPPORTED = TEE_MK_ERROR(0x001c), TEE_QUOTE_CERTIFICATION_DATA_UNSUPPORTED = TEE_MK_ERROR(0x001c), - SGX_QL_QUOTE_FORMAT_UNSUPPORTED = TEE_MK_ERROR(0x001d), TEE_QUOTE_FORMAT_UNSUPPORTED = TEE_MK_ERROR(0x001d), - SGX_QL_UNABLE_TO_GENERATE_REPORT = TEE_MK_ERROR(0x001e), TEE_UNABLE_TO_GENERATE_REPORT = TEE_MK_ERROR(0x001e), - SGX_QL_QE_REPORT_INVALID_SIGNATURE = TEE_MK_ERROR(0x001f), TEE_QE_REPORT_INVALID_SIGNATURE = TEE_MK_ERROR(0x001f), - SGX_QL_QE_REPORT_UNSUPPORTED_FORMAT = TEE_MK_ERROR(0x0020), TEE_QE_REPORT_UNSUPPORTED_FORMAT = TEE_MK_ERROR(0x0020), - SGX_QL_PCK_CERT_UNSUPPORTED_FORMAT = TEE_MK_ERROR(0x0021), TEE_PCK_CERT_UNSUPPORTED_FORMAT = TEE_MK_ERROR(0x0021), - SGX_QL_PCK_CERT_CHAIN_ERROR = TEE_MK_ERROR(0x0022), TEE_PCK_CERT_CHAIN_ERROR = TEE_MK_ERROR(0x0022), - SGX_QL_TCBINFO_UNSUPPORTED_FORMAT = TEE_MK_ERROR(0x0023), TEE_TCBINFO_UNSUPPORTED_FORMAT = TEE_MK_ERROR(0x0023), - SGX_QL_TCBINFO_MISMATCH = TEE_MK_ERROR(0x0024), TEE_TCBINFO_MISMATCH = TEE_MK_ERROR(0x0024), - SGX_QL_QEIDENTITY_UNSUPPORTED_FORMAT = TEE_MK_ERROR(0x0025), TEE_QEIDENTITY_UNSUPPORTED_FORMAT = TEE_MK_ERROR(0x0025), - SGX_QL_QEIDENTITY_MISMATCH = TEE_MK_ERROR(0x0026), TEE_QEIDENTITY_MISMATCH = TEE_MK_ERROR(0x0026), - SGX_QL_TCB_OUT_OF_DATE = TEE_MK_ERROR(0x0027), TEE_TCB_OUT_OF_DATE = TEE_MK_ERROR(0x0027), - SGX_QL_TCB_OUT_OF_DATE_CONFIGURATION_NEEDED = TEE_MK_ERROR(0x0028), TEE_TCB_OUT_OF_DATE_CONFIGURATION_NEEDED = TEE_MK_ERROR(0x0028), ///< TCB out of date and Configuration needed - SGX_QL_SGX_ENCLAVE_IDENTITY_OUT_OF_DATE = TEE_MK_ERROR(0x0029), TEE_SGX_ENCLAVE_IDENTITY_OUT_OF_DATE = TEE_MK_ERROR(0x0029), - SGX_QL_SGX_ENCLAVE_REPORT_ISVSVN_OUT_OF_DATE = TEE_MK_ERROR(0x002a), TEE_SGX_ENCLAVE_REPORT_ISVSVN_OUT_OF_DATE = TEE_MK_ERROR(0x002a), - SGX_QL_QE_IDENTITY_OUT_OF_DATE = TEE_MK_ERROR(0x002b), TEE_QE_IDENTITY_OUT_OF_DATE = TEE_MK_ERROR(0x002b), - SGX_QL_SGX_TCB_INFO_EXPIRED = TEE_MK_ERROR(0x002c), TEE_SGX_TCB_INFO_EXPIRED = TEE_MK_ERROR(0x002c), - SGX_QL_SGX_PCK_CERT_CHAIN_EXPIRED = TEE_MK_ERROR(0x002d), TEE_SGX_PCK_CERT_CHAIN_EXPIRED = TEE_MK_ERROR(0x002d), - SGX_QL_SGX_CRL_EXPIRED = TEE_MK_ERROR(0x002e), TEE_SGX_CRL_EXPIRED = TEE_MK_ERROR(0x002e), - SGX_QL_SGX_SIGNING_CERT_CHAIN_EXPIRED = TEE_MK_ERROR(0x002f), TEE_SGX_SIGNING_CERT_CHAIN_EXPIRED = TEE_MK_ERROR(0x002f), - SGX_QL_SGX_ENCLAVE_IDENTITY_EXPIRED = TEE_MK_ERROR(0x0030), TEE_SGX_ENCLAVE_IDENTITY_EXPIRED = TEE_MK_ERROR(0x0030), - SGX_QL_PCK_REVOKED = TEE_MK_ERROR(0x0031), TEE_PCK_REVOKED = TEE_MK_ERROR(0x0031), - SGX_QL_TCB_REVOKED = TEE_MK_ERROR(0x0032), TEE_TCB_REVOKED = TEE_MK_ERROR(0x0032), - SGX_QL_TCB_CONFIGURATION_NEEDED = TEE_MK_ERROR(0x0033), TEE_TCB_CONFIGURATION_NEEDED = TEE_MK_ERROR(0x0033), - SGX_QL_UNABLE_TO_GET_COLLATERAL = TEE_MK_ERROR(0x0034), TEE_UNABLE_TO_GET_COLLATERAL = TEE_MK_ERROR(0x0034), - SGX_QL_ERROR_INVALID_PRIVILEGE = TEE_MK_ERROR(0x0035), TEE_ERROR_INVALID_PRIVILEGE = TEE_MK_ERROR(0x0035), ///< No enough privilege to perform the operation - SGX_QL_NO_QVE_IDENTITY_DATA = TEE_MK_ERROR(0x0037), TEE_NO_QVE_IDENTITY_DATA = TEE_MK_ERROR(0x0037), ///< The platform does not have the QVE identity data available. - SGX_QL_CRL_UNSUPPORTED_FORMAT = TEE_MK_ERROR(0x0038), TEE_CRL_UNSUPPORTED_FORMAT = TEE_MK_ERROR(0x0038), - SGX_QL_QEIDENTITY_CHAIN_ERROR = TEE_MK_ERROR(0x0039), TEE_QEIDENTITY_CHAIN_ERROR = TEE_MK_ERROR(0x0039), - SGX_QL_TCBINFO_CHAIN_ERROR = TEE_MK_ERROR(0x003a), TEE_TCBINFO_CHAIN_ERROR = TEE_MK_ERROR(0x003a), - SGX_QL_ERROR_QVL_QVE_MISMATCH = TEE_MK_ERROR(0x003b), TEE_ERROR_QVL_QVE_MISMATCH = TEE_MK_ERROR(0x003b), ///< Supplemental data size and version mismatched between QVL and QvE - ///< Please make sure to use QVL and QvE from same release package - SGX_QL_TCB_SW_HARDENING_NEEDED = TEE_MK_ERROR(0x003c), TEE_TCB_SW_HARDENING_NEEDED = TEE_MK_ERROR(0x003c), ///< TCB up to date but SW Hardening needed - SGX_QL_TCB_CONFIGURATION_AND_SW_HARDENING_NEEDED = TEE_MK_ERROR(0x003d), TEE_TCB_CONFIGURATION_AND_SW_HARDENING_NEEDED = TEE_MK_ERROR(0x003d), ///< TCB up to date but Configuration and SW Hardening needed - - SGX_QL_UNSUPPORTED_MODE = TEE_MK_ERROR(0x003e), TEE_UNSUPPORTED_MODE = TEE_MK_ERROR(0x003e), - - SGX_QL_NO_DEVICE = TEE_MK_ERROR(0x003f), TEE_NO_DEVICE = TEE_MK_ERROR(0x003f), - SGX_QL_SERVICE_UNAVAILABLE = TEE_MK_ERROR(0x0040), TEE_SERVICE_UNAVAILABLE = TEE_MK_ERROR(0x0040), - SGX_QL_NETWORK_FAILURE = TEE_MK_ERROR(0x0041), TEE_NETWORK_FAILURE = TEE_MK_ERROR(0x0041), - SGX_QL_SERVICE_TIMEOUT = TEE_MK_ERROR(0x0042), TEE_SERVICE_TIMEOUT = TEE_MK_ERROR(0x0042), - SGX_QL_ERROR_BUSY = TEE_MK_ERROR(0x0043), TEE_ERROR_BUSY = TEE_MK_ERROR(0x0043), - - SGX_QL_UNKNOWN_MESSAGE_RESPONSE = TEE_MK_ERROR(0x0044), TEE_UNKNOWN_MESSAGE_RESPONSE = TEE_MK_ERROR(0x0044), ///< Unexpected error from the cache service - SGX_QL_PERSISTENT_STORAGE_ERROR = TEE_MK_ERROR(0x0045), TEE_PERSISTENT_STORAGE_ERROR = TEE_MK_ERROR(0x0045), ///< Error storing the retrieved cached data in persistent memory - SGX_QL_ERROR_MESSAGE_PARSING_ERROR = TEE_MK_ERROR(0x0046), TEE_ERROR_MESSAGE_PARSING_ERROR = TEE_MK_ERROR(0x0046), /// Message parsing error - SGX_QL_PLATFORM_UNKNOWN = TEE_MK_ERROR(0x0047), TEE_PLATFORM_UNKNOWN = TEE_MK_ERROR(0x0047), ///< Platform was not found in the cache - SGX_QL_UNKNOWN_API_VERSION = TEE_MK_ERROR(0x0048), TEE_UNKNOWN_API_VERSION = TEE_MK_ERROR(0x0048), ///< The current PCS API version configured is unknown - SGX_QL_CERTS_UNAVAILABLE = TEE_MK_ERROR(0x0049), TEE_CERTS_UNAVAILABLE = TEE_MK_ERROR(0x0049), ///< Certificates are not available for this platform - - SGX_QL_QVEIDENTITY_MISMATCH = TEE_MK_ERROR(0x0050), TEE_QVEIDENTITY_MISMATCH = TEE_MK_ERROR(0x0050), ///< QvE Identity is NOT match to Intel signed QvE identity - SGX_QL_QVE_OUT_OF_DATE = TEE_MK_ERROR(0x0051), TEE_QVE_OUT_OF_DATE = TEE_MK_ERROR(0x0051), ///< QvE ISVSVN is smaller than the ISVSVN threshold, or input QvE ISVSVN is too small - SGX_QL_PSW_NOT_AVAILABLE = TEE_MK_ERROR(0x0052), TEE_PSW_NOT_AVAILABLE = TEE_MK_ERROR(0x0052), ///< SGX PSW library cannot be loaded, could be due to file I/O error - SGX_QL_COLLATERAL_VERSION_NOT_SUPPORTED = TEE_MK_ERROR(0x0053), TEE_COLLATERAL_VERSION_NOT_SUPPORTED = TEE_MK_ERROR(0x0053), ///< SGX quote verification collateral version not supported by QVL/QvE - SGX_QL_TDX_MODULE_MISMATCH = TEE_MK_ERROR(0x0060), TEE_TDX_MODULE_MISMATCH = TEE_MK_ERROR(0x0060), ///< TDX SEAM module identity is NOT match to Intel signed TDX SEAM module - - SGX_QL_QEIDENTITY_NOT_FOUND = TEE_MK_ERROR(0x0061), TEE_QEIDENTITY_NOT_FOUND = TEE_MK_ERROR(0x0061), ///< QE identity was not found - SGX_QL_TCBINFO_NOT_FOUND = TEE_MK_ERROR(0x0062), TEE_TCBINFO_NOT_FOUND = TEE_MK_ERROR(0x0062), ///< TCB Info was not found - SGX_QL_INTERNAL_SERVER_ERROR = TEE_MK_ERROR(0x0063), TEE_INTERNAL_SERVER_ERROR = TEE_MK_ERROR(0x0063), ///< Internal server error - - SGX_QL_SUPPLEMENTAL_DATA_VERSION_NOT_SUPPORTED = TEE_MK_ERROR(0x0064), TEE_SUPPLEMENTAL_DATA_VERSION_NOT_SUPPORTED = TEE_MK_ERROR(0x0064), ///< The supplemental data version is not supported - - SGX_QL_ROOT_CA_UNTRUSTED = TEE_MK_ERROR(0x0065), TEE_ROOT_CA_UNTRUSTED = TEE_MK_ERROR(0x0065), ///< The certificate used to establish SSL session is untrusted - - SGX_QL_TCB_NOT_SUPPORTED = TEE_MK_ERROR(0x0066), TEE_TCB_NOT_SUPPORTED = TEE_MK_ERROR(0x0066), ///< Current TCB level cannot be found in platform/enclave TCB info - - SGX_QL_CONFIG_INVALID_JSON = TEE_MK_ERROR(0x0067), TEE_CONFIG_INVALID_JSON = TEE_MK_ERROR(0x0067), ///< The QPL's config file is in JSON format but has a format error - - SGX_QL_RESULT_INVALID_SIGNATURE = TEE_MK_ERROR(0x0068), TEE_RESULT_INVALID_SIGNATURE = TEE_MK_ERROR(0x0068), ///< Invalid signature during quote verification - - SGX_QL_ERROR_MAX = TEE_MK_ERROR(0x00FF), TEE_ERROR_MAX = TEE_MK_ERROR(0x00FF), ///< Indicate max error to allow better translation. - -} quote3_error_t, tee_error_t; - - -#pragma pack(push, 1) -/** */ -typedef struct _sgx_ql_qe3_id_t { - uint8_t id[16]; ///< Contains the 16-byte QE_ID -} sgx_ql_qe3_id_t; - -/** Used to describe the PCK Cert for a platform */ -typedef struct _sgx_ql_pck_cert_id_t -{ - uint8_t *p_qe3_id; ///< The QE_ID used to identify the platform for PCK Cert Retrieval - uint32_t qe3_id_size; ///< The Size of hte QE_ID (currenlty 16 bytes) - sgx_cpu_svn_t *p_platform_cpu_svn; ///< Pointer to the platform's raw CPUSVN - sgx_isv_svn_t *p_platform_pce_isv_svn; ///< Pointer to the platform's raw PCE ISVSVN - uint8_t *p_encrypted_ppid; ///< Pointer to the encrypted PPID (Optional) - uint32_t encrypted_ppid_size; ///< Size of encrytped PPID. - uint8_t crypto_suite; ///< Crypto algorithm used to encrypt the PPID - uint16_t pce_id; ///< Identifies the PCE-Version used to generate the encrypted PPID. -}sgx_ql_pck_cert_id_t; - -/** Contains the valid versions of the sgx_ql_config_t data structure. */ -typedef enum _sgx_ql_config_version_t -{ - SGX_QL_CONFIG_VERSION_1 = 1, -}sgx_ql_config_version_t; - -/** Contains the certification data used to certify the attestation key and in generating a quote. */ -typedef struct _sgx_ql_config_t -{ - sgx_ql_config_version_t version; - sgx_cpu_svn_t cert_cpu_svn; ///< The CPUSVN used to generate the PCK Signature used to certify the attestation key. - sgx_isv_svn_t cert_pce_isv_svn; ///< The PCE ISVSVN used to generate the PCK Signature used to certify the attestation key. - uint32_t cert_data_size; ///< The size of the buffer pointed to by p_cert_data - uint8_t *p_cert_data; ///< The certification data used for the quote. - ///todo: It is the assumed to be the PCK Cert Chain. May want to change to support other cert types. -} sgx_ql_config_t; - -#pragma pack(pop) - -#define MAX_PARAM_STRING_SIZE (256) -typedef struct _sgx_ql_qve_collateral_param_t { - uint8_t key[MAX_PARAM_STRING_SIZE + 1]; - uint8_t value[MAX_PARAM_STRING_SIZE + 1]; -} sgx_ql_qve_collateral_param_t; - -// Nameless struct generates C4201 warning in MS compiler, but it is allowed in c++ 11 standard -// Should remove the pragma after Microsoft fixes this issue -#ifdef _MSC_VER -#pragma warning(push) -#pragma warning(disable : 4201) -#endif - -#ifndef __sgx_ql_qve_collateral_t // The __sgx_ql_qve_collateral_t can also be defined in QvE _t/_u.h -#define __sgx_ql_qve_collateral_t -typedef struct _sgx_ql_qve_collateral_t -{ - union { - uint32_t version; ///< 'version' is the backward compatible legacy representation - struct { ///< For PCS V1 and V2 APIs, the major_version = 1 and minor_version = 0 and - uint16_t major_version; ///< the CRLs will be formatted in PEM. For PCS V3 APIs, the major_version = 3 and the - uint16_t minor_version; ///< minor_version can be either 0 or 1. minor_verion of 0 indicates the CRL’s are formatted - ///< in Base16 encoded DER. A minor version of 1 indicates the CRL’s are formatted in raw binary DER. - }; - }; - uint32_t tee_type; ///< 0x00000000: SGX or 0x00000081: TDX - char *pck_crl_issuer_chain; - uint32_t pck_crl_issuer_chain_size; - char *root_ca_crl; /// Root CA CRL - uint32_t root_ca_crl_size; - char *pck_crl; /// PCK Cert CRL - uint32_t pck_crl_size; - char *tcb_info_issuer_chain; - uint32_t tcb_info_issuer_chain_size; - char *tcb_info; /// TCB Info structure - uint32_t tcb_info_size; - char *qe_identity_issuer_chain; - uint32_t qe_identity_issuer_chain_size; - char *qe_identity; /// QE Identity Structure - uint32_t qe_identity_size; -} sgx_ql_qve_collateral_t; -#endif //__sgx_ql_qve_collateral_t - -#ifdef _MSC_VER -#pragma warning(pop) -#endif - -typedef enum _sgx_ql_log_level_t -{ - SGX_QL_LOG_ERROR, - SGX_QL_LOG_INFO, - SGX_QL_LOG_DEBUG, - SGX_QL_LOG_TRACE, -} sgx_ql_log_level_t; - -typedef void (*sgx_ql_logging_callback_t)(sgx_ql_log_level_t level, const char* message); - -typedef enum _sgx_prod_type_t { - SGX_PROD_TYPE_SGX = 0, - SGX_PROD_TYPE_TDX = 1, -} sgx_prod_type_t; - -typedef enum _sgx_qpl_cache_type_t { - SGX_QPL_CACHE_CERTIFICATE = 1 << 0, - SGX_QPL_CACHE_QV_COLLATERAL = 1 << 1, - SGX_QPL_CACHE_MULTICERTS = 1 << 2, -} sgx_qpl_cache_type_t; - -#ifndef tdx_ql_qve_collateral_t -typedef sgx_ql_qve_collateral_t tdx_ql_qve_collateral_t; - -// Deprecate structure name tdx_ql_qve_collateral_t -typedef tdx_ql_qve_collateral_t tdx_ql_qv_collateral_t; -#endif - -#endif //_SGX_QL_LIB_COMMON_H_ diff --git a/sgx_dcap_quoteverify_stubs/sgx_ql_quote.h b/sgx_dcap_quoteverify_stubs/sgx_ql_quote.h deleted file mode 100644 index 46a9e5817c..0000000000 --- a/sgx_dcap_quoteverify_stubs/sgx_ql_quote.h +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ -/** -* File: sgx_ql_quote.h -* -* Description: Generic SGX quote reference code definitions. -* -*/ - -/* User defined types */ -#ifndef _SGX_QL_QUOTE_H_ -#define _SGX_QL_QUOTE_H_ -#include -#include "sgx_ql_lib_common.h" -#include "sgx_quote.h" -#include "sgx_quote_3.h" - - -#pragma pack(push, 1) -/** Describes the algorithm parameters needed to generate the given algorithm's signature. Used for quote generation - * APIs. */ -typedef struct _sgx_ql_att_key_id_param_t { - uint32_t algorithm_param_size; ///< Size of additional attestation key information. 0 is valid. -#ifdef _MSC_VER -#pragma warning(push) -#pragma warning ( disable:4200 ) -#endif - uint8_t algorithm_param[]; ///< Additional attestation algorithm information.For example, SigRL for EPID. -#ifdef _MSC_VER -#pragma warning(pop) -#endif -}sgx_ql_att_key_id_param_t; - -/** The full data structure passed to the platform by the verifier. It will list all of the attestation algorithms and - * QE's supported by the verifier */ -typedef struct _sgx_ql_att_id_list_t { - sgx_ql_att_key_id_list_header_t header; ///< Header for the attestation key ID list provided by the quote verifier. -#ifdef _MSC_VER -#pragma warning(push) -#pragma warning ( disable:4200 ) -#endif - sgx_att_key_id_ext_t ext_id_list[];///< Place holder for the extended attestation ID list. -#ifdef _MSC_VER -#pragma warning(pop) -#endif -}sgx_ql_att_key_id_list_t; - -typedef struct _sgx_ql_qe_report_info_t { - sgx_quote_nonce_t nonce; - sgx_target_info_t app_enclave_target_info; - sgx_report_t qe_report; -}sgx_ql_qe_report_info_t; - -#pragma pack(pop) - -#ifdef __cplusplus -/** Describes the generic Quoting API used by all attestation keys/algorithms. A particular quoting implementer will implement this interface. - Application can use this interface to remain agnostic to the attestation key used to generate a quote. */ -class IQuote { -public: - virtual ~IQuote() {} - - virtual quote3_error_t init_quote(sgx_ql_att_key_id_t* p_att_key_id, - sgx_ql_cert_key_type_t certification_key_type, - sgx_target_info_t *p_target_info, - bool refresh_att_key, - size_t* p_pub_key_id_size, - uint8_t* p_pub_key_id) = 0; - - virtual quote3_error_t get_quote_size(sgx_ql_att_key_id_t* p_att_key_id, - sgx_ql_cert_key_type_t certification_key_type, - uint32_t* p_quote_size) = 0; - - virtual quote3_error_t get_quote(const sgx_report_t *p_app_report, - sgx_ql_att_key_id_t* p_att_key_id, - sgx_ql_qe_report_info_t *p_qe_report_info, - sgx_quote3_t *p_quote, - uint32_t quote_size) = 0; -}; -#endif //#ifdef __cplusplus -#endif //_SGX_QL_QUOTE_H_ diff --git a/sgx_dcap_quoteverify_stubs/sgx_quote.h b/sgx_dcap_quoteverify_stubs/sgx_quote.h deleted file mode 100644 index 40f54a2ca8..0000000000 --- a/sgx_dcap_quoteverify_stubs/sgx_quote.h +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - - - /** - * File: sgx_quote.h - * Description: Definition for quote structure. - * - * Quote structure and all relative structure will be defined in this file. - */ - -#ifndef _SGX_QUOTE_H_ -#define _SGX_QUOTE_H_ - -#include "sgx_report.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#pragma pack(push, 1) -typedef uint8_t sgx_epid_group_id_t[4]; - -typedef struct _spid_t -{ - uint8_t id[16]; -} sgx_spid_t; - -typedef struct _basename_t -{ - uint8_t name[32]; -} sgx_basename_t; - - -typedef struct _quote_nonce -{ - uint8_t rand[16]; -} sgx_quote_nonce_t; - -typedef enum -{ - SGX_UNLINKABLE_SIGNATURE, - SGX_LINKABLE_SIGNATURE -} sgx_quote_sign_type_t; - -typedef struct _quote_t -{ - uint16_t version; /* 0 */ - uint16_t sign_type; /* 2 */ - sgx_epid_group_id_t epid_group_id; /* 4 */ - sgx_isv_svn_t qe_svn; /* 8 */ - sgx_isv_svn_t pce_svn; /* 10 */ - uint32_t xeid; /* 12 */ - sgx_basename_t basename; /* 16 */ - sgx_report_body_t report_body; /* 48 */ - uint32_t signature_len; /* 432 */ - uint8_t signature[]; /* 436 */ -} sgx_quote_t; - -#define SGX_PLATFORM_INFO_SIZE 101 -typedef struct _platform_info -{ - uint8_t platform_info[SGX_PLATFORM_INFO_SIZE]; -} sgx_platform_info_t; - -typedef struct _update_info_bit -{ - int ucodeUpdate; - int csmeFwUpdate; - int pswUpdate; -} sgx_update_info_bit_t; - -typedef struct _att_key_id_t { - uint8_t att_key_id[256]; -}sgx_att_key_id_t; - -/** Describes a single attestation key. Contains both QE identity and the attestation algorithm ID. */ -typedef struct _sgx_ql_att_key_id_t { - uint16_t id; ///< Structure ID - uint16_t version; ///< Structure version - uint16_t mrsigner_length; ///< Number of valid bytes in MRSIGNER. - uint8_t mrsigner[48]; ///< SHA256 or SHA384 hash of the Public key that signed the QE. - ///< The lower bytes contain MRSIGNER. Bytes beyond mrsigner_length '0' - uint32_t prod_id; ///< Legacy Product ID of the QE - uint8_t extended_prod_id[16]; ///< Extended Product ID or the QE. All 0's for legacy format enclaves. - uint8_t config_id[64]; ///< Config ID of the QE. - uint8_t family_id[16]; ///< Family ID of the QE. - uint32_t algorithm_id; ///< Identity of the attestation key algorithm. -}sgx_ql_att_key_id_t; - -/** Describes an extended attestation key. Contains sgx_ql_att_key_id_t, spid and quote_type */ -typedef struct _sgx_att_key_id_ext_t { - sgx_ql_att_key_id_t base; - uint8_t spid[16]; ///< Service Provider ID, should be 0s for ECDSA quote - uint16_t att_key_type; ///< For non-EPID quote, it should be 0 - ///< For EPID quote, it equals to sgx_quote_sign_type_t - uint8_t reserved[80]; ///< It should have the same size of sgx_att_key_id_t -}sgx_att_key_id_ext_t; - -typedef struct _qe_report_info_t { - sgx_quote_nonce_t nonce; - sgx_target_info_t app_enclave_target_info; - sgx_report_t qe_report; -}sgx_qe_report_info_t; - -#pragma pack(pop) - - -#ifdef __cplusplus -} -#endif - -#endif - diff --git a/sgx_dcap_quoteverify_stubs/sgx_quote_3.h b/sgx_dcap_quoteverify_stubs/sgx_quote_3.h deleted file mode 100644 index 9fc35aed0d..0000000000 --- a/sgx_dcap_quoteverify_stubs/sgx_quote_3.h +++ /dev/null @@ -1,194 +0,0 @@ -/* - * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/** - * File: sgx_quote_3.h - * Description: Definition for quote structure. - * - * Quote structure and all relative structure will be defined in this file. - */ - -#ifndef _SGX_QUOTE_3_H_ -#define _SGX_QUOTE_3_H_ - -#include "sgx_quote.h" -#include "sgx_pce.h" - -#define REF_QUOTE_MAX_AUTHENTICATON_DATA_SIZE 64 -#define USE_PCEID - -/** Enumerates the different attestation key algorithms */ -typedef enum { - SGX_QL_ALG_EPID = 0, ///< EPID 2.0 - Anonymous - SGX_QL_ALG_RESERVED_1 = 1, ///< Reserved - SGX_QL_ALG_ECDSA_P256 = 2, ///< ECDSA-256-with-P-256 curve, Non - Anonymous - SGX_QL_ALG_ECDSA_P384 = 3, ///< ECDSA-384-with-P-384 curve (Note: currently not supported), Non-Anonymous - SGX_QL_ALG_MAX = 4 -} sgx_ql_attestation_algorithm_id_t; - -/** Enumerates the different certification data types used to describe the signer of the attestation key */ -typedef enum { - PPID_CLEARTEXT = 1, ///< Clear PPID + CPU_SVN, PvE_SVN, PCE_SVN, PCE_ID - PPID_RSA2048_ENCRYPTED = 2, ///< RSA-2048-OAEP Encrypted PPID + CPU_SVN, PvE_SVN, PCE_SVN, PCE_ID - PPID_RSA3072_ENCRYPTED = 3, ///< RSA-3072-OAEP Encrypted PPID + CPU_SVN, PvE_SVN, PCE_SVN, PCE_ID - PCK_CLEARTEXT = 4, ///< Clear PCK Leaf Cert - PCK_CERT_CHAIN = 5, ///< Full PCK Cert chain (PCK Leaf Cert|| Intermediate CA Cert || Root CA Cert) - ECDSA_SIG_AUX_DATA = 6, ///< Indicates the contents of the CERTIFICATION_INFO_DATA contains the ECDSA_SIG_AUX_DATA of another Quote. - QL_CERT_KEY_TYPE_MAX = 16, -} sgx_ql_cert_key_type_t; - -#pragma pack(push, 1) - -#ifndef USE_PCEID -/** TEMP!!! Structure for the Platform Certificate Enclave identity information. The first release of the reference - * does not contain the PCEID in the quote. */ -typedef struct _sgx_pce_info_no_pce_id_t { - sgx_isv_svn_t pce_isv_svn; ///< PCE ISVSVN -}sgx_pce_info_no_pce_id_t; -#endif - -/** Describes the header that contains the list of attestation keys supported by a given verifier */ -typedef struct _sgx_ql_att_key_id_list_header_t { - uint16_t id; ///< Structure ID - uint16_t version; ///< Structure version - uint32_t num_att_ids; ///< Number of 'Attestation Key Identifier' Elements -}sgx_ql_att_key_id_list_header_t; - -/** This is the data structure of the CERTIFICATION_INFO_DATA in the Quote when the certification type is - * PPID_CLEARTTEXT. It identifies the PCK Cert required to verify the certification signature. */ -typedef struct _sgx_ql_ppid_cleartext_cert_info_t { - uint8_t ppid[16]; ///< PPID of this platform - sgx_cpu_svn_t cpu_svn; ///< The CPUSVN TCB used to generate the PCK signature. - #ifdef USE_PCEID - sgx_pce_info_t pce_info; ///< The PCE ISVSVN used to generate the PCK signature. - #else - sgx_pce_info_no_pce_id_t pce_info; - #endif -}sgx_ql_ppid_cleartext_cert_info_t; - -/** This is the data structure of the CERTIFICATION_INFO_DATA in the Quote when the certification type is - * PPID_RSA2048_ENCRYPTED. It identifies the PCK Cert required to verify the certification signature. */ -typedef struct _sgx_ql_ppid_rsa2048_encrypted_cert_info_t { - uint8_t enc_ppid[256]; ///< Encrypted PPID of this platform - sgx_cpu_svn_t cpu_svn; ///< The CPUSVN TCB used to generate the PCK signature. - #ifdef USE_PCEID - sgx_pce_info_t pce_info; ///< The PCE ISVSVN used to generate the PCK signature. - #else - sgx_pce_info_no_pce_id_t pce_info; - #endif -}sgx_ql_ppid_rsa2048_encrypted_cert_info_t; - -/** This is the data structure of the CERTIFICATION_INFO_DATA in the Quote when the certification type is - * PPID_RSA2072_ENCRYPTED. It identifies the PCK Cert required to verify the certification signature. */ -typedef struct _sgx_ql_ppid_rsa3072_encrypted_cert_info_t { - uint8_t enc_ppid[384]; ///< Encrypted PPID of this platform - sgx_cpu_svn_t cpu_svn; ///< The CPUSVN TCB used to generate the PCK signature. - sgx_pce_info_t pce_info; ///< The PCE ISVSVN used to generate the PCK signature. -}sgx_ql_ppid_rsa3072_encrypted_cert_info_t; - -/** Structure to hold the size of the authentication data and the place holder for - the authentication data itself.*/ -typedef struct _sgx_ql_auth_data_t { - uint16_t size; ///< Size in bytes contained the auth_data buffer. -#ifdef _MSC_VER -#pragma warning(push) -#pragma warning ( disable:4200 ) -#endif - uint8_t auth_data[]; ///< Additional data provided by Att key owner to be signed by the certification key -#ifdef _MSC_VER -#pragma warning(pop) -#endif -} sgx_ql_auth_data_t; - -/** Data that will be signed by the ECDSA described in the CERTIFICATION_* fields. - This will be SHA256 hashed along with the ECDSA PUBLIC KEY and put in - QE3_REPORT.ReportData. */ -typedef struct _sgx_ql_certification_data_t { - uint16_t cert_key_type; ///< The type of certification key used to sign the QE3 Report and Att key hash (ECDSA_ID+Authentication Data). - uint32_t size; ///< Size of the data structure for the cert_key_type information. -#ifdef _MSC_VER -#pragma warning(push) -#pragma warning ( disable:4200 ) -#endif - uint8_t certification_data[]; ///< Certification data associated with the cert_key_type -#ifdef _MSC_VER -#pragma warning(pop) -#endif -} sgx_ql_certification_data_t; - -/** The SGX_QL_SGX_QL_ALG_ECDSA_P256 specific data structure. Appears in the signature_data[] of the sgx_quote3_t - * structure. */ -typedef struct _sgx_ql_ecdsa_sig_data_t { - uint8_t sig[32*2]; ///< Signature over the Quote using the ECDSA Att key. Big Endian. - uint8_t attest_pub_key[32*2]; ///< ECDSA Att Public Key. Hash in QE3Report.ReportData. Big Endian - sgx_report_body_t qe_report; ///< QE3 Report of the QE when the Att key was generated. The ReportData will contain the ECDSA_ID - uint8_t qe_report_sig[32*2]; ///< Signature of QE Report using the Certification Key (PCK for root signing). Big Endian -#ifdef _MSC_VER -#pragma warning(push) -#pragma warning ( disable:4200 ) -#endif - uint8_t auth_certification_data[]; ///< Place holder for both the auth_data_t and certification_data_t. Concatenated in that order. -#ifdef _MSC_VER -#pragma warning(pop) -#endif -} sgx_ql_ecdsa_sig_data_t; - -/** The quote header. It is designed to compatible with earlier versions of the quote. */ -typedef struct _sgx_quote_header_t { - uint16_t version; ///< 0: The version this quote structure. - uint16_t att_key_type; ///< 2: sgx_attestation_algorithm_id_t. Describes the type of signature in the signature_data[] field. - uint32_t att_key_data_0; ///< 4: Optionally stores additional data associated with the att_key_type. - sgx_isv_svn_t qe_svn; ///< 8: The ISV_SVN of the Quoting Enclave when the quote was generated. - sgx_isv_svn_t pce_svn; ///< 10: The ISV_SVN of the PCE when the quote was generated. - uint8_t vendor_id[16]; ///< 12: Unique identifier of QE Vendor. - uint8_t user_data[20]; ///< 28: Custom attestation key owner data. -} sgx_quote_header_t; - -/** The generic quote data structure. This is the common part of the quote. The signature_data[] contains the signature and supporting - * information of the key used to sign the quote and the contents depend on the sgx_quote_sign_type_t value. */ -typedef struct _sgx_quote3_t { - sgx_quote_header_t header; ///< 0: The quote header. - sgx_report_body_t report_body; ///< 48: The REPORT of the app that is attesting remotely. - uint32_t signature_data_len; ///< 432: The length of the signature_data. Varies depending on the type of sign_type. -#ifdef _MSC_VER -#pragma warning(push) -#pragma warning ( disable:4200 ) -#endif - uint8_t signature_data[]; ///< 436: Contains the variable length containing the quote signature and support data for the signature. -#ifdef _MSC_VER -#pragma warning(pop) -#endif -} sgx_quote3_t; - -#pragma pack(pop) - -#endif //_SGX_QUOTE_3_H_ - diff --git a/sgx_dcap_quoteverify_stubs/sgx_quote_4.h b/sgx_dcap_quoteverify_stubs/sgx_quote_4.h deleted file mode 100644 index cbfbe007fe..0000000000 --- a/sgx_dcap_quoteverify_stubs/sgx_quote_4.h +++ /dev/null @@ -1,159 +0,0 @@ -/* - * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/** - * File: sgx_quote_4.h - * Description: Definition for quote structure. - * - * Quote structure and all relative structure will be defined in this file. - */ - -#ifndef _SGX_QUOTE_4_H_ -#define _SGX_QUOTE_4_H_ - -#include "sgx_quote_3.h" -#include "sgx_report2.h" -#include "sgx_quote.h" - - -#pragma pack(push, 1) - -#define TD_INFO_RESERVED_BYTES_V1 112 -typedef struct _tee_info_t /* 512 bytes */ -{ - tee_attributes_t attributes; /* ( 0) TD's attributes */ - tee_attributes_t xfam; /* ( 8) TD's XFAM */ - tee_measurement_t mr_td; /* ( 16) Measurement of the initial contents of the TD */ - tee_measurement_t mr_config_id; /* ( 64) Software defined ID for non-owner-defined configuration on the guest TD. e.g., runtime or OS configuration */ - tee_measurement_t mr_owner; /* (112) Software defined ID for the guest TD's owner */ - tee_measurement_t mr_owner_config; /* (160) Software defined ID for owner-defined configuration of the guest TD, e.g., specific to the workload rather than the runtime or OS */ - tee_measurement_t rt_mr[4]; /* (208) Array of 4(TDX1: NUM_RTMRS is 4) runtime extendable measurement registers */ - uint8_t reserved[TD_INFO_RESERVED_BYTES_V1]; /* (400) Reserved, must be zero */ -} tee_info_t; - - -#define TEE_TCB_SVN_SIZE 16 -typedef struct _tee_tcb_svn_t -{ - uint8_t tcb_svn[TEE_TCB_SVN_SIZE]; -} tee_tcb_svn_t; - -#define TD_TEE_TCB_INFO_RESERVED_BYTES_V1 111 -typedef struct _tee_tcb_info_t -{ - uint8_t valid[8]; /* ( 0) Indicates TEE_TCB_INFO fields which are valid - - 1 in the i-th significant bit reflects that the field starting at byte offset(8*i) - - 0 in the i-th significant bit reflects that either no field start by byte offset(8*i) or that - field is not populated and is set to zero. */ - tee_tcb_svn_t tee_tcb_svn; /* ( 8) TEE_TCB_SVN Array */ - tee_measurement_t mr_seam; /* ( 24) Measurement of the SEAM module */ - tee_measurement_t mr_seam_signer; /* ( 72) Measurement of SEAM module signer. (Not populated for Intel SEAM modules) */ - tee_attributes_t attributes; /* (120) Additional configuration attributes.(Not populated for Intel SEAM modules) */ - uint8_t reserved[TD_TEE_TCB_INFO_RESERVED_BYTES_V1];/* (128) Reserved, must be zero */ -} tee_tcb_info_t; - -/** The SGX_QL_SGX_QL_ALG_ECDSA_P256 specific data structure. Appears in the signature_data[] of the sgx_quote3_t - * structure. */ -typedef struct _sgx_qe_report_certification_data_t { - sgx_report_body_t qe_report; ///< QE Report of the QE when the Att key was generated. The ReportData will contain the ECDSA_ID - uint8_t qe_report_sig[32*2]; ///< Signature of QE Report using the Certification Key (PCK for root signing). Big Endian -#ifdef _MSC_VER -#pragma warning(push) -#pragma warning ( disable:4200 ) -#endif - uint8_t auth_certification_data[]; ///< Place holder for both the auth_data_t and certification_data_t. Concatenated in that order. -#ifdef _MSC_VER -#pragma warning(pop) -#endif -} sgx_qe_report_certification_data_t; - -typedef struct _sgx_ecdsa_sig_data_v4_t { - uint8_t sig[32*2]; ///< Signature over the Quote using the ECDSA Att key. Big Endian. - uint8_t attest_pub_key[32*2]; ///< ECDSA Att Public Key. Hash in QE Report.ReportData. Big Endian -#ifdef _MSC_VER -#pragma warning(push) -#pragma warning ( disable:4200 ) -#endif - uint8_t certification_data[]; ///< Certification data associated with the cert_key_type -#ifdef _MSC_VER -#pragma warning(pop) -#endif -} sgx_ecdsa_sig_data_v4_t; - -/** The quote header. It is designed to compatible with earlier versions of the quote. */ -typedef struct _sgx_quote4_header_t { - uint16_t version; ///< 0: The version this quote structure. - uint16_t att_key_type; ///< 2: sgx_attestation_algorithm_id_t. Describes the type of signature in the signature_data[] field. - uint32_t tee_type; ///< 4: Type of Trusted Execution Environment for which the Quote has been generated. - /// Supported values: 0 (SGX), 0x81(TDX) - uint32_t reserved; ///< 8: Reserved field. - uint8_t vendor_id[16]; ///< 12: Unique identifier of QE Vendor. - uint8_t user_data[20]; ///< 28: Custom attestation key owner data. -} sgx_quote4_header_t; - -/** SGX Report2 body */ -typedef struct _sgx_report2_body_t { - tee_tcb_svn_t tee_tcb_svn; ///< 0: TEE_TCB_SVN Array - tee_measurement_t mr_seam; ///< 16: Measurement of the SEAM module - tee_measurement_t mrsigner_seam; ///< 64: Measurement of a 3rd party SEAM module’s signer (SHA384 hash). - /// The value is 0’ed for Intel SEAM module - tee_attributes_t seam_attributes; ///< 112: MBZ: TDX 1.0 - tee_attributes_t td_attributes; ///< 120: TD's attributes - tee_attributes_t xfam; ///< 128: TD's XFAM - tee_measurement_t mr_td; ///< 136: Measurement of the initial contents of the TD - tee_measurement_t mr_config_id; ///< 184: Software defined ID for non-owner-defined configuration on the guest TD. e.g., runtime or OS configuration - tee_measurement_t mr_owner; ///< 232: Software defined ID for the guest TD's owner - tee_measurement_t mr_owner_config; ///< 280: Software defined ID for owner-defined configuration of the guest TD, e.g., specific to the workload rather than the runtime or OS - tee_measurement_t rt_mr[4]; ///< 328: Array of 4(TDX1: NUM_RTMRS is 4) runtime extendable measurement registers - tee_report_data_t report_data; ///< 520: Additional report data -}sgx_report2_body_t; - -/** The generic TD quote data structure. This is the common part of the quote. The signature_data[] contains the signature and supporting - * information of the key used to sign the quote and the contents depend on the sgx_quote_sign_type_t value. */ -typedef struct _sgx_quote4_t { - sgx_quote4_header_t header; ///< 0: The quote header. - sgx_report2_body_t report_body; ///< 48: The REPORT of the TD that is attesting remotely. - uint32_t signature_data_len; ///< 632: The length of the signature_data. Varies depending on the type of sign_type. -#ifdef _MSC_VER -#pragma warning(push) -#pragma warning ( disable:4200 ) -#endif - uint8_t signature_data[]; ///< 636: Contains the variable length containing the quote signature and support data for the signature. -#ifdef _MSC_VER -#pragma warning(pop) -#endif -} sgx_quote4_t; - -typedef sgx_att_key_id_ext_t tee_att_att_key_id_t; - -#pragma pack(pop) - -#endif //_SGX_QUOTE_4_H_ diff --git a/sgx_dcap_quoteverify_stubs/sgx_quote_5.h b/sgx_dcap_quoteverify_stubs/sgx_quote_5.h deleted file mode 100644 index 673ddca348..0000000000 --- a/sgx_dcap_quoteverify_stubs/sgx_quote_5.h +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/** - * File: sgx_quote_5.h - * Description: Definition for quote structure. - * - * Quote structure and all relative structure will be defined in this file. - */ - -#ifndef _SGX_QUOTE_5_H_ -#define _SGX_QUOTE_5_H_ - -#include "sgx_quote_4.h" - - -#pragma pack(push, 1) - -#define QE_QUOTE_VERSION_V5 5 -#define TD_INFO_RESERVED_BYTES_V1_5 64 -typedef struct _tee_info_v1_5_t /* 512 bytes */ -{ - tee_attributes_t attributes; /* ( 0) TD's attributes */ - tee_attributes_t xfam; /* ( 8) TD's XFAM */ - tee_measurement_t mr_td; /* ( 16) Measurement of the initial contents of the TD */ - tee_measurement_t mr_config_id; /* ( 64) Software defined ID for non-owner-defined configuration on the guest TD. e.g., runtime or OS configuration */ - tee_measurement_t mr_owner; /* (112) Software defined ID for the guest TD's owner */ - tee_measurement_t mr_owner_config; /* (160) Software defined ID for owner-defined configuration of the guest TD, e.g., specific to the workload rather than the runtime or OS */ - tee_measurement_t rt_mr[4]; /* (208) Array of 4(TDX1: NUM_RTMRS is 4) runtime extendable measurement registers */ - tee_measurement_t mr_servicetd; /* (400) If is one or more bound or pre-bound service TDs, SERVTD_HASH is the SHA384 hash of the TDINFO_STRUCTs of those service TDs bound. - Else, SERVTD_HASH is 0. */ - uint8_t reserved[TD_INFO_RESERVED_BYTES_V1_5]; /* (448) Reserved, must be zero */ -} tee_info_v1_5_t; - - -#define TD_TEE_TCB_INFO_RESERVED_BYTES_V1_5 95 -typedef struct _tee_tcb_info_v1_5_t -{ - uint8_t valid[8]; /* ( 0) Indicates TEE_TCB_INFO fields which are valid */ - /* - 1 in the i-th significant bit reflects that the field starting at byte offset(8*i) */ - /* - 0 in the i-th significant bit reflects that either no field start by byte offset(8*i) or that */ - /* field is not populated and is set to zero. */ - /* the accepted value of a TDX 1.5 tee_tcb_info_v2 is 0x013ff. (Note: Set to 0x301FF if */ - /* SEAMDB_ENABLED == ‘1, otherwise set to 0x1FF. (SEAMDB_ENABLED is introduced for TDX1.4 TD Preserving)*/ - tee_tcb_svn_t tee_tcb_svn; /* ( 8) TEE_TCB_SVN Array */ - tee_measurement_t mr_seam; /* ( 24) Measurement of the SEAM module */ - tee_measurement_t mr_seam_signer; /* ( 72) Measurement of SEAM module signer. (Not populated for Intel SEAM modules) */ - tee_attributes_t attributes; /* (120) Additional configuration attributes.(Not populated for Intel SEAM modules) */ - tee_tcb_svn_t tee_tcb_svn2; /* (128) Array of TEE TCB SVNs (for TD preserving). */ - uint8_t reserved[TD_TEE_TCB_INFO_RESERVED_BYTES_V1_5];/* (144) Reserved, must be zero */ -} tee_tcb_info_v1_5_t; - -/** The quote header. It is designed to compatible with earlier versions of the quote. */ -typedef sgx_quote4_header_t sgx_quote5_header_t; - -/** SGX Report2 body for quote v5 */ -typedef struct _sgx_report2_body_v1_5_t { - tee_tcb_svn_t tee_tcb_svn; ///< 0: TEE_TCB_SVN Array - tee_measurement_t mr_seam; ///< 16: Measurement of the SEAM module - tee_measurement_t mrsigner_seam; ///< 64: Measurement of a 3rd party SEAM module’s signer (SHA384 hash). - /// The value is 0’ed for Intel SEAM module - tee_attributes_t seam_attributes; ///< 112: MBZ: TDX 1.0 - tee_attributes_t td_attributes; ///< 120: TD's attributes - tee_attributes_t xfam; ///< 128: TD's XFAM - tee_measurement_t mr_td; ///< 136: Measurement of the initial contents of the TD - tee_measurement_t mr_config_id; ///< 184: Software defined ID for non-owner-defined configuration on the guest TD. e.g., runtime or OS configuration - tee_measurement_t mr_owner; ///< 232: Software defined ID for the guest TD's owner - tee_measurement_t mr_owner_config; ///< 280: Software defined ID for owner-defined configuration of the guest TD, e.g., specific to the workload rather than the runtime or OS - tee_measurement_t rt_mr[4]; ///< 328: Array of 4(TDX1: NUM_RTMRS is 4) runtime extendable measurement registers - tee_report_data_t report_data; ///< 520: Additional report data - tee_tcb_svn_t tee_tcb_svn2; ///< 584: Array of TEE TCB SVNs (for TD preserving). - tee_measurement_t mr_servicetd; ///< 600: If is one or more bound or pre-bound service TDs, SERVTD_HASH is the SHA384 hash of the TDINFO_STRUCTs of those service TDs bound. - /// Else, SERVTD_HASH is 0.. -}sgx_report2_body_v1_5_t; - -/** The generic TD quote data structure. This is the common part of the quote. The signature_data[] contains the signature and supporting - * information of the key used to sign the quote and the contents depend on the sgx_quote_sign_type_t value. */ -typedef struct _sgx_quote5_t { - sgx_quote5_header_t header; ///< 0: The quote header. - uint16_t type; ///< 48: Determines type of Quote body (TEE report) - /// Architecturally supported values: - /// 1 (SGX Enclave Report) - /// 2 (TD Report for TDX 1.0) - /// 3 (TD Report for TDX 1.5) - uint32_t size; ///< 50: Size of Quote Body field. -#ifdef _MSC_VER -#pragma warning(push) -#pragma warning(disable : 4200) -#endif - uint8_t body[]; ///< 54: Data conveyed as Quote Body. Its content depends on the value of Quote Body Type - /// 1 Byte array that contains SGX Enclave Report. - /// sgx_report_body_t + (uint32_t)signature_data_len + signature - /// 2 Byte array that contains TD Report for TDX 1.0. - /// sgx_report2_body_t + (uint32_t)signature_data_len + signature - /// 3 Byte array that contains TD Report for TDX 1.5. - /// sgx_report2_body_v1_5_t + (uint32_t)signature_data_len + signature -#ifdef _MSC_VER -#pragma warning(pop) -#endif -} sgx_quote5_t; - -#pragma pack(pop) - -#endif //_SGX_QUOTE_5_H_ diff --git a/sgx_dcap_quoteverify_stubs/sgx_qve_header.h b/sgx_dcap_quoteverify_stubs/sgx_qve_header.h deleted file mode 100644 index 76904153e8..0000000000 --- a/sgx_dcap_quoteverify_stubs/sgx_qve_header.h +++ /dev/null @@ -1,159 +0,0 @@ -/* - * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#ifndef _SGX_QVE_HEADER_H_ -#define _SGX_QVE_HEADER_H_ - -#include "sgx_key.h" -#include "time.h" - -#ifndef TEE_QV_MK_ERROR -#define TEE_QV_MK_ERROR(x) (0x0000A000|(x)) -#endif //TEE_QV_MK_ERROR -/** Contains the possible values of the quote verification result. */ -typedef enum _sgx_ql_qv_result_t -{ - // Quote verification passed and is at the latest TCB level - SGX_QL_QV_RESULT_OK = 0x0000, TEE_QV_RESULT_OK = 0x0000, - - SGX_QL_QV_RESULT_MIN = TEE_QV_MK_ERROR(0x0001), TEE_QV_RESULT_MIN = TEE_QV_MK_ERROR(0x0001), - - // The Quote verification passed, but further actions are required: - SGX_QL_QV_RESULT_CONFIG_NEEDED = TEE_QV_MK_ERROR(0x0001), TEE_QV_RESULT_CONFIG_NEEDED = TEE_QV_MK_ERROR(0x0001), // Additional configuration of the platform needed - SGX_QL_QV_RESULT_OUT_OF_DATE = TEE_QV_MK_ERROR(0x0002), TEE_QV_RESULT_OUT_OF_DATE = TEE_QV_MK_ERROR(0x0002), // TCB level out of date, platform patching required - SGX_QL_QV_RESULT_OUT_OF_DATE_CONFIG_NEEDED = TEE_QV_MK_ERROR(0x0003), TEE_QV_RESULT_OUT_OF_DATE_CONFIG_NEEDED = TEE_QV_MK_ERROR(0x0003), // Both patching and additional configuration needed - - // Errors - SGX_QL_QV_RESULT_INVALID_SIGNATURE = TEE_QV_MK_ERROR(0x0004), TEE_QV_RESULT_INVALID_SIGNATURE = TEE_QV_MK_ERROR(0x0004), - SGX_QL_QV_RESULT_REVOKED = TEE_QV_MK_ERROR(0x0005), TEE_QV_RESULT_REVOKED = TEE_QV_MK_ERROR(0x0005), - SGX_QL_QV_RESULT_UNSPECIFIED = TEE_QV_MK_ERROR(0x0006), TEE_QV_RESULT_UNSPECIFIED = TEE_QV_MK_ERROR(0x0006), - - // Requires Software or Configuration Hardening - SGX_QL_QV_RESULT_SW_HARDENING_NEEDED = TEE_QV_MK_ERROR(0x0007), TEE_QV_RESULT_SW_HARDENING_NEEDED = TEE_QV_MK_ERROR(0x0007), // TCB level is up to date, but SGX SW Hardening is needed - SGX_QL_QV_RESULT_CONFIG_AND_SW_HARDENING_NEEDED = TEE_QV_MK_ERROR(0x0008), TEE_QV_RESULT_CONFIG_AND_SW_HARDENING_NEEDED = TEE_QV_MK_ERROR(0x0008), //TCB level is up to date, but both SW Hardening and additional configuration are needed - - // TDX specific results - SGX_QL_QV_RESULT_TD_RELAUNCH_ADVISED = TEE_QV_MK_ERROR(0x0009), TEE_QV_RESULT_TD_RELAUNCH_ADVISED = TEE_QV_MK_ERROR(0x0009), // All components in the TD’s TCB are latest, including the TD preserving loaded TDX, but the TD was launched - // and ran for some time with out-of-date TDX Module. Relaunching or re-provisioning your TD is advised - SGX_QL_QV_RESULT_TD_RELAUNCH_ADVISED_CONFIG_NEEDED = TEE_QV_MK_ERROR(0x000A), TEE_QV_RESULT_TD_RELAUNCH_ADVISED_CONFIG_NEEDED = TEE_QV_MK_ERROR(0x000A), // Same as above, relaunching or re-provisioning your TD is advised. In the meantime, - // additional configuration of the platform is needed - - // Maximum result value - SGX_QL_QV_RESULT_MAX = TEE_QV_MK_ERROR(0x00FF), TEE_QV_RESULT_MAX = TEE_QV_MK_ERROR(0x00FF), - -} sgx_ql_qv_result_t, tee_qv_result_t; - -typedef enum _pck_cert_flag_enum_t { - PCK_FLAG_FALSE = 0, - PCK_FLAG_TRUE, - PCK_FLAG_UNDEFINED -} pck_cert_flag_enum_t; - - -#define ROOT_KEY_ID_SIZE 48 -#define PLATFORM_INSTANCE_ID_SIZE 16 - -// Each Intel Advisory size is ~16 bytes -// Assume each TCB level has 20 advisoryIDs at the very most -#define MAX_SA_SIZE 20 -#define MAX_SA_NUMBER_PER_TCB 20 -#define MAX_SA_LIST_SIZE 320 - -// Nameless struct generates C4201 warning in MS compiler, but it is allowed in c++ 11 standard -// Should remove the pragma after Microsoft fixes this issue -#ifdef _MSC_VER -#pragma warning(push) -#pragma warning(disable : 4201) -#endif - -/** Contains data that will allow an alternative quote verification policy. */ -typedef struct _sgx_ql_qv_supplemental_t -{ - union { - uint32_t version; ///< 'version' is the backward compatible legacy representation - struct { - uint16_t major_version; ///< If this major version doesn't change, the size of the structure may change and new fields appended to the end but old minor version structure can still be 'cast' - ///< If this major version does change, then the structure has been modified in a way that makes the older definitions non-backwards compatible. i.e. You cannot 'cast' older definitions - uint16_t minor_version; ///< If this version changes, new fields have been appended to the end of the previous minor version definition of the structure - ///< Set to 1 to support SA_List. Set to 0 to support everything except the SA List - }; - }; - time_t earliest_issue_date; ///< Earliest issue date of all the collateral (UTC) - time_t latest_issue_date; ///< Latest issue date of all the collateral (UTC) - time_t earliest_expiration_date; ///< Earliest expiration date of all the collateral (UTC) - time_t tcb_level_date_tag; ///< The SGX TCB of the platform that generated the quote is not vulnerable - ///< to any Security Advisory with an SGX TCB impact released on or before this date. - ///< See Intel Security Center Advisories - uint32_t pck_crl_num; ///< CRL Num from PCK Cert CRL - uint32_t root_ca_crl_num; ///< CRL Num from Root CA CRL - uint32_t tcb_eval_ref_num; ///< Lower number of the TCBInfo and QEIdentity - uint8_t root_key_id[ROOT_KEY_ID_SIZE]; ///< ID of the collateral's root signer (hash of Root CA's public key SHA-384) - sgx_key_128bit_t pck_ppid; ///< PPID from remote platform. Can be used for platform ownership checks - sgx_cpu_svn_t tcb_cpusvn; ///< CPUSVN of the remote platform's PCK Cert - sgx_isv_svn_t tcb_pce_isvsvn; ///< PCE_ISVNSVN of the remote platform's PCK Cert - uint16_t pce_id; ///< PCE_ID of the remote platform - uint32_t tee_type; ///< 0x00000000: SGX or 0x00000081: TDX - uint8_t sgx_type; ///< Indicate the type of memory protection available on the platform, it should be one of - ///< Standard (0), Scalable (1) and Scalable with Integrity (2) - - // Multi-Package PCK cert related flags, they are only relevant to PCK Certificates issued by PCK Platform CA - uint8_t platform_instance_id[PLATFORM_INSTANCE_ID_SIZE]; ///< Value of Platform Instance ID, 16 bytes - pck_cert_flag_enum_t dynamic_platform; ///< Indicate whether a platform can be extended with additional packages - via Package Add calls to SGX Registration Backend - pck_cert_flag_enum_t cached_keys; ///< Indicate whether platform root keys are cached by SGX Registration Backend - pck_cert_flag_enum_t smt_enabled; ///< Indicate whether a plat form has SMT (simultaneous multithreading) enabled - - char sa_list[MAX_SA_LIST_SIZE]; ///< String of comma separated list of Security Advisory IDs - time_t qe_iden_earliest_issue_date; ///< Earliest issue date of QEIdentity (UTC) - time_t qe_iden_latest_issue_date; ///< Latest issue date of QEIdentity (UTC) - time_t qe_iden_earliest_expiration_date; ///< Earliest expiration date of QEIdentity (UTC) - time_t qe_iden_tcb_level_date_tag; ///< The SGX TCB of the platform that generated the quote is not vulnerable - uint32_t qe_iden_tcb_eval_ref_num; ///< Lower number of the QEIdentity - sgx_ql_qv_result_t qe_iden_status; /// QEIdentity status -} sgx_ql_qv_supplemental_t; - -#ifdef _MSC_VER -#pragma warning(pop) -#endif - -/** Descriptor of the supplemental data requestor structure. Used when requesting supplemental data from the DCAP quote verification API */ -typedef struct _tee_supp_data_descriptor_t -{ - uint16_t major_version; ///< Input. Major version of supplemental data - ///< If == 0, then return latest version of the sgx_ql_qv_supplemental_t structure - ///< If <= latest supported, return the latest minor version associated with that major version - ///< > latest supported, return an error (SGX_QL_SUPPLEMENTAL_DATA_VERSION_NOT_SUPPORTED) - - uint32_t data_size; ///< Input. Supplemental data size of `p_data`, which returned by API `tee_get_supplemental_data_version_and_size()` - uint8_t *p_data; ///< Output. Pointer to supplemental data -}tee_supp_data_descriptor_t; - - -#endif //_QVE_HEADER_H_ diff --git a/sgx_dcap_quoteverify_stubs/sgx_report.h b/sgx_dcap_quoteverify_stubs/sgx_report.h deleted file mode 100644 index eb2745a24b..0000000000 --- a/sgx_dcap_quoteverify_stubs/sgx_report.h +++ /dev/null @@ -1,120 +0,0 @@ -/* - * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - - -/* - * This file is to define Enclave's Report -*/ - -#ifndef _SGX_REPORT_H_ -#define _SGX_REPORT_H_ - -#include "sgx_attributes.h" -#include "sgx_key.h" - -#define SGX_HASH_SIZE 32 /* SHA256 */ -#define SGX_MAC_SIZE 16 /* Message Authentication Code - 16 bytes */ - -#define SGX_REPORT_DATA_SIZE 64 - -#define SGX_ISVEXT_PROD_ID_SIZE 16 -#define SGX_ISV_FAMILY_ID_SIZE 16 - -typedef struct _sgx_measurement_t -{ - uint8_t m[SGX_HASH_SIZE]; -} sgx_measurement_t; - -typedef uint8_t sgx_mac_t[SGX_MAC_SIZE]; - -typedef struct _sgx_report_data_t -{ - uint8_t d[SGX_REPORT_DATA_SIZE]; -} sgx_report_data_t; - -typedef uint16_t sgx_prod_id_t; - -typedef uint8_t sgx_isvext_prod_id_t[SGX_ISVEXT_PROD_ID_SIZE]; -typedef uint8_t sgx_isvfamily_id_t[SGX_ISV_FAMILY_ID_SIZE]; - -#define SGX_TARGET_INFO_RESERVED1_BYTES 2 -#define SGX_TARGET_INFO_RESERVED2_BYTES 8 -#define SGX_TARGET_INFO_RESERVED3_BYTES 384 - - -typedef struct _target_info_t -{ - sgx_measurement_t mr_enclave; /* ( 0) The MRENCLAVE of the target enclave */ - sgx_attributes_t attributes; /* ( 32) The ATTRIBUTES field of the target enclave */ - uint8_t reserved1[SGX_TARGET_INFO_RESERVED1_BYTES]; /* ( 48) Reserved */ - sgx_config_svn_t config_svn; /* ( 50) CONFIGSVN field */ - sgx_misc_select_t misc_select; /* ( 52) The MISCSELECT of the target enclave */ - uint8_t reserved2[SGX_TARGET_INFO_RESERVED2_BYTES]; /* ( 56) Reserved */ - sgx_config_id_t config_id; /* ( 64) CONFIGID */ - uint8_t reserved3[SGX_TARGET_INFO_RESERVED3_BYTES]; /* (128) Struct size is 512 bytes */ -} sgx_target_info_t; - - -#define SGX_REPORT_BODY_RESERVED1_BYTES 12 -#define SGX_REPORT_BODY_RESERVED2_BYTES 32 -#define SGX_REPORT_BODY_RESERVED3_BYTES 32 -#define SGX_REPORT_BODY_RESERVED4_BYTES 42 - - -typedef struct _report_body_t -{ - sgx_cpu_svn_t cpu_svn; /* ( 0) Security Version of the CPU */ - sgx_misc_select_t misc_select; /* ( 16) Which fields defined in SSA.MISC */ - uint8_t reserved1[SGX_REPORT_BODY_RESERVED1_BYTES]; /* ( 20) */ - sgx_isvext_prod_id_t isv_ext_prod_id;/* ( 32) ISV assigned Extended Product ID */ - sgx_attributes_t attributes; /* ( 48) Any special Capabilities the Enclave possess */ - sgx_measurement_t mr_enclave; /* ( 64) The value of the enclave's ENCLAVE measurement */ - uint8_t reserved2[SGX_REPORT_BODY_RESERVED2_BYTES]; /* ( 96) */ - sgx_measurement_t mr_signer; /* (128) The value of the enclave's SIGNER measurement */ - uint8_t reserved3[SGX_REPORT_BODY_RESERVED3_BYTES]; /* (160) */ - sgx_config_id_t config_id; /* (192) CONFIGID */ - sgx_prod_id_t isv_prod_id; /* (256) Product ID of the Enclave */ - sgx_isv_svn_t isv_svn; /* (258) Security Version of the Enclave */ - sgx_config_svn_t config_svn; /* (260) CONFIGSVN */ - uint8_t reserved4[SGX_REPORT_BODY_RESERVED4_BYTES]; /* (262) */ - sgx_isvfamily_id_t isv_family_id; /* (304) ISV assigned Family ID */ - sgx_report_data_t report_data; /* (320) Data provided by the user */ -} sgx_report_body_t; - -typedef struct _report_t /* 432 bytes */ -{ - sgx_report_body_t body; - sgx_key_id_t key_id; /* (384) KeyID used for diversifying the key tree */ - sgx_mac_t mac; /* (416) The Message Authentication Code over this structure. */ -} sgx_report_t; - -#endif diff --git a/sgx_dcap_quoteverify_stubs/sgx_report2.h b/sgx_dcap_quoteverify_stubs/sgx_report2.h deleted file mode 100644 index 355bee8a99..0000000000 --- a/sgx_dcap_quoteverify_stubs/sgx_report2.h +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/* - * This file is to define Report Type2 - */ - -#ifndef _SGX_REPORT2_H_ -#define _SGX_REPORT2_H_ - -#include - -#define TEE_HASH_384_SIZE 48 /* SHA384 */ -#define TEE_MAC_SIZE 32 /* Message SHA 256 HASH Code - 32 bytes */ - -#define SGX_REPORT2_DATA_SIZE 64 -#define TEE_CPU_SVN_SIZE 16 - -#pragma pack(push, 1) - -typedef uint8_t tee_mac_t[TEE_MAC_SIZE]; - -typedef struct _tee_cpu_svn_t { - uint8_t svn[TEE_CPU_SVN_SIZE]; -} tee_cpu_svn_t; - -typedef struct _tee_measurement_t { - uint8_t m[TEE_HASH_384_SIZE]; -} tee_measurement_t; - -typedef struct _tee_report_data_t { - uint8_t d[SGX_REPORT2_DATA_SIZE]; -} tee_report_data_t; - -typedef struct _tee_attributes_t -{ - uint32_t a[2]; -} tee_attributes_t; - -#define SGX_LEGACY_REPORT_TYPE 0x0 /* SGX Legacy Report Type */ -#define TEE_REPORT2_TYPE 0x81 /* TEE Report Type2 */ -#define TEE_REPORT2_SUBTYPE 0x0 /* SUBTYPE for Report Type2 is 0 */ -#define TEE_REPORT2_VERSION 0x0 /* VERSION for Report Type2 is 0 */ -#define TEE_REPORT2_VERSION_SERVICETD 0x1 /* VERSION for Report Type2 which mr_servicetd is used */ - -typedef struct _tee_report_type_t { - uint8_t type; /* Trusted Execution Environment(TEE) type: - 0x00: SGX Legacy REPORT TYPE - 0x7F-0x01: Reserved - 0x80: Reserved - 0x81: TEE Report type 2 - 0xFF-0x82: Reserved - */ - uint8_t subtype; /* TYPE-specific subtype, Stage1: value is 0 */ - uint8_t version; /* TYPE-specific version, Stage1: value is 0 */ - uint8_t reserved; /* Reserved, must be zero */ -} tee_report_type_t; - -#define SGX_REPORT2_MAC_STRUCT_RESERVED1_BYTES 12 -#define SGX_REPORT2_MAC_STRUCT_RESERVED2_BYTES 32 -typedef struct _sgx_report2_mac_struct_t /* 256 bytes */ -{ - tee_report_type_t report_type; /* ( 0) TEE Report type.*/ - uint8_t reserved1[SGX_REPORT2_MAC_STRUCT_RESERVED1_BYTES]; /* ( 4) Reserved, must be zero */ - tee_cpu_svn_t cpu_svn; /* ( 16) Security Version of the CPU */ - tee_measurement_t tee_tcb_info_hash; /* ( 32) SHA384 of TEE_TCB_INFO for TEEs */ - tee_measurement_t tee_info_hash; /* ( 80) SHA384 of TEE_INFO */ - tee_report_data_t report_data; /* (128) Data provided by the user */ - uint8_t reserved2[SGX_REPORT2_MAC_STRUCT_RESERVED2_BYTES]; /* (192) Reserved, must be zero */ - tee_mac_t mac; /* (224) The Message Authentication Code over this structure */ -} sgx_report2_mac_struct_t; - -#define TEE_TCB_INFO_SIZE 239 -#define SGX_REPORT2_RESERVED_BYTES 17 -#define TEE_INFO_SIZE 512 -typedef struct _sgx_report2_t /* 1024 bytes */ -{ - sgx_report2_mac_struct_t report_mac_struct; /* ( 0) Report mac struct for SGX report type 2 */ - uint8_t tee_tcb_info[TEE_TCB_INFO_SIZE]; /* (256) Struct contains details about extra TCB elements not found in CPUSVN */ - uint8_t reserved[SGX_REPORT2_RESERVED_BYTES]; /* (495) Reserved, must be zero */ - uint8_t tee_info[TEE_INFO_SIZE]; /* (512) Struct contains the TEE Info */ -} sgx_report2_t; -#pragma pack(pop) - -#endif diff --git a/sgx_dcap_quoteverify_stubs/sgx_urts.h b/sgx_dcap_quoteverify_stubs/sgx_urts.h deleted file mode 100644 index 691efbc937..0000000000 --- a/sgx_dcap_quoteverify_stubs/sgx_urts.h +++ /dev/null @@ -1,140 +0,0 @@ -/* - * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - - -#ifndef _SGX_URTS_H_ -#define _SGX_URTS_H_ - -#include "sgx_attributes.h" -#include "sgx_error.h" -#include "sgx_eid.h" -#include "sgx_defs.h" -#include "sgx_key.h" -#include "sgx_report.h" - -#include - - -#define MAX_EX_FEATURES_COUNT 32 - -#define SGX_CREATE_ENCLAVE_EX_PCL_BIT_IDX 0 -#define SGX_CREATE_ENCLAVE_EX_PCL (1 << SGX_CREATE_ENCLAVE_EX_PCL_BIT_IDX) // Reserve Bit 0 for the protected code loader -#define SGX_CREATE_ENCLAVE_EX_SWITCHLESS_BIT_IDX 1 -#define SGX_CREATE_ENCLAVE_EX_SWITCHLESS (1 << SGX_CREATE_ENCLAVE_EX_SWITCHLESS_BIT_IDX) // Reserve Bit 1 for Switchless Runtime System - - -#define SGX_CREATE_ENCLAVE_EX_KSS_BIT_IDX 2U -#define SGX_CREATE_ENCLAVE_EX_KSS (1U << SGX_CREATE_ENCLAVE_EX_KSS_BIT_IDX) // Bit 2 for Key Separation & Sharing - -#pragma pack(push, 1) - -/* Structure for KSS feature */ -typedef struct _sgx_kss_config_t -{ - sgx_config_id_t config_id; - sgx_config_svn_t config_svn; -} sgx_kss_config_t; - -#pragma pack(pop) - - -//update the following when adding new extended feature -#define _SGX_LAST_EX_FEATURE_IDX_ SGX_CREATE_ENCLAVE_EX_KSS_BIT_IDX - -#define _SGX_EX_FEATURES_MASK_ (((uint32_t)-1) >> (MAX_EX_FEATURES_COUNT - 1 - _SGX_LAST_EX_FEATURE_IDX_)) - -#ifdef __cplusplus -extern "C" { -#endif - -typedef uint8_t sgx_launch_token_t[1024]; - -/* Convenient macro to be passed to sgx_create_enclave(). */ -#if !defined(NDEBUG) || defined(EDEBUG) -#define SGX_DEBUG_FLAG 1 -#else -#define SGX_DEBUG_FLAG 0 -#endif - -sgx_status_t SGXAPI sgx_create_enclave(const char *file_name, - const int debug, - sgx_launch_token_t *launch_token, - int *launch_token_updated, - sgx_enclave_id_t *enclave_id, - sgx_misc_attribute_t *misc_attr); - - - -sgx_status_t SGXAPI sgx_create_enclave_ex(const char * file_name, - const int debug, - sgx_launch_token_t * launch_token, - int * launch_token_updated, - sgx_enclave_id_t * enclave_id, - sgx_misc_attribute_t * misc_attr, - const uint32_t ex_features, - const void* ex_features_p[32]); - - -sgx_status_t SGXAPI sgx_create_enclave_from_buffer_ex( - uint8_t *buffer, - size_t buffer_size, - const int debug, - sgx_enclave_id_t * enclave_id, - sgx_misc_attribute_t * misc_attr, - const uint32_t ex_features, - const void* ex_features_p[32]); - - - - - -sgx_status_t SGXAPI sgx_create_encrypted_enclave( - const char *file_name, - const int debug, - sgx_launch_token_t *launch_token, - int *launch_token_updated, - sgx_enclave_id_t *enclave_id, - sgx_misc_attribute_t *misc_attr, - uint8_t* sealed_key); - -sgx_status_t SGXAPI sgx_destroy_enclave(const sgx_enclave_id_t enclave_id); - -sgx_status_t SGXAPI sgx_get_target_info( - const sgx_enclave_id_t enclave_id, - sgx_target_info_t* target_info); - -#ifdef __cplusplus -} -#endif - - -#endif