add documentation

Signed-off-by: Bruno Vavala <bruno.vavala@intel.com>
hyperledger-labs · Dec 16, 2022 · 6c08951 · 6c08951
1 parent 64c7f7c
commit 6c08951
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 1 deletion.
diff --git a/docs/environment.md b/docs/environment.md
@@ -51,7 +51,7 @@ them to the environment.
 
 Passing parameter `--reset-keys` will unset key variables
 `PDO_ENCLAVE_CODE_SIGN_PEM`,
-`PDO_SPID` and `PDO_SPID_API_KEY` before setting variables.
+`PDO_SPID`, `PDO_SPID_API_KEY`, `PDO_ATTESTATION_TYPE` before setting variables.
 
 <!-- -------------------------------------------------- -->
 <!-- -------------------------------------------------- -->
@@ -152,6 +152,13 @@ you should provide your own version, at least for `PDO_SPID` and
 [BUILD document](install.md) for more information.
 
 <!-- -------------------------------------------------- -->
+
+### `PCCS_URL`
+(default: `https://$(hostname -A | cut -d" " -f1):8081/sgx/certification/v3/`)
+
+`PCCS_URL` is the url of the SGX PCCS service which is necessary for DCAP attestations.
+For other types of attestations, this value is ignored.
+
 ### `PDO_ENCLAVE_CODE_SIGN_PEM`
 (default: `${PDO_SGX_KEY_ROOT}/enclave_code_sign.pem`):
 
@@ -196,6 +203,14 @@ The default value will work for SGX simulation mode. See
 [SGX section](install.md#SGX) of the [BUILD document](install.md) for
 instructions to create the API key to support SGX hardware mode.
 
+### `PDO_ATTESTATION_TYPE`
+(default `simulated`)
+
+`PDO_ATTESTATION_TYPE` contains the type of attestation used by the eservice
+for the contract enclave.
+The default value is `simulated`, in SGX SIM mode.
+In SGX HW mode, the available types are `epid-linkable` and `dcap`.
+
 <!-- -------------------------------------------------- -->
 <!-- -------------------------------------------------- -->
 ## Ledger Environment Variables

diff --git a/docs/install.md b/docs/install.md
@@ -127,6 +127,7 @@ or you can define yours with `export PDO_SGX_KEY_ROOT=<your folder>`):
 * save your API key in `${PDO_SGX_KEY_ROOT}/sgx_spid_api_key.txt`
 * save the IAS root CA certificate in `${PDO_SGX_KEY_ROOT}/sgx_ias_key.pem`
   (`wget https://certificates.trustedservices.intel.com/Intel_SGX_Attestation_RootCA.pem -O ${PDO_SGX_KEY_ROOT}/sgx_ias_key.pem`)
+* save the attestation type `epid-linkable` or `dcap` in `${PDO_SGX_KEY_ROOT}/sgx_attestation_type.txt`
 
 #### Install the SGX Kernel Driver (Hardware Support)
 

diff --git a/eservice/docs/test-scripts.md b/eservice/docs/test-scripts.md
@@ -70,6 +70,7 @@ The following configuration variables can be specified:
   * ``ias_url`` --  URL of the Intel Attestation Service (IAS) server (ignored)
   * ``https_proxy`` -- proxy used to contact IAS server (ignored)
   * ``spid_api_key`` -- the api key corresponding to spid (ignored)
+  * ``attestation_type`` -- the type of attestation that the eservice will use (ignored)
 
 * ``contract`` -- the base name of the contract to use, this is
   expected to reference a file found in ``SchemeSearchPath``