Intel(R) SGX DCAP 1.7 Release

Updated Quote Verification Enclave(QvE) and wrapper library to support platform certificate’s new fields. Added a trusted library to verify QvE’s identity. Supported user to specify platform id in PCK Cert ID Retrieval Tool’s command line option. Added ability to execute Platform Cert ID Retrieval Tool on multi-package platforms without loading enclaves. PCCS now supports this functionality. The platform still needs to support SGX. Updated Platform Cert ID Retrieval Tool and Multi-package registration tool to align with BIOS platform manifest changes. Added .deb and .rpm installers for Platform Cert ID Retrieval Tool and Multi-package Registration Agent. Fixed bugs. Signed-off-by: Li, Xun <[email protected]>
intel · Jul 6, 2020 · 96ea09b · 96ea09b
1 parent 34d1ad4
commit 96ea09b
Show file tree

Hide file tree

Showing 373 changed files with 6,644 additions and 6,281 deletions.
diff --git a/.gitignore b/.gitignore
@@ -3,8 +3,8 @@
 *.obj
 
 #library and symbol file
-#*.a
-#*.lib
+*.a
+*.lib
 *.pdb
 
 #share object and dynamic-link library

diff --git a/QuoteGeneration/README.md b/QuoteGeneration/README.md
@@ -37,7 +37,7 @@ For Windows* OS
 **NOTE**:`sgx_dcap_dev.inf` is for Windows* Server 2016 LTSC and `sgx_dcap.inf` is for Windows* Server 2019 LTSC.
 
 ## How to install
-   Refer to the *"Installation Instructions"* section in the [Intel(R) Software Guard Extensions: Data Center Attestation Primitives Installation Guide For Windows* OS](https://download.01.org/intel-sgx/sgx-dcap/1.6/windows/docs/Intel_SGX_DCAP_Windows_SW_Installation_Guide.pdf) to install the right packages on your platform.
+   Refer to the *"Installation Instructions"* section in the [Intel(R) Software Guard Extensions: Data Center Attestation Primitives Installation Guide For Windows* OS](https://download.01.org/intel-sgx/sgx-dcap/1.7/windows/docs/Intel_SGX_DCAP_Windows_SW_Installation_Guide.pdf) to install the right packages on your platform.
 
 
 For Linux* OS

diff --git a/QuoteGeneration/ae/buildenv.mk b/QuoteGeneration/ae/buildenv.mk
@@ -51,7 +51,7 @@ CXXFLAGS  += $(ENCLAVE_CXXFLAGS)
 CFLAGS    += $(ENCLAVE_CFLAGS)
 
 LDTFLAGS  = -L$(SGX_LIBRARY_PATH) -Wl,--whole-archive $(TRTSLIB) -Wl,--no-whole-archive \
-            -Wl,--start-group $(EXTERNAL_LIB) -Wl,--end-group                    \
+            -Wl,--start-group $(EXTERNAL_LIB) -Wl,--end-group -Wl,--build-id            \
             -Wl,--version-script=$(WORK_DIR)/enclave.lds $(ENCLAVE_LDFLAGS)
 
 LDTFLAGS_NO_CRYPTO = -L$(SGX_LIBRARY_PATH) -Wl,--whole-archive $(TRTSLIB) -Wl,--no-whole-archive \

diff --git a/QuoteGeneration/buildenv.mk b/QuoteGeneration/buildenv.mk
@@ -66,7 +66,9 @@ SGX_MODE ?= HW
 SGX_ARCH ?= x64
 SGX_DEBUG ?= 0
 
+ifneq ($(MAKECMDGOALS),clean)
 include $(SGX_SDK)/buildenv.mk
+endif
 
 ifeq ($(shell getconf LONG_BIT), 32)
 	SGX_ARCH := x86

diff --git a/QuoteGeneration/common/inc/internal/se_version.h b/QuoteGeneration/common/inc/internal/se_version.h
@@ -28,10 +28,10 @@
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
-#define STRFILEVER    "1.6.100.2"
+#define STRFILEVER    "1.7.100.2"
 #define COPYRIGHT      "Copyright (C) 2020 Intel Corporation"
-#define FILEVER        1,6,100,2
-#define PRODUCTVER     1,6,100,2
-#define STRPRODUCTVER  "1.6.100.2"
+#define FILEVER        1,7,100,2
+#define PRODUCTVER     1,7,100,2
+#define STRPRODUCTVER  "1.7.100.2"
 #define COMPANYNAME    "Intel Corporation"
-#define PRODUCTNAME    "Intel® Software Guard Extensions"
+#define PRODUCTNAME    "Intel® Software Guard Extensions"
diff --git a/QuoteGeneration/common/inc/internal/win/arch.h b/QuoteGeneration/common/inc/internal/win/arch.h
@@ -290,7 +290,7 @@ typedef struct _wl_cert_t                           // All fields except the mr_
     uint16_t                version;                // ( 0) White List Cert format version. For 2015, only valid version is 1
     uint16_t                cert_type;              // ( 2) White List Cert Type. For Enclave Signing Key White List Cert, must be 1
     uint16_t                provider_id;            // ( 4) Enclave Signing Key White List Provider ID to identify the key used to sign this Enclave signing Key White List Certificate. For 2015, only one White List Provider is approved: WLProviderID-ISecG = 0
-    uint16_t                le_prod_id;             // ( 6) Launch Enclave ProdID the White List Cert applies to.  Launch Enclave for different OS might be assigned with different ProdID. Attackers cant simply use a White List for one OS in another OS. Windows LE-ProdID = 0x00; Android LE-ProdID = 0x10; Linux LE-ProdID = 0x20
+    uint16_t                le_prod_id;             // ( 6) Launch Enclave ProdID the White List Cert applies to.  Launch Enclave for different OS might be assigned with different ProdID. Attackers can't simply use a White List for one OS in another OS. Windows LE-ProdID = 0x00; Android LE-ProdID = 0x10; Linux LE-ProdID = 0x20
     uint32_t                wl_version;             // ( 8) Version of the Enclave Signing Key White List. For a specific LE-ProdID, should increase on every WL Cert signing request
     uint32_t                entry_number;           // (12) Number of MRSIGNER entries in the Cert. If the White List Certificate allows enclave signed by any key to launch, the White List Cert must only contain one all-0 MRSIGNER entry.
 #ifdef _MSC_VER

diff --git a/QuoteGeneration/download_prebuilt.bat b/QuoteGeneration/download_prebuilt.bat
@@ -29,9 +29,9 @@
 
 @echo off
 
-set ae_file_name=prebuilt_windows_dcap_1.6.zip
-set checksum_file=SHA256SUM_prebuilt_windows_dcap_1.6.txt
-set server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.6/windows/
+set ae_file_name=prebuilt_windows_dcap_1.7.zip
+set checksum_file=SHA256SUM_prebuilt_windows_dcap_1.7.txt
+set server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.7/windows/
 set server_ae_url=%server_url_path%/%ae_file_name%
 set server_checksum_url=%server_url_path%/%checksum_file%
 

diff --git a/QuoteGeneration/download_prebuilt.sh b/QuoteGeneration/download_prebuilt.sh
@@ -32,9 +32,9 @@
 
 top_dir=`dirname $0`
 out_dir=$top_dir
-ae_file_name=prebuilt_dcap_1.6.tar.gz
-checksum_file=SHA256SUM_prebuilt_dcap_1.6.txt
-server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.6/linux
+ae_file_name=prebuilt_dcap_1.7.tar.gz
+checksum_file=SHA256SUM_prebuilt_dcap_1.7.txt
+server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.7/linux
 server_ae_url=$server_url_path/$ae_file_name
 server_checksum_url=$server_url_path/$checksum_file
 

diff --git a/QuoteGeneration/installer/linux/common/libsgx-dcap-ql/BOMs/libsgx-dcap-ql-dev-qvinc.txt b/QuoteGeneration/installer/linux/common/libsgx-dcap-ql/BOMs/libsgx-dcap-ql-dev-qvinc.txt
@@ -1,4 +1,3 @@
 DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
-<deliverydir>/dcap_quoteverify/inc/sgx_dcap_pcs_com.h	<installdir>/include/sgx_dcap_pcs_com.h	0	main	STP
 <deliverydir>/dcap_quoteverify/inc/sgx_dcap_quoteverify.h	<installdir>/include/sgx_dcap_quoteverify.h	0	main	STP
-<deliverydir>/QvE/Include/qve_header.h	<installdir>/include/qve_header.h	0	main	STP
+<deliverydir>/QvE/Include/sgx_qve_header.h	<installdir>/include/sgx_qve_header.h	0	main	STP
diff --git a/QuoteGeneration/installer/linux/deb/libsgx-pce-logic/libsgx-pce-logic-1.0/debian/changelog b/QuoteGeneration/installer/linux/deb/libsgx-pce-logic/libsgx-pce-logic-1.0/debian/changelog
@@ -5,4 +5,4 @@ libsgx-pce-logic (1.0-1) unstable; urgency=low
   * Provide the Quote Generation Library and sample project
   * Provide the sample project for Platform Provider Library
 
- -- Xiangquan Liu <[email protected]>  Tues, 20 Jan 2020 15:19:41 +0800
+ -- Xiangquan Liu <[email protected]>  Mon, 20 Jan 2020 15:19:41 +0800
diff --git a/QuoteGeneration/installer/linux/deb/libsgx-pce-logic/libsgx-pce-logic-1.0/debian/control b/QuoteGeneration/installer/linux/deb/libsgx-pce-logic/libsgx-pce-logic-1.0/debian/control
@@ -8,5 +8,5 @@ Homepage: https://github.com/intel/SGXDataCenterAttestationPrimitives
 
 Package: libsgx-pce-logic
 Architecture: amd64
-Depends: libsgx-urts (>= 2.9), libsgx-ae-pce(>= 2.9), ${shlibs:Depends}, ${misc:Depends}
+Depends: libsgx-urts (>= 2.10), libsgx-ae-pce(>= 2.10), ${shlibs:Depends}, ${misc:Depends}
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives
diff --git a/QuoteGeneration/installer/linux/deb/libsgx-qe3-logic/libsgx-qe3-logic-1.0/debian/changelog b/QuoteGeneration/installer/linux/deb/libsgx-qe3-logic/libsgx-qe3-logic-1.0/debian/changelog
@@ -5,4 +5,4 @@ libsgx-qe3-logic (1.0-1) unstable; urgency=low
   * Provide the Quote Generation Library and sample project
   * Provide the sample project for Platform Provider Library
 
- -- Xiangquan Liu <[email protected]>  Tues, 20 Jan 2020 15:19:41 +0800
+ -- Xiangquan Liu <[email protected]>  Mon, 20 Jan 2020 15:19:41 +0800
diff --git a/QuoteGeneration/installer/linux/deb/libsgx-qe3-logic/libsgx-qe3-logic-1.0/debian/control b/QuoteGeneration/installer/linux/deb/libsgx-qe3-logic/libsgx-qe3-logic-1.0/debian/control
@@ -8,5 +8,5 @@ Homepage: https://github.com/intel/SGXDataCenterAttestationPrimitives
 
 Package: libsgx-qe3-logic
 Architecture: amd64
-Depends: libsgx-urts (>= 2.9), libsgx-ae-qe3(>= @dep_version@), ${shlibs:Depends}, ${misc:Depends}
+Depends: libsgx-urts (>= 2.10), libsgx-ae-qe3(>= @dep_version@), ${shlibs:Depends}, ${misc:Depends}
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives
diff --git a/QuoteGeneration/installer/linux/rpm/libsgx-ae-qe3/libsgx-ae-qe3.spec b/QuoteGeneration/installer/linux/rpm/libsgx-ae-qe3/libsgx-ae-qe3.spec
@@ -29,6 +29,8 @@
 #
 #
 
+%define _license_file COPYING
+
 Name:           libsgx-ae-qe3
 Version:        @version@
 Release:        1%{?dist}
@@ -47,6 +49,8 @@ Intel(R) Software Guard Extensions QE3
 
 %install
 make DESTDIR=%{?buildroot} install
+install -d %{?buildroot}%{_docdir}/%{name}
+find %{?_sourcedir}/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}%{_docdir}/%{name}/%{_license_file}
 rm -f %{_specdir}/list-%{name}
 for f in $(find %{?buildroot} -type f -o -type l); do
     echo $f | sed -e "s#%{?buildroot}##" >> %{_specdir}/list-%{name}

diff --git a/QuoteGeneration/installer/linux/rpm/libsgx-ae-qve/libsgx-ae-qve.spec b/QuoteGeneration/installer/linux/rpm/libsgx-ae-qve/libsgx-ae-qve.spec
@@ -29,6 +29,8 @@
 #
 #
 
+%define _license_file COPYING
+
 Name:           libsgx-ae-qve
 Version:        @version@
 Release:        1%{?dist}
@@ -47,6 +49,8 @@ Intel(R) Software Guard Extensions QVE
 
 %install
 make DESTDIR=%{?buildroot} install
+install -d %{?buildroot}%{_docdir}/%{name}
+find %{?_sourcedir}/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}%{_docdir}/%{name}/%{_license_file}
 rm -f %{_specdir}/list-%{name}
 for f in $(find %{?buildroot} -type f -o -type l); do
     echo $f | sed -e "s#%{?buildroot}##" >> %{_specdir}/list-%{name}

diff --git a/QuoteGeneration/installer/linux/rpm/libsgx-dcap-default-qpl/libsgx-dcap-default-qpl.spec b/QuoteGeneration/installer/linux/rpm/libsgx-dcap-default-qpl/libsgx-dcap-default-qpl.spec
@@ -29,6 +29,7 @@
 #
 #
 
+%define _license_file COPYING
 
 Name:           libsgx-dcap-default-qpl
 Version:        @version@
@@ -56,6 +57,8 @@ Intel(R) Software Guard Extensions Default Quote Provider Library for Developers
 
 %install
 make DESTDIR=%{?buildroot} install
+install -d %{?buildroot}/%{name}%{_docdir}/%{name}
+find %{?_sourcedir}/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}/%{name}%{_docdir}/%{name}/%{_license_file}
 rm -f %{_specdir}/list-%{name}
 for f in $(find %{?buildroot}/%{name} -type f -o -type l); do
     echo $f | sed -e "s#%{?buildroot}/%{name}##" >> %{_specdir}/list-%{name}

diff --git a/QuoteGeneration/installer/linux/rpm/libsgx-dcap-ql/libsgx-dcap-ql.spec b/QuoteGeneration/installer/linux/rpm/libsgx-dcap-ql/libsgx-dcap-ql.spec
@@ -29,6 +29,7 @@
 #
 #
 
+%define _license_file COPYING
 
 Name:           libsgx-dcap-ql
 Version:        @version@
@@ -57,6 +58,8 @@ Intel(R) Software Guard Extensions Data Center Attestation Primitives for Develo
 
 %install
 make DESTDIR=%{?buildroot} install
+install -d %{?buildroot}/%{name}%{_docdir}/%{name}
+find %{?_sourcedir}/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}/%{name}%{_docdir}/%{name}/%{_license_file}
 rm -f %{_specdir}/list-%{name}
 for f in $(find %{?buildroot}/%{name} -type f -o -type l); do
     echo $f | sed -e "s#%{?buildroot}/%{name}##" >> %{_specdir}/list-%{name}

diff --git a/QuoteGeneration/installer/linux/rpm/libsgx-pce-logic/libsgx-pce-logic.spec b/QuoteGeneration/installer/linux/rpm/libsgx-pce-logic/libsgx-pce-logic.spec
@@ -29,12 +29,14 @@
 #
 #
 
+%define _license_file COPYING
+
 Name:           libsgx-pce-logic
 Version:        @version@
 Release:        1%{?dist}
 Summary:        Intel(R) Software Guard Extensions PCE logic
 Group:          Development/Libraries
-Requires:       libsgx-urts >= 2.9  libsgx-ae-pce >= 2.9
+Requires:       libsgx-urts >= 2.10 libsgx-ae-pce >= 2.10
 
 License:        BSD License
 URL:            https://github.com/intel/SGXDataCenterAttestationPrimitives
@@ -48,6 +50,8 @@ Intel(R) Software Guard Extensions PCE logic
 
 %install
 make DESTDIR=%{?buildroot} install
+install -d %{?buildroot}%{_docdir}/%{name}
+find %{?_sourcedir}/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}%{_docdir}/%{name}/%{_license_file}
 rm -f %{_specdir}/list-%{name}
 for f in $(find %{?buildroot} -type f -o -type l); do
     echo $f | sed -e "s#%{?buildroot}##" >> %{_specdir}/list-%{name}

diff --git a/QuoteGeneration/installer/linux/rpm/libsgx-qe3-logic/libsgx-qe3-logic.spec b/QuoteGeneration/installer/linux/rpm/libsgx-qe3-logic/libsgx-qe3-logic.spec
@@ -29,12 +29,14 @@
 #
 #
 
+%define _license_file COPYING
+
 Name:           libsgx-qe3-logic
 Version:        @version@
 Release:        1%{?dist}
 Summary:        Intel(R) Software Guard Extensions QE3 logic
 Group:          Development/Libraries
-Requires:       libsgx-urts >= 2.9 libsgx-ae-qe3 >= %{version}-%{release}
+Requires:       libsgx-urts >= 2.10 libsgx-ae-qe3 >= %{version}-%{release}
 
 License:        BSD License
 URL:            https://github.com/intel/SGXDataCenterAttestationPrimitives
@@ -48,6 +50,8 @@ Intel(R) Software Guard Extensions QE3 logic
 
 %install
 make DESTDIR=%{?buildroot} install
+install -d %{?buildroot}%{_docdir}/%{name}
+find %{?_sourcedir}/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}%{_docdir}/%{name}/%{_license_file}
 rm -f %{_specdir}/list-%{name}
 for f in $(find %{?buildroot} -type f -o -type l); do
     echo $f | sed -e "s#%{?buildroot}##" >> %{_specdir}/list-%{name}

diff --git a/QuoteGeneration/installer/linux/rpm/sgx-dcap-pccs/sgx-dcap-pccs.spec b/QuoteGeneration/installer/linux/rpm/sgx-dcap-pccs/sgx-dcap-pccs.spec
@@ -30,6 +30,7 @@
 #
 
 %define _install_path @install_path@
+%define _license_file COPYING
 
 Name:           sgx-dcap-pccs
 Version:        @version@
@@ -49,7 +50,10 @@ Intel(R) Software Guard Extensions PCK Caching Service
 
 %install
 make DESTDIR=%{?buildroot} install
+install -d %{?buildroot}%{_docdir}/%{name}
+find %{?_sourcedir}/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}%{_docdir}/%{name}/%{_license_file}
 echo "%{_install_path}" > %{_specdir}/listfiles
+echo %{_docdir}/%{name}/%{_license_file} >> %{_specdir}/listfiles
 echo "%config %{_install_path}/config/production-0.json" >> %{_specdir}/listfiles
 
 %files -f %{_specdir}/listfiles
@@ -61,9 +65,6 @@ if which pm2 > /dev/null; then
 else
     npm install -g pm2
 fi
-/bin/su -c "%{_install_path}/install.sh postinst" $(logname)
-pm2cfg=`/bin/su -c "pm2 startup systemd | grep 'sudo'" $(logname)` || true
-eval $pm2cfg 
 
 %postun
 if which pm2 > /dev/null; then

diff --git a/QuoteGeneration/installer/win/DCAP_Components.bat b/QuoteGeneration/installer/win/DCAP_Components.bat
@@ -19,10 +19,8 @@ copy /y "%QGFOLDER%\quote_wrapper\common\inc\sgx_ql_lib_common.h" "%pwd%\Header
 copy /y "%QGFOLDER%\quote_wrapper\common\inc\sgx_quote_3.h" "%pwd%\Header Files\sgx_quote_3.h"
 copy /y "%QGFOLDER%\quote_wrapper\ql\inc\sgx_dcap_ql_wrapper.h" "%pwd%\Header Files\sgx_dcap_ql_wrapper.h"
 copy /y "%QGFOLDER%\pce_wrapper\inc\sgx_pce.h" "%pwd%\Header Files\sgx_pce.h"
-copy /y "%QVFOLDER%\QvE\Include\qve_header.h" "%pwd%\Header Files\qve_header.h"
+copy /y "%QVFOLDER%\QvE\Include\sgx_qve_header.h" "%pwd%\Header Files\sgx_qve_header.h"
 copy /y "%QVFOLDER%\dcap_quoteverify\inc\sgx_dcap_quoteverify.h" "%pwd%\Header Files\sgx_dcap_quoteverify.h"
-copy /y "%QVFOLDER%\dcap_quoteverify\inc\sgx_dcap_pcs_com.h" "%pwd%\Header Files\sgx_dcap_pcs_com.h"
-
 copy /y "%SGXSDKInstallPath%\include\sgx_attributes.h" "%pwd%\Header Files\sgx_attributes.h"
 copy /y "%SGXSDKInstallPath%\include\sgx_key.h" "%pwd%\Header Files\sgx_key.h"
 copy /y "%SGXSDKInstallPath%\include\sgx_report.h" "%pwd%\Header Files\sgx_report.h"

diff --git a/QuoteGeneration/pccs/README.md b/QuoteGeneration/pccs/README.md
@@ -5,8 +5,8 @@ This is a lightweight Provisioning Certificate Caching Service implemented in no
 - **Prerequisites**
 
     Install node.js (Version 10.13.0 LTS or later)
-    + For Linux, you can use the following command:<br/>
-         curl -sL https://deb.nodesource.com/setup_13.x | sudo -E bash - sudo apt-get install -y nodejs
+    + For Debian and Ubuntu based distributions, you can use the following command:<br/>
+         curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash - sudo apt-get install -y nodejs
     + To download and install, goto https://nodejs.org/en/download/
 
 - **Install via Linux Debian package installer**
@@ -18,6 +18,12 @@ This is a lightweight Provisioning Certificate Caching Service implemented in no
     *NOTE : If you have installed old libsgx-dcap-pccs releases with root privilege before, some folders may remain even after you uninstall it. 
     You can delete them manually with root privilege, for example, ~/.pm2/, ~/.npm/, etc.*
 
+- **Install via RPM package installer**
+
+    rpm -ivh sgx-dcap-pccs_${version}_${arch}.rpm
+
+    After the RPM package was installed, you can run install.sh from the root directory of the PCCS to configure it.
+
 - **Linux manual installation**
 
     1) Put all the files and sub folders in this directory to your preferred place with right permissions set to launch a 
@@ -77,6 +83,7 @@ This is a lightweight Provisioning Certificate Caching Service implemented in no
 - **CachingFillMode** - The method used to fill the cache DB. Can be one of the following: REQ/LAZY/OFFLINE. For more details see section "Caching Fill Mode".
 - **LogLevel** - Log level. Use the same levels as npm: error, warn, info, http, verbose, debug, silly. Default is info.
 - **DB_CONFIG** - You can choose sqlite or mysql and many other DBMSes. For sqlite, you don't need to change anything. For other DBMSes, you need to set database connection options correctly. Normally you need to change database, username, password, host and dialect to connect to your DBMS.
+<br/>**NOTE: It's recommended to delete old database first if you have installed a different version of PCCS before because the database may be not compatible.**
 
 ## Caching Fill Mode
 When a new server platform is introduced to the data center or the cloud service provider that will require SGX remote attestation, the caching service will need to import the platform’s SGX attestation collateral retrieved from Intel.  This collateral will be used for both generating and verifying ECDSA quotes. Currently PCCS supports three caching fill methods.

diff --git a/QuoteGeneration/pccs/constants/index.js b/QuoteGeneration/pccs/constants/index.js
@@ -42,7 +42,7 @@ define("PLATF_REG_DELETED", 9);
 define("HTTP_SUCCESS", 200);
 
 //
-define("QEID_SIZE", 32);
+define("QEID_MAX_SIZE", 260);
 define("CPUSVN_SIZE", 32);
 define("PCESVN_SIZE", 4);
 define("PCEID_SIZE", 4);

diff --git a/QuoteGeneration/pccs/controllers/pckcertController.js b/QuoteGeneration/pccs/controllers/pckcertController.js
@@ -43,10 +43,10 @@ exports.getPckCert = async function(req,res,next) {
         let enc_ppid = req.query.encrypted_ppid;
 
         // validate request parameters
-        if (qeid == null || cpusvn == null || pcesvn == null || pceid == null) {
+        if (!qeid || !cpusvn || !pcesvn || !pceid) {
             throw new PccsError(PCCS_STATUS.PCCS_STATUS_INVALID_REQ);
         }
-        if (qeid.length != Constants.QEID_SIZE || cpusvn.length != Constants.CPUSVN_SIZE 
+        if (qeid.length > Constants.QEID_MAX_SIZE || cpusvn.length != Constants.CPUSVN_SIZE 
             || pcesvn.length != Constants.PCESVN_SIZE || pceid.length != Constants.PCEID_SIZE){
             throw new PccsError(PCCS_STATUS.PCCS_STATUS_INVALID_REQ);
         }

diff --git a/QuoteGeneration/pccs/package.json b/QuoteGeneration/pccs/package.json
@@ -25,7 +25,7 @@
   "devDependencies": {
     "chai": "^4.2.0",
     "chai-http": "^4.3.0",
-    "mocha": "^6.2.2"
+    "mocha": "^6.2.3"
   },
   "engines": {
     "node": ">= 10.13.0"
-Original file line number
+Diff line change
@@ Expand Up / @@ -3,8 +3,8 @@ @@
     *.obj
     #library and symbol file
-    #*.a
-    #*.lib
+    *.a
+    *.lib
     *.pdb
     #share object and dynamic-link library
@@ Expand Down @@