[CI-Examples] Do not fetch tokens

Signed-off-by: Wojtek Porczyk <[email protected]>

CI-Examples/bash/Makefile

@@ -9,7 +9,7 @@ endif
 .PHONY: all
 all: bash.manifest
 ifeq ($(SGX),1)
-all: bash.manifest.sgx bash.sig bash.token
+all: bash.manifest.sgx bash.sig
 endif
 
 bash.manifest: manifest.template
@@ -26,9 +26,6 @@ bash.manifest.sgx: bash.manifest
 
 bash.sig: bash.manifest.sgx
 
-bash.token: bash.sig
-	gramine-sgx-get-token --output bash.token --sig bash.sig
-
 ifeq ($(SGX),)
 GRAMINE = gramine-direct
 else

CI-Examples/blender/Makefile

@@ -26,7 +26,7 @@ endif
 .PHONY: all
 all: $(BLENDER_DIR)/blender blender.manifest | $(DATA_DIR)/images
 ifeq ($(SGX),1)
-all: blender.manifest.sgx blender.sig blender.token
+all: blender.manifest.sgx blender.sig
 endif
 
 $(BLENDER_DIR)/blender:
@@ -58,9 +58,6 @@ sgx_outputs: $(BLENDER_DIR)/blender blender.manifest | $(RUN_DIR)
 		--output blender.manifest.sgx \
 		--manifest blender.manifest
 
-blender.token: blender.sig
-	gramine-sgx-get-token --output $@ --sig $<
-
 $(DATA_DIR)/images:
 	mkdir -p $@
 

CI-Examples/busybox/Makefile

@@ -20,7 +20,7 @@ RA_CLIENT_LINKABLE ?= 0
 .PHONY: all
 all: busybox busybox.manifest
 ifeq ($(SGX),1)
-all: busybox.manifest.sgx busybox.sig busybox.token
+all: busybox.manifest.sgx busybox.sig
 endif
 
 $(SRCDIR)/Makefile:
@@ -59,10 +59,6 @@ sgx_sign: busybox.manifest busybox
 		--manifest $< \
 		--output $<.sgx
 
-busybox.token: busybox.sig
-	gramine-sgx-get-token \
-		--output $@ --sig $<
-
 # Copy Busybox binary to our root directory for simplicity.
 busybox: $(SRCDIR)/busybox
 	cp $(SRCDIR)/busybox busybox

CI-Examples/helloworld/Makefile

@@ -11,7 +11,7 @@ endif
 .PHONY: all
 all: helloworld helloworld.manifest
 ifeq ($(SGX),1)
-all: helloworld.manifest.sgx helloworld.sig helloworld.token
+all: helloworld.manifest.sgx helloworld.sig
 endif
 
 helloworld: helloworld.o
@@ -45,10 +45,6 @@ sgx_sign: helloworld.manifest helloworld
 		--manifest $< \
 		--output $<.sgx
 
-helloworld.token: helloworld.sig
-	gramine-sgx-get-token \
-		--output $@ --sig $<
-
 ifeq ($(SGX),)
 GRAMINE = gramine-direct
 else

CI-Examples/lighttpd/Makefile

@@ -25,7 +25,7 @@ CONF_FILES = lighttpd-server.conf lighttpd.conf
 .PHONY: all
 all: $(INSTALL_DIR)/sbin/lighttpd lighttpd.manifest $(CONF_FILES) testdata
 ifeq ($(SGX),1)
-all: lighttpd.manifest.sgx lighttpd.sig lighttpd.token
+all: lighttpd.manifest.sgx lighttpd.sig
 endif
 
 $(INSTALL_DIR)/sbin/lighttpd: $(LIGHTTPD_SRC)/configure
@@ -62,9 +62,6 @@ sgx_sign: lighttpd.manifest $(INSTALL_DIR)/sbin/lighttpd
 		--manifest $< \
 		--output $<.sgx
 
-lighttpd.token: lighttpd.sig
-	gramine-sgx-get-token --output $@ --sig $^
-
 # lighttpd configuration and test data
 lighttpd-server.conf:
 	@$(RM) $@

CI-Examples/memcached/Makefile

@@ -17,7 +17,7 @@ endif
 .PHONY: all
 all: memcached memcached.manifest
 ifeq ($(SGX),1)
-all: memcached.manifest.sgx memcached.sig memcached.token
+all: memcached.manifest.sgx memcached.sig
 endif
 
 $(SRCDIR)/configure:
@@ -47,10 +47,6 @@ sgx_sign: memcached.manifest memcached
 		--manifest $< \
 		--output $<.sgx
 
-memcached.token: memcached.sig
-	gramine-sgx-get-token \
-		--output memcached.token --sig memcached.sig
-
 # for simplicity, copy memcached executable into our root directory
 memcached: $(SRCDIR)/memcached
 	cp $< $@

CI-Examples/nginx/Makefile

@@ -23,7 +23,7 @@ endif
 .PHONY: all
 all: $(INSTALL_DIR)/sbin/nginx nginx.manifest config testdata ssldata nginx_args
 ifeq ($(SGX),1)
-all: nginx.manifest.sgx nginx.sig nginx.token
+all: nginx.manifest.sgx nginx.sig
 endif
 
 # Note that Gramine doesn't support eventfd() and PR_SET_DUMPABLE, so we manually
@@ -67,9 +67,6 @@ sgx_sign: nginx.manifest $(INSTALL_DIR)/sbin/nginx \
 		--manifest $< \
 		--output $<.sgx
 
-nginx.token: nginx.sig
-	gramine-sgx-get-token --output $@ --sig $<
-
 # Nginx configuration and test data
 .PHONY: config
 config: $(INSTALL_DIR)/conf/nginx-gramine.conf

CI-Examples/python/Makefile

@@ -9,7 +9,7 @@ endif
 .PHONY: all
 all: python.manifest
 ifeq ($(SGX),1)
-all: python.manifest.sgx python.sig python.token
+all: python.manifest.sgx python.sig
 endif
 
 RA_TYPE ?= none
@@ -37,9 +37,6 @@ sgx_sign: python.manifest
 		--manifest $< \
 		--output $<.sgx
 
-python.token: python.sig
-	gramine-sgx-get-token --output $@ --sig $<
-
 .PHONY: check
 check: all
 	./run-tests.sh > TEST_STDOUT 2> TEST_STDERR

CI-Examples/ra-tls-mbedtls/Makefile

@@ -19,13 +19,13 @@ RA_CLIENT_LINKABLE ?= 0
 all: app epid  # by default, only build EPID because it doesn't rely on additional (DCAP) libs
 
 .PHONY: app
-app: ssl/server.crt mbedtls/.mbedtls_configured server.manifest.sgx server.sig server.token client
+app: ssl/server.crt mbedtls/.mbedtls_configured server.manifest.sgx server.sig client
 
 .PHONY: epid
-epid: client_epid.manifest.sgx client_epid.sig client_epid.token
+epid: client_epid.manifest.sgx client_epid.sig
 
 .PHONY: dcap
-dcap: client_dcap.manifest.sgx client_dcap.sig client_dcap.token
+dcap: client_dcap.manifest.sgx client_dcap.sig
 
 ############################# SSL DATA DEPENDENCY #############################
 
@@ -104,9 +104,6 @@ sgx_sign_server: server.manifest server
 		--manifest $< \
 		--output $<.sgx
 
-server.token: server.sig
-	gramine-sgx-get-token --output $@ --sig $<
-
 ########################### CLIENT (DCAP) MANIFEST ############################
 
 client_dcap.manifest: client.manifest.template
@@ -124,9 +121,6 @@ sgx_sign_client_dcap: client_dcap.manifest client
 		--manifest $< \
 		--output $<.sgx
 
-client_dcap.token: client_dcap.sig
-	gramine-sgx-get-token --output $@ --sig $<
-
 ########################### CLIENT (EPID) MANIFEST ############################
 
 client_epid.manifest: client.manifest.template
@@ -144,9 +138,6 @@ sgx_sign_client_epid: client_epid.manifest client
 		--manifest $< \
 		--output $<.sgx
 
-client_epid.token: client_epid.sig
-	gramine-sgx-get-token --output $@ --sig $<
-
 ############################### SGX CHECKS FOR CI #############################
 
 .PHONY: check_epid

CI-Examples/ra-tls-secret-prov/Makefile

@@ -24,9 +24,9 @@ all: app epid  # by default, only build EPID because it doesn't rely on addition
 .PHONY: app
 app: \
      ssl/server.crt \
-     secret_prov_minimal/client.manifest.sgx secret_prov_minimal/client.sig secret_prov_minimal/client.token \
-     secret_prov/client.manifest.sgx     secret_prov/client.sig     secret_prov/client.token \
-     secret_prov_pf/client.manifest.sgx  secret_prov_pf/client.sig  secret_prov_pf/client.token
+     secret_prov_minimal/client.manifest.sgx secret_prov_minimal/client.sig \
+     secret_prov/client.manifest.sgx     secret_prov/client.sig \
+     secret_prov_pf/client.manifest.sgx  secret_prov_pf/client.sig
 
 .PHONY: epid
 epid: ssl/server.crt secret_prov_minimal/server_epid secret_prov/server_epid secret_prov_pf/server_epid \
@@ -100,9 +100,6 @@ sgx_sign_secret_prov_minimal_client: secret_prov_minimal/client.manifest secret_
 		--manifest $(notdir $<) \
 		--output $(notdir $<.sgx)
 
-secret_prov_minimal/client.token: secret_prov_minimal/client.sig
-	gramine-sgx-get-token --output $@ --sig $<
-
 ############################### CLIENT MANIFEST ###############################
 
 secret_prov/client.manifest: secret_prov/client.manifest.template
@@ -125,9 +122,6 @@ sgx_sign_secret_prov_client: secret_prov/client.manifest secret_prov/client
 		--manifest $(notdir $<) \
 		--output $(notdir $<.sgx)
 
-secret_prov/client.token: secret_prov/client.sig
-	gramine-sgx-get-token --output $@ --sig $<
-
 ############################## PF CLIENT MANIFEST #############################
 
 secret_prov_pf/client.manifest: secret_prov_pf/client.manifest.template
@@ -150,9 +144,6 @@ sgx_sign_secret_prov_pf_client: secret_prov_pf/client.manifest secret_prov_pf/cl
 		--manifest $(notdir $<) \
 		--output $(notdir $<.sgx)
 
-secret_prov_pf/client.token: secret_prov_pf/client.sig
-	gramine-sgx-get-token --output $@ --sig $<
-
 ########################## PREPARE PROTECTED FILES ############################
 
 secret_prov_pf/wrap_key:

CI-Examples/redis/Makefile

@@ -34,7 +34,7 @@ endif
 .PHONY: all
 all: redis-server redis-server.manifest
 ifeq ($(SGX),1)
-all: redis-server.manifest.sgx redis-server.sig redis-server.token
+all: redis-server.manifest.sgx redis-server.sig
 endif
 
 ############################## REDIS EXECUTABLE ###############################
@@ -78,13 +78,6 @@ redis-server.manifest: redis-server.manifest.template
 # procedure measures all Redis trusted files, adds the measurement to the
 # resulting manifest.sgx file (among other, less important SGX options) and
 # creates redis-server.sig (SIGSTRUCT object).
-#
-# Gramine-SGX requires EINITTOKEN and SIGSTRUCT objects (see SGX hardware ABI,
-# in particular EINIT instruction). The "gramine-sgx-get-token" script
-# generates EINITTOKEN based on a SIGSTRUCT and puts it in .token file. Note
-# that filenames must be the same as the manifest name (i.e., "redis-server").
-# EINITTOKEN must be generated on the machine where the application will run,
-# not where it was built.
 
 # Make on Ubuntu <= 20.04 doesn't support "Rules with Grouped Targets" (`&:`),
 # see the helloworld example for details on this workaround.
@@ -97,9 +90,6 @@ sgx_outputs: redis-server.manifest $(SRCDIR)/src/redis-server
 		--manifest redis-server.manifest \
 		--output redis-server.manifest.sgx
 
-redis-server.token: redis-server.sig
-	gramine-sgx-get-token --output $@ --sig $<
-
 ########################### COPIES OF EXECUTABLES #############################
 
 # Redis build process creates the final executable as src/redis-server. For

CI-Examples/rust/Makefile

@@ -5,7 +5,7 @@ SELF_EXE = target/release/rust-hyper-http-server
 .PHONY: all
 all: $(SELF_EXE) rust-hyper-http-server.manifest
 ifeq ($(SGX),1)
-all: rust-hyper-http-server.manifest.sgx rust-hyper-http-server.sig rust-hyper-http-server.token
+all: rust-hyper-http-server.manifest.sgx rust-hyper-http-server.sig
 endif
 
 ifeq ($(DEBUG),1)
@@ -40,10 +40,6 @@ sgx_sign: rust-hyper-http-server.manifest $(SELF_EXE)
 		--manifest $< \
 		--output $<.sgx
 
-rust-hyper-http-server.token: rust-hyper-http-server.sig
-	gramine-sgx-get-token \
-		--output $@ --sig $<
-
 ifeq ($(SGX),)
 GRAMINE = gramine-direct
 else

CI-Examples/sqlite/Makefile

@@ -9,7 +9,7 @@ endif
 .PHONY: all
 all: sqlite3.manifest
 ifeq ($(SGX),1)
-all: sqlite3.manifest.sgx sqlite3.sig sqlite3.token
+all: sqlite3.manifest.sgx sqlite3.sig
 endif
 
 sqlite3.manifest: manifest.template
@@ -30,9 +30,6 @@ sgx_sign: sqlite3.manifest
 		--manifest $< \
 		--output $<.sgx
 
-sqlite3.token: sqlite3.sig
-	gramine-sgx-get-token --output sqlite3.token --sig sqlite3.sig
-
 ifeq ($(SGX),)
 GRAMINE = gramine-direct
 else