Merge pull request #167571 from veehaitch/sgx-2.16

sgx-sdk, sgx-psw: 2.15.1 -> 2.16

2 files changed, 5 insertions, 35 deletions

diff --git a/pkgs/os-specific/linux/sgx/psw/default.nix b/pkgs/os-specific/linux/sgx/psw/default.nix
index f6564f1560c1e..2077d23bc9d75 100644
--- a/pkgs/os-specific/linux/sgx/psw/default.nix
+++ b/pkgs/os-specific/linux/sgx/psw/default.nix
@@ -28,11 +28,11 @@ stdenv.mkDerivation rec {
         hash = "sha256-JriA9UGYFkAPuCtRizk8RMM1YOYGR/eO9ILnx47A40s=";
       };
       dcap = rec {
-        version = "1.12.1";
+        version = "1.13";
         filename = "prebuilt_dcap_${version}.tar.gz";
         prebuilt = fetchurl {
           url = "https://download.01.org/intel-sgx/sgx-dcap/${version}/linux/${filename}";
-          hash = "sha256-V/XHva9Sq3P36xSW+Sd0G6Dnk4H0ANO1Ns/u+FI1eGI=";
+          hash = "sha256-0kD6hxN8qZ/7/H99aboQx7Qg7ewmYPEexoU6nqczAik=";
         };
       };
     in
@@ -64,19 +64,6 @@ stdenv.mkDerivation rec {
   ];
 
   postPatch = ''
-    # https://github.com/intel/linux-sgx/pull/730
-    substituteInPlace buildenv.mk --replace '/bin/cp' 'cp'
-    substituteInPlace psw/ae/aesm_service/source/CMakeLists.txt \
-      --replace '/usr/bin/getconf' 'getconf'
-
-    # https://github.com/intel/SGXDataCenterAttestationPrimitives/pull/205
-    substituteInPlace ./external/dcap_source/QuoteGeneration/buildenv.mk \
-      --replace '/bin/cp' 'cp'
-    substituteInPlace external/dcap_source/tools/SGXPlatformRegistration/Makefile \
-      --replace '/bin/cp' 'cp'
-    substituteInPlace external/dcap_source/tools/SGXPlatformRegistration/buildenv.mk \
-      --replace '/bin/cp' 'cp'
-
     patchShebangs \
       linux/installer/bin/build-installpkg.sh \
       linux/installer/common/psw/createTarball.sh \
@@ -166,14 +153,6 @@ stdenv.mkDerivation rec {
     substituteInPlace $out/lib/systemd/system/remount-dev-exec.service \
       --replace '/bin/mount' \
                 "${util-linux}/bin/mount"
-
-    header "Fixing linksgx.sh"
-    # https://github.com/intel/linux-sgx/pull/736
-    substituteInPlace $out/aesm/linksgx.sh \
-      --replace '/usr/bin/getent' \
-                '${glibc.bin}/bin/getent' \
-      --replace '/usr/sbin/usermod' \
-                '${shadow}/bin/usermod'
   '';
 
   passthru.tests = {
diff --git a/pkgs/os-specific/linux/sgx/sdk/default.nix b/pkgs/os-specific/linux/sgx/sdk/default.nix
index baa4ad2a3375c..977139406fe95 100644
--- a/pkgs/os-specific/linux/sgx/sdk/default.nix
+++ b/pkgs/os-specific/linux/sgx/sdk/default.nix
@@ -29,15 +29,15 @@
 stdenv.mkDerivation rec {
   pname = "sgx-sdk";
   # Version as given in se_version.h
-  version = "2.15.101.1";
+  version = "2.16.100.4";
   # Version as used in the Git tag
-  versionTag = "2.15.1";
+  versionTag = "2.16";
 
   src = fetchFromGitHub {
     owner = "intel";
     repo = "linux-sgx";
     rev = "sgx_${versionTag}";
-    hash = "sha256-e11COTR5eDPMB81aPRKatvIkAOeX+OZgnvn2utiv78M=";
+    hash = "sha256-qgXuJJWiqmcU11umCsE3DnlK4VryuTDAsNf53YPw6UY=";
     fetchSubmodules = true;
   };
 
@@ -53,18 +53,9 @@ stdenv.mkDerivation rec {
       url = "https://github.com/intel/linux-sgx/commit/254b58f922a6bd49c308a4f47f05f525305bd760.patch";
       sha256 = "sha256-sHU++K7NJ+PdITx3y0PwstA9MVh10rj2vrLn01N9F4w=";
     })
-    # Commit to add missing sgx_ippcp.h not yet part of this release
-    (fetchpatch {
-      name = "add-missing-sgx_ippcp-header.patch";
-      url = "https://github.com/intel/linux-sgx/commit/51d1087b707a47e18588da7bae23e5f686d44be6.patch";
-      sha256 = "sha256-RZC14H1oEuGp0zn8CySDPy1KNqP/POqb+KMYoQt2A7M=";
-    })
   ];
 
   postPatch = ''
-    # https://github.com/intel/linux-sgx/pull/730
-    substituteInPlace buildenv.mk --replace '/bin/cp' 'cp'
-
     patchShebangs linux/installer/bin/build-installpkg.sh \
       linux/installer/common/sdk/createTarball.sh \
       linux/installer/common/sdk/install.sh