From 227095646a39edf56406c2a0d027d1155af26c1a Mon Sep 17 00:00:00 2001
From: Mikko Ylinen <mikko.ylinen@intel.com>
Date: Thu, 12 Jan 2023 08:06:39 +0200
Subject: [PATCH 1/3] demo: dlb-dpdk-demo: add missing libatomic1

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
---
 demo/dlb-dpdk-demo/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/demo/dlb-dpdk-demo/Dockerfile b/demo/dlb-dpdk-demo/Dockerfile
index 0c4f23fd8..ad57f08c4 100644
--- a/demo/dlb-dpdk-demo/Dockerfile
+++ b/demo/dlb-dpdk-demo/Dockerfile
@@ -26,7 +26,7 @@ RUN cd dpdk-* && patch -Np1 < $(echo ../dlb/dpdk/dpdk_dlb_*.patch) && sed -i 's/
 RUN cd dpdk-* && ninja -C builddir install && install -D builddir/app/dpdk-test-eventdev /install_root/usr/bin/dpdk-test-eventdev
 
 FROM ubuntu:20.04
-RUN apt-get update && apt-get install -y libnuma1
+RUN apt-get update && apt-get install -y libnuma1 libatomic1
 COPY --from=builder /install_root /
 COPY test.sh /usr/bin/
 

From 5de9b50f9eac46b1a40fc4ed9a424a110242e176 Mon Sep 17 00:00:00 2001
From: Mikko Ylinen <mikko.ylinen@intel.com>
Date: Thu, 12 Jan 2023 08:07:53 +0200
Subject: [PATCH 2/3] e2e: double NFD startup waiting time

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
---
 test/e2e/deviceplugins_suite_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/e2e/deviceplugins_suite_test.go b/test/e2e/deviceplugins_suite_test.go
index ad3387ab3..b7898e888 100644
--- a/test/e2e/deviceplugins_suite_test.go
+++ b/test/e2e/deviceplugins_suite_test.go
@@ -108,7 +108,7 @@ func setupFirstNode() []byte {
 	utils.Kubectl("node-feature-discovery", "apply", "-k", "deployments/nfd/overlays/node-feature-rules/kustomization.yaml")
 
 	if err = e2epod.WaitForPodsRunningReady(c, "node-feature-discovery", 2, 0,
-		100*time.Second, map[string]string{}); err != nil {
+		200*time.Second, map[string]string{}); err != nil {
 		framework.Failf("unable to wait for NFD pods to be running and ready: %v", err)
 	}
 

From 90aeca48c58055b866ab480c2ad5bf54f1517536 Mon Sep 17 00:00:00 2001
From: Mikko Ylinen <mikko.ylinen@intel.com>
Date: Thu, 12 Jan 2023 09:41:17 +0200
Subject: [PATCH 3/3] deployments: update SGX configuration

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
---
 .../sgx_aesmd/base/sgx_default_qcnl.conf      | 19 +++++++++++++++++--
 .../sgx_enclave_apps/base/intelsgx-job.yaml   |  2 --
 .../sgx_default_qcnl.conf                     | 19 +++++++++++++++++--
 3 files changed, 34 insertions(+), 6 deletions(-)

diff --git a/deployments/sgx_aesmd/base/sgx_default_qcnl.conf b/deployments/sgx_aesmd/base/sgx_default_qcnl.conf
index 67cb3aff4..486e39122 100644
--- a/deployments/sgx_aesmd/base/sgx_default_qcnl.conf
+++ b/deployments/sgx_aesmd/base/sgx_default_qcnl.conf
@@ -1,2 +1,17 @@
-PCCS_URL=https://localhost:8081/sgx/certification/v3/
-USE_SECURE_CERT=FALSE
+{
+  // *** ATTENTION : This file is in JSON format so the keys are case sensitive. Don't change them.
+
+  // This sample is a typical config file for a development environment which has a local PCCS setup
+  // QPL will get PCK certificates as well as quote verification collateral from the local PCCS service
+  // The PCCS service uses self-signed certificates
+  // You should choose the correct PCCS API version. "3.1" will return CRL in raw DER format
+  // It is recommended to use "3.1" for DCAP 1.12 release and later
+
+  //PCCS server address
+  "pccs_url": "https://localhost:8081/sgx/certification/v4/",
+
+  // To accept insecure HTTPS certificate, set this option to false
+  "use_secure_cert": false,
+
+  "pccs_api_version": "3.1"
+}
diff --git a/deployments/sgx_enclave_apps/base/intelsgx-job.yaml b/deployments/sgx_enclave_apps/base/intelsgx-job.yaml
index ef9730e02..8475e4b62 100644
--- a/deployments/sgx_enclave_apps/base/intelsgx-job.yaml
+++ b/deployments/sgx_enclave_apps/base/intelsgx-job.yaml
@@ -21,8 +21,6 @@ spec:
           securityContext:
             readOnlyRootFilesystem: true
             allowPrivilegeEscalation: false
-            capabilities:
-              add: ["IPC_LOCK"]
           resources:
             limits:
               sgx.intel.com/epc: "512Ki"
diff --git a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/sgx_default_qcnl.conf b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/sgx_default_qcnl.conf
index 67cb3aff4..486e39122 100644
--- a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/sgx_default_qcnl.conf
+++ b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/sgx_default_qcnl.conf
@@ -1,2 +1,17 @@
-PCCS_URL=https://localhost:8081/sgx/certification/v3/
-USE_SECURE_CERT=FALSE
+{
+  // *** ATTENTION : This file is in JSON format so the keys are case sensitive. Don't change them.
+
+  // This sample is a typical config file for a development environment which has a local PCCS setup
+  // QPL will get PCK certificates as well as quote verification collateral from the local PCCS service
+  // The PCCS service uses self-signed certificates
+  // You should choose the correct PCCS API version. "3.1" will return CRL in raw DER format
+  // It is recommended to use "3.1" for DCAP 1.12 release and later
+
+  //PCCS server address
+  "pccs_url": "https://localhost:8081/sgx/certification/v4/",
+
+  // To accept insecure HTTPS certificate, set this option to false
+  "use_secure_cert": false,
+
+  "pccs_api_version": "3.1"
+}