-
Notifications
You must be signed in to change notification settings - Fork 11
Expand file tree
/
Copy pathdocker-entrypoint.sh
More file actions
35 lines (28 loc) · 1.39 KB
/
docker-entrypoint.sh
File metadata and controls
35 lines (28 loc) · 1.39 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#!/bin/bash
set -e
# Azure THIM configuration for DCsv3 VMs
# Set USE_AZURE_THIM=true to bypass PCCS and use Azure's Global Attestation Cache directly
if [ "${USE_AZURE_THIM}" = "true" ] || [ "${USE_AZURE_THIM}" = "1" ]; then
echo "[entrypoint] Configuring for Azure THIM (DCsv3 mode)..."
# Verify sgx_default_qcnl.conf exists before attempting modifications
if [ ! -f /etc/sgx_default_qcnl.conf ]; then
echo "[entrypoint] Error: /etc/sgx_default_qcnl.conf not found"
exit 1
fi
# Update sgx_default_qcnl.conf to use Azure Global Attestation Cache
# Note: "acccache" is correct - ACC = Azure Confidential Computing
THIM_URL="${AZURE_THIM_URL:-https://global.acccache.azure.net/sgx/certification/v4/}"
# Update the pccs_url to point to Azure THIM
sed -i 's#"pccs_url": *"[^"]*"#"pccs_url": "'"${THIM_URL}"'"#' /etc/sgx_default_qcnl.conf
# Azure THIM uses proper certificates, so we can enable secure cert verification
# But for compatibility, we'll keep it configurable
if [ "${THIM_USE_SECURE_CERT}" = "true" ]; then
sed -i 's#"use_secure_cert": *false#"use_secure_cert": true#' /etc/sgx_default_qcnl.conf
fi
echo "[entrypoint] PCCS URL set to: ${THIM_URL}"
echo "[entrypoint] Azure THIM configuration complete"
else
echo "[entrypoint] Using default PCCS configuration"
fi
# Execute the main command
exec "$@"