Intel(R) SGX DCAP 1.21 Release

Upgraded Intel DCAP Ring3 Abstraction Layer(R3AAL) library to support ConfigFS-TSM as communication channel between host and guest for TDX remote attestation. Upgraded Intel DCAP Quote Verification Enclave to integrate OpenSSL/SgxSSL 3.0.13. Upgraded new TDX attestation result “TD_RELAUNCH_ADVISED” in Intel DCAP Quote. Verification Library(QVL) and Appraisal Engine. Fixed bugs. Signed-off-by: Li, Xun <[email protected]>
intel · Apr 26, 2024 · e945c58 · e945c58
1 parent 14c8002
commit e945c58
Show file tree

Hide file tree

Showing 160 changed files with 3,242 additions and 5,173 deletions.
diff --git a/.gitmodules b/.gitmodules
@@ -1,11 +1,11 @@
 [submodule "QuoteVerification/QVL"]
 	path = QuoteVerification/QVL
 	url = https://github.com/intel/SGX-TDX-DCAP-QuoteVerificationLibrary.git
-	branch = DCAP/1.20
+	branch = DCAP/1.21
 [submodule "QuoteVerification/QuoteVerificationService"]
 	path = QuoteVerification/QuoteVerificationService
 	url = https://github.com/intel/SGX-TDX-DCAP-QuoteVerificationService.git
-	branch = stable
+	branch = DCAP/1.21
 [submodule "external/wasm-micro-runtime"]
 	path = external/wasm-micro-runtime
 	url = https://github.com/bytecodealliance/wasm-micro-runtime.git

diff --git a/QuoteGeneration/README.md b/QuoteGeneration/README.md
@@ -39,7 +39,7 @@ For Windows* OS
 **NOTE**:`sgx_dcap_dev.inf` is for Windows* Server 2016 LTSC and `sgx_dcap.inf` is for Windows* Server 2019 LTSC.
 
 ## How to install
-   Refer to the *"Installation Instructions"* section in the [Intel(R) Software Guard Extensions: Data Center Attestation Primitives Installation Guide For Windows* OS](https://download.01.org/intel-sgx/sgx-dcap/1.20/windows/docs/Intel_SGX_DCAP_Windows_SW_Installation_Guide.pdf) to install the right packages on your platform.
+   Refer to the *"Installation Instructions"* section in the [Intel(R) Software Guard Extensions: Data Center Attestation Primitives Installation Guide For Windows* OS](https://download.01.org/intel-sgx/sgx-dcap/1.21/windows/docs/Intel_SGX_DCAP_Windows_SW_Installation_Guide.pdf) to install the right packages on your platform.
 
 
 For Linux* OS

diff --git a/QuoteGeneration/buildenv.mk b/QuoteGeneration/buildenv.mk
@@ -68,10 +68,12 @@ SGX_DEBUG ?= 0
 
 ifndef SERVTD_ATTEST
     ifneq ($(origin SGX_SDK),file)
-      include $(SGX_SDK)/buildenv.mk
-	  else
-$(info You may need to set environment variables if the SGX SDK is installed.)
-$(info Use a command like 'source /opt/intel/sgxsdk/environment')
+        include $(SGX_SDK)/buildenv.mk
+    else
+        ifneq ($(SDK_NOT_REQUIRED), 1)
+            $(info You may need to set environment variables if the SGX SDK is installed.)
+            $(info Use a command like 'source /opt/intel/sgxsdk/environment')
+        endif
     endif
 endif
 

diff --git a/QuoteGeneration/common/inc/internal/se_version.h b/QuoteGeneration/common/inc/internal/se_version.h
@@ -28,21 +28,21 @@
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
-#define STRFILEVER    "1.20.100.2"
-#define COPYRIGHT      "Copyright (C) 2023 Intel Corporation"
-#define FILEVER        1,20,100,2
-#define PRODUCTVER     1,20,100,2
-#define STRPRODUCTVER  "1.20.100.2"
+#define STRFILEVER    "1.21.100.3"
+#define COPYRIGHT      "Copyright (C) 2024 Intel Corporation"
+#define FILEVER        1,21,100,3
+#define PRODUCTVER     1,21,100,3
+#define STRPRODUCTVER  "1.21.100.3"
 #define COMPANYNAME    "Intel Corporation"
 #define PRODUCTNAME    "Intel® Software Guard Extensions"
 
-#define DEFAULT_QPL_VERSION          "1.13.107.2"
-#define QUOTE_VERIFIER_VERSION       "1.13.100.2"
-#define QUOTE_LOADER_VERSION         "1.11.107.2"
-#define TDQE_WRAPPER_VERSION         "1.14.107.2"
-#define PCE_WRAPPER_VERSION          "1.14.107.2"
+#define DEFAULT_QPL_VERSION          "1.13.108.3"
+#define QUOTE_VERIFIER_VERSION       "1.13.101.3"
+#define QUOTE_LOADER_VERSION         "1.11.108.3"
+#define TDQE_WRAPPER_VERSION         "1.14.108.3"
+#define PCE_WRAPPER_VERSION          "1.14.108.3"
 
 #define QE3_VERSION                  "1.19.100.1"
-#define QVE_VERSION                  "1.20.100.1"
+#define QVE_VERSION                  "1.21.100.1"
 #define IDE_VERSION                  "1.19.100.1"
 #define TDQE_VERSION                 "1.19.100.1"
diff --git a/QuoteGeneration/download_prebuilt.bat b/QuoteGeneration/download_prebuilt.bat
@@ -29,9 +29,9 @@
 
 @echo off
 
-set ae_file_name=prebuilt_windows_dcap_1.20.zip
-set checksum_file=SHA256SUM_prebuilt_windows_dcap_1.20.cfg
-set server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.20/windows/
+set ae_file_name=prebuilt_windows_dcap_1.21.zip
+set checksum_file=SHA256SUM_prebuilt_windows_dcap_1.21.cfg
+set server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.21/windows/
 set server_ae_url=%server_url_path%/%ae_file_name%
 set server_checksum_url=%server_url_path%/%checksum_file%
 

diff --git a/QuoteGeneration/download_prebuilt.sh b/QuoteGeneration/download_prebuilt.sh
@@ -32,9 +32,9 @@
 
 top_dir=`dirname $0`
 out_dir=$top_dir
-ae_file_name=prebuilt_dcap_1.20.tar.gz
-checksum_file=SHA256SUM_prebuilt_dcap_1.20.cfg
-server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.20/linux/
+ae_file_name=prebuilt_dcap_1.21.tar.gz
+checksum_file=SHA256SUM_prebuilt_dcap_1.21.cfg
+server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.21/linux/
 server_ae_url=$server_url_path/$ae_file_name
 server_checksum_url=$server_url_path/$checksum_file
 

diff --git a/QuoteGeneration/installer/linux/common/sgx-dcap-pccs/BOMs/sgx-dcap-pccs.txt b/QuoteGeneration/installer/linux/common/sgx-dcap-pccs/BOMs/sgx-dcap-pccs.txt
@@ -43,11 +43,13 @@ DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
 <deliverydir>/pccs/middleware/auth.js	<installdir>/middleware/auth.js	0	main	STP
 <deliverydir>/pccs/middleware/error.js	<installdir>/middleware/error.js	0	main	STP
 <deliverydir>/pccs/middleware/addRequestId.js	<installdir>/middleware/addRequestId.js	0	main	STP
+<deliverydir>/pccs/middleware/filterDuplicatedParams.js	<installdir>/middleware/filterDuplicatedParams.js	0	main	STP
 <deliverydir>/pccs/migrations/00_db_initialize.up.sql	<installdir>/migrations/00_db_initialize.up.sql	0	main	STP
 <deliverydir>/pccs/migrations/01_db_version_1.js	<installdir>/migrations/01_db_version_1.js	0	main	STP
 <deliverydir>/pccs/migrations/02_db_version_2.js	<installdir>/migrations/02_db_version_2.js	0	main	STP
 <deliverydir>/pccs/migrations/03_db_version_3.js	<installdir>/migrations/03_db_version_3.js	0	main	STP
 <deliverydir>/pccs/migrations/04_db_version_4.js	<installdir>/migrations/04_db_version_4.js	0	main	STP
+<deliverydir>/pccs/migrations/05_db_version_5.js	<installdir>/migrations/05_db_version_5.js	0	main	STP
 <deliverydir>/pccs/pcs_client/pcs_client.js	<installdir>/pcs_client/pcs_client.js	0	main	STP
 <deliverydir>/pccs/routes/index.js	<installdir>/routes/index.js	0	main	STP
 <deliverydir>/pccs/services/identityService.js	<installdir>/services/identityService.js	0	main	STP

diff --git a/QuoteGeneration/installer/linux/common/tdx-qgs/Makefile b/QuoteGeneration/installer/linux/common/tdx-qgs/Makefile
@@ -34,6 +34,7 @@ include installConfig
 PACKAGE_ROOT_FOLDER=pkgroot
 PACKAGES=$(notdir $(wildcard $(PACKAGE_ROOT_FOLDER)/*))
 
+VAR_OPT_PATH=/var/opt/qgsd
 QGSD_CONF_NAME=$(if $(wildcard /run/systemd/system/.*),qgsd.service,$(if $(wildcard /etc/init/.*),qgsd.conf,))
 QGSD_CONF_DEL=$(if $(wildcard /run/systemd/system/.*),qgsd.conf,$(if $(wildcard /etc/init/.*),qgsd.service,))
 QGSD_CONF_PATH=$(if $(wildcard /run/systemd/system/.*),$(if $(wildcard /lib/systemd/system/.*),/lib/systemd/system,/usr/lib/systemd/system),$(if $(wildcard /etc/init/.*),/etc/init/))
@@ -52,6 +53,7 @@ endif
 default:
 
 install: $(PACKAGES)
+	install -d $(shell readlink -m $(DESTDIR)/$(VAR_OPT_PATH))
 	install -d $(shell readlink -m $(DESTDIR)/$(QGSD_CONF_PATH))
 	sed -e "s:@qgs_folder@:$(TDX_QGS_PACKAGE_PATH)/$(TDX_QGS_PACKAGE_NAME):" \
 		$(DESTDIR)/$(TDX_QGS_PACKAGE_PATH)/$(TDX_QGS_PACKAGE_NAME)/$(QGSD_CONF_NAME) \

diff --git a/QuoteGeneration/installer/linux/deb/libsgx-dcap-ql/libsgx-dcap-ql-1.0/debian/control b/QuoteGeneration/installer/linux/deb/libsgx-dcap-ql/libsgx-dcap-ql-1.0/debian/control
@@ -9,11 +9,11 @@ Homepage: https://github.com/intel/SGXDataCenterAttestationPrimitives
 Package: libsgx-dcap-ql
 Architecture: amd64
 Depends: libsgx-qe3-logic(>= @dep_version@), libsgx-pce-logic(>= @dep_version@), ${shlibs:Depends}, ${misc:Depends}
-Recommends: libsgx-dcap-quote-verify(>= @dep_version@), libsgx-quote-ex(>= 2.23)
+Recommends: libsgx-dcap-quote-verify(>= @dep_version@), libsgx-quote-ex(>= 2.24)
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives
 
 Package: libsgx-dcap-ql-dev
 Section: devel
 Architecture: amd64
-Depends: libsgx-dcap-ql (= @dep_version@), libsgx-headers (>= 2.23)
+Depends: libsgx-dcap-ql (= @dep_version@), libsgx-headers (>= 2.24)
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives For Developers
diff --git a/.../installer/linux/deb/libsgx-dcap-quote-verify/libsgx-dcap-quote-verify-1.0/debian/control b/.../installer/linux/deb/libsgx-dcap-quote-verify/libsgx-dcap-quote-verify-1.0/debian/control
@@ -9,11 +9,11 @@ Homepage: https://github.com/intel/SGXDataCenterAttestationPrimitives
 Package: libsgx-dcap-quote-verify
 Architecture: amd64
 Depends: ${shlibs:Depends}, ${misc:Depends}
-Recommends: libsgx-ae-qve (>= @dep_version@), libsgx-urts (>= 2.23)
+Recommends: libsgx-ae-qve (>= @dep_version@), libsgx-urts (>= 2.24)
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives
 
 Package: libsgx-dcap-quote-verify-dev
 Section: devel
 Architecture: amd64
-Depends: libsgx-dcap-quote-verify (= @dep_version@), libsgx-headers (>= 2.23)
+Depends: libsgx-dcap-quote-verify (= @dep_version@), libsgx-headers (>= 2.24)
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives For Developers
diff --git a/QuoteGeneration/installer/linux/deb/libsgx-pce-logic/libsgx-pce-logic-1.0/debian/control b/QuoteGeneration/installer/linux/deb/libsgx-pce-logic/libsgx-pce-logic-1.0/debian/control
@@ -8,5 +8,5 @@ Homepage: https://github.com/intel/SGXDataCenterAttestationPrimitives
 
 Package: libsgx-pce-logic
 Architecture: amd64
-Depends: libsgx-urts (>= 2.23), libsgx-ae-pce(>= 2.23), ${shlibs:Depends}, ${misc:Depends}
+Depends: libsgx-urts (>= 2.24), libsgx-ae-pce(>= 2.24), ${shlibs:Depends}, ${misc:Depends}
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives
diff --git a/QuoteGeneration/installer/linux/deb/libsgx-qe3-logic/libsgx-qe3-logic-1.0/debian/control b/QuoteGeneration/installer/linux/deb/libsgx-qe3-logic/libsgx-qe3-logic-1.0/debian/control
@@ -8,5 +8,5 @@ Homepage: https://github.com/intel/SGXDataCenterAttestationPrimitives
 
 Package: libsgx-qe3-logic
 Architecture: amd64
-Depends: libsgx-urts (>= 2.23), libsgx-ae-qe3(>= @dep_version@), libsgx-ae-id-enclave(>= @dep_version@), ${shlibs:Depends}, ${misc:Depends}
+Depends: libsgx-urts (>= 2.24), libsgx-ae-qe3(>= @dep_version@), libsgx-ae-id-enclave(>= @dep_version@), ${shlibs:Depends}, ${misc:Depends}
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives
diff --git a/QuoteGeneration/installer/linux/deb/libsgx-tdx-logic/libsgx-tdx-logic-1.0/debian/control b/QuoteGeneration/installer/linux/deb/libsgx-tdx-logic/libsgx-tdx-logic-1.0/debian/control
@@ -8,11 +8,11 @@ Homepage: https://github.com/intel/SGXDataCenterAttestationPrimitives
 
 Package: libsgx-tdx-logic
 Architecture: amd64
-Depends: libsgx-urts (>= 2.23), libsgx-pce-logic(>= @dep_version@), libsgx-ae-tdqe(>= @dep_version@), libsgx-ae-id-enclave(>= @dep_version@), ${shlibs:Depends}, ${misc:Depends}
+Depends: libsgx-urts (>= 2.24), libsgx-pce-logic(>= @dep_version@), libsgx-ae-tdqe(>= @dep_version@), libsgx-ae-id-enclave(>= @dep_version@), ${shlibs:Depends}, ${misc:Depends}
 Description: Intel(R) Trust Domain Extensions QE logic library
 
 Package: libsgx-tdx-logic-dev
 Section: devel
 Architecture: amd64
-Depends: libsgx-tdx-logic (= @dep_version@), libsgx-headers (>= 2.23)
+Depends: libsgx-tdx-logic (= @dep_version@), libsgx-headers (>= 2.24)
 Description: Intel(R) Trust Domain Extensions QE logic library For Developers
diff --git a/QuoteGeneration/installer/linux/rpm/libsgx-dcap-ql/libsgx-dcap-ql.spec b/QuoteGeneration/installer/linux/rpm/libsgx-dcap-ql/libsgx-dcap-ql.spec
@@ -37,7 +37,7 @@ Release:        1%{?dist}
 Summary:        Intel(R) Software Guard Extensions Data Center Attestation Primitives
 Group:          Development/Libraries
 Requires:       libsgx-qe3-logic >= %{version}-%{release} libsgx-pce-logic >= %{version}-%{release}
-Recommends:     libsgx-dcap-quote-verify >= %{version}-%{release} libsgx-quote-ex >= 2.23
+Recommends:     libsgx-dcap-quote-verify >= %{version}-%{release} libsgx-quote-ex >= 2.24
 
 License:        BSD License
 URL:            https://github.com/intel/SGXDataCenterAttestationPrimitives
@@ -49,7 +49,7 @@ Intel(R) Software Guard Extensions Data Center Attestation Primitives
 %package devel
 Summary:        Intel(R) Software Guard Extensions Data Center Attestation Primitives for Developers
 Group:          Development/Libraries
-Requires:       %{name} = %{version}-%{release} libsgx-headers >= 2.23
+Requires:       %{name} = %{version}-%{release} libsgx-headers >= 2.24
 
 %description devel
 Intel(R) Software Guard Extensions Data Center Attestation Primitives for Developers

diff --git a/QuoteGeneration/installer/linux/rpm/libsgx-dcap-quote-verify/libsgx-dcap-quote-verify.spec b/QuoteGeneration/installer/linux/rpm/libsgx-dcap-quote-verify/libsgx-dcap-quote-verify.spec
@@ -36,7 +36,7 @@ Version:        @version@
 Release:        1%{?dist}
 Summary:        Intel(R) Software Guard Extensions Data Center Attestation Primitives
 Group:          Development/Libraries
-Recommends:     libsgx-ae-qve >= %{version}-%{release} libsgx-urts >= 2.23
+Recommends:     libsgx-ae-qve >= %{version}-%{release} libsgx-urts >= 2.24
 
 License:        BSD License
 URL:            https://github.com/intel/SGXDataCenterAttestationPrimitives
@@ -48,7 +48,7 @@ Intel(R) Software Guard Extensions Data Center Attestation Primitives
 %package devel
 Summary:        Intel(R) Software Guard Extensions Data Center Attestation Primitives for Developers
 Group:          Development/Libraries
-Requires:       %{name} = %{version}-%{release} libsgx-headers >= 2.23
+Requires:       %{name} = %{version}-%{release} libsgx-headers >= 2.24
 
 %description devel
 Intel(R) Software Guard Extensions Data Center Attestation Primitives for Developers

diff --git a/QuoteGeneration/installer/linux/rpm/libsgx-pce-logic/libsgx-pce-logic.spec b/QuoteGeneration/installer/linux/rpm/libsgx-pce-logic/libsgx-pce-logic.spec
@@ -36,7 +36,7 @@ Version:        @version@
 Release:        1%{?dist}
 Summary:        Intel(R) Software Guard Extensions PCE logic
 Group:          Development/Libraries
-Requires:       libsgx-urts >= 2.23 libsgx-ae-pce >= 2.23
+Requires:       libsgx-urts >= 2.24 libsgx-ae-pce >= 2.24
 
 License:        BSD License
 URL:            https://github.com/intel/SGXDataCenterAttestationPrimitives

diff --git a/QuoteGeneration/installer/linux/rpm/libsgx-qe3-logic/libsgx-qe3-logic.spec b/QuoteGeneration/installer/linux/rpm/libsgx-qe3-logic/libsgx-qe3-logic.spec
@@ -36,7 +36,7 @@ Version:        @version@
 Release:        1%{?dist}
 Summary:        Intel(R) Software Guard Extensions QE3 logic
 Group:          Development/Libraries
-Requires:       libsgx-urts >= 2.23 libsgx-ae-qe3 >= %{version}-%{release} libsgx-ae-id-enclave >= %{version}-%{release}
+Requires:       libsgx-urts >= 2.24 libsgx-ae-qe3 >= %{version}-%{release} libsgx-ae-id-enclave >= %{version}-%{release}
 
 License:        BSD License
 URL:            https://github.com/intel/SGXDataCenterAttestationPrimitives

diff --git a/QuoteGeneration/installer/linux/rpm/libsgx-tdx-logic/libsgx-tdx-logic.spec b/QuoteGeneration/installer/linux/rpm/libsgx-tdx-logic/libsgx-tdx-logic.spec
@@ -36,7 +36,7 @@ Version:        @version@
 Release:        1%{?dist}
 Summary:        Intel(R) Trust Domain Extensions QE logic library
 Group:          Development/Libraries
-Requires:       libsgx-urts >= 2.23 libsgx-ae-tdqe >= %{version}-%{release}  libsgx-ae-id-enclave >= %{version}-%{release} libsgx-pce-logic >= %{version}-%{release}
+Requires:       libsgx-urts >= 2.24 libsgx-ae-tdqe >= %{version}-%{release}  libsgx-ae-id-enclave >= %{version}-%{release} libsgx-pce-logic >= %{version}-%{release}
 
 License:        BSD License
 URL:            https://github.com/intel/SGXDataCenterAttestationPrimitives
@@ -49,7 +49,7 @@ Intel(R) Trust Domain Extensions QE logic library
 %package devel
 Summary:        Intel(R) Trust Domain Extensions QE logic library For Developers 
 Group:          Development/Libraries
-Requires:       %{name} = %{version}-%{release} libsgx-headers >= 2.23
+Requires:       %{name} = %{version}-%{release} libsgx-headers >= 2.24
 %description devel
 Intel(R) Trust Domain Extensions QE logic library For Developers
 %prep

diff --git a/QuoteGeneration/installer/win/DCAP_Components/DCAP_Components.nuspec b/QuoteGeneration/installer/win/DCAP_Components/DCAP_Components.nuspec
@@ -2,15 +2,15 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2010/07/nuspec.xsd">
   <metadata>
     <id>DCAP_Components</id>
-    <version>1.20.100.2</version>
+    <version>1.21.100.3</version>
     <title>DCAP Components</title>
     <authors>Intel(R) SGX</authors>
     <owners>Intel</owners>
     <requireLicenseAcceptance>false</requireLicenseAcceptance>
     <description>DCAP Components</description>
-    <copyright>Copyright (C) 2022 Intel Corporation</copyright>
+    <copyright>Copyright (C) 2024 Intel Corporation</copyright>
     <dependencies>
-      <dependency id="SgxHeaders" version="2.22.100.2" />
+      <dependency id="SgxHeaders" version="2.24.100.3" />
     </dependencies>
   </metadata>
   <files>

diff --git a/QuoteGeneration/pccs/README.md b/QuoteGeneration/pccs/README.md
@@ -6,7 +6,7 @@ This is a lightweight Provisioning Certificate Caching Service implemented in no
 
 - **Prerequisites**
 
-  Install node.js (Version <ins>18.17</ins> or later)
+  Install node.js (Supported versions are 18.17.0 to 18.19.1, 20.0.0 to 20.11.1, or 21.0.0 to 21.5.0.)
 
   - For Debian and Ubuntu based distributions, please refer to https://github.com/nodesource/distributions
   - To download and install, goto https://nodejs.org/en/download/

diff --git a/QuoteGeneration/pccs/config/default.json b/QuoteGeneration/pccs/config/default.json
@@ -49,6 +49,10 @@
                 "freezeTableName": true
             },
             "logging" : false
+        },
+        "ssl":{
+            "required": false,
+            "ca":"/if_required/path/to/your_ssl_ca"
         }
     }
 }
diff --git a/QuoteGeneration/pccs/constants/index.js b/QuoteGeneration/pccs/constants/index.js
@@ -38,8 +38,6 @@ function define(name, value) {
   });
 }
 
-define('DB_VERSION', 2);
-
 define('PLATF_REG_NEW', 0);
 define('PLATF_REG_NOT_AVAILABLE', 1);
 define('PLATF_REG_DELETED', 9);
@@ -77,4 +75,9 @@ define('SGX_TCB_INFO_ISSUER_CHAIN', 'SGX-TCB-Info-Issuer-Chain');
 define('SGX_ENCLAVE_IDENTITY_ISSUER_CHAIN', 'SGX-Enclave-Identity-Issuer-Chain');
 define('SGX_PCK_CRL_ISSUER_CHAIN', 'SGX-PCK-CRL-Issuer-Chain');
 
+//Update type
+define('UPDATE_TYPE_STANDARD', 'STANDARD');
+define('UPDATE_TYPE_EARLY', 'EARLY');
+define('UPDATE_TYPE_ALL', 'ALL');
+
 export default Constants;
diff --git a/QuoteGeneration/pccs/container/Dockerfile b/QuoteGeneration/pccs/container/Dockerfile
@@ -1,9 +1,14 @@
+# Copyright (c) 2024 Intel Corporation
+
+# Declare nodejs version you want to use
+ARG NODE_VERSION=20.11.1
+
 # Use multi-stage builds to reduce final image size
-FROM ubuntu:23.04 AS builder
+FROM docker.io/library/debian AS builder
 
 # Define arguments used across multiple stages
-ARG DCAP_VERSION=DCAP_1.20
-ARG NODE_MAJOR=20
+ARG DCAP_VERSION=DCAP_1.21
+ARG NODE_VERSION
 
 # update and install packages, nodejs
 RUN DEBIAN_FRONTEND=noninteractive \
@@ -16,15 +21,25 @@ RUN DEBIAN_FRONTEND=noninteractive \
         gnupg \
         git \
         zip \
-    && curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /usr/share/keyrings/nodesource.gpg \
-    && echo "deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_${NODE_MAJOR}.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list \
-    && apt-get update -yq \
-    && apt-get install -yq --no-install-recommends nodejs \
+        python3 \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
+# Install nvm (Node Version Manager)
+RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
+
+# Set NVM_DIR so we can use it in subsequent commands
+ENV NVM_DIR /root/.nvm
+
+# Install specific version of Node using nvm
+# Source nvm in each RUN command to ensure it's available
+RUN . "$NVM_DIR/nvm.sh" && nvm install $NODE_VERSION && nvm use $NODE_VERSION
+
+# Set PATH to include the node and npm binaries
+ENV PATH $NVM_DIR/versions/node/v$NODE_VERSION/bin:$PATH
+
 # Clone the specific branch or tag 
-RUN git clone --recurse-submodules https://github.com/intel/SGXDataCenterAttestationPrimitives.git # -b ${DCAP_VERSION} --depth 1
+RUN git clone --recurse-submodules https://github.com/intel/SGXDataCenterAttestationPrimitives.git -b ${DCAP_VERSION} --depth 1
 
 # Build libPCKCertSelection library
 WORKDIR /SGXDataCenterAttestationPrimitives/tools/PCKCertSelection/
@@ -41,14 +56,16 @@ RUN npm config set proxy $http_proxy \
     && npm install
 
 # Start final image build
-FROM ubuntu:23.04
+FROM docker.io/library/debian:12-slim
+
+ARG NODE_VERSION
 
 # Create user and group before copying files
 ARG USER=pccs
 RUN useradd -M -U -r ${USER} -s /bin/false
 
 # Copy only necessary files from builder stage
-COPY --from=builder /usr/bin/node /usr/bin/node
+COPY --from=builder /root/.nvm/versions/node/v$NODE_VERSION/bin/node /usr/bin/node
 COPY --from=builder --chown=${USER}:${USER} /SGXDataCenterAttestationPrimitives/QuoteGeneration/pccs/ /opt/intel/pccs/
 
 # Set the working directory and switch user