sgx: add automated DCAP registration using in-cluster PCCS caching

[mythi]

This setup gives an automated "online, multi-platform, PCCS based Indirect Registration" and TDX QGS deployment for Kubernetes based clusters.

Building blocks:

1. in-cluster PCCS caching service deployment
2. PCKIDRetrievalTool sidecar and TDX QGS in a single daemonset

Pre-conditions:

Read the basics of Intel TDX remote attestation infrastructure setup and get an Intel PCS API Key. The node(s) have TDX and SGX enabled. The following also assumes that a user has cloned this PR and has a bare-metal cluster available.

Installation:

1. Deploy SGX device plugin with the "DCAP infrastructure resources" enabled:

kubectl apply -k deployments/sgx_plugin/overlays/dcap-infra-resources

2. Make the new (unpublished) images available to your cluster:

make sgx-pccs sgx-dcap-infra
docker save intel/sgx-pccs:devel | sudo ctr -n k8s.io i import -
docker save intel/sgx-dcap-infra:devel | sudo ctr -n k8s.io i import -

3. Deploy PCCS

pushd deployments/sgx_dcap/pccs
<check notes in kustomization.yaml to populate .env.pccs-tokens>
kubectl apply -k .
popd

NB: if a proxy setting is needed, edit pccs.yaml

5. Deploy platform-registration and TDX QGS

pushd deployments/sgx_dcap/base
<get your USER_TOKEN to .env.pccs-credentials>
kubectl apply -k .
popd

NB: add nodeSelector to filter SGX/TDX enabled nodes if run in a multi-node cluster

6. Check things are up:

NAME                               READY   STATUS    RESTARTS   AGE
intel-dcap-node-infra-q9zms        2/2     Running   0          17h
intel-dcap-pccs-647568f67d-ftjb2   1/1     Running   0          17h
intel-sgx-plugin-bgfgv             1/1     Running   0          17h

$ kubectl logs -c platform-registration intel-dcap-node-infra-q9zms 
Waiting for the PCCS to be ready ...
PCCS is online, proceeding ...
Calling PCKIDRetrievalTool ...

Intel(R) Software Guard Extensions PCK Cert ID Retrieval Tool Version 1.23.100.0

Registration status has been set to completed status.
the data has been sent to cache server successfully!

The node should have /var/run/tdx-qgs/qgs.socket available for QEMU to connect.

Notes:

PCCS database is stored to a RAM based EmptyDir volume and currently not backed up (a backup mechanism is added later). Keep the PCCS deployment up. If quoting errors occur, full re-install after an SGX Factory Reset might be required.

[BFuhry]

All probs to @ScottR-Intel for: sudo ./sgx_linux_x64_sdk_2.26.100.0.bin --prefix /opt/intel

[MatiasVara]

Suggested change

	# token hashesh follow (with 'hellworld' changed to the desired secret tokens):
	# token hashesh follow (with 'helloworld' changed to the desired secret tokens):

[MatiasVara]

I had to change this to make it work:

-          allowPrivilegeEscalation: false
+          privileged: true
+          allowPrivilegeEscalation: true

I think that for socket device plugins the container that exposes the unix socket shall be privileged (see the pr-helper example).

[MatiasVara]

I tried and the unix socket is not visible from the virt-launcher. This means that we still need something like a socket device plugin in the virt-handler to mount it. I do not think this is the place for that PR though.

[MatiasVara]

I observe that when remove the qgs pod, the new instance fails because the unix socket still exists. I think the unix socket should be removed when the pod is removed otherwise the unix should be removed manually.

[mythi]

I think the unix socket should be removed when the pod is removed otherwise the unix should be removed manually.

I saw this too and reported a bug to QGS about this. I need to see if I can workaround that in the mean time.