Initial removal of SGX targets (#6426)

Co-authored-by: Amaury Chamayou <amchamay@microsoft.com>

.github/workflows/README.md

@@ -30,7 +30,7 @@ File: `ci-containers-ghcr.yml`
 
 # CI
 
-Main continuous integration job. Builds CCF for all target platforms, runs unit, end to end and partition tests for SGX and Virtual. Run on every commit, including PRs from forks, gates merging. Also runs once a week, regardless of commits.
+Main continuous integration job. Builds CCF for all target platforms, runs unit, end to end and partition tests Virtual. Run on every commit, including PRs from forks, gates merging. Also runs once a week, regardless of commits.
 
 File: `ci.yml`
 3rd party dependencies: None

.github/workflows/ci.yml

@@ -42,10 +42,6 @@ jobs:
             image: default
             nodes: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub]
             options: --user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
-          - name: sgx
-            image: sgx
-            nodes: [self-hosted, 1ES.Pool=gha-sgx-ccf-sub]
-            options: --user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx -v /lib/modules:/lib/modules:ro
     runs-on: ${{ matrix.platform.nodes }}
     container:
       image: ghcr.io/microsoft/ccf/ci/${{ matrix.platform.image }}:build-25-07-2024
@@ -65,15 +61,6 @@ jobs:
           ninja
         shell: bash
 
-      - name: "Platform SGX"
-        run: |
-          sudo groupadd -fg $(/usr/bin/stat -Lc '%g' /dev/sgx/provision) sgx_prv
-          sudo usermod -a -G sgx_prv $(whoami)
-          samples/scripts/sgxinfo.sh
-          cat /proc/cpuinfo | grep flags | uniq
-        shell: bash
-        if: "${{ matrix.platform.name == 'sgx' }}"
-
       - name: "Platform SNP"
         run: |
           samples/scripts/snpinfo.sh

CMakeLists.txt

@@ -2,10 +2,10 @@
 # Licensed under the Apache 2.0 License.
 cmake_minimum_required(VERSION 3.16)
 
-set(ALLOWED_TARGETS "sgx;snp;virtual")
+set(ALLOWED_TARGETS "snp;virtual")
 
 set(COMPILE_TARGET
-    "sgx"
+    "snp"
     CACHE STRING
           "Target compilation platforms, Choose from: ${ALLOWED_TARGETS}"
 )
@@ -76,7 +76,7 @@ endif()
 
 option(
   VERBOSE_LOGGING
-  "Enable verbose, potentially unsafe logging of enclave code. Affects logging level passed at run-time to end-to-end-tests, and compile-time max verbosity on SGX."
+  "Enable verbose, potentially unsafe logging of enclave code. Affects logging level passed at run-time to end-to-end-tests."
   OFF
 )
 set(TEST_LOGGING_LEVEL "info")
@@ -84,17 +84,6 @@ if(VERBOSE_LOGGING)
   set(TEST_LOGGING_LEVEL "trace")
 endif()
 
-# NB: Toggling VERBOSE_LOGGING on non-SGX platforms causes no build change, so
-# should not cause a rebuild
-if(COMPILE_TARGET STREQUAL "sgx" AND NOT VERBOSE_LOGGING)
-  # Disable verbose, unsafe logging of enclave code. On some platforms it is
-  # safe to build with this logging enabled, and then it can be disabled at
-  # run-time. However this run-time control is not possible on SGX, so to ensure
-  # a given MRENCLAVE cannot leak via debug logging it must be removed at
-  # build-time, with this option.
-  add_compile_definitions(CCF_DISABLE_VERBOSE_LOGGING)
-endif()
-
 option(USE_NULL_ENCRYPTOR "Turn off encryption of ledger updates - debug only"
        OFF
 )
@@ -134,9 +123,6 @@ include(${CMAKE_CURRENT_SOURCE_DIR}/cmake/tools.cmake)
 install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/cmake/tools.cmake DESTINATION cmake)
 include(${CMAKE_CURRENT_SOURCE_DIR}/cmake/ccf_app.cmake)
 install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/cmake/ccf_app.cmake DESTINATION cmake)
-install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/cmake/open_enclave.cmake
-        DESTINATION cmake
-)
 
 if(SAN AND LVI_MITIGATIONS)
   message(
@@ -152,18 +138,6 @@ if(TSAN AND LVI_MITIGATIONS)
   )
 endif()
 
-add_custom_command(
-  COMMAND
-    openenclave::oeedger8r ${CCF_DIR}/edl/ccf.edl --search-path ${OE_INCLUDEDIR}
-    --trusted --trusted-dir ${CCF_GENERATED_DIR} --untrusted --untrusted-dir
-    ${CCF_GENERATED_DIR}
-  COMMAND mv ${CCF_GENERATED_DIR}/ccf_t.c ${CCF_GENERATED_DIR}/ccf_t.cpp
-  COMMAND mv ${CCF_GENERATED_DIR}/ccf_u.c ${CCF_GENERATED_DIR}/ccf_u.cpp
-  DEPENDS ${CCF_DIR}/edl/ccf.edl
-  OUTPUT ${CCF_GENERATED_DIR}/ccf_t.cpp ${CCF_GENERATED_DIR}/ccf_u.cpp
-  COMMENT "Generating code from EDL, and renaming to .cpp"
-)
-
 # Copy and install CCF utilities
 set(CCF_UTILITIES keygenerator.sh submit_recovery_share.sh verify_quote.sh)
 foreach(UTILITY ${CCF_UTILITIES})
@@ -184,7 +158,6 @@ foreach(UTILITY ${CCF_TEST_UTILITIES})
 endforeach()
 
 # Install additional utilities
-install(PROGRAMS ${CCF_DIR}/samples/scripts/sgxinfo.sh DESTINATION bin)
 install(PROGRAMS ${CCF_DIR}/samples/scripts/snpinfo.sh DESTINATION bin)
 install(FILES ${CCF_DIR}/tests/config.jinja DESTINATION bin)
 
@@ -199,15 +172,7 @@ install(
   USE_SOURCE_PERMISSIONS
 )
 
-if(COMPILE_TARGET STREQUAL "sgx")
-  # While virtual libraries need to be built for sgx for unit tests, these do
-  # not get installed to minimise installation size
-  set(INSTALL_VIRTUAL_LIBRARIES OFF)
-
-  if(CMAKE_BUILD_TYPE STREQUAL "Debug")
-    set(DEFAULT_ENCLAVE_TYPE debug)
-  endif()
-elseif(COMPILE_TARGET STREQUAL "snp")
+if(COMPILE_TARGET STREQUAL "snp")
   set(INSTALL_VIRTUAL_LIBRARIES OFF)
 else()
   set(INSTALL_VIRTUAL_LIBRARIES ON)
@@ -268,10 +233,6 @@ list(APPEND CCHOST_SOURCES ${CCF_DIR}/src/host/main.cpp
      ${CCF_DIR}/src/host/env.cpp
 )
 
-if(COMPILE_TARGET STREQUAL "sgx")
-  list(APPEND CCHOST_SOURCES ${CCF_GENERATED_DIR}/ccf_u.cpp)
-endif()
-
 add_executable(cchost ${CCHOST_SOURCES})
 
 add_warning_checks(cchost)
@@ -282,9 +243,7 @@ target_compile_options(
 )
 target_include_directories(cchost PRIVATE ${CCF_GENERATED_DIR})
 
-if(COMPILE_TARGET STREQUAL "sgx")
-  target_compile_definitions(cchost PUBLIC PLATFORM_SGX)
-elseif(COMPILE_TARGET STREQUAL "snp")
+if(COMPILE_TARGET STREQUAL "snp")
   target_compile_definitions(cchost PUBLIC PLATFORM_SNP)
 elseif(COMPILE_TARGET STREQUAL "virtual")
   target_compile_definitions(cchost PUBLIC PLATFORM_VIRTUAL)
@@ -294,21 +253,11 @@ target_link_libraries(
   cchost PRIVATE uv ${TLS_LIBRARY} ${CMAKE_DL_LIBS} ${CMAKE_THREAD_LIBS_INIT}
                  ${LINK_LIBCXX} ccfcrypto.host
 )
-if(COMPILE_TARGET STREQUAL "sgx")
-  target_link_libraries(cchost PRIVATE openenclave::oehost)
-endif()
 
 install(TARGETS cchost DESTINATION bin)
 
 # HTTP parser
-if(COMPILE_TARGET STREQUAL "sgx")
-  add_enclave_library_c(http_parser.enclave "${HTTP_PARSER_SOURCES}")
-  install(
-    TARGETS http_parser.enclave
-    EXPORT ccf
-    DESTINATION lib
-  )
-elseif(COMPILE_TARGET STREQUAL "snp")
+if(COMPILE_TARGET STREQUAL "snp")
   add_library(http_parser.snp "${HTTP_PARSER_SOURCES}")
   set_property(TARGET http_parser.snp PROPERTY POSITION_INDEPENDENT_CODE ON)
   install(
@@ -353,19 +302,9 @@ set(CCF_JS_SOURCES
     ${CCF_DIR}/src/js/registry.cpp
 )
 
-if(COMPILE_TARGET STREQUAL "sgx")
-  add_enclave_library(ccf_js.enclave "${CCF_JS_SOURCES}")
-  target_link_libraries(ccf_js.enclave PUBLIC ccfcrypto.enclave quickjs.enclave)
-  # JS extension observes jwt_management.h header where this definition is
-  # required
-  target_compile_definitions(ccf_js.enclave PUBLIC SGX_ATTESTATION_VERIFICATION)
-  add_warning_checks(ccf_js.enclave)
-  install(
-    TARGETS ccf_js.enclave
-    EXPORT ccf
-    DESTINATION lib
-  )
-elseif(COMPILE_TARGET STREQUAL "snp")
+set(OE_BINDIR "")
+
+if(COMPILE_TARGET STREQUAL "snp")
   add_host_library(ccf_js.snp "${CCF_JS_SOURCES}")
   add_san(ccf_js.snp)
   target_link_libraries(ccf_js.snp PUBLIC ccfcrypto.snp quickjs.snp)
@@ -395,15 +334,7 @@ set(CCF_KV_SOURCES
     ${CCF_DIR}/src/kv/untyped_map_diff.cpp
 )
 
-if(COMPILE_TARGET STREQUAL "sgx")
-  add_enclave_library(ccf_kv.enclave "${CCF_KV_SOURCES}")
-  add_warning_checks(ccf_kv.enclave)
-  install(
-    TARGETS ccf_kv.enclave
-    EXPORT ccf
-    DESTINATION lib
-  )
-elseif(COMPILE_TARGET STREQUAL "snp")
+if(COMPILE_TARGET STREQUAL "snp")
   add_host_library(ccf_kv.snp "${CCF_KV_SOURCES}")
   add_san(ccf_kv.snp)
   add_warning_checks(ccf_kv.snp)
@@ -426,23 +357,7 @@ if(INSTALL_VIRTUAL_LIBRARIES)
 endif()
 
 # CCF endpoints libs
-if(COMPILE_TARGET STREQUAL "sgx")
-  add_enclave_library(ccf_endpoints.enclave "${CCF_ENDPOINTS_SOURCES}")
-  target_include_directories(
-    ccf_endpoints.enclave PRIVATE ${CCF_DIR}/src/endpoints
-  )
-  target_link_libraries(
-    ccf_endpoints.enclave
-    PUBLIC qcbor.enclave t_cose.enclave http_parser.enclave ccfcrypto.enclave
-           ccf_kv.enclave
-  )
-  add_warning_checks(ccf_endpoints.enclave)
-  install(
-    TARGETS ccf_endpoints.enclave
-    EXPORT ccf
-    DESTINATION lib
-  )
-elseif(COMPILE_TARGET STREQUAL "snp")
+if(COMPILE_TARGET STREQUAL "snp")
   add_host_library(ccf_endpoints.snp "${CCF_ENDPOINTS_SOURCES}")
   target_include_directories(ccf_endpoints.snp PRIVATE ${CCF_DIR}/src/endpoints)
   target_link_libraries(
@@ -497,16 +412,7 @@ set(CCF_NETWORK_TEST_ARGS
 )
 
 set(JS_GENERIC_SOURCES ${CCF_DIR}/src/apps/js_generic/js_generic_base.cpp)
-if(COMPILE_TARGET STREQUAL "sgx")
-  add_enclave_library(js_generic_base.enclave ${JS_GENERIC_SOURCES})
-  target_link_libraries(js_generic_base.enclave PUBLIC ccf.enclave)
-  add_lvi_mitigations(js_generic_base.enclave)
-  install(
-    TARGETS js_generic_base.enclave
-    EXPORT ccf
-    DESTINATION lib
-  )
-elseif(COMPILE_TARGET STREQUAL "snp")
+if(COMPILE_TARGET STREQUAL "snp")
   add_library(js_generic_base.snp STATIC ${JS_GENERIC_SOURCES})
   add_san(js_generic_base.snp)
   add_warning_checks(js_generic_base.snp)
@@ -545,10 +451,6 @@ add_ccf_app(
   LINK_LIBS_VIRTUAL js_generic_base.virtual
   LINK_LIBS_SNP js_generic_base.snp INSTALL_LIBS ON
 )
-sign_app_library(
-  js_generic.enclave ${CCF_DIR}/src/apps/js_generic/oe_sign.conf
-  ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem INSTALL_LIBS ON
-)
 # SNIPPET_END: JS generic application
 
 install(DIRECTORY ${CCF_DIR}/samples/apps/logging/js
@@ -632,54 +534,8 @@ set(CCF_IMPL_SOURCE
     ${CCF_DIR}/src/enclave/thread_local.cpp ${CCF_DIR}/src/node/quote.cpp
 )
 
-if(COMPILE_TARGET STREQUAL "sgx")
-  # enclave version
-  add_enclave_library(
-    ccf.enclave ${CCF_IMPL_SOURCE} ${CCF_GENERATED_DIR}/ccf_t.cpp
-  )
-
-  # PLATFORM_SGX to initialise Open Enclave SGX enclave creation and
-  # SGX_ATTESTATION_VERIFICATION to verify SGX attestation reports.
-  target_compile_definitions(
-    ccf.enclave PUBLIC PLATFORM_SGX SGX_ATTESTATION_VERIFICATION
-  )
-
-  add_warning_checks(ccf.enclave)
-
-  target_include_directories(
-    ccf.enclave SYSTEM
-    PUBLIC
-      $<BUILD_INTERFACE:${CCF_GENERATED_DIR}>
-      $<INSTALL_INTERFACE:include/ccf/> #< This contains the private headers
-                                        #< which are currently under src, and
-                                        #< should be removed or renamed
-      $<INSTALL_INTERFACE:include/>
-      $<INSTALL_INTERFACE:include/3rdparty/>
-  )
-
-  target_link_libraries(
-    ccf.enclave
-    PUBLIC http_parser.enclave
-           sss.enclave
-           ccf_js.enclave
-           ccf_endpoints.enclave
-           ccfcrypto.enclave
-           ccf_kv.enclave
-           nghttp2.enclave
-  )
-
-  add_lvi_mitigations(ccf.enclave)
-
-  install(
-    TARGETS ccf.enclave
-    EXPORT ccf
-    DESTINATION lib
-  )
-
-  add_dependencies(ccf ccf.enclave)
-
-  # Same as virtual for the time being but will diverge soon
-elseif(COMPILE_TARGET STREQUAL "snp")
+# Same as virtual for the time being but will diverge soon
+if(COMPILE_TARGET STREQUAL "snp")
 
   # SNP version
   add_library(ccf.snp STATIC ${CCF_IMPL_SOURCE})
@@ -831,16 +687,6 @@ install(FILES samples/constitutions/default/apply.js DESTINATION bin)
 install(FILES tests/start_network.py DESTINATION bin)
 install(FILES tests/requirements.txt DESTINATION bin)
 
-# Generate an ephemeral signing key
-add_custom_command(
-  OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem
-  COMMAND openssl genrsa -out ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem -3
-          3072
-)
-add_custom_target(
-  signing_key ALL DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem
-)
-
 # Add sample apps
 add_subdirectory(${CCF_DIR}/samples)
 
@@ -1134,17 +980,14 @@ if(BUILD_TESTS)
       PROPERTY ENVIRONMENT "ASAN_OPTIONS=alloc_dealloc_mismatch=0"
     )
 
-    if(NOT UNSAFE_VERSION)
-      # Unsafe builds do not follow normal version conventions
-      add_test(NAME versionifier_test
-               COMMAND ${PYTHON}
-                       ${CMAKE_SOURCE_DIR}/python/src/ccf/_versionifier.py
-      )
+    add_test(NAME versionifier_test
+             COMMAND ${PYTHON}
+                     ${CMAKE_SOURCE_DIR}/python/src/ccf/_versionifier.py
+    )
 
-      add_test(NAME github_version_lts_test
-               COMMAND ${PYTHON} ${CMAKE_SOURCE_DIR}/tests/infra/github.py
-      )
-    endif()
+    add_test(NAME github_version_lts_test
+             COMMAND ${PYTHON} ${CMAKE_SOURCE_DIR}/tests/infra/github.py
+    )
   endif()
 
   if(NOT TSAN)
@@ -1463,9 +1306,7 @@ if(BUILD_TESTS)
       list(APPEND LTS_TEST_ARGS --check-ledger-compatibility)
     endif()
 
-    if(NOT UNSAFE_VERSION AND NOT SAN)
-      # Unsafe builds do not follow normal version conventions LTS nodes may
-      # also require different runtime libraries
+    if(NOT SAN)
       add_e2e_test(
         NAME lts_compatibility
         PYTHON_SCRIPT ${CMAKE_SOURCE_DIR}/tests/lts_compatibility.py

cmake/ccf_app.cmake

@@ -1,11 +1,11 @@
 # Copyright (c) Microsoft Corporation. All rights reserved.
 # Licensed under the Apache 2.0 License.
 
-set(ALLOWED_TARGETS "sgx;snp;virtual")
+set(ALLOWED_TARGETS "snp;virtual")
 
 if(NOT DEFINED COMPILE_TARGET)
   set(COMPILE_TARGET
-      "sgx"
+      "snp"
       CACHE STRING
             "Target compilation platforms, Choose from: ${ALLOWED_TARGETS}"
   )
@@ -19,73 +19,9 @@ if(NOT COMPILE_TARGET IN_LIST ALLOWED_TARGETS)
 endif()
 message(STATUS "Compile target platform: ${COMPILE_TARGET}")
 
-include(${CCF_DIR}/cmake/open_enclave.cmake)
-
 list(APPEND COMPILE_LIBCXX -stdlib=libc++)
 list(APPEND LINK_LIBCXX -lc++ -lc++abi -stdlib=libc++)
 
-# Sign a built enclave library with oesign
-function(sign_app_library name app_oe_conf_path enclave_sign_key_path)
-  cmake_parse_arguments(PARSE_ARGV 1 PARSED_ARGS "" "" "INSTALL_LIBS")
-
-  if(TARGET ${name})
-    # Produce a debuggable variant. This doesn't need to be signed, but oesign
-    # also stamps the other config (heap size etc) which _are_ needed
-    set(DEBUG_CONF_NAME ${CMAKE_CURRENT_BINARY_DIR}/${name}.debuggable.conf)
-
-    add_custom_command(
-      OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lib${name}.so.debuggable
-      # Copy conf file locally
-      COMMAND cp ${app_oe_conf_path} ${DEBUG_CONF_NAME}
-      # Remove any existing Debug= lines
-      COMMAND sed -i "/^Debug=\.*/d" ${DEBUG_CONF_NAME}
-      # Add Debug=1 line
-      COMMAND echo "Debug=1" >> ${DEBUG_CONF_NAME}
-      COMMAND
-        openenclave::oesign sign -e ${CMAKE_CURRENT_BINARY_DIR}/lib${name}.so -c
-        ${DEBUG_CONF_NAME} -k ${enclave_sign_key_path} -o
-        ${CMAKE_CURRENT_BINARY_DIR}/lib${name}.so.debuggable
-      DEPENDS ${name} ${app_oe_conf_path} ${enclave_sign_key_path}
-    )
-
-    add_custom_target(
-      ${name}_debuggable ALL
-      DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/lib${name}.so.debuggable
-    )
-
-    # Produce a releaseable signed variant. This is NOT debuggable - oegdb
-    # cannot be attached
-    set(SIGNED_CONF_NAME ${CMAKE_CURRENT_BINARY_DIR}/${name}.signed.conf)
-    add_custom_command(
-      OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lib${name}.so.signed
-      # Copy conf file locally
-      COMMAND cp ${app_oe_conf_path} ${SIGNED_CONF_NAME}
-      # Remove any existing Debug= lines
-      COMMAND sed -i "/^Debug=\.*/d" ${SIGNED_CONF_NAME}
-      # Add Debug=0 line
-      COMMAND echo "Debug=0" >> ${SIGNED_CONF_NAME}
-      COMMAND
-        openenclave::oesign sign -e ${CMAKE_CURRENT_BINARY_DIR}/lib${name}.so -c
-        ${SIGNED_CONF_NAME} -k ${enclave_sign_key_path}
-      DEPENDS ${name} ${app_oe_conf_path} ${enclave_sign_key_path}
-    )
-
-    add_custom_target(
-      ${name}_signed ALL
-      DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/lib${name}.so.signed
-    )
-
-    if(${PARSED_ARGS_INSTALL_LIBS})
-      install(FILES ${CMAKE_CURRENT_BINARY_DIR}/lib${name}.so.debuggable
-              DESTINATION lib
-      )
-      install(FILES ${CMAKE_CURRENT_BINARY_DIR}/lib${name}.so.signed
-              DESTINATION lib
-      )
-    endif()
-  endif()
-endfunction()
-
 # Enclave library wrapper
 function(add_ccf_app name)
 
@@ -99,34 +35,8 @@ function(add_ccf_app name)
   )
   add_custom_target(${name} ALL)
 
-  if(COMPILE_TARGET STREQUAL "sgx")
-    set(enc_name ${name}.enclave)
-
-    add_library(${enc_name} SHARED ${PARSED_ARGS_SRCS})
-
-    target_compile_definitions(${enc_name} PUBLIC PLATFORM_SGX)
-
-    target_include_directories(${enc_name} PRIVATE ${PARSED_ARGS_INCLUDE_DIRS})
-    target_include_directories(
-      ${enc_name} SYSTEM PRIVATE ${PARSED_ARGS_SYSTEM_INCLUDE_DIRS}
-    )
-    add_warning_checks(${enc_name})
-    target_link_libraries(
-      ${enc_name} PRIVATE ${PARSED_ARGS_LINK_LIBS_ENCLAVE}
-                          ${OE_TARGET_ENCLAVE_CORE_LIBS} ccf.enclave
-    )
-
-    set_property(TARGET ${enc_name} PROPERTY POSITION_INDEPENDENT_CODE ON)
-
-    add_lvi_mitigations(${enc_name})
-
-    add_dependencies(${name} ${enc_name})
-    if(PARSED_ARGS_DEPS)
-      add_dependencies(${enc_name} ${PARSED_ARGS_DEPS})
-    endif()
-
-  elseif(COMPILE_TARGET STREQUAL "snp")
-    # Build an SNP enclave, loaded as a shared library without OE
+  if(COMPILE_TARGET STREQUAL "snp")
+    # Build an SNP enclave, loaded as a shared library
     set(snp_name ${name}.snp)
 
     add_library(${snp_name} SHARED ${PARSED_ARGS_SRCS})
@@ -166,7 +76,7 @@ function(add_ccf_app name)
     endif()
 
   elseif(COMPILE_TARGET STREQUAL "virtual")
-    # Build a virtual enclave, loaded as a shared library without OE
+    # Build a virtual enclave, loaded as a shared library
     set(virt_name ${name}.virtual)
 
     add_library(${virt_name} SHARED ${PARSED_ARGS_SRCS})
@@ -207,33 +117,6 @@ function(add_ccf_app name)
   endif()
 endfunction()
 
-# Convenience wrapper to build C-libraries that can be linked in enclave, ie. in
-# a CCF application.
-if(COMPILE_TARGET STREQUAL "sgx")
-  function(add_enclave_library_c name)
-    cmake_parse_arguments(PARSE_ARGV 1 PARSED_ARGS "" "" "")
-    set(files ${PARSED_ARGS_UNPARSED_ARGUMENTS})
-    add_library(${name} STATIC ${files})
-    target_compile_options(${name} PRIVATE -nostdinc)
-    target_link_libraries(${name} PRIVATE ${OE_TARGET_LIBC})
-    set_property(TARGET ${name} PROPERTY POSITION_INDEPENDENT_CODE ON)
-  endfunction()
-
-  # Convenience wrapper to build C++-libraries that can be linked in enclave,
-  # ie. in a CCF application.
-  function(add_enclave_library name)
-    cmake_parse_arguments(PARSE_ARGV 1 PARSED_ARGS "" "" "")
-    set(files ${PARSED_ARGS_UNPARSED_ARGUMENTS})
-    add_library(${name} ${files})
-    target_compile_options(${name} PUBLIC -nostdinc -nostdinc++)
-    target_compile_definitions(
-      ${name} PUBLIC INSIDE_ENCLAVE _LIBCPP_HAS_THREAD_API_PTHREAD
-    )
-    target_link_libraries(${name} PUBLIC ${OE_TARGET_ENCLAVE_AND_STD} -lgcc)
-    set_property(TARGET ${name} PROPERTY POSITION_INDEPENDENT_CODE ON)
-  endfunction()
-endif()
-
 function(add_host_library name)
   cmake_parse_arguments(PARSE_ARGV 1 PARSED_ARGS "" "" "")
   set(files ${PARSED_ARGS_UNPARSED_ARGUMENTS})

cmake/ccf_sgx-config.cmake.in

@@ -1,10 +0,0 @@
-@PACKAGE_INIT@
-
-set(CCF_DIR "@CMAKE_INSTALL_PREFIX@")
-set(SAN "@SAN@")
-
-include("${CCF_DIR}/cmake/ccf-targets.cmake")
-include("${CCF_DIR}/cmake/preproject.cmake")
-include("${CCF_DIR}/cmake/ccf_app.cmake")
-include("${CCF_DIR}/cmake/tools.cmake")
-include("${CCF_DIR}/cmake/open_enclave.cmake")

cmake/ccf_sgx_unsafe-config.cmake.in

@@ -1,10 +0,0 @@
-@PACKAGE_INIT@
-
-set(CCF_DIR "@CMAKE_INSTALL_PREFIX@")
-set(SAN "@SAN@")
-
-include("${CCF_DIR}/cmake/ccf-targets.cmake")
-include("${CCF_DIR}/cmake/preproject.cmake")
-include("${CCF_DIR}/cmake/ccf_app.cmake")
-include("${CCF_DIR}/cmake/tools.cmake")
-include("${CCF_DIR}/cmake/open_enclave.cmake")

cmake/common.cmake

@@ -211,10 +211,7 @@ function(add_perf_test)
   set(TESTS_SUFFIX "")
   set(ENCLAVE_TYPE "")
   set(ENCLAVE_PLATFORM "${COMPILE_TARGET}")
-  if("sgx" STREQUAL COMPILE_TARGET)
-    set(TESTS_SUFFIX "${TESTS_SUFFIX}_sgx")
-    set(ENCLAVE_TYPE "release")
-  elseif("virtual" STREQUAL COMPILE_TARGET)
+  if("virtual" STREQUAL COMPILE_TARGET)
     set(TESTS_SUFFIX "${TESTS_SUFFIX}_virtual")
     set(ENCLAVE_TYPE "virtual")
   endif()
@@ -284,10 +281,7 @@ function(add_piccolo_test)
   set(TESTS_SUFFIX "")
   set(ENCLAVE_TYPE "")
   set(ENCLAVE_PLATFORM "${COMPILE_TARGET}")
-  if("sgx" STREQUAL COMPILE_TARGET)
-    set(TESTS_SUFFIX "${TESTS_SUFFIX}_sgx")
-    set(ENCLAVE_TYPE "release")
-  elseif("virtual" STREQUAL COMPILE_TARGET)
+  if("virtual" STREQUAL COMPILE_TARGET)
     set(TESTS_SUFFIX "${TESTS_SUFFIX}_virtual")
     set(ENCLAVE_TYPE "virtual")
   endif()

cmake/cpack_settings.cmake

@@ -24,14 +24,7 @@ message(STATUS "Debian package version: ${CPACK_DEBIAN_PACKAGE_VERSION}")
 set(CCF_DEB_BASE_DEPENDENCIES "libuv1 (>= 1.34.2);openssl (>=1.1.1f)")
 set(CCF_DEB_DEPENDENCIES ${CCF_DEB_BASE_DEPENDENCIES})
 
-set(OE_VERSION "0.19.7")
-if(COMPILE_TARGET STREQUAL "sgx")
-  list(APPEND CCF_DEB_DEPENDENCIES
-       "libc++1-11;libc++abi1-11;open-enclave (>=${OE_VERSION})"
-  )
-else()
-  list(APPEND CCF_DEB_DEPENDENCIES "libc++1-15;libc++abi1-15")
-endif()
+list(APPEND CCF_DEB_DEPENDENCIES "libc++1-15;libc++abi1-15")
 
 list(JOIN CCF_DEB_DEPENDENCIES ", " CPACK_DEBIAN_PACKAGE_DEPENDS)
 

cmake/crypto.cmake

@@ -28,17 +28,7 @@ set(CCFCRYPTO_SRC
     ${CCF_DIR}/src/crypto/sharing.cpp
 )
 
-if(COMPILE_TARGET STREQUAL "sgx")
-  add_enclave_library(ccfcrypto.enclave ${CCFCRYPTO_SRC})
-  target_link_libraries(ccfcrypto.enclave PUBLIC qcbor.enclave)
-  target_link_libraries(ccfcrypto.enclave PUBLIC t_cose.enclave)
-
-  install(
-    TARGETS ccfcrypto.enclave
-    EXPORT ccf
-    DESTINATION lib
-  )
-elseif(COMPILE_TARGET STREQUAL "snp")
+if(COMPILE_TARGET STREQUAL "snp")
   add_library(ccfcrypto.snp ${CCFCRYPTO_SRC})
   add_san(ccfcrypto.snp)
   target_compile_options(ccfcrypto.snp PUBLIC ${COMPILE_LIBCXX})

cmake/nghttp2.cmake

@@ -33,22 +33,7 @@ set(NGHTTP2_SRCS
     ${NGHTTP2_PREFIX}/sfparse.c
 )
 
-if(COMPILE_TARGET STREQUAL "sgx")
-  add_enclave_library_c(nghttp2.enclave ${NGHTTP2_SRCS})
-  target_include_directories(
-    nghttp2.enclave PUBLIC $<BUILD_INTERFACE:${NGHTTP2_PREFIX}/includes>
-                           $<INSTALL_INTERFACE:include/3rdparty/nghttp2>
-  )
-  target_compile_definitions(
-    nghttp2.enclave PUBLIC -DNGHTTP2_STATICLIB -DHAVE_ARPA_INET_H=1
-  )
-
-  install(
-    TARGETS nghttp2.enclave
-    EXPORT ccf
-    DESTINATION lib
-  )
-elseif(COMPILE_TARGET STREQUAL "snp")
+if(COMPILE_TARGET STREQUAL "snp")
   add_library(nghttp2.snp STATIC ${NGHTTP2_SRCS})
   target_include_directories(
     nghttp2.snp PUBLIC $<BUILD_INTERFACE:${NGHTTP2_PREFIX}/includes>

cmake/open_enclave.cmake

@@ -1,46 +0,0 @@
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the Apache 2.0 License.
-
-if(COMPILE_TARGET STREQUAL "sgx")
-  # Find OpenEnclave package
-  find_package(OpenEnclave 0.19.7 CONFIG REQUIRED)
-
-  option(USE_OPENSSL_3 "Use OpenSSL 3.x for Open Enclave builds" ON)
-  if(USE_OPENSSL_3)
-    set(OE_OPENSSL_LIBRARY openenclave::oecryptoopenssl_3)
-  else()
-    set(OE_OPENSSL_LIBRARY openenclave::oecryptoopenssl)
-  endif()
-  # As well as pulling in openenclave:: targets, this sets variables which can
-  # be used for our edge cases (eg - for virtual libraries). These do not follow
-  # the standard naming patterns, for example use OE_INCLUDEDIR rather than
-  # OpenEnclave_INCLUDE_DIRS
-  if(COMPILE_TARGET STREQUAL "sgx")
-    set(OE_TARGET_LIBC openenclave::oelibc)
-    set(OE_TARGET_ENCLAVE_AND_STD openenclave::oeenclave openenclave::oelibcxx
-                                  openenclave::oelibc ${OE_OPENSSL_LIBRARY}
-    )
-
-    # These oe libraries must be linked in specific order
-    set(OE_TARGET_ENCLAVE_CORE_LIBS
-        openenclave::oeenclave openenclave::oesnmalloc openenclave::oecore
-        openenclave::oesyscall
-    )
-
-    option(LVI_MITIGATIONS "Enable LVI mitigations" ON)
-    if(LVI_MITIGATIONS)
-      string(APPEND OE_TARGET_LIBC -lvi-cfg)
-      list(TRANSFORM OE_TARGET_ENCLAVE_AND_STD APPEND -lvi-cfg)
-      list(TRANSFORM OE_TARGET_ENCLAVE_CORE_LIBS APPEND -lvi-cfg)
-    endif()
-
-    function(add_lvi_mitigations name)
-      if(LVI_MITIGATIONS)
-        # Enable clang-11 built-in LVI mitigation
-        target_compile_options(${name} PRIVATE -mlvi-cfi)
-      endif()
-    endfunction()
-
-    set(OE_HOST_LIBRARY openenclave::oehost)
-  endif()
-endif()

cmake/preproject.cmake

@@ -11,13 +11,8 @@ if((NOT CMAKE_C_COMPILER)
    AND "$ENV{CC}" STREQUAL ""
    AND "$ENV{CXX}" STREQUAL ""
 )
-  if("${COMPILE_TARGET}" STREQUAL "sgx")
-    find_program(FOUND_CMAKE_C_COMPILER NAMES clang-11)
-    find_program(FOUND_CMAKE_CXX_COMPILER NAMES clang++-11)
-  else()
-    find_program(FOUND_CMAKE_C_COMPILER NAMES clang-15)
-    find_program(FOUND_CMAKE_CXX_COMPILER NAMES clang++-15)
-  endif()
+  find_program(FOUND_CMAKE_C_COMPILER NAMES clang-15)
+  find_program(FOUND_CMAKE_CXX_COMPILER NAMES clang++-15)
   if(NOT (FOUND_CMAKE_C_COMPILER AND FOUND_CMAKE_CXX_COMPILER))
     message(
       WARNING

cmake/protobuf.cmake

@@ -19,15 +19,7 @@ get_target_property(LIBPROTOBUF_SOURCES libprotobuf SOURCES)
 set(PROTOBUF_TARGETS "protobuf.virtual")
 add_host_library(protobuf.virtual ${LIBPROTOBUF_SOURCES})
 
-if(COMPILE_TARGET STREQUAL "sgx")
-  add_enclave_library(protobuf.enclave ${LIBPROTOBUF_SOURCES})
-  list(APPEND PROTOBUF_TARGETS "protobuf.enclave")
-  install(
-    TARGETS protobuf.enclave
-    EXPORT ccf
-    DESTINATION lib
-  )
-elseif(COMPILE_TARGET STREQUAL "snp")
+if(COMPILE_TARGET STREQUAL "snp")
   add_host_library(protobuf.snp ${LIBPROTOBUF_SOURCES})
   list(APPEND PROTOBUF_TARGETS "protobuf.snp")
   install(

cmake/qcbor.cmake

@@ -9,19 +9,7 @@ set(QCBOR_SRCS
     "${QCBOR_SRC}/qcbor_encode.c" "${QCBOR_SRC}/qcbor_err_to_str.c"
     "${QCBOR_SRC}/UsefulBuf.c"
 )
-if(COMPILE_TARGET STREQUAL "sgx")
-  add_enclave_library_c(qcbor.enclave ${QCBOR_SRCS})
-  target_include_directories(
-    qcbor.enclave PUBLIC $<BUILD_INTERFACE:${CCF_3RD_PARTY_EXPORTED_DIR}/QCBOR>
-                         $<INSTALL_INTERFACE:include/3rdparty/QCBOR>
-  )
-
-  install(
-    TARGETS qcbor.enclave
-    EXPORT ccf
-    DESTINATION lib
-  )
-elseif(COMPILE_TARGET STREQUAL "snp")
+if(COMPILE_TARGET STREQUAL "snp")
   add_library(qcbor.snp STATIC ${QCBOR_SRCS})
 
   target_include_directories(

cmake/quickjs.cmake

@@ -27,26 +27,7 @@ message(STATUS "QuickJS prefix: ${QUICKJS_PREFIX} version: ${QUICKJS_VERSION}")
 
 # We need two versions of libquickjs, because it depends on libc
 
-if(COMPILE_TARGET STREQUAL "sgx")
-  add_enclave_library_c(quickjs.enclave ${QUICKJS_SRC})
-  target_compile_options(
-    quickjs.enclave
-    PUBLIC -DCONFIG_VERSION="${QUICKJS_VERSION}" -DEMSCRIPTEN
-           -DCONFIG_STACK_CHECK -DCONFIG_BIGNUM
-    PRIVATE $<$<CONFIG:Debug>:-DDUMP_LEAKS>
-  )
-  target_include_directories(
-    quickjs.enclave
-    PUBLIC $<BUILD_INTERFACE:${CCF_3RD_PARTY_EXPORTED_DIR}/quickjs>
-           $<INSTALL_INTERFACE:include/3rdparty/quickjs>
-  )
-
-  install(
-    TARGETS quickjs.enclave
-    EXPORT ccf
-    DESTINATION lib
-  )
-elseif(COMPILE_TARGET STREQUAL "snp")
+if(COMPILE_TARGET STREQUAL "snp")
   add_library(quickjs.snp STATIC ${QUICKJS_SRC})
   target_compile_options(
     quickjs.snp

cmake/sss.cmake

@@ -11,14 +11,7 @@ set(SSS_SRC ${SSS_PREFIX}/sss.c ${SSS_PREFIX}/hazmat.c
             ${SSS_PREFIX}/tweetnacl.c
 )
 
-if(COMPILE_TARGET STREQUAL "sgx")
-  add_enclave_library_c(sss.enclave ${SSS_SRC})
-  install(
-    TARGETS sss.enclave
-    EXPORT ccf
-    DESTINATION lib
-  )
-elseif(COMPILE_TARGET STREQUAL "snp")
+if(COMPILE_TARGET STREQUAL "snp")
   add_library(sss.snp STATIC ${SSS_SRC})
   add_san(sss.snp)
   set_property(TARGET sss.snp PROPERTY POSITION_INDEPENDENT_CODE ON)

cmake/t_cose.cmake

@@ -12,28 +12,7 @@ set(T_COSE_SRCS
     "${T_COSE_SRC}/t_cose_util.c"
     "${T_COSE_DIR}/crypto_adapters/t_cose_openssl_crypto.c"
 )
-if(COMPILE_TARGET STREQUAL "sgx")
-  add_enclave_library_c(t_cose.enclave ${T_COSE_SRCS})
-  target_compile_definitions(t_cose.enclave PRIVATE ${T_COSE_DEFS})
-  target_compile_options(t_cose.enclave INTERFACE ${T_COSE_OPTS_INTERFACE})
-
-  target_include_directories(t_cose.enclave PRIVATE "${T_COSE_SRC}")
-  target_include_directories(
-    t_cose.enclave
-    PUBLIC $<BUILD_INTERFACE:${CCF_3RD_PARTY_EXPORTED_DIR}/t_cose/inc>
-           $<INSTALL_INTERFACE:include/3rdparty/t_cose/inc>
-  )
-
-  target_link_libraries(t_cose.enclave PUBLIC qcbor.enclave)
-  # This is needed to get the OpenSSL includes from Open Enclave
-  target_link_libraries(t_cose.enclave PRIVATE ${OE_OPENSSL_LIBRARY})
-
-  install(
-    TARGETS t_cose.enclave
-    EXPORT ccf
-    DESTINATION lib
-  )
-elseif(COMPILE_TARGET STREQUAL "snp")
+if(COMPILE_TARGET STREQUAL "snp")
   find_package(OpenSSL REQUIRED)
   add_library(t_cose.snp STATIC ${T_COSE_SRCS})
   target_compile_definitions(t_cose.snp PRIVATE ${T_COSE_DEFS})

cmake/version.cmake

@@ -5,25 +5,7 @@ unset(CCF_VERSION)
 unset(CCF_RELEASE_VERSION)
 unset(CCF_VERSION_SUFFIX)
 
-option(
-  UNSAFE_VERSION
-  "Append unsafe suffix to project and targets. Should be used on platforms where log level is determined at build-time, to distinguish builds which are unsafely verbose."
-  OFF
-)
-
 set(CCF_PROJECT "ccf_${COMPILE_TARGET}")
-if(UNSAFE_VERSION)
-  if(NOT ${COMPILE_TARGET} STREQUAL "sgx")
-    message(
-      FATAL_ERROR
-        "UNSAFE_VERSION can only be set for sgx compile target (-DCOMPILE_TARGET=sgx)"
-    )
-  endif()
-  set(CCF_PROJECT "${CCF_PROJECT}_unsafe")
-  add_compile_definitions(UNSAFE_VERSION ENABLE_HISTORICAL_VERBOSE_LOGGING)
-  file(WRITE ${CMAKE_BINARY_DIR}/UNSAFE "UNSAFE")
-  install(FILES ${CMAKE_BINARY_DIR}/UNSAFE DESTINATION share)
-endif()
 
 # If possible, deduce project version from git environment
 if(EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/.git)

edl/ccf.edl

@@ -1,35 +0,0 @@
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the Apache 2.0 License.
-
-enclave {
-    from "openenclave/edl/sgx/platform.edl" import *;
-    from "openenclave/edl/time.edl" import *;
-
-    include "common/enclave_interface_types.h"
-
-    trusted {
-
-        public CreateNodeStatus enclave_create_node(
-            [user_check] void* enclave_config,
-            [user_check] uint8_t* ccf_config,
-            size_t ccf_config_size,
-            [user_check] uint8_t* startup_snapshot,
-            size_t startup_snapshot_size,
-            [out, count=node_cert_size] uint8_t* node_cert,
-            size_t node_cert_size,
-            [out] size_t* node_cert_len,
-            [out, count=service_cert_size] uint8_t* service_cert,
-            size_t service_cert_size,
-            [out] size_t* service_cert_len,
-            [out, count=enclave_version_size] uint8_t* enclave_version,
-            size_t enclave_version_size,
-            [out] size_t* enclave_version_len,
-            StartType start_type,
-            LoggerLevel enclave_log_level,
-            size_t num_worker_thread,
-            [user_check] void* time_location,
-        );
-
-        public bool enclave_run();
-    };
-};

include/ccf/ds/logger.h

@@ -17,13 +17,7 @@
 
 namespace ccf::logger
 {
-  static constexpr LoggerLevel MOST_VERBOSE =
-#ifdef CCF_DISABLE_VERBOSE_LOGGING
-    LoggerLevel::INFO
-#else
-    LoggerLevel::TRACE
-#endif
-    ;
+  static constexpr LoggerLevel MOST_VERBOSE = LoggerLevel::TRACE;
 
   static constexpr const char* LevelNames[] = {
     "trace", "debug", "info", "fail", "fatal"};
@@ -374,23 +368,11 @@ namespace ccf::logger
 #  define CCF_LOGGER_DEPRECATE(MACRO)
 #endif
 
-#ifndef CCF_DISABLE_VERBOSE_LOGGING
-#  define LOG_TRACE_FMT \
-    CCF_LOGGER_DEPRECATE(LOG_TRACE_FMT) CCF_LOG_FMT(TRACE, "")
-#  define LOG_DEBUG_FMT \
-    CCF_LOGGER_DEPRECATE(LOG_DEBUG_FMT) CCF_LOG_FMT(DEBUG, "")
+#define LOG_TRACE_FMT CCF_LOGGER_DEPRECATE(LOG_TRACE_FMT) CCF_LOG_FMT(TRACE, "")
+#define LOG_DEBUG_FMT CCF_LOGGER_DEPRECATE(LOG_DEBUG_FMT) CCF_LOG_FMT(DEBUG, "")
 
-#  define CCF_APP_TRACE CCF_LOG_FMT(TRACE, "app")
-#  define CCF_APP_DEBUG CCF_LOG_FMT(DEBUG, "app")
-#else
-// With verbose logging disabled by compile-time definition, these logging
-// macros are compile-time nops (and cannot be enabled by accident or malice)
-#  define LOG_TRACE_FMT(...) CCF_LOGGER_DEPRECATE(LOG_TRACE_FMT)((void)0)
-#  define LOG_DEBUG_FMT(...) CCF_LOGGER_DEPRECATE(LOG_DEBUG_FMT)((void)0)
-
-#  define CCF_APP_TRACE(...) ((void)0)
-#  define CCF_APP_DEBUG(...) ((void)0)
-#endif
+#define CCF_APP_TRACE CCF_LOG_FMT(TRACE, "app")
+#define CCF_APP_DEBUG CCF_LOG_FMT(DEBUG, "app")
 
 #define LOG_INFO_FMT CCF_LOGGER_DEPRECATE(LOG_INFO_FMT) CCF_LOG_FMT(INFO, "")
 #define LOG_FAIL_FMT CCF_LOGGER_DEPRECATE(LOG_FAIL_FMT) CCF_LOG_FMT(FAIL, "")

samples/apps/basic/CMakeLists.txt

@@ -5,30 +5,10 @@ cmake_minimum_required(VERSION 3.16)
 
 project(basic LANGUAGES C CXX)
 
-option(USE_UNSAFE_VERSION "Use build with unsafe logging levels" OFF)
-
 set(CCF_PROJECT "ccf_${COMPILE_TARGET}")
-if(USE_UNSAFE_VERSION)
-  set(CCF_PROJECT "${CCF_PROJECT}_unsafe")
-endif()
 
 if(NOT TARGET "ccf")
   find_package(${CCF_PROJECT} REQUIRED)
 endif()
 
 add_ccf_app(basic SRCS basic.cpp)
-
-# Generate an ephemeral signing key
-add_custom_command(
-  OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem
-  COMMAND openssl genrsa -out ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem -3
-          3072
-)
-add_custom_target(
-  basic_signing_key ALL DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem
-)
-
-sign_app_library(
-  basic.enclave ${CMAKE_CURRENT_SOURCE_DIR}/oe_sign.conf
-  ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem
-)

samples/apps/basic/oe_sign.conf

@@ -1,7 +0,0 @@
-# Enclave settings:
-NumHeapPages=100000
-NumStackPages=1024
-NumTCS=14
-ProductID=1
-SecurityVersion=1
-# The Debug setting is automatically inserted by sign_app_library in CMake, to build both debuggable and non-debuggable variants

samples/apps/logging/CMakeLists.txt

@@ -5,30 +5,10 @@ cmake_minimum_required(VERSION 3.16)
 
 project(logging LANGUAGES C CXX)
 
-option(USE_UNSAFE_VERSION "Use build with unsafe logging levels" OFF)
-
 set(CCF_PROJECT "ccf_${COMPILE_TARGET}")
-if(USE_UNSAFE_VERSION)
-  set(CCF_PROJECT "${CCF_PROJECT}_unsafe")
-endif()
 
 if(NOT TARGET "ccf")
   find_package(${CCF_PROJECT} REQUIRED)
 endif()
 
 add_ccf_app(logging SRCS logging.cpp create_tx_claims_digest.cpp)
-
-# Generate an ephemeral signing key
-add_custom_command(
-  OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem
-  COMMAND openssl genrsa -out ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem -3
-          3072
-)
-add_custom_target(
-  logging_signing_key ALL DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem
-)
-
-sign_app_library(
-  logging.enclave ${CMAKE_CURRENT_SOURCE_DIR}/oe_sign.conf
-  ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem
-)

samples/apps/logging/oe_sign.conf

@@ -1,7 +0,0 @@
-# Enclave settings:
-NumHeapPages=50000
-NumStackPages=1024
-NumTCS=8
-ProductID=1
-SecurityVersion=1
-# The Debug setting is automatically inserted by sign_app_library in CMake, to build both debuggable and non-debuggable variants

samples/apps/nobuiltins/CMakeLists.txt

@@ -12,19 +12,3 @@ if(NOT TARGET "ccf")
 endif()
 
 add_ccf_app(nobuiltins SRCS nobuiltins.cpp)
-
-# Generate an ephemeral signing key
-add_custom_command(
-  OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem
-  COMMAND openssl genrsa -out ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem -3
-          3072
-)
-add_custom_target(
-  nobuiltins_signing_key ALL
-  DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem
-)
-
-sign_app_library(
-  nobuiltins.enclave ${CMAKE_CURRENT_SOURCE_DIR}/oe_sign.conf
-  ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem
-)

samples/apps/nobuiltins/oe_sign.conf

@@ -1,7 +0,0 @@
-# Enclave settings:
-NumHeapPages=50000
-NumStackPages=1024
-NumTCS=8
-ProductID=1
-SecurityVersion=1
-# The Debug setting is automatically inserted by sign_app_library in CMake, to build both debuggable and non-debuggable variants

samples/apps/programmability/CMakeLists.txt

@@ -5,31 +5,10 @@ cmake_minimum_required(VERSION 3.16)
 
 project(programmability LANGUAGES C CXX)
 
-option(USE_UNSAFE_VERSION "Use build with unsafe logging levels" OFF)
-
 set(CCF_PROJECT "ccf_${COMPILE_TARGET}")
-if(USE_UNSAFE_VERSION)
-  set(CCF_PROJECT "${CCF_PROJECT}_unsafe")
-endif()
 
 if(NOT TARGET "ccf")
   find_package(${CCF_PROJECT} REQUIRED)
 endif()
 
 add_ccf_app(programmability SRCS programmability.cpp)
-
-# Generate an ephemeral signing key
-add_custom_command(
-  OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem
-  COMMAND openssl genrsa -out ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem -3
-          3072
-)
-add_custom_target(
-  programmability_signing_key ALL
-  DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem
-)
-
-sign_app_library(
-  programmability.enclave ${CMAKE_CURRENT_SOURCE_DIR}/oe_sign.conf
-  ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem
-)

samples/apps/programmability/oe_sign.conf

@@ -1,7 +0,0 @@
-# Enclave settings:
-NumHeapPages=100000
-NumStackPages=1024
-NumTCS=14
-ProductID=1
-SecurityVersion=1
-# The Debug setting is automatically inserted by sign_app_library in CMake, to build both debuggable and non-debuggable variants

src/apps/js_generic/oe_sign.conf

@@ -1,7 +0,0 @@
-# Enclave settings:
-NumHeapPages=524288
-NumStackPages=1024
-NumTCS=14
-ProductID=1
-SecurityVersion=1
-# The Debug setting is automatically inserted by sign_app_library in CMake, to build both debuggable and non-debuggable variants

src/apps/tpcc/app/oe_sign.conf

@@ -1,7 +0,0 @@
-# Enclave settings:
-NumHeapPages=327680
-NumStackPages=1024
-NumTCS=8
-ProductID=1
-SecurityVersion=1
-# The Debug setting is automatically inserted by sign_app_library in CMake, to build both debuggable and non-debuggable variants

src/apps/tpcc/tpcc.cmake

@@ -19,10 +19,6 @@ add_ccf_app(
   SRCS ${CMAKE_CURRENT_LIST_DIR}/app/tpcc.cpp
   SYSTEM_INCLUDE_DIRS ${CCF_DIR}/3rdparty/test
 )
-sign_app_library(
-  tpcc.enclave ${CMAKE_CURRENT_LIST_DIR}/app/oe_sign.conf
-  ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem
-)
 
 # tpcc unit tests
 add_unit_test(tpcc_test ${CMAKE_CURRENT_LIST_DIR}/app/test/tpcc.cpp)

src/ds/test/logger_json_test.cpp

@@ -1,7 +1,5 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the Apache 2.0 License.
-#undef CCF_DISABLE_VERBOSE_LOGGING
-
 #include "ccf/ds/logger.h"
 
 #define DOCTEST_CONFIG_IMPLEMENT_WITH_MAIN

src/host/enclave.h

@@ -128,10 +128,6 @@ namespace host
             expect_enclave_file_suffix(path, ".enclave.so.signed", type);
           }
 
-#  ifdef CCF_DISABLE_VERBOSE_LOGGING
-          oe_log_set_callback(nullptr, nop_oe_logger);
-#  endif
-
           auto err = oe_create_ccf_enclave(
             path.c_str(),
             OE_ENCLAVE_TYPE_SGX,

src/node/rpc/gov_logging.h

@@ -4,13 +4,8 @@
 
 #include "ccf/ds/logger.h"
 
-#ifndef CCF_DISABLE_VERBOSE_LOGGING
-#  define GOV_TRACE_FMT CCF_LOG_FMT(TRACE, "gov")
-#  define GOV_DEBUG_FMT CCF_LOG_FMT(DEBUG, "gov")
-#else
-#  define GOV_TRACE_FMT(...) ((void)0)
-#  define GOV_DEBUG_FMT(...) ((void)0)
-#endif
+#define GOV_TRACE_FMT CCF_LOG_FMT(TRACE, "gov")
+#define GOV_DEBUG_FMT CCF_LOG_FMT(DEBUG, "gov")
 
 #define GOV_INFO_FMT CCF_LOG_FMT(INFO, "gov")
 #define GOV_FAIL_FMT CCF_LOG_FMT(FAIL, "gov")

src/node/rpc/node_frontend.h

@@ -1472,11 +1472,7 @@ namespace ccf
         GetVersion::Out result;
         result.ccf_version = ccf::ccf_version;
         result.quickjs_version = ccf::quickjs_version;
-#ifdef UNSAFE_VERSION
-        result.unsafe = true;
-#else
         result.unsafe = false;
-#endif
 
         return make_success(result);
       };