Background

Create a Konflux build pipeline for the Intel TDX Quote Generation Service (QGS) container to enable automated building and distribution of this hardware attestation service for trusted computing environments.

Container Details

• Source: https://github.com/openshift/confidential-compute-artifacts/tree/main/containerfiles/tdx-qgs
• Base Image: Red Hat Universal Base Image (UBI) 9
• Purpose: Intel TDX Quote Generation Service for hardware-based attestation
• Service Mode: Non-daemon mode for containerized deployment

Container Components

• Intel SGX DCAP repository integration
• Boost libraries and dependencies
• TDX Quote Generation Service (tdx-qgs) installation
• Service configuration for non-daemon operation
• Entry point configuration for quote generation service

Service Functionality

• Hardware-based attestation quote generation
• TDX (Trust Domain Extensions) support
• Integration with Intel's secure computing infrastructure
• Remote attestation capabilities for trusted computing contexts
• Quote generation for confidential virtual machines

Technical Requirements

• Set up Konflux build configuration for the TDX QGS Containerfile
• Configure DCAP version management and repository access
• Ensure proper UBI 9 base image usage
• Validate Intel SGX/TDX repository access and package installation
• Test quote generation service functionality
• Configure service for containerized non-daemon operation

Acceptance Criteria

• [ ] Konflux build pipeline created and configured
• [ ] Container builds successfully with all dependencies
• [ ] Intel SGX DCAP repository integration works correctly
• [ ] Boost libraries install and function properly
• [ ] TDX QGS service installs correctly
• [ ] Service starts and runs in non-daemon mode
• [ ] Quote generation functionality validated
• [ ] Container image passes security scans
• [ ] Documentation updated with build and deployment instructions
• [ ] CI/CD pipeline validates container functionality
• [ ] Hardware attestation capabilities tested

Dependencies

• Access to Intel SGX DCAP repositories
• Red Hat UBI 9 base image availability
• Intel TDX-capable hardware for testing
• Konflux platform configuration
• Container registry access for image storage
• Hardware security module integration capabilities