Background

Update the Intel TDX Quote Generation Service (QGS) containerfile to use UBI 10 as the base image instead of UBI 9. This migration is a prerequisite for the Konflux build implementation and ensures alignment with latest Red Hat base image standards and security improvements.

Current State

• Current Base Image: Red Hat Universal Base Image (UBI) 9
• Target Base Image: Red Hat Universal Base Image (UBI) 10
• Container Location: https://github.com/openshift/confidential-compute-artifacts/tree/main/containerfiles/tdx-qgs

Migration Requirements

• Update Containerfile FROM statement from UBI 9 to UBI 10
• Verify compatibility of Intel SGX/TDX components with UBI 10
• Ensure boost libraries and dependencies work correctly
• Validate TDX QGS service installation and functionality
• Test quote generation service in non-daemon mode

Technical Considerations

• Verify Intel SGX DCAP repository compatibility with UBI 10
• Ensure boost libraries are available and compatible in UBI 10
• Test TDX Quote Generation Service (tdx-qgs) package installation
• Validate service configuration for non-daemon operation
• Check hardware attestation capabilities
• Verify entry point configuration for quote generation service

Acceptance Criteria

• [ ] Containerfile updated to use UBI 10 base image
• [ ] Container builds successfully with all dependencies
• [ ] Intel SGX DCAP repository integration works correctly
• [ ] Boost libraries install and function properly
• [ ] TDX QGS service installs correctly
• [ ] Service starts and runs in non-daemon mode
• [ ] Quote generation functionality validated
• [ ] Hardware attestation capabilities verified
• [ ] Container image passes security scans
• [ ] Documentation updated to reflect UBI 10 usage

Dependencies

• This story is a prerequisite for KATA-4171 (Konflux build implementation)
• Access to UBI 10 base images
• Intel SGX/TDX repository compatibility verification
• Intel TDX-capable hardware for testing (where available)