synchronous features

2023-09-18 11:13:44 +08:00 · 2023-09-18 11:13:44 +08:00 · 63198ecadf
commit 63198ecadf
parent fef3775846
13 changed files with 10533 additions and 17 deletions
--- a/0060-supprot-kunpeng-remote-attestation.patch
+++ b/0060-supprot-kunpeng-remote-attestation.patch
--- a/0061-refactor-remote-attestation.patch
+++ b/0061-refactor-remote-attestation.patch
--- a/0062-secure-channel-support-authentication-by-remote-atte.patch
+++ b/0062-secure-channel-support-authentication-by-remote-atte.patch
--- a/0063-some-code-optimize.patch
+++ b/0063-some-code-optimize.patch
@ -0,0 +1,406 @@
+From 907b34fa937eb6e41f25ebff23db88956842c635 Mon Sep 17 00:00:00 2001
+From: houmingyong <houmingyong@huawei.com>
+Date: Sat, 27 May 2023 15:29:01 +0800
+Subject: [PATCH] some code optimize
+
+---
+ .../remote_attest/ra_report/CMakeLists.txt    |  2 --
+ .../remote_attest/ra_report/gp_ra_report.c    | 11 +++----
+ .../remote_attest/ra_report/gp_ra_report.h    | 24 ---------------
+ .../remote_attest/ra_report/sgx_ra_report.c   | 10 +++----
+ .../remote_attest/ra_report/sgx_ra_report.h   | 24 ---------------
+ .../remote_attest/ra_verify/CMakeLists.txt    |  3 --
+ .../ra_verify/gp_ra_report_verify.c           | 11 +++----
+ .../ra_verify/gp_ra_report_verify.h           | 30 -------------------
+ .../ra_verify/sgx_ra_report_verify.c          |  9 ++----
+ .../ra_verify/sgx_ra_report_verify.h          | 30 -------------------
+ examples/secure_channel/client/CMakeLists.txt |  6 +++-
+ .../client_with_recv_thread/CMakeLists.txt    |  5 +++-
+ .../client_with_recv_thread/client.c          |  3 +-
+ 13 files changed, 26 insertions(+), 142 deletions(-)
+ delete mode 100644 component/remote_attest/ra_report/gp_ra_report.h
+ delete mode 100644 component/remote_attest/ra_report/sgx_ra_report.h
+ delete mode 100644 component/remote_attest/ra_verify/gp_ra_report_verify.h
+ delete mode 100644 component/remote_attest/ra_verify/sgx_ra_report_verify.h
+
+diff --git a/component/remote_attest/ra_report/CMakeLists.txt b/component/remote_attest/ra_report/CMakeLists.txt
+index 548e786..2f00dc7 100644
+--- a/component/remote_attest/ra_report/CMakeLists.txt
+++ b/component/remote_attest/ra_report/CMakeLists.txt
+@@ -45,5 +45,3 @@ install(TARGETS ${TARGET}
+         LIBRARY
+         DESTINATION ${LIBRARY_INSTALL}
+         PERMISSIONS  OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ  GROUP_EXECUTE WORLD_READ  WORLD_EXECUTE)
+-
+-
+diff --git a/component/remote_attest/ra_report/gp_ra_report.c b/component/remote_attest/ra_report/gp_ra_report.c
+index 978127a..4625cd3 100644
+--- a/component/remote_attest/ra_report/gp_ra_report.c
+++ b/component/remote_attest/ra_report/gp_ra_report.c
+@@ -9,9 +9,6 @@
+  * PURPOSE.
+  * See the Mulan PSL v2 for more details.
+  */
+-
+-#include "gp_ra_report.h"
+-
+ #include <stdlib.h>
+ #include <string.h>
+ #include "ra_client_api.h"
+@@ -171,7 +168,7 @@ static cc_enclave_result_t gp_ra_provision_no_as()
+     return CC_SUCCESS;
+ }
+ 
+-cc_enclave_result_t gp_prepare_ra_env(cc_ra_scenario_t scenario)
+static cc_enclave_result_t gp_prepare_ra_env(cc_ra_scenario_t scenario)
+ {
+     cc_enclave_result_t ret = CC_SUCCESS;
+     switch (scenario) {
+@@ -184,7 +181,7 @@ cc_enclave_result_t gp_prepare_ra_env(cc_ra_scenario_t scenario)
+     return ret;
+ }
+ 
+-cc_enclave_result_t gp_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report)
+static cc_enclave_result_t gp_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report)
+ {
+     cc_ra_buf_t *ra_buf_in = NULL;
+     cc_enclave_result_t ret = gen_ra_report_in_buff(in, &ra_buf_in);
+@@ -203,12 +200,12 @@ cc_enclave_result_t gp_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *
+     return CC_SUCCESS;
+ }
+ 
+-uni_ree_agent_t g_gp_agent = {
+static uni_ree_agent_t g_gp_agent = {
+     .tee_type = CC_TEE_TYPE_GP,
+     .prepare_ra_env = gp_prepare_ra_env,
+     .get_ra_report = gp_get_ra_report,
+ };
+-static __attribute__((constructor)) void gp_register_ree_agent()
+static __attribute__((constructor)) void gp_register_ree_agent(void)
+ {
+     cc_register_ree_agent(&g_gp_agent);
+ }
+\ No newline at end of file
+diff --git a/component/remote_attest/ra_report/gp_ra_report.h b/component/remote_attest/ra_report/gp_ra_report.h
+deleted file mode 100644
+index ed58bb0..0000000
+--- a/component/remote_attest/ra_report/gp_ra_report.h
+++ /dev/null
+@@ -1,24 +0,0 @@
+-/*
+- * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+- * secGear is licensed under the Mulan PSL v2.
+- * You can use this software according to the terms and conditions of the Mulan PSL v2.
+- * You may obtain a copy of Mulan PSL v2 at:
+- *     http://license.coscl.org.cn/MulanPSL2
+- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+- * PURPOSE.
+- * See the Mulan PSL v2 for more details.
+- */
+-
+-#ifndef SECGEAR_GP_RA_REPORT_H
+-#define SECGEAR_GP_RA_REPORT_H
+-
+-#include "status.h"
+-#include "sg_report_st.h"
+-
+-cc_enclave_result_t gp_prepare_ra_env(cc_ra_scenario_t scenario);
+-
+-cc_enclave_result_t gp_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report);
+-
+-#endif
+-
+diff --git a/component/remote_attest/ra_report/sgx_ra_report.c b/component/remote_attest/ra_report/sgx_ra_report.c
+index 8d02fc3..6bd0bdc 100644
+--- a/component/remote_attest/ra_report/sgx_ra_report.c
+++ b/component/remote_attest/ra_report/sgx_ra_report.c
+@@ -9,17 +9,15 @@
+  * PURPOSE.
+  * See the Mulan PSL v2 for more details.
+  */
+-
+-#include "sgx_ra_report.h"
+ #include "uni_ree_agent.h"
+ 
+-cc_enclave_result_t sgx_prepare_ra_env(cc_ra_scenario_t scenario)
+static cc_enclave_result_t sgx_prepare_ra_env(cc_ra_scenario_t scenario)
+ {
+     (void)scenario;
+     return CC_SUCCESS;
+ }
+ 
+-cc_enclave_result_t sgx_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report)
+static cc_enclave_result_t sgx_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report)
+ {
+     (void)in;
+     (void)report;
+@@ -27,12 +25,12 @@ cc_enclave_result_t sgx_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t
+     return CC_SUCCESS;
+ }
+ 
+-uni_ree_agent_t g_sgx_agent = {
+static uni_ree_agent_t g_sgx_agent = {
+     .tee_type = CC_TEE_TYPE_SGX,
+     .prepare_ra_env = sgx_prepare_ra_env,
+     .get_ra_report = sgx_get_ra_report,
+ };
+-static __attribute__((constructor)) void sgx_register_ree_agent()
+static __attribute__((constructor)) void sgx_register_ree_agent(void)
+ {
+     cc_register_ree_agent(&g_sgx_agent);
+ }
+\ No newline at end of file
+diff --git a/component/remote_attest/ra_report/sgx_ra_report.h b/component/remote_attest/ra_report/sgx_ra_report.h
+deleted file mode 100644
+index d9a33cc..0000000
+--- a/component/remote_attest/ra_report/sgx_ra_report.h
+++ /dev/null
+@@ -1,24 +0,0 @@
+-/*
+- * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+- * secGear is licensed under the Mulan PSL v2.
+- * You can use this software according to the terms and conditions of the Mulan PSL v2.
+- * You may obtain a copy of Mulan PSL v2 at:
+- *     http://license.coscl.org.cn/MulanPSL2
+- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+- * PURPOSE.
+- * See the Mulan PSL v2 for more details.
+- */
+-
+-#ifndef SECGEAR_SGX_RA_REPORT_H
+-#define SECGEAR_SGX_RA_REPORT_H
+-
+-#include "status.h"
+-#include "sg_report_st.h"
+-
+-cc_enclave_result_t sgx_prepare_ra_env(cc_ra_scenario_t scenario);
+-
+-cc_enclave_result_t sgx_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report);
+-
+-#endif
+-
+diff --git a/component/remote_attest/ra_verify/CMakeLists.txt b/component/remote_attest/ra_verify/CMakeLists.txt
+index 53707b1..54b2eca 100644
+--- a/component/remote_attest/ra_verify/CMakeLists.txt
+++ b/component/remote_attest/ra_verify/CMakeLists.txt
+@@ -31,7 +31,6 @@ if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
+ endif()
+ 
+ include_directories( 
+-    ${CMAKE_CURRENT_BINARY_DIR}
+     ${CMAKE_CURRENT_SOURCE_DIR}
+     ${CMAKE_CURRENT_SOURCE_DIR}/..
+     ${LOCAL_ROOT_PATH}/inc/host_inc
+@@ -49,5 +48,3 @@ install(TARGETS ${TARGET}
+         LIBRARY
+         DESTINATION ${LIBRARY_INSTALL}
+         PERMISSIONS  OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ  GROUP_EXECUTE WORLD_READ  WORLD_EXECUTE)
+-
+-
+diff --git a/component/remote_attest/ra_verify/gp_ra_report_verify.c b/component/remote_attest/ra_verify/gp_ra_report_verify.c
+index 76debb4..f74c2ea 100644
+--- a/component/remote_attest/ra_verify/gp_ra_report_verify.c
+++ b/component/remote_attest/ra_verify/gp_ra_report_verify.c
+@@ -9,15 +9,12 @@
+  * PURPOSE.
+  * See the Mulan PSL v2 for more details.
+  */
+-
+-#include "gp_ra_report_verify.h"
+-
+ #include "teeverifier.h"
+ #include "enclave_log.h"
+ 
+ #include "uni_ra_verify_agent.h"
+ 
+-int convert_cctype_to_gptype(cc_ra_verify_type_t type)
+static int convert_cctype_to_gptype(cc_ra_verify_type_t type)
+ {
+     // gp type, 1: compare image hash; 2: compare mem hash; 3: compare image and mem hash
+     if (type == CC_RA_VERIFY_TYPE_LOOSE) {
+@@ -29,7 +26,7 @@ int convert_cctype_to_gptype(cc_ra_verify_type_t type)
+     }
+ }
+ 
+-cc_enclave_result_t gp_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
+static cc_enclave_result_t gp_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
+     cc_ra_verify_type_t type, char *basevalue)
+ {
+     int gp_type = convert_cctype_to_gptype(type);
+@@ -52,10 +49,10 @@ cc_enclave_result_t gp_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
+     return ret;
+ }
+ 
+-uni_ra_verify_agent_t g_gp_ra_verify_agent = {
+static uni_ra_verify_agent_t g_gp_ra_verify_agent = {
+     .verify_ra_report = gp_verify_report,
+ };
+-static __attribute__((constructor)) void gp_register_ra_agent()
+static __attribute__((constructor)) void gp_register_ra_agent(void)
+ {
+     cc_register_ra_verify_agent(&g_gp_ra_verify_agent);
+ }
+\ No newline at end of file
+diff --git a/component/remote_attest/ra_verify/gp_ra_report_verify.h b/component/remote_attest/ra_verify/gp_ra_report_verify.h
+deleted file mode 100644
+index 68a7c38..0000000
+--- a/component/remote_attest/ra_verify/gp_ra_report_verify.h
+++ /dev/null
+@@ -1,30 +0,0 @@
+-/*
+- * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+- * secGear is licensed under the Mulan PSL v2.
+- * You can use this software according to the terms and conditions of the Mulan PSL v2.
+- * You may obtain a copy of Mulan PSL v2 at:
+- *     http://license.coscl.org.cn/MulanPSL2
+- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+- * PURPOSE.
+- * See the Mulan PSL v2 for more details.
+- */
+-
+-#ifndef SECGEAR_GP_RA_REPORT_VERIFY_H
+-#define SECGEAR_GP_RA_REPORT_VERIFY_H
+-
+-#include "status.h"
+-#include "sg_report_st.h"
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-cc_enclave_result_t gp_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
+-    cc_ra_verify_type_t type, char *basevalue);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif
+diff --git a/component/remote_attest/ra_verify/sgx_ra_report_verify.c b/component/remote_attest/ra_verify/sgx_ra_report_verify.c
+index 0e2e81f..e2472a3 100644
+--- a/component/remote_attest/ra_verify/sgx_ra_report_verify.c
+++ b/component/remote_attest/ra_verify/sgx_ra_report_verify.c
+@@ -9,12 +9,9 @@
+  * PURPOSE.
+  * See the Mulan PSL v2 for more details.
+  */
+-
+-#include "sgx_ra_report_verify.h"
+-
+ #include "uni_ra_verify_agent.h"
+ 
+-cc_enclave_result_t sgx_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
+static cc_enclave_result_t sgx_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
+     cc_ra_verify_type_t type, char *basevalue)
+ {
+     (void)report;
+@@ -24,10 +21,10 @@ cc_enclave_result_t sgx_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
+     return CC_SUCCESS;
+ }
+ 
+-uni_ra_verify_agent_t g_sgx_ra_verify_agent = {
+static uni_ra_verify_agent_t g_sgx_ra_verify_agent = {
+     .verify_ra_report = sgx_verify_report,
+ };
+-static __attribute__((constructor)) void gp_register_ra_agent()
+static __attribute__((constructor)) void gp_register_ra_agent(void)
+ {
+     cc_register_ra_verify_agent(&g_sgx_ra_verify_agent);
+ }
+\ No newline at end of file
+diff --git a/component/remote_attest/ra_verify/sgx_ra_report_verify.h b/component/remote_attest/ra_verify/sgx_ra_report_verify.h
+deleted file mode 100644
+index 773f484..0000000
+--- a/component/remote_attest/ra_verify/sgx_ra_report_verify.h
+++ /dev/null
+@@ -1,30 +0,0 @@
+-/*
+- * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+- * secGear is licensed under the Mulan PSL v2.
+- * You can use this software according to the terms and conditions of the Mulan PSL v2.
+- * You may obtain a copy of Mulan PSL v2 at:
+- *     http://license.coscl.org.cn/MulanPSL2
+- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+- * PURPOSE.
+- * See the Mulan PSL v2 for more details.
+- */
+-
+-#ifndef SECGEAR_SGX_RA_REPORT_VERIFY_H
+-#define SECGEAR_SGX_RA_REPORT_VERIFY_H
+-
+-#include "status.h"
+-#include "sg_report_st.h"
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-cc_enclave_result_t sgx_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
+-    cc_ra_verify_type_t type, char *basevalue);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif
+diff --git a/examples/secure_channel/client/CMakeLists.txt b/examples/secure_channel/client/CMakeLists.txt
+index 4c05022..ea8f079 100644
+--- a/examples/secure_channel/client/CMakeLists.txt
+++ b/examples/secure_channel/client/CMakeLists.txt
+@@ -15,7 +15,11 @@ target_include_directories(${OUTPUT} PRIVATE
+ if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+     target_link_directories(${OUTPUT} PRIVATE /usr/lib64 /usr/local/lib)
+ endif()
+-target_link_libraries(${OUTPUT} pthread csecure_channel)
+if (CC_GP)
+    set(THIRDPARTY_VERIFY teeverifier)
+endif()
+
+target_link_libraries(${OUTPUT} pthread csecure_channel ${THIRDPARTY_VERIFY})
+ 
+ set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE)
+ 
+diff --git a/examples/secure_channel/client_with_recv_thread/CMakeLists.txt b/examples/secure_channel/client_with_recv_thread/CMakeLists.txt
+index 63f2c78..1e27d72 100644
+--- a/examples/secure_channel/client_with_recv_thread/CMakeLists.txt
+++ b/examples/secure_channel/client_with_recv_thread/CMakeLists.txt
+@@ -15,7 +15,10 @@ target_include_directories(${OUTPUT} PRIVATE
+ if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+     target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+ endif()
+-target_link_libraries(${OUTPUT} pthread csecure_channel)
+if (CC_GP)
+    set(THIRDPARTY_VERIFY teeverifier)
+endif()
+target_link_libraries(${OUTPUT} pthread csecure_channel ${THIRDPARTY_VERIFY})
+ 
+ set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE)
+ 
+diff --git a/examples/secure_channel/client_with_recv_thread/client.c b/examples/secure_channel/client_with_recv_thread/client.c
+index 52ebc10..db142bb 100644
+--- a/examples/secure_channel/client_with_recv_thread/client.c
+++ b/examples/secure_channel/client_with_recv_thread/client.c
+@@ -10,7 +10,7 @@
+ #include "secure_channel_client.h"
+ 
+ 
+-#define MAXBUF 1024
+#define MAXBUF 12800
+ cc_sec_chl_ctx_t g_ctx = {0};
+ 
+ void *recv_msg_thread(void *arg)
+@@ -87,6 +87,7 @@ int main(int argc, char **argv)
+     // step1: 初始化安全通道客户端，注册消息发送函数
+     g_ctx.conn_kit.send = (void *)socket_write_adpt;
+     g_ctx.conn_kit.conn = &sockfd;
+    g_ctx.basevalue = "/vendor/bin/basevalue.txt";  // content format:taid image_hash mem_hash
+ 
+     // step2: 创建消息接收线程
+     pthread_t thread;
+-- 
+2.33.0
+
--- a/0064-support-local-attest.patch
+++ b/0064-support-local-attest.patch
@ -0,0 +1,852 @@
+From d866feaeb8476541025efa4325459fae3f7f3493 Mon Sep 17 00:00:00 2001
+From: houmingyong <houmingyong@huawei.com>
+Date: Mon, 29 May 2023 21:29:46 +0800
+Subject: [PATCH] support local attest
+
+---
+ CMakeLists.txt                                |   9 +-
+ component/CMakeLists.txt                      |   1 +
+ component/local_attest/CMakeLists.txt         |  60 +++++++
+ component/local_attest/gp_local_attest.c      | 153 ++++++++++++++++++
+ component/local_attest/local_attest_agent.h   |  28 ++++
+ component/local_attest/sg_local_attest.c      |  22 +++
+ component/local_attest/sg_local_attest.h      |  29 ++++
+ component/local_attest/sgx_local_attest.c     |  20 +++
+ .../remote_attest/ra_report/CMakeLists.txt    |   2 +-
+ .../remote_attest/ra_report/gp_ra_report.c    | 131 +--------------
+ .../ra_report/gp_report_helper.c              | 121 ++++++++++++++
+ .../ra_report/gp_report_helper.h              |  24 +++
+ .../client/secure_channel_client.c            |   7 +-
+ .../secure_channel/enclave/CMakeLists.txt     |   3 -
+ examples/secure_channel/basevalue.txt         |   1 +
+ examples/secure_channel/client/client.c       |   9 +-
+ .../client_with_recv_thread/client.c          |   9 +-
+ inc/host_inc/status.h                         |   2 +
+ 18 files changed, 489 insertions(+), 142 deletions(-)
+ create mode 100644 component/local_attest/CMakeLists.txt
+ create mode 100644 component/local_attest/gp_local_attest.c
+ create mode 100644 component/local_attest/local_attest_agent.h
+ create mode 100644 component/local_attest/sg_local_attest.c
+ create mode 100644 component/local_attest/sg_local_attest.h
+ create mode 100644 component/local_attest/sgx_local_attest.c
+ create mode 100644 component/remote_attest/ra_report/gp_report_helper.c
+ create mode 100644 component/remote_attest/ra_report/gp_report_helper.h
+ create mode 100644 examples/secure_channel/basevalue.txt
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 079be3b..25e6381 100644
+--- a/CMakeLists.txt
+++ b/CMakeLists.txt
+@@ -17,9 +17,6 @@ set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib)
+  
+ set(LOCAL_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR})
+ 
+- 
+-set(SECGEAR_DEBUG_LEVEL SECGEAR_LOG_LEVEL_DEBUG)
+-add_definitions(-DSECGEAR_DEBUG_LEVEL=${SECGEAR_DEBUG_LEVEL})
+ message("=============cmake help info=======================") 
+ message("Example default cmd: cmake ..")
+ message("same with default: cmake -DENCLAVE=SGX -DSDK_PATH=/opt/intel/sgxsdk -DSSL_PATH=/opt/intel/sgxssl ..")
+@@ -40,6 +37,12 @@ set(PL_SDK_DEFAULT_PATH /root/dev/sdk)
+ 
+ if(CMAKE_BUILD_TYPE MATCHES "Debug")
+ 	add_definitions(-DDEBUG_FILE_LINE)
+	#set enclave log level
+	set(PRINT_LEVEL 3)
+	add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL})
+	#set host log level
+	set(SECGEAR_DEBUG_LEVEL SECGEAR_LOG_LEVEL_DEBUG)
+	add_definitions(-DSECGEAR_DEBUG_LEVEL=${SECGEAR_DEBUG_LEVEL})
+ endif()
+ set(CMAKE_C_FLAGS "-fstack-protector-all -W -Wall -Werror -Wextra -Werror=array-bounds -D_FORTIFY_SOURCE=2 -O2 -ftrapv")
+ set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s")
+diff --git a/component/CMakeLists.txt b/component/CMakeLists.txt
+index 7442334..83aa4cd 100644
+--- a/component/CMakeLists.txt
+++ b/component/CMakeLists.txt
+@@ -13,6 +13,7 @@ set(LIBRARY_INSTALL ${LOCAL_ROOT_PATH_INSTALL}/usr/lib64)
+ ADD_SUBDIRECTORY(secure_channel)
+ 
+ ADD_SUBDIRECTORY(remote_attest)
+ADD_SUBDIRECTORY(local_attest)
+ 
+ 
+  
+diff --git a/component/local_attest/CMakeLists.txt b/component/local_attest/CMakeLists.txt
+new file mode 100644
+index 0000000..45ebf82
+--- /dev/null
+++ b/component/local_attest/CMakeLists.txt
+@@ -0,0 +1,60 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+# secGear is licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+#     http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# PURPOSE.
+# See the Mulan PSL v2 for more details.
+set(target_lib secgear_la)
+
+set(CMAKE_C_FLAGS "-W -Wall -fno-short-enums -fno-omit-frame-pointer -fstack-protector-strong -Wstack-protector \
+                  --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs -fno-peephole \
+                  -fno-peephole2 -Wno-main -Wno-error=unused-parameter -Wno-error=unused-but-set-variable \
+                  -Wno-error=format-truncation= -D_FORTIFY_SOURCE=2 -O2")
+set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles")
+
+set(SOURCE_FILES sg_local_attest.c)
+
+if(CC_SGX)
+    set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}")
+    add_definitions(-DSGX_ENCLAVE)
+    set(SOURCE_FILES ${SOURCE_FILES} sgx_local_attest.c)
+endif()
+
+if(CC_GP)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -march=armv8-a -fPIC")
+    set(CMAKE_SHARED_LINKER_FLAGS  "${COMMON_C_LINK_FLAGS} -Wl,-s")
+    add_definitions(-DGP_ENCLAVE)
+    aux_source_directory(${LOCAL_ROOT_PATH}/thirdparty/cjson/ CJSON_SRC)
+    FILE (GLOB_RECURSE BASE64_SRC "${LOCAL_ROOT_PATH}/thirdparty/base64url/*.c")
+    set(REPORT_HELPER ${LOCAL_ROOT_PATH}/component/remote_attest/ra_report/gp_report_helper.c)
+    set(SOURCE_FILES ${SOURCE_FILES} gp_local_attest.c ${CJSON_SRC} ${BASE64_SRC} ${REPORT_HELPER})
+    set(INCLUDE_DIR ${SDK_PATH}/include/TA
+                    ${SDK_PATH}/include/TA/huawei_ext
+                    ${SDK_PATH}/thirdparty/open_source/musl/libc
+                    ${SDK_PATH}/thirdparty/open_source/musl/libc/arch/aarch64
+                    ${SDK_PATH}/thirdparty/open_source/musl/libc/arch/generic
+                    ${LOCAL_ROOT_PATH}/thirdparty/cjson
+                    ${LOCAL_ROOT_PATH}/thirdparty/base64url
+                    ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee)
+endif()
+
+add_library(${target_lib} STATIC  ${SOURCE_FILES})
+
+target_include_directories(${target_lib} PRIVATE
+    ${LOCAL_ROOT_PATH}/inc/host_inc
+    ${LOCAL_ROOT_PATH}/component/remote_attest
+    ${LOCAL_ROOT_PATH}/component/remote_attest/ra_report
+    ${INCLUDE_DIR})
+
+install(TARGETS  ${target_lib}
+        ARCHIVE
+        DESTINATION ${LIBRARY_INSTALL}
+        PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ  GROUP_EXECUTE WORLD_READ  WORLD_EXECUTE)
+
+file(GLOB LA_HEADERS sg_local_attest.h)
+install(FILES ${LA_HEADERS}
+        DESTINATION /usr/include/secGear
+        PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
+diff --git a/component/local_attest/gp_local_attest.c b/component/local_attest/gp_local_attest.c
+new file mode 100644
+index 0000000..7f75147
+--- /dev/null
+++ b/component/local_attest/gp_local_attest.c
+@@ -0,0 +1,153 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+#include "tee_ra_api.h"
+#include "tee_crypto_api.h"
+#include "base64url.h"
+#include "cJSON.h"
+#include "secgear_log.h"
+#include "status.h"
+#include "sg_report_st.h"
+#include "local_attest_agent.h"
+#include "gp_report_helper.h"
+
+#define CC_HASH_LEN 64
+typedef struct {
+    char *taid;
+    char *img_hash;
+    char *mem_hash;
+} gp_basevalue_t;
+
+#define HEX_ONE_CHAR_BITS 4
+#define HEX_BYTE_MAX 0xf
+
+static void hex2str(const uint8_t *source, int source_len, char *dest)
+{
+    char *hexEncode = "0123456789abcdef";
+    int i = 0, j =  0;
+    for (i = 0; i < source_len; i++) {
+        dest[j++] = hexEncode[(source[i] >> HEX_ONE_CHAR_BITS) & HEX_BYTE_MAX];
+        dest[j++] = hexEncode[(source[i]) & HEX_BYTE_MAX];
+    }
+}
+
+static cc_enclave_result_t gp_compare_hash(gp_basevalue_t *basevalue, char *ta_img, char *ta_mem)
+{
+    size_t imglen = 0;
+    size_t memlen = 0;
+    uint8_t *decodedimg = kpsecl_base64urldecode(ta_img, strlen(ta_img), &imglen);
+    uint8_t *decodedmem = kpsecl_base64urldecode(ta_mem, strlen(ta_mem), &memlen);
+
+    char heximg[CC_HASH_LEN + 1] = {0};
+    char hexmem[CC_HASH_LEN + 1] = {0};
+    hex2str(decodedimg, imglen, heximg);
+    hex2str(decodedmem, memlen, hexmem);
+    free(decodedimg);
+    free(decodedmem);
+
+    PrintInfo(PRINT_STRACE, "heximg:%s, hexmem:%s", heximg, hexmem);
+    PrintInfo(PRINT_STRACE, "img_hash:%s, mem_hash:%s", basevalue->img_hash, basevalue->mem_hash);
+
+    if (memcmp(heximg, basevalue->img_hash, strlen(basevalue->img_hash)) != 0 ||
+        memcmp(hexmem, basevalue->mem_hash, strlen(basevalue->mem_hash)) != 0) {
+        PrintInfo(PRINT_ERROR, "verify local report hash failed!\n");
+        return CC_ERROR_LOCAL_REPORT_HASH_MISMATCH;
+    }
+    return CC_SUCCESS;
+}
+
+static cc_enclave_result_t gp_verify_local_report(gp_basevalue_t *basevalue, uint8_t *nonce, size_t nonce_len,
+    cc_ra_buf_t *report)
+{
+    char *b64_nonce = NULL;
+    size_t b64_nonce_len = 0;
+    cc_enclave_result_t ret = CC_ERROR_LOCAL_REPORT_INVALID;
+
+    cJSON *cj_report = cJSON_ParseWithLength((char *)report->buf, report->len);
+    if (cj_report == NULL) {
+        PrintInfo(PRINT_ERROR, "report to json failed\n");
+        return ret;
+    }
+    cJSON *cj_payload = cJSON_GetObjectItemCaseSensitive(cj_report, "payload");
+    if (cj_payload == NULL) {
+        PrintInfo(PRINT_ERROR, "report payload failed!\n");
+        goto end;
+    }
+    b64_nonce = kpsecl_base64urlencode(nonce, nonce_len, &b64_nonce_len);
+    cJSON *cj_b64_nonce = cJSON_GetObjectItemCaseSensitive(cj_payload, "nonce");
+    if (cj_b64_nonce == NULL || strcmp(cj_b64_nonce->valuestring, b64_nonce)) {
+        PrintInfo(PRINT_ERROR, "check nonce value failed!\n");
+        free(b64_nonce);
+        goto end;
+    }
+    free(b64_nonce);
+
+    cJSON *cj_uuid = cJSON_GetObjectItemCaseSensitive(cj_payload, "uuid");
+    if (cj_uuid == NULL || strcmp(cj_uuid->valuestring, basevalue->taid)) {
+        PrintInfo(PRINT_ERROR, "check uuid failed!\n");
+        goto end;
+    }
+    cJSON *cj_ta_img = cJSON_GetObjectItemCaseSensitive(cj_payload, "ta_img");
+    if (cj_ta_img == NULL) {
+        PrintInfo(PRINT_ERROR, "check ta_img failed!\n");
+        goto end;
+    }
+    cJSON *cj_ta_mem = cJSON_GetObjectItemCaseSensitive(cj_payload, "ta_mem");
+    if (cj_ta_mem == NULL) {
+        PrintInfo(PRINT_ERROR, "check ta_mem failed!\n");
+        goto end;
+    }
+
+    ret = gp_compare_hash(basevalue, cj_ta_img->valuestring, cj_ta_mem->valuestring);
+end:
+    cJSON_Delete(cj_report);
+
+    return ret;
+}
+
+#define LOCAL_REPORT_OUT_LEN 0x3000
+#define LOCAL_REPORT_NONCE_LEN 32
+cc_enclave_result_t agent_local_attest(char *taid, char *img_hash, char *mem_hash)
+{
+    cc_get_ra_report_input_t ra_input = {0};
+    ra_input.taid = (uint8_t *)taid;
+    ra_input.with_tcb = false;
+
+    TEE_GenerateRandom(ra_input.nonce, LOCAL_REPORT_NONCE_LEN);
+    ra_input.nonce_len = LOCAL_REPORT_NONCE_LEN + 1;
+
+    cc_ra_buf_t *in = NULL;
+    cc_enclave_result_t ret = gen_ra_report_in_buff(&ra_input, &in);
+    if (ret != CC_SUCCESS) {
+        PrintInfo(PRINT_ERROR, "gen ra report in buff error! ret:%x\n", ret);
+        return -1;
+    }
+
+    uint8_t data[LOCAL_REPORT_OUT_LEN] = {0};
+    cc_ra_buf_t report = {LOCAL_REPORT_OUT_LEN, data};
+
+    TEE_Result gp_ret = ra_local_report((struct ra_buffer_data *)in, (struct ra_buffer_data *)&report);
+    free_cc_ra_buf(in);
+    if (gp_ret != CC_SUCCESS) {
+        PrintInfo(PRINT_ERROR, "get ra report failed, ret:%x\n", gp_ret);
+        return CC_ERROR_RA_GET_REPORT;
+    }
+
+    gp_basevalue_t basevalue = {
+        .taid = taid,
+        .img_hash = img_hash,
+        .mem_hash = mem_hash,
+    };
+    return gp_verify_local_report(&basevalue, ra_input.nonce, ra_input.nonce_len, &report);
+}
+diff --git a/component/local_attest/local_attest_agent.h b/component/local_attest/local_attest_agent.h
+new file mode 100644
+index 0000000..c79bc03
+--- /dev/null
+++ b/component/local_attest/local_attest_agent.h
+@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#ifndef SECGEAR_LOCAL_ATTEST_AGENT_H
+#define SECGEAR_LOCAL_ATTEST_AGENT_H
+
+#include "status.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+cc_enclave_result_t agent_local_attest(char *taid, char *img_hash, char *mem_hash);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+diff --git a/component/local_attest/sg_local_attest.c b/component/local_attest/sg_local_attest.c
+new file mode 100644
+index 0000000..f94473e
+--- /dev/null
+++ b/component/local_attest/sg_local_attest.c
+@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+#include "sg_local_attest.h"
+#include "local_attest_agent.h"
+
+cc_enclave_result_t cc_local_attest(char *taid, char *img_hash, char *mem_hash)
+{
+    if (taid == NULL || (img_hash == NULL && mem_hash == NULL)) {
+        return CC_ERROR_BAD_PARAMETERS;
+    }
+    
+    return agent_local_attest(taid, img_hash, mem_hash);
+}
+diff --git a/component/local_attest/sg_local_attest.h b/component/local_attest/sg_local_attest.h
+new file mode 100644
+index 0000000..97f31ef
+--- /dev/null
+++ b/component/local_attest/sg_local_attest.h
+@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#ifndef SECGEAR_LOCAL_ATTESTATION_H
+#define SECGEAR_LOCAL_ATTESTATION_H
+
+#include "status.h"
+#include "secgear_defs.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+CC_API_SPEC cc_enclave_result_t cc_local_attest(char *taid, char *img_hash, char *mem_hash);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+diff --git a/component/local_attest/sgx_local_attest.c b/component/local_attest/sgx_local_attest.c
+new file mode 100644
+index 0000000..aa772b0
+--- /dev/null
+++ b/component/local_attest/sgx_local_attest.c
+@@ -0,0 +1,20 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+#include "local_attest_agent.h"
+
+cc_enclave_result_t agent_local_attest(char *taid, char *img_hash, char *mem_hash)
+{
+    (void)taid;
+    (void)img_hash;
+    (void)mem_hash;
+    return CC_SUCCESS;
+}
+diff --git a/component/remote_attest/ra_report/CMakeLists.txt b/component/remote_attest/ra_report/CMakeLists.txt
+index 2f00dc7..4314f02 100644
+--- a/component/remote_attest/ra_report/CMakeLists.txt
+++ b/component/remote_attest/ra_report/CMakeLists.txt
+@@ -20,7 +20,7 @@ endif()
+ if(CC_GP)
+     aux_source_directory(${LOCAL_ROOT_PATH}/thirdparty/cjson/ CJSON_SRC)
+     FILE (GLOB_RECURSE BASE64_SRC "${LOCAL_ROOT_PATH}/thirdparty/base64url/*.c")
+-    set(SRC_FILES ${SRC_FILES} ${CJSON_SRC} ${BASE64_SRC} gp_ra_report.c)
+    set(SRC_FILES ${SRC_FILES} ${CJSON_SRC} ${BASE64_SRC} gp_ra_report.c gp_report_helper.c)
+     set(INCLUDE_DIR ${SDK_PATH}/include/CA
+                     ${LOCAL_ROOT_PATH}/thirdparty/cjson
+                     ${LOCAL_ROOT_PATH}/thirdparty/libqca
+diff --git a/component/remote_attest/ra_report/gp_ra_report.c b/component/remote_attest/ra_report/gp_ra_report.c
+index 4625cd3..ca1fa03 100644
+--- a/component/remote_attest/ra_report/gp_ra_report.c
+++ b/component/remote_attest/ra_report/gp_ra_report.c
+@@ -13,136 +13,8 @@
+ #include <string.h>
+ #include "ra_client_api.h"
+ #include "enclave_log.h"
+-#include "cJSON.h"
+-#include "base64url.h"
+-
+ #include "uni_ree_agent.h"
+-
+-static void free_cc_ra_buf(cc_ra_buf_t *ra_buf)
+-{
+-    if (ra_buf == NULL) {
+-        return;
+-    }
+-    if (ra_buf->buf != NULL) {
+-        free(ra_buf->buf);
+-    }
+-
+-    free(ra_buf);
+-    return;
+-}
+-
+-/* caller need to free (cc_ra_buf_t **in) */
+-static cc_enclave_result_t gen_provision_no_as_in_buff(cc_ra_buf_t **in)
+-{
+-    if (in == NULL) {
+-        return CC_ERROR_BAD_PARAMETERS;
+-    }
+-    cc_enclave_result_t ret = CC_SUCCESS;
+-    cJSON *in_json = cJSON_CreateObject();
+-    cJSON_AddStringToObject(in_json, "handler", "provisioning-input");
+-
+-    cJSON *in_payload = cJSON_CreateObject();
+-    cJSON_AddStringToObject(in_payload, "version", "TEE.RA.1.0");
+-    cJSON_AddStringToObject(in_payload, "scenario", "sce_no_as");
+-    cJSON_AddStringToObject(in_payload, "hash_alg", "HS256");
+-
+-    cJSON_AddItemToObject(in_json, "payload", in_payload);
+-
+-    char *in_buf = cJSON_PrintUnformatted(in_json);
+-    uint32_t in_buf_len = strlen(in_buf) + 1;
+-
+-    cc_ra_buf_t *tmp_ra_buf = calloc(1, sizeof(cc_ra_buf_t));
+-    if (tmp_ra_buf == NULL) {
+-        ret = CC_ERROR_RA_MEMORY;
+-        goto end;
+-    }
+-    tmp_ra_buf->buf = calloc(1, in_buf_len);
+-    if (tmp_ra_buf->buf == NULL) {
+-        ret = CC_ERROR_RA_MEMORY;
+-        free(tmp_ra_buf);
+-        goto end;
+-    }
+-    (void)memcpy(tmp_ra_buf->buf, in_buf, in_buf_len);
+-    tmp_ra_buf->len = in_buf_len;
+-
+-    *in = tmp_ra_buf;
+-end:
+-    cJSON_free(in_buf);
+-    cJSON_Delete(in_json);
+-    return ret;
+-}
+-
+-/* caller need to free (cc_ra_buf_t **in) */
+-static cc_enclave_result_t gen_ra_report_in_buff(cc_get_ra_report_input_t *param, cc_ra_buf_t **json_buf)
+-{
+-    if (param == NULL || param->taid == NULL || json_buf == NULL) {
+-        return CC_ERROR_BAD_PARAMETERS;
+-    }
+-    cc_enclave_result_t ret = CC_SUCCESS;
+-    cJSON *in_json = cJSON_CreateObject();
+-    cJSON_AddStringToObject(in_json, "handler", "report-input");
+-
+-    size_t b64_nonce_len = 0;
+-    char *b64_nonce = kpsecl_base64urlencode(param->nonce, param->nonce_len, &b64_nonce_len);
+-
+-    cJSON *in_payload = cJSON_CreateObject();
+-    cJSON_AddStringToObject(in_payload, "version", "TEE.RA.1.0");
+-    cJSON_AddStringToObject(in_payload, "nonce", b64_nonce);
+-    free(b64_nonce);
+-    cJSON_AddStringToObject(in_payload, "uuid", (char *)param->taid);
+-    cJSON_AddStringToObject(in_payload, "hash_alg", "HS256");
+-    cJSON_AddBoolToObject(in_payload, "with_tcb", param->with_tcb);
+-    if (param->req_key) {
+-        cJSON_AddBoolToObject(in_payload, "request_key", param->req_key);
+-    }
+-
+-    cJSON_AddItemToObject(in_json, "payload", in_payload);
+-
+-    char *in_buf = cJSON_PrintUnformatted(in_json);
+-    uint32_t in_buf_len = strlen(in_buf) + 1;
+-
+-    print_debug("get ra report input json buf:%s\n", in_buf);
+-
+-    cc_ra_buf_t *tmp_ra_buf = calloc(1, sizeof(cc_ra_buf_t));
+-    if (tmp_ra_buf == NULL) {
+-        ret = CC_ERROR_RA_MEMORY;
+-        goto end;
+-    }
+-    tmp_ra_buf->buf = calloc(1, in_buf_len);
+-    if (tmp_ra_buf->buf == NULL) {
+-        ret = CC_ERROR_RA_MEMORY;
+-        free(tmp_ra_buf);
+-        goto end;
+-    }
+-    (void)memcpy(tmp_ra_buf->buf, in_buf, in_buf_len);
+-    tmp_ra_buf->len = in_buf_len;
+-
+-    *json_buf = (cc_ra_buf_t *)tmp_ra_buf;
+-end:
+-    cJSON_free(in_buf);
+-    cJSON_Delete(in_json);
+-    return ret;
+-}
+-
+-static void print_ra_report(cc_ra_buf_t *report)
+-{
+-    if (report == NULL || report->buf == NULL) {
+-        return;
+-    }
+-    cJSON *cj_report = cJSON_ParseWithLength((char *)report->buf, report->len);
+-    if (cj_report == NULL) {
+-        // print_debug("cjson parse report error!\n");
+-        return;
+-    }
+-    char *str_report = cJSON_Print(cj_report);
+-
+-    print_debug("report:%s\n", str_report);
+-    print_debug("report len:%u, str_len:%lu\n", report->len, strlen(str_report));
+-
+-    cJSON_free(str_report);
+-    cJSON_Delete(cj_report);
+-    return;
+-}
+#include "gp_report_helper.h"
+ 
+ #define PROVISION_OUT_LEN 0x3000
+ static cc_enclave_result_t gp_ra_provision_no_as()
+@@ -195,7 +67,6 @@ static cc_enclave_result_t gp_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_
+         print_error_term("get ra report failed, ret:%x\n", gp_ret);
+         return CC_ERROR_RA_GET_REPORT;
+     }
+-    print_ra_report(report);
+ 
+     return CC_SUCCESS;
+ }
+diff --git a/component/remote_attest/ra_report/gp_report_helper.c b/component/remote_attest/ra_report/gp_report_helper.c
+new file mode 100644
+index 0000000..0a73745
+--- /dev/null
+++ b/component/remote_attest/ra_report/gp_report_helper.c
+@@ -0,0 +1,121 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+#include <stdlib.h>
+#include <string.h>
+#include "cJSON.h"
+#include "base64url.h"
+#include "gp_report_helper.h"
+
+void free_cc_ra_buf(cc_ra_buf_t *ra_buf)
+{
+    if (ra_buf == NULL) {
+        return;
+    }
+    if (ra_buf->buf != NULL) {
+        free(ra_buf->buf);
+    }
+
+    free(ra_buf);
+    return;
+}
+
+/* caller need to free (cc_ra_buf_t **in) */
+cc_enclave_result_t gen_provision_no_as_in_buff(cc_ra_buf_t **in)
+{
+    if (in == NULL) {
+        return CC_ERROR_BAD_PARAMETERS;
+    }
+    cc_enclave_result_t ret = CC_SUCCESS;
+    cJSON *in_json = cJSON_CreateObject();
+    cJSON_AddStringToObject(in_json, "handler", "provisioning-input");
+
+    cJSON *in_payload = cJSON_CreateObject();
+    cJSON_AddStringToObject(in_payload, "version", "TEE.RA.1.0");
+    cJSON_AddStringToObject(in_payload, "scenario", "sce_no_as");
+    cJSON_AddStringToObject(in_payload, "hash_alg", "HS256");
+
+    cJSON_AddItemToObject(in_json, "payload", in_payload);
+
+    char *in_buf = cJSON_PrintUnformatted(in_json);
+    uint32_t in_buf_len = strlen(in_buf) + 1;
+
+    cc_ra_buf_t *tmp_ra_buf = calloc(1, sizeof(cc_ra_buf_t));
+    if (tmp_ra_buf == NULL) {
+        ret = CC_ERROR_RA_MEMORY;
+        goto end;
+    }
+    tmp_ra_buf->buf = calloc(1, in_buf_len);
+    if (tmp_ra_buf->buf == NULL) {
+        ret = CC_ERROR_RA_MEMORY;
+        free(tmp_ra_buf);
+        goto end;
+    }
+    (void)memcpy(tmp_ra_buf->buf, in_buf, in_buf_len);
+    tmp_ra_buf->len = in_buf_len;
+
+    *in = tmp_ra_buf;
+end:
+    cJSON_free(in_buf);
+    cJSON_Delete(in_json);
+    return ret;
+}
+
+/* caller need to free (cc_ra_buf_t **in) */
+cc_enclave_result_t gen_ra_report_in_buff(cc_get_ra_report_input_t *param, cc_ra_buf_t **json_buf)
+{
+    if (param == NULL || param->taid == NULL || json_buf == NULL) {
+        return CC_ERROR_BAD_PARAMETERS;
+    }
+    cc_enclave_result_t ret = CC_SUCCESS;
+    cJSON *in_json = cJSON_CreateObject();
+    cJSON_AddStringToObject(in_json, "handler", "report-input");
+
+    size_t b64_nonce_len = 0;
+    char *b64_nonce = kpsecl_base64urlencode(param->nonce, param->nonce_len, &b64_nonce_len);
+
+    cJSON *in_payload = cJSON_CreateObject();
+    cJSON_AddStringToObject(in_payload, "version", "TEE.RA.1.0");
+    cJSON_AddStringToObject(in_payload, "nonce", b64_nonce);
+    free(b64_nonce);
+    cJSON_AddStringToObject(in_payload, "uuid", (char *)param->taid);
+    cJSON_AddStringToObject(in_payload, "hash_alg", "HS256");
+    cJSON_AddBoolToObject(in_payload, "with_tcb", param->with_tcb);
+    if (param->req_key) {
+        cJSON_AddBoolToObject(in_payload, "request_key", param->req_key);
+    }
+
+    cJSON_AddItemToObject(in_json, "payload", in_payload);
+
+    char *in_buf = cJSON_PrintUnformatted(in_json);
+    uint32_t in_buf_len = strlen(in_buf) + 1;
+
+    cc_ra_buf_t *tmp_ra_buf = calloc(1, sizeof(cc_ra_buf_t));
+    if (tmp_ra_buf == NULL) {
+        ret = CC_ERROR_RA_MEMORY;
+        goto end;
+    }
+    tmp_ra_buf->buf = calloc(1, in_buf_len);
+    if (tmp_ra_buf->buf == NULL) {
+        ret = CC_ERROR_RA_MEMORY;
+        free(tmp_ra_buf);
+        goto end;
+    }
+    (void)memcpy(tmp_ra_buf->buf, in_buf, in_buf_len);
+    tmp_ra_buf->len = in_buf_len;
+
+    *json_buf = (cc_ra_buf_t *)tmp_ra_buf;
+end:
+    cJSON_free(in_buf);
+    cJSON_Delete(in_json);
+    return ret;
+}
+
+diff --git a/component/remote_attest/ra_report/gp_report_helper.h b/component/remote_attest/ra_report/gp_report_helper.h
+new file mode 100644
+index 0000000..58786d9
+--- /dev/null
+++ b/component/remote_attest/ra_report/gp_report_helper.h
+@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#ifndef SECGEAR_GP_REPORT_HELPER_H
+#define SECGEAR_GP_REPORT_HELPER_H
+
+#include "status.h"
+#include "sg_report_st.h"
+
+cc_enclave_result_t gen_provision_no_as_in_buff(cc_ra_buf_t **in);
+cc_enclave_result_t gen_ra_report_in_buff(cc_get_ra_report_input_t *param, cc_ra_buf_t **json_buf);
+void free_cc_ra_buf(cc_ra_buf_t *ra_buf);
+
+#endif
+
+diff --git a/component/secure_channel/client/secure_channel_client.c b/component/secure_channel/client/secure_channel_client.c
+index 27b0812..21067b1 100644
+--- a/component/secure_channel/client/secure_channel_client.c
+++ b/component/secure_channel/client/secure_channel_client.c
+@@ -191,10 +191,11 @@ static cc_enclave_result_t get_taid_from_file(char *file, char *taid)
+     }
+ 
+     int ret = fscanf(fp, "%s", taid);    // only read taid from line
+-    
+-    printf("read ret:%d, taid:%s\n", ret, taid);
+-
+     fclose(fp);
+    if (ret < 0) {
+        printf("secure channel init read taid and hash from file failed\n");
+        return CC_ERROR_SEC_CHL_INIT_GET_TAID;
+    }
+ 
+     return CC_SUCCESS;
+ }
+diff --git a/component/secure_channel/enclave/CMakeLists.txt b/component/secure_channel/enclave/CMakeLists.txt
+index a84de8a..b2050fb 100644
+--- a/component/secure_channel/enclave/CMakeLists.txt
+++ b/component/secure_channel/enclave/CMakeLists.txt
+@@ -14,9 +14,6 @@ set(PREFIX secure_channel)
+ set(SOURCE_FILES secure_channel_enclave.c ${CMAKE_CURRENT_SOURCE_DIR}/../secure_channel_common.c)
+ FILE (GLOB_RECURSE BASE64_SRC "${LOCAL_ROOT_PATH}/thirdparty/base64url/*.c")
+ 
+-set(PRINT_LEVEL 3)
+-add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL})
+-
+ if(CC_GP)
+     add_definitions(-DGP_ENCLAVE)
+     set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h)
+diff --git a/examples/secure_channel/basevalue.txt b/examples/secure_channel/basevalue.txt
+new file mode 100644
+index 0000000..694c455
+--- /dev/null
+++ b/examples/secure_channel/basevalue.txt
+@@ -0,0 +1 @@
+7763a15a-0a9e-4e86-90cd-e4262583948a 8b7373be89840534eafc2836110b31c7fee5b96ebbab09a1db87c34be393afee 52bc57fb201ebd00fcc66059084dfb38e98c0e4d11d7131d29448bc6f7cb5939
+diff --git a/examples/secure_channel/client/client.c b/examples/secure_channel/client/client.c
+index 08d2574..28b3695 100644
+--- a/examples/secure_channel/client/client.c
+++ b/examples/secure_channel/client/client.c
+@@ -49,6 +49,13 @@ int main(int argc, char **argv)
+     cc_enclave_result_t ret;
+     struct sockaddr_in svr_addr;
+ 
+    char *ta_basevalue_file = "../basevalue.txt";
+    char basevalue_real_path[PATH_MAX] = {0};
+    if (realpath(ta_basevalue_file, basevalue_real_path) == NULL) {
+        printf("ta basevalue file path error\n");
+        return -1;
+    }
+
+     sockfd = socket(AF_INET, SOCK_STREAM, 0);
+     if (sockfd == -1) {
+         printf("create socket failed\n");
+@@ -69,7 +76,7 @@ int main(int argc, char **argv)
+     // step1: 初始化安全通道客户端，注册消息发送函数
+     g_ctx.conn_kit.send = (void *)socket_write_and_read;
+     g_ctx.conn_kit.conn = &sockfd;
+-    g_ctx.basevalue = "/vendor/bin/basevalue.txt";  // content format:taid image_hash mem_hash
+    g_ctx.basevalue = basevalue_real_path;  // content format:taid image_hash mem_hash
+     ret = cc_sec_chl_client_init(CC_SEC_CHL_ALGO_RSA_ECDH_AES_GCM, &g_ctx);
+     if (ret != CC_SUCCESS) {
+         printf("secure channel init failed:%u\n", ret);
+diff --git a/examples/secure_channel/client_with_recv_thread/client.c b/examples/secure_channel/client_with_recv_thread/client.c
+index db142bb..d492624 100644
+--- a/examples/secure_channel/client_with_recv_thread/client.c
+++ b/examples/secure_channel/client_with_recv_thread/client.c
+@@ -67,6 +67,13 @@ int main(int argc, char **argv)
+     cc_enclave_result_t ret;
+     struct sockaddr_in svr_addr;
+ 
+    char *ta_basevalue_file = "../basevalue.txt";
+    char basevalue_real_path[PATH_MAX] = {0};
+    if (realpath(ta_basevalue_file, basevalue_real_path) == NULL) {
+        printf("ta basevalue file path error\n");
+        return -1;
+    }
+
+     sockfd = socket(AF_INET, SOCK_STREAM, 0);
+     if (sockfd == -1) {
+         printf("create socket failed\n");
+@@ -87,7 +94,7 @@ int main(int argc, char **argv)
+     // step1: 初始化安全通道客户端，注册消息发送函数
+     g_ctx.conn_kit.send = (void *)socket_write_adpt;
+     g_ctx.conn_kit.conn = &sockfd;
+-    g_ctx.basevalue = "/vendor/bin/basevalue.txt";  // content format:taid image_hash mem_hash
+    g_ctx.basevalue = basevalue_real_path;  // content format:taid image_hash mem_hash
+ 
+     // step2: 创建消息接收线程
+     pthread_t thread;
+diff --git a/inc/host_inc/status.h b/inc/host_inc/status.h
+index 56f4da4..0ecb243 100644
+--- a/inc/host_inc/status.h
+++ b/inc/host_inc/status.h
+@@ -89,6 +89,8 @@ typedef enum _enclave_result_t
+ 
+     CC_ERROR_REE_AGENT_NOT_INIT,
+     CC_ERROR_RA_VERIFY_AGENT_NOT_INIT,
+    CC_ERROR_LOCAL_REPORT_INVALID,
+    CC_ERROR_LOCAL_REPORT_HASH_MISMATCH,
+ /* secure channel */
+     CC_ERROR_SEC_CHL_INVALID_CONN,          /* invalid connection */
+     CC_ERROR_SEC_CHL_LEN_NOT_ENOUGH,       /* the buf length to store secure channle encrypt/decrypt is not enough */
+-- 
+2.33.0
+
--- a/0065-optimize-name-ree-agent-to-ra-agent.patch
+++ b/0065-optimize-name-ree-agent-to-ra-agent.patch
@ -0,0 +1,268 @@
+From 9ae8329b203d7d64b18958b79c8ce21ef46f8baf Mon Sep 17 00:00:00 2001
+From: houmingyong <houmingyong@huawei.com>
+Date: Thu, 1 Jun 2023 19:28:26 +0800
+Subject: [PATCH] optimize name ree agent to ra agent
+
+---
+ component/local_attest/sg_local_attest.h      | 14 +++++++++++++
+ .../remote_attest/ra_report/gp_ra_report.c    |  8 ++++----
+ .../remote_attest/ra_report/sg_ra_report.c    | 20 +++++++++----------
+ .../remote_attest/ra_report/sg_ra_report.h    | 13 +++++++++---
+ .../remote_attest/ra_report/sgx_ra_report.c   |  8 ++++----
+ .../{uni_ree_agent.h => uni_ra_agent.h}       |  8 ++++----
+ .../ra_verify/sg_ra_report_verify.h           | 15 +++++++++++++-
+ .../client/secure_channel_client.h            |  3 +++
+ inc/host_inc/status.h                         |  2 +-
+ 9 files changed, 64 insertions(+), 27 deletions(-)
+ rename component/remote_attest/ra_report/{uni_ree_agent.h => uni_ra_agent.h} (89%)
+
+diff --git a/component/local_attest/sg_local_attest.h b/component/local_attest/sg_local_attest.h
+index 97f31ef..e615073 100644
+--- a/component/local_attest/sg_local_attest.h
+++ b/component/local_attest/sg_local_attest.h
+@@ -20,6 +20,20 @@
+ extern "C" {
+ #endif
+ 
+/**
+* [host TEE API] get and verify local attestation report by TA
+* [NOTICE] before calling cc_local_attest, the attestation service
+* need to be initialized by cc_prepare_ra_env, otherwise get report error
+*
+* @param[in] taid, the unique ID stirng of target TA
+*
+* @param[in] img_hash, the static image measure of target TA
+*
+* @param[in] mem_hash, the static memory measure of target TA
+*
+* @retval, On success, return 0.
+*          On error, cc_enclave_result_t errorno is returned.
+*/
+ CC_API_SPEC cc_enclave_result_t cc_local_attest(char *taid, char *img_hash, char *mem_hash);
+ 
+ #ifdef __cplusplus
+diff --git a/component/remote_attest/ra_report/gp_ra_report.c b/component/remote_attest/ra_report/gp_ra_report.c
+index ca1fa03..29c6a6a 100644
+--- a/component/remote_attest/ra_report/gp_ra_report.c
+++ b/component/remote_attest/ra_report/gp_ra_report.c
+@@ -13,7 +13,7 @@
+ #include <string.h>
+ #include "ra_client_api.h"
+ #include "enclave_log.h"
+-#include "uni_ree_agent.h"
+#include "uni_ra_agent.h"
+ #include "gp_report_helper.h"
+ 
+ #define PROVISION_OUT_LEN 0x3000
+@@ -71,12 +71,12 @@ static cc_enclave_result_t gp_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_
+     return CC_SUCCESS;
+ }
+ 
+-static uni_ree_agent_t g_gp_agent = {
+static uni_ra_agent_t g_gp_agent = {
+     .tee_type = CC_TEE_TYPE_GP,
+     .prepare_ra_env = gp_prepare_ra_env,
+     .get_ra_report = gp_get_ra_report,
+ };
+-static __attribute__((constructor)) void gp_register_ree_agent(void)
+static __attribute__((constructor)) void gp_register_ra_agent(void)
+ {
+-    cc_register_ree_agent(&g_gp_agent);
+    cc_register_ra_agent(&g_gp_agent);
+ }
+\ No newline at end of file
+diff --git a/component/remote_attest/ra_report/sg_ra_report.c b/component/remote_attest/ra_report/sg_ra_report.c
+index 21ad417..20eba26 100644
+--- a/component/remote_attest/ra_report/sg_ra_report.c
+++ b/component/remote_attest/ra_report/sg_ra_report.c
+@@ -10,15 +10,15 @@
+  * See the Mulan PSL v2 for more details.
+  */
+ #include "sg_ra_report.h"
+-#include "uni_ree_agent.h"
+#include "uni_ra_agent.h"
+ 
+-static uni_ree_agent_t *g_ree_agent = NULL;
+static uni_ra_agent_t *g_ra_agent = NULL;
+ cc_enclave_result_t cc_prepare_ra_env(cc_ra_scenario_t scenario)
+ {
+-    if (g_ree_agent == NULL) {
+-        return CC_ERROR_REE_AGENT_NOT_INIT;
+    if (g_ra_agent == NULL) {
+        return CC_ERROR_RA_AGENT_NOT_INIT;
+     }
+-    return g_ree_agent->prepare_ra_env(scenario);
+    return g_ra_agent->prepare_ra_env(scenario);
+ }
+ 
+ cc_enclave_result_t cc_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report)
+@@ -26,13 +26,13 @@ cc_enclave_result_t cc_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *
+     if (in == NULL || in->taid == NULL || report == NULL || report->buf == NULL) {
+         return CC_ERROR_BAD_PARAMETERS;
+     }
+-    if (g_ree_agent == NULL) {
+-        return CC_ERROR_REE_AGENT_NOT_INIT;
+    if (g_ra_agent == NULL) {
+        return CC_ERROR_RA_AGENT_NOT_INIT;
+     }
+-    return g_ree_agent->get_ra_report(in, report);
+    return g_ra_agent->get_ra_report(in, report);
+ }
+ 
+-void cc_register_ree_agent(uni_ree_agent_t *agent)
+void cc_register_ra_agent(uni_ra_agent_t *agent)
+ {
+-    g_ree_agent = agent;
+    g_ra_agent = agent;
+ }
+diff --git a/component/remote_attest/ra_report/sg_ra_report.h b/component/remote_attest/ra_report/sg_ra_report.h
+index f3294c5..0d0d44f 100644
+--- a/component/remote_attest/ra_report/sg_ra_report.h
+++ b/component/remote_attest/ra_report/sg_ra_report.h
+@@ -21,15 +21,22 @@
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+-
+/**
+* [host REE API] prepare attest environment before get report by attestation service
+*
+* @param[in] scenario, the scenario of attestation service
+*
+* @retval, On success, return 0. 
+*          On error, cc_enclave_result_t errorno is returned.
+*/
+ CC_API_SPEC cc_enclave_result_t cc_prepare_ra_env(cc_ra_scenario_t scenario);
+ 
+ /**
+-* get remote attestation report
+* [host REE API] get remote attestation report by attestation service
+ *
+ * @param[in] in, bytes of input
+ *
+-* @param[out] report, remote attestion report, 0x3000 =< len < 0x100000
+* @param[in/out] report, remote attestion report, 0x3000 =< report->len < 0x100000
+ *
+ * @retval, On success, return 0. 
+ *          On error, cc_enclave_result_t errorno is returned.
+diff --git a/component/remote_attest/ra_report/sgx_ra_report.c b/component/remote_attest/ra_report/sgx_ra_report.c
+index 6bd0bdc..d63474e 100644
+--- a/component/remote_attest/ra_report/sgx_ra_report.c
+++ b/component/remote_attest/ra_report/sgx_ra_report.c
+@@ -9,7 +9,7 @@
+  * PURPOSE.
+  * See the Mulan PSL v2 for more details.
+  */
+-#include "uni_ree_agent.h"
+#include "uni_ra_agent.h"
+ 
+ static cc_enclave_result_t sgx_prepare_ra_env(cc_ra_scenario_t scenario)
+ {
+@@ -25,12 +25,12 @@ static cc_enclave_result_t sgx_get_ra_report(cc_get_ra_report_input_t *in, cc_ra
+     return CC_SUCCESS;
+ }
+ 
+-static uni_ree_agent_t g_sgx_agent = {
+static uni_ra_agent_t g_sgx_agent = {
+     .tee_type = CC_TEE_TYPE_SGX,
+     .prepare_ra_env = sgx_prepare_ra_env,
+     .get_ra_report = sgx_get_ra_report,
+ };
+-static __attribute__((constructor)) void sgx_register_ree_agent(void)
+static __attribute__((constructor)) void sgx_register_ra_agent(void)
+ {
+-    cc_register_ree_agent(&g_sgx_agent);
+    cc_register_ra_agent(&g_sgx_agent);
+ }
+\ No newline at end of file
+diff --git a/component/remote_attest/ra_report/uni_ree_agent.h b/component/remote_attest/ra_report/uni_ra_agent.h
+similarity index 89%
+rename from component/remote_attest/ra_report/uni_ree_agent.h
+rename to component/remote_attest/ra_report/uni_ra_agent.h
+index 65a46d1..0801ab9 100644
+--- a/component/remote_attest/ra_report/uni_ree_agent.h
+++ b/component/remote_attest/ra_report/uni_ra_agent.h
+@@ -10,8 +10,8 @@
+  * See the Mulan PSL v2 for more details.
+  */
+ 
+-#ifndef SECGEAR_UNI_REE_AGENT_H
+-#define SECGEAR_UNI_REE_AGENT_H
+#ifndef SECGEAR_UNI_RA_AGENT_H
+#define SECGEAR_UNI_RA_AGENT_H
+ 
+ #include <stdint.h>
+ #include "status.h"
+@@ -33,9 +33,9 @@ typedef struct {
+     cc_tee_type_t tee_type;
+     uni_prepare_ra_env_proc_t prepare_ra_env;
+     uni_get_ra_report_proc_t get_ra_report;
+-} uni_ree_agent_t;
+} uni_ra_agent_t;
+ 
+-void cc_register_ree_agent(uni_ree_agent_t *agent);
+void cc_register_ra_agent(uni_ra_agent_t *agent);
+ 
+ #ifdef __cplusplus
+ }
+diff --git a/component/remote_attest/ra_verify/sg_ra_report_verify.h b/component/remote_attest/ra_verify/sg_ra_report_verify.h
+index b566cef..e5da876 100644
+--- a/component/remote_attest/ra_verify/sg_ra_report_verify.h
+++ b/component/remote_attest/ra_verify/sg_ra_report_verify.h
+@@ -20,7 +20,20 @@
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+-
+/**
+* [verifier API] verify remote attestation report by verifier
+*
+* @param[in] report, the report of target TA
+*
+* @param[in] nonce, the nonce generated when get report
+*
+* @param[in] type, the mode of verify report
+*
+* @param[in] basevalue, the basevalue file path of target TA,
+*
+* @retval, On success, return 0.
+*          On error, cc_enclave_result_t errorno is returned.
+*/
+ CC_API_SPEC cc_enclave_result_t cc_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
+     cc_ra_verify_type_t type, char *basevalue);
+ 
+diff --git a/component/secure_channel/client/secure_channel_client.h b/component/secure_channel/client/secure_channel_client.h
+index e2d0b7e..2f5c13d 100644
+--- a/component/secure_channel/client/secure_channel_client.h
+++ b/component/secure_channel/client/secure_channel_client.h
+@@ -55,11 +55,14 @@ typedef enum {
+ 
+ /**
+ * secure channel init function
+* [Warning] because TA report is big, the conn_kit must have bigger read buffer
+* to carry secure channel msg(>=12320bytes).
+ *
+ * @param[in] algo, The algorithm suite of secure channel
+ *
+ * @param[in/out] ctx, The pointer of secure channel context
+ *          input need init conn_kit;
+*          input need init basevalue; the secure channel server's TA basevalue, generated by sign TA
+ *          output session_id and cc_sec_chl_handle_t
+ *
+ * @retval, On success, return 0. generate session_key between client and enclave.
+diff --git a/inc/host_inc/status.h b/inc/host_inc/status.h
+index 0ecb243..7a7920b 100644
+--- a/inc/host_inc/status.h
+++ b/inc/host_inc/status.h
+@@ -87,7 +87,7 @@ typedef enum _enclave_result_t
+     CC_ERROR_RA_REPORT_VERIFY_HASH,
+     CC_ERROR_RA_REPORT_VERIFY_INVALID_TYPE,
+ 
+-    CC_ERROR_REE_AGENT_NOT_INIT,
+    CC_ERROR_RA_AGENT_NOT_INIT,
+     CC_ERROR_RA_VERIFY_AGENT_NOT_INIT,
+     CC_ERROR_LOCAL_REPORT_INVALID,
+     CC_ERROR_LOCAL_REPORT_HASH_MISMATCH,
+-- 
+2.33.0
+
--- a/0066-fix-error-file-name.patch
+++ b/0066-fix-error-file-name.patch
@ -0,0 +1,45 @@
+From a2c0a27d8011ebb0c66c22daca17e0342d8bc5cf Mon Sep 17 00:00:00 2001
+From: houmingyong <houmingyong@huawei.com>
+Date: Fri, 2 Jun 2023 10:31:11 +0800
+Subject: [PATCH] fix error file name
+
+---
+ thirdparty/cjson/{cJSON.bak => cJSON.c}       |  0
+ .../kunpengsecl/verifier/custom_base64url.h   | 20 -------------------
+ 2 files changed, 20 deletions(-)
+ rename thirdparty/cjson/{cJSON.bak => cJSON.c} (100%)
+ delete mode 100644 thirdparty/kunpengsecl/verifier/custom_base64url.h
+
+diff --git a/thirdparty/cjson/cJSON.bak b/thirdparty/cjson/cJSON.c
+similarity index 100%
+rename from thirdparty/cjson/cJSON.bak
+rename to thirdparty/cjson/cJSON.c
+diff --git a/thirdparty/kunpengsecl/verifier/custom_base64url.h b/thirdparty/kunpengsecl/verifier/custom_base64url.h
+deleted file mode 100644
+index 1e003da..0000000
+--- a/thirdparty/kunpengsecl/verifier/custom_base64url.h
+++ /dev/null
+@@ -1,20 +0,0 @@
+-/*
+-kunpengsecl licensed under the Mulan PSL v2.
+-You can use this software according to the terms and conditions of
+-the Mulan PSL v2. You may obtain a copy of Mulan PSL v2 at:
+-    http://license.coscl.org.cn/MulanPSL2
+-THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+-EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+-MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+-See the Mulan PSL v2 for more details.
+-*/
+-
+-#ifndef CUSTOM_BASE64URL_H
+-#define CUSTOM_BASE64URL_H
+-
+-#include <stdlib.h>
+-
+-void base64urlencode(const uint8_t *src, int src_len, uint8_t *cipher, int *dest_len);
+-uint8_t *base64urldecode(const uint8_t *src, int src_len, int *dest_len);
+-
+-#endif
+-- 
+2.33.0
+
--- a/0067-local-attest-verify-input-hash-pointer.patch
+++ b/0067-local-attest-verify-input-hash-pointer.patch
@ -0,0 +1,25 @@
+From 91394f19abb7d7f5863bbf3c44a7ef83f0616ee6 Mon Sep 17 00:00:00 2001
+From: houmingyong <houmingyong@huawei.com>
+Date: Fri, 2 Jun 2023 15:47:33 +0800
+Subject: [PATCH] local attest verify input hash pointer
+
+---
+ component/local_attest/sg_local_attest.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/component/local_attest/sg_local_attest.c b/component/local_attest/sg_local_attest.c
+index f94473e..3e612cf 100644
+--- a/component/local_attest/sg_local_attest.c
+++ b/component/local_attest/sg_local_attest.c
+@@ -14,7 +14,7 @@
+ 
+ cc_enclave_result_t cc_local_attest(char *taid, char *img_hash, char *mem_hash)
+ {
+-    if (taid == NULL || (img_hash == NULL && mem_hash == NULL)) {
+    if (taid == NULL || img_hash == NULL || mem_hash == NULL) {
+         return CC_ERROR_BAD_PARAMETERS;
+     }
+     
+-- 
+2.33.0
+
--- a/0068-bugfix-when-input-empty-hash.patch
+++ b/0068-bugfix-when-input-empty-hash.patch
@ -0,0 +1,27 @@
+From 5df0040e56c697ffc4797c798dcbafde796ff5e5 Mon Sep 17 00:00:00 2001
+From: houmingyong <houmingyong@huawei.com>
+Date: Sat, 3 Jun 2023 16:05:25 +0800
+Subject: [PATCH] bugfix when input empty hash
+
+---
+ component/local_attest/gp_local_attest.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/component/local_attest/gp_local_attest.c b/component/local_attest/gp_local_attest.c
+index 7f75147..53dc5d9 100644
+--- a/component/local_attest/gp_local_attest.c
+++ b/component/local_attest/gp_local_attest.c
+@@ -59,8 +59,8 @@ static cc_enclave_result_t gp_compare_hash(gp_basevalue_t *basevalue, char *ta_i
+     PrintInfo(PRINT_STRACE, "heximg:%s, hexmem:%s", heximg, hexmem);
+     PrintInfo(PRINT_STRACE, "img_hash:%s, mem_hash:%s", basevalue->img_hash, basevalue->mem_hash);
+ 
+-    if (memcmp(heximg, basevalue->img_hash, strlen(basevalue->img_hash)) != 0 ||
+-        memcmp(hexmem, basevalue->mem_hash, strlen(basevalue->mem_hash)) != 0) {
+    if (memcmp(heximg, basevalue->img_hash, strlen(heximg)) != 0 ||
+        memcmp(hexmem, basevalue->mem_hash, strlen(hexmem)) != 0) {
+         PrintInfo(PRINT_ERROR, "verify local report hash failed!\n");
+         return CC_ERROR_LOCAL_REPORT_HASH_MISMATCH;
+     }
+-- 
+2.33.0
+
--- a/0069-adapt-sign-tool-to-pass-API_LEVEL.patch
+++ b/0069-adapt-sign-tool-to-pass-API_LEVEL.patch
@ -0,0 +1,28 @@
+From 0962d86c5a359171191c127479491217074039b7 Mon Sep 17 00:00:00 2001
+From: houmingyong <houmingyong@huawei.com>
+Date: Tue, 6 Jun 2023 21:15:39 +0800
+Subject: [PATCH] adapt sign tool to pass API_LEVEL
+
+---
+ tools/sign_tool/sign_tool.sh | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/tools/sign_tool/sign_tool.sh b/tools/sign_tool/sign_tool.sh
+index c567423..74e2514 100755
+--- a/tools/sign_tool/sign_tool.sh
+++ b/tools/sign_tool/sign_tool.sh
+@@ -122,8 +122,10 @@ itrustee_start_sign() {
+         cp ${IN_ENCLAVE} ${IN_PATH}/libcombine.so
+         OUT_PATH=$(dirname ${OUT_FILE})
+         echo ${IN_PATH} ${OUT_PATH}
+        echo "CFLAGS += -DAPI_LEVEL=${API_LEVEL}" > ${IN_PATH}/config.mk
+         python3 -B ${signtoolpath}/signtool_v3.py ${IN_PATH} ${OUT_PATH} --privateCfg ${A_CONFIG_FILE}
+-        rm -rf ${IN_PATH}/libcombine.so
+        rm -f ${IN_PATH}/config.mk
+        rm -f ${IN_PATH}/libcombine.so
+     else
+         echo "Error: illegal command"
+     fi
+-- 
+2.33.0
+
--- a/0070-sign-tool-add-invalid-param-verify.patch
+++ b/0070-sign-tool-add-invalid-param-verify.patch
@ -0,0 +1,54 @@
+From f0cd1f169bec254162c7e7d1781aabc68879fb9c Mon Sep 17 00:00:00 2001
+From: houmingyong <houmingyong@huawei.com>
+Date: Thu, 8 Jun 2023 20:51:22 +0800
+Subject: [PATCH] sign tool add invalid param verify
+
+---
+ tools/sign_tool/sign_tool.sh | 24 +++++++++++++++++++++---
+ 1 file changed, 21 insertions(+), 3 deletions(-)
+
+diff --git a/tools/sign_tool/sign_tool.sh b/tools/sign_tool/sign_tool.sh
+index 74e2514..5bf7fbb 100755
+--- a/tools/sign_tool/sign_tool.sh
+++ b/tools/sign_tool/sign_tool.sh
+@@ -17,9 +17,11 @@ print_help() {
+     echo "-k <file>       private key required for single-step method. Note: single-step method is only for the debug mode,"
+     echo "-k <file>       plaintext private key does exist in the production environment."
+     echo "-m <file>       additional config_cloud.ini for trustzone."
+-    echo "-o <file>       output parameter, the sign command outputs signed enclave, the digest command outputs signing"
+-    echo "                material, the dump command outputs data containing the SIGStruct metadata for the SGX signed"
+-    echo "                enclave, which is submitted to Intel for whitelisting."
+    echo "-o <file>       output parameter. "
+    echo "                sgx:  the sign command outputs signed enclave, the digest command outputs signing"
+    echo "                      material, the dump command outputs data containing the SIGStruct metadata for the SGX signed"
+    echo "                      enclave, which is submitted to Intel for whitelisting."
+    echo "                trustzone: /output_path/uuid.sec, uuid must be the same as the value of gpd.ta.appID in manifest.txt"
+     echo "-p <file>       signing server public key certificate, required for sgx two-step method."
+     echo "-s <file>       the signature value required for two-step method, this parameter is empty to indicate"
+     echo "                single-step method."
+@@ -116,6 +118,22 @@ itrustee_start_sign() {
+         echo "Error: missing additional config_cloud.ini file for signing iTrustee enclave"
+         exit 1
+     fi
+    if [ -z $CONFIG_FILE ]; then
+        echo "Error: missing basic config file for signing iTrustee enclave"
+        exit 1
+    fi
+    if [ ! -e $CONFIG_FILE ]; then
+        echo "No such file or directory"
+        exit 1
+    fi
+    if [ -z $IN_ENCLAVE ]; then
+        echo "Error: missing enclave file"
+        exit 1
+    fi
+    if [ ! -e $IN_ENCLAVE ]; then
+        echo "Error: No such file or directory"
+        exit 1
+    fi
+ 
+     if [ "${CMD}"x == "sign"x ]; then
+         IN_PATH=$(dirname ${CONFIG_FILE})
+-- 
+2.33.0
+
--- a/0071-adapt-report-with-request-key.patch
+++ b/0071-adapt-report-with-request-key.patch
@ -0,0 +1,155 @@
+From a6064d550da8a0b204249d16692708cc3ed14832 Mon Sep 17 00:00:00 2001
+From: houmingyong <houmingyong@huawei.com>
+Date: Tue, 20 Jun 2023 19:19:39 +0800
+Subject: [PATCH] adapt report with request key
+
+---
+ .../client/secure_channel_client.c            | 70 ++++---------------
+ .../secure_channel/host/secure_channel_host.c | 12 ----
+ 2 files changed, 15 insertions(+), 67 deletions(-)
+
+diff --git a/component/secure_channel/client/secure_channel_client.c b/component/secure_channel/client/secure_channel_client.c
+index 21067b1..6a45a1d 100644
+--- a/component/secure_channel/client/secure_channel_client.c
+++ b/component/secure_channel/client/secure_channel_client.c
+@@ -243,53 +243,6 @@ static cc_enclave_result_t request_report(cc_sec_chl_ctx_t *ctx, sec_chl_msg_typ
+     return CC_SUCCESS;
+ }
+ 
+-static cc_enclave_result_t get_ra_report(cc_sec_chl_ctx_t *ctx)
+-{
+-    return request_report(ctx, SEC_CHL_MSG_GET_RA_REPORT, false);
+-}
+-
+-static cc_enclave_result_t verify_report(cc_sec_chl_ctx_t *ctx, sec_chl_msg_t *msg)
+-{
+-    cc_enclave_result_t ret = CC_SUCCESS;
+-    if (msg->sub_type == GET_SVRPUBKEY_SUBTYPE_REPORT) {
+-        cc_ra_buf_t report = {0};
+-        report.buf = msg->data;
+-        report.len = msg->data_len;
+-        cc_ra_buf_t nonce = {0};
+-        nonce.len = SEC_CHL_REQ_NONCE_LEN;
+-        nonce.buf = ctx->handle->ra_req.nonce;
+-        ret = cc_verify_report(&report, &nonce, CC_RA_VERIFY_TYPE_STRICT, ctx->basevalue);
+-        if (ret != CC_SUCCESS) {
+-            printf("verify report failed ret:%u\n", ret);
+-            return CC_ERROR_SEC_CHL_INIT_VERIFY_REPORT;
+-        }
+-    }
+-    return ret;
+-}
+-
+-static cc_enclave_result_t recv_ra_report(cc_sec_chl_ctx_t *ctx)
+-{
+-    sec_chl_msg_t *msg = NULL;
+-
+-    pthread_mutex_lock(&ctx->handle->lock);
+-    if (ctx->handle->recv_buf_len == 0) {
+-        pthread_mutex_unlock(&ctx->handle->lock);
+-        return CC_ERROR_SEC_CHL_WAITING_RECV_MSG;
+-    }
+-    msg = (sec_chl_msg_t *)ctx->handle->recv_buf;
+-    cc_enclave_result_t ret = verify_report(ctx, msg);
+-    if (ret != CC_SUCCESS) {
+-        pthread_mutex_unlock(&ctx->handle->lock);
+-        return ret;
+-    }
+-
+-    ctx->session_id = msg->session_id;
+-    ctx->handle->recv_buf_len = 0;
+-    pthread_mutex_unlock(&ctx->handle->lock);
+-
+-    return CC_SUCCESS;
+-}
+-
+ static cc_enclave_result_t get_svr_pubkey(cc_sec_chl_ctx_t *ctx)
+ {
+     return request_report(ctx, SEC_CHL_MSG_GET_SVR_PUBKEY, true);
+@@ -311,14 +264,14 @@ static cc_enclave_result_t get_svr_key_from_report(cc_sec_chl_ctx_t *ctx, cc_ra_
+         printf("report payload failed!\n");
+         goto end;
+     }
+-    cJSON *cj_nonce = cJSON_GetObjectItemCaseSensitive(cj_payload, "nonce");
+-    if(cj_nonce == NULL) {
+-        printf("report nonce failed!\n");
+    cJSON *cj_key = cJSON_GetObjectItemCaseSensitive(cj_payload, "key");
+    if (cj_key == NULL) {
+        printf("report key failed!\n");
+         goto end;
+     }
+     // comput pubkey
+-    cJSON *cj_pub_key = cJSON_GetObjectItemCaseSensitive(cj_nonce, "pub_key");
+-    if(cj_pub_key == NULL) {
+    cJSON *cj_pub_key = cJSON_GetObjectItemCaseSensitive(cj_key, "pub_key");
+    if (cj_pub_key == NULL) {
+         printf("report pub_key failed!\n");
+         goto end;
+     }
+@@ -347,7 +300,7 @@ static cc_enclave_result_t get_svr_key_from_report(cc_sec_chl_ctx_t *ctx, cc_ra_
+     ctx->handle->rsa_svr_pubkey = svr_pub_key;
+ 
+     // save enc key to ctx
+-    cJSON *cj_enc_key = cJSON_GetObjectItemCaseSensitive(cj_nonce, "enc_key");
+    cJSON *cj_enc_key = cJSON_GetObjectItemCaseSensitive(cj_key, "enc_key");
+     if(cj_enc_key == NULL) {
+         printf("report enc_key failed!\n");
+         goto fail;
+@@ -410,6 +363,15 @@ static cc_enclave_result_t parse_svrpubkey_from_recv_msg(cc_sec_chl_ctx_t *ctx,
+         cc_ra_buf_t report = {0};
+         report.buf = msg->data;
+         report.len = msg->data_len;
+        cc_ra_buf_t nonce = {0};
+        nonce.len = SEC_CHL_REQ_NONCE_LEN;
+        nonce.buf = ctx->handle->ra_req.nonce;
+
+        ret = cc_verify_report(&report, &nonce, CC_RA_VERIFY_TYPE_STRICT, ctx->basevalue);
+        if (ret != CC_SUCCESS) {
+            printf("verify report failed ret:%u\n", ret);
+            return CC_ERROR_SEC_CHL_INIT_VERIFY_REPORT;
+        }
+ 
+         ret = get_svr_key_from_report(ctx, &report);
+         if (ret != CC_SUCCESS) {
+@@ -635,8 +597,6 @@ static cc_enclave_result_t sec_chl_compute_session_key(cc_sec_chl_ctx_t *ctx)
+ }
+ 
+ static sec_chl_fsm_state_transform_t g_state_transform_table[] = {
+-    {get_ra_report},
+-    {recv_ra_report},
+     {get_svr_pubkey},
+     {recv_svr_pubkey},
+     {set_encrypt_key_to_server_ta},
+diff --git a/component/secure_channel/host/secure_channel_host.c b/component/secure_channel/host/secure_channel_host.c
+index e7adf3c..9ef160c 100644
+--- a/component/secure_channel/host/secure_channel_host.c
+++ b/component/secure_channel/host/secure_channel_host.c
+@@ -96,15 +96,6 @@ static int sec_chl_get_ra_report(cc_enclave_t *context, sec_chl_msg_t *msg,
+     return CC_SUCCESS;
+ }
+ 
+-static int sec_chl_get_ra_report_ex(cc_enclave_t *context, sec_chl_msg_t *msg,
+-    sec_chl_msg_t **rsp_msg, size_t *rsp_msg_len)
+-{
+-    if (is_support_remote_attest(context)) {
+-        return sec_chl_get_ra_report(context, msg, rsp_msg, rsp_msg_len);
+-    }
+-    return CC_SUCCESS;
+-}
+-
+ static int sec_chl_get_pubkey(cc_enclave_t *context, sec_chl_msg_t *msg, sec_chl_msg_t **rsp_msg, size_t *rsp_msg_len)
+ {
+     if (is_support_remote_attest(context)) {
+@@ -423,9 +414,6 @@ static cc_enclave_result_t handle_recv_msg(cc_enclave_t *context, sec_chl_msg_t
+ {
+     cc_enclave_result_t ret = CC_FAIL;
+     switch (msg->msg_type) {
+-        case SEC_CHL_MSG_GET_RA_REPORT:
+-            ret = sec_chl_get_ra_report_ex(context, msg, rsp_msg, rsp_msg_len);
+-            break;
+         case SEC_CHL_MSG_GET_SVR_PUBKEY:
+             ret = sec_chl_get_pubkey(context, msg, rsp_msg, rsp_msg_len);
+             break;
+-- 
+2.33.0
+
--- a/secGear.spec
+++ b/secGear.spec
@ -1,6 +1,6 @@
 Name:		secGear
 Version:	0.1.0
-Release:	34
+Release:	35
 Summary:	secGear is an SDK to develop confidential computing apps based on hardware enclave features


@ -54,20 +54,32 @@ Patch41:	0042-destroy-rwlock-when-create-enclave-failed.patch
 Patch42:	0043-fix-partial-resource-leak.patch
 Patch43:	0044-fix-pointer-without-init-or-check-NULL.patch
 Patch44:	0045-optimize-the-private-key-usage-of-the-single-step-si.patch
-Patch45:        0046-fix-return-value.patch
-Patch46:        0047-del-print-uncontrol-form-string.patch
+Patch45:	0046-fix-return-value.patch
+Patch46:	0047-del-print-uncontrol-form-string.patch
 Patch47:	0048-Delete-the-null-determination-of-out_buf-in-codegene.patch
-Patch48:        0049-support-switchless-feature.patch
-Patch49:        0050-switchless-schedule-policy.patch
-Patch50:        0051-asynchronous-switchless.patch
-Patch51:        0052-rollback-to-common-invoking-when-async-invoking-fail.patch
-Patch52:        0053-asynchronous-switchless-example.patch
-Patch53:        0054-fix-gen-ecall-header-error.patch
-Patch54:        0055-switchless-readme-add-async-interface.patch
-Patch55:        0056-destroy-enclave-release-remain-shared-memory.patch
-Patch56:        0057-new-feature-secure-channel-support.patch
-Patch57:        0058-refactor-cmake-SDK_PATH.patch
-Patch58:        0059-adapt-itrustee_sdk-openssl-path-modification.patch
+Patch48:	0049-support-switchless-feature.patch
+Patch49:	0050-switchless-schedule-policy.patch
+Patch50:	0051-asynchronous-switchless.patch
+Patch51:	0052-rollback-to-common-invoking-when-async-invoking-fail.patch
+Patch52:	0053-asynchronous-switchless-example.patch
+Patch53:	0054-fix-gen-ecall-header-error.patch
+Patch54:	0055-switchless-readme-add-async-interface.patch
+Patch55:	0056-destroy-enclave-release-remain-shared-memory.patch
+Patch56:	0057-new-feature-secure-channel-support.patch
+Patch57:	0058-refactor-cmake-SDK_PATH.patch
+Patch58:	0059-adapt-itrustee_sdk-openssl-path-modification.patch
+Patch59:	0060-supprot-kunpeng-remote-attestation.patch
+Patch60:	0061-refactor-remote-attestation.patch
+Patch61:	0062-secure-channel-support-authentication-by-remote-atte.patch
+Patch62:	0063-some-code-optimize.patch
+Patch63:	0064-support-local-attest.patch
+Patch64:	0065-optimize-name-ree-agent-to-ra-agent.patch
+Patch65:	0066-fix-error-file-name.patch
+Patch66:	0067-local-attest-verify-input-hash-pointer.patch
+Patch67:	0068-bugfix-when-input-empty-hash.patch
+Patch68:	0069-adapt-sign-tool-to-pass-API_LEVEL.patch
+Patch69:	0070-sign-tool-add-invalid-param-verify.patch
+Patch70:	0071-adapt-report-with-request-key.patch

 BuildRequires:	gcc python automake autoconf libtool
 BUildRequires:	glibc glibc-devel cmake ocaml-dune rpm gcc-c++ openssl-libs openssl-devel
@ -129,8 +141,6 @@ install -d %{buildroot}/%{_includedir}/secGear
 install -d %{buildroot}/%{_bindir}
 install -pm 751 bin/codegen %{buildroot}/%{_bindir}
 install -pm 751 tools/sign_tool/sign_tool.sh %{buildroot}/%{_bindir}
-install -d %{buildroot}/lib/secGear/
-install -pm 751 tools/sign_tool/*.py %{buildroot}/lib/secGear
 install -pm 644 component/secure_channel/*.h %{buildroot}/%{_includedir}/secGear
 install -pm 644 component/secure_channel/*.edl %{buildroot}/%{_includedir}/secGear
 install -pm 644 component/secure_channel/client/*.h %{buildroot}/%{_includedir}/secGear
@ -151,6 +161,11 @@ install -pm 644 inc/enclave_inc/*.h %{buildroot}/%{_includedir}/secGear
 install -pm 644 inc/enclave_inc/gp/*.h %{buildroot}/%{_includedir}/secGear
 install -pm 644 inc/enclave_inc/gp/itrustee/*.h %{buildroot}/%{_includedir}/secGear
 %endif
+install -pm 644 component/remote_attest/ra_report/sg_ra_report.h %{buildroot}/%{_includedir}/secGear
+install -pm 644 component/remote_attest/ra_verify/sg_ra_report_verify.h %{buildroot}/%{_includedir}/secGear
+install -pm 644 component/remote_attest/sg_report_st.h %{buildroot}/%{_includedir}/secGear
+install -pm 644 component/local_attest/sg_local_attest.h %{buildroot}/%{_includedir}/secGear
+
 pushd %{buildroot}
 rm `find . -name secgear_helloworld` -rf
 rm `find . -name secgear_seal_data` -rf
@ -169,6 +184,9 @@ popd
 %{_libdir}/libusecure_channel.so
 %{_libdir}/libcsecure_channel.so
 %{_libdir}/libtsecure_channel.a
+%{_libdir}/libsecgear_verify.so
+%{_libdir}/libsecgear_ra.so
+%{_libdir}/libsecgear_la.a
 %ifarch x86_64
 %{_libdir}/libsgx_0.so
 %else
@ -180,7 +198,6 @@ popd
 %files devel
 %{_bindir}/*
 %{_includedir}/secGear/*
-/lib/secGear/*

 %ifarch x86_64
 %files sim
@ -194,6 +211,9 @@ popd
 systemctl restart rsyslog

 %changelog
+* Mon Sep 18 2023 wangqingsan<wangqingsan@huawei.com> - 0.1.0-35
+- synchronous features
+
 * Thu Apr 27 2023 houmingyong<houmingyong@huawei.com> - 0.1.0-34
 - DESC:backport some patchs