File _service:obs_scm:0061-refactor-remote-attestati... of Package secGear

File _service:obs_scm:0061-refactor-remote-attestation.patch of Package secGear

From ef49daeec97c51beb3548b3caa6c160079f5ac8d Mon Sep 17 00:00:00 2001
From: houmingyong <houmingyong@huawei.com>
Date: Sat, 27 May 2023 14:22:13 +0800
Subject: [PATCH 1/2] refactor remote attestation

---
 component/CMakeLists.txt                      |   9 +-
 component/remote_attest/CMakeLists.txt        |   1 -
 .../remote_attest/ra_report/CMakeLists.txt    |  39 ++--
 .../remote_attest/ra_report/gp_ra_helper.c    | 136 --------------
 .../remote_attest/ra_report/gp_ra_report.c    | 169 ++++++++++++++++--
 .../remote_attest/ra_report/gp_ra_report.h    |   2 +-
 .../remote_attest/ra_report/sg_ra_report.c    |  26 ++-
 .../remote_attest/ra_report/sg_ra_report.h    |  13 +-
 .../remote_attest/ra_report/sgx_ra_report.c   |  38 ++++
 .../remote_attest/ra_report/sgx_ra_report.h   |  24 +++
 .../remote_attest/ra_report/uni_ree_agent.h   |  44 +++++
 .../remote_attest/ra_verify/CMakeLists.txt    |  21 ++-
 .../ra_verify/gp_ra_report_verify.c           |  19 +-
 .../ra_verify/gp_ra_report_verify.h           |   8 +-
 .../ra_verify/sg_ra_report_verify.c           |  18 +-
 .../ra_verify/sg_ra_report_verify.h           |   7 +-
 .../ra_verify/sgx_ra_report_verify.c          |  33 ++++
 .../ra_verify/sgx_ra_report_verify.h          |  30 ++++
 .../uni_ra_verify_agent.h}                    |  31 ++--
 component/remote_attest/sg_report_st.h        |  14 +-
 inc/host_inc/enclave_internal.h               |   1 +
 inc/host_inc/status.h                         |  11 ++
 src/host_src/enclave_internal.c               |  10 ++
 thirdparty/base64url/b64/LICENSE              |  21 +++
 thirdparty/base64url/b64/README.md            |  84 +++++++++
 thirdparty/base64url/b64/b64.h                |  84 +++++++++
 thirdparty/base64url/b64/buffer.c             |  33 ++++
 thirdparty/base64url/b64/decode.c             | 117 ++++++++++++
 thirdparty/base64url/b64/encode.c             |  93 ++++++++++
 thirdparty/base64url/b64/notes.md             |  10 ++
 thirdparty/base64url/base64url.c              |  74 ++++++++
 thirdparty/base64url/base64url.h              |  32 ++++
 tools/sign_tool/sign_tool.sh                  |   4 +-
 33 files changed, 1036 insertions(+), 220 deletions(-)
 delete mode 100644 component/remote_attest/ra_report/gp_ra_helper.c
 create mode 100644 component/remote_attest/ra_report/sgx_ra_report.c
 create mode 100644 component/remote_attest/ra_report/sgx_ra_report.h
 create mode 100644 component/remote_attest/ra_report/uni_ree_agent.h
 create mode 100644 component/remote_attest/ra_verify/sgx_ra_report_verify.c
 create mode 100644 component/remote_attest/ra_verify/sgx_ra_report_verify.h
 rename component/remote_attest/{ra_report/gp_ra_helper.h => ra_verify/uni_ra_verify_agent.h} (57%)
 create mode 100644 thirdparty/base64url/b64/LICENSE
 create mode 100644 thirdparty/base64url/b64/README.md
 create mode 100644 thirdparty/base64url/b64/b64.h
 create mode 100644 thirdparty/base64url/b64/buffer.c
 create mode 100644 thirdparty/base64url/b64/decode.c
 create mode 100644 thirdparty/base64url/b64/encode.c
 create mode 100644 thirdparty/base64url/b64/notes.md
 create mode 100644 thirdparty/base64url/base64url.c
 create mode 100644 thirdparty/base64url/base64url.h

diff --git a/component/CMakeLists.txt b/component/CMakeLists.txt
index ee0a669..7442334 100644
--- a/component/CMakeLists.txt
+++ b/component/CMakeLists.txt
@@ -8,9 +8,12 @@
 # PURPOSE.
 # See the Mulan PSL v2 for more details.
 
+set(LIBRARY_INSTALL ${LOCAL_ROOT_PATH_INSTALL}/usr/lib64)
+
 ADD_SUBDIRECTORY(secure_channel)
-if(CC_GP)
-    ADD_SUBDIRECTORY(remote_attest)
-endif()
+
+ADD_SUBDIRECTORY(remote_attest)
+
+
  
 
diff --git a/component/remote_attest/CMakeLists.txt b/component/remote_attest/CMakeLists.txt
index 0b86c6f..f8ecac7 100644
--- a/component/remote_attest/CMakeLists.txt
+++ b/component/remote_attest/CMakeLists.txt
@@ -14,7 +14,6 @@ ADD_SUBDIRECTORY(ra_verify)
 
 file(GLOB RA_HEADERS ${CMAKE_CURRENT_SOURCE_DIR}/sg_report_st.h
                     ${CMAKE_CURRENT_SOURCE_DIR}/ra_report/sg_ra_report.h
-                    ${CMAKE_CURRENT_SOURCE_DIR}/ra_report/gp_ra_helper.h
                     ${CMAKE_CURRENT_SOURCE_DIR}/ra_verify/sg_ra_report_verify.h)
 
 install(FILES ${RA_HEADERS}
diff --git a/component/remote_attest/ra_report/CMakeLists.txt b/component/remote_attest/ra_report/CMakeLists.txt
index 6b459d7..548e786 100644
--- a/component/remote_attest/ra_report/CMakeLists.txt
+++ b/component/remote_attest/ra_report/CMakeLists.txt
@@ -8,37 +8,38 @@
 # PURPOSE.
 # See the Mulan PSL v2 for more details.
 
-project(sg_ra_report C)
+project(secgear_ra C)
 
 set(TARGET secgear_ra)
-aux_source_directory(. SRC_FILES)
-aux_source_directory(${LOCAL_ROOT_PATH}/thirdparty/cjson/ CJSON_SRC)
 
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC")
+set(SRC_FILES sg_ra_report.c)
+if(CC_SGX)
+    set(SRC_FILES ${SRC_FILES} sgx_ra_report.c)
+endif()
 
-if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
-    link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+if(CC_GP)
+    aux_source_directory(${LOCAL_ROOT_PATH}/thirdparty/cjson/ CJSON_SRC)
+    FILE (GLOB_RECURSE BASE64_SRC "${LOCAL_ROOT_PATH}/thirdparty/base64url/*.c")
+    set(SRC_FILES ${SRC_FILES} ${CJSON_SRC} ${BASE64_SRC} gp_ra_report.c)
+    set(INCLUDE_DIR ${SDK_PATH}/include/CA
+                    ${LOCAL_ROOT_PATH}/thirdparty/cjson
+                    ${LOCAL_ROOT_PATH}/thirdparty/libqca
+                    ${LOCAL_ROOT_PATH}/thirdparty/base64url)
+    set(LINK_LIB teec_adaptor)
 endif()
 
+
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC")
+
 include_directories( 
-    ${CMAKE_CURRENT_BINARY_DIR}
     ${CMAKE_CURRENT_SOURCE_DIR}
     ${CMAKE_CURRENT_SOURCE_DIR}/..
     ${LOCAL_ROOT_PATH}/inc/host_inc
-    ${SDK_PATH}/include/CA
-    ${LOCAL_ROOT_PATH}/thirdparty/cjson
-    ${LOCAL_ROOT_PATH}/thirdparty/libqca
-    ${LOCAL_ROOT_PATH}/thirdparty/kunpengsecl/verifier
-)
-add_library(${TARGET} SHARED ${SRC_FILES} ${CJSON_SRC})
-
-if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
-    target_link_directories(${TARGET} PRIVATE /usr/lib64)
-endif()
+    ${INCLUDE_DIR})
+add_library(${TARGET} SHARED ${SRC_FILES})
 
-target_link_libraries(${TARGET} teec_adaptor)
 
-set(LIBRARY_INSTALL ${LOCAL_ROOT_PATH_INSTALL}/usr/lib64)
+target_link_libraries(${TARGET} ${LINK_LIB})
 
 install(TARGETS ${TARGET} 
         LIBRARY
diff --git a/component/remote_attest/ra_report/gp_ra_helper.c b/component/remote_attest/ra_report/gp_ra_helper.c
deleted file mode 100644
index 80a01e9..0000000
--- a/component/remote_attest/ra_report/gp_ra_helper.c
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
- * secGear is licensed under the Mulan PSL v2.
- * You can use this software according to the terms and conditions of the Mulan PSL v2.
- * You may obtain a copy of Mulan PSL v2 at:
- *     http://license.coscl.org.cn/MulanPSL2
- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
- * PURPOSE.
- * See the Mulan PSL v2 for more details.
- */
-
-#include "gp_ra_helper.h"
-
-#include <string.h>
-#include "cJSON.h"
-#include "custom_base64url.h"
-#include "enclave_log.h"
-
-void free_gp_ra_buf(cc_ra_buf_t *ra_buf)
-{
-    if (ra_buf->buf != NULL) {
-        free(ra_buf->buf);
-    }
-    if (ra_buf != NULL) {
-        free(ra_buf);
-    }
-}
-
-/* caller need to free (cc_ra_buf_t **in) */
-cc_enclave_result_t gen_provision_no_as_in_buff(cc_ra_buf_t **in)
-{
-    cc_enclave_result_t ret = CC_SUCCESS;
-    cJSON *in_json = cJSON_CreateObject();
-    cJSON_AddStringToObject(in_json, "handler", "provisioning-input");
-
-    cJSON *in_payload = cJSON_CreateObject();
-    cJSON_AddStringToObject(in_payload, "version", "TEE.RA.1.0");
-    cJSON_AddStringToObject(in_payload, "scenario", "sce_no_as");
-    cJSON_AddStringToObject(in_payload, "hash_alg", "HS256");
-
-    cJSON_AddItemToObject(in_json, "payload", in_payload);
-
-    // char *in_buf = cJSON_PrintUnformatted(in_json);
-    char *in_buf = cJSON_Print(in_json);
-    uint32_t in_buf_len = strlen(in_buf) + 1;
-
-    print_debug("provision input json buf:%s\n", in_buf);
-
-    cc_ra_buf_t *tmp_ra_buf = calloc(1, sizeof(cc_ra_buf_t));
-    if (tmp_ra_buf == NULL) {
-        ret = CC_ERROR_RA_MEMORY;
-        goto end;
-    }
-    tmp_ra_buf->buf = calloc(1, in_buf_len);
-    if (tmp_ra_buf->buf == NULL) {
-        ret = CC_ERROR_RA_MEMORY;
-        free(tmp_ra_buf);
-        goto end;
-    }
-    (void)memcpy(tmp_ra_buf->buf, in_buf, in_buf_len);
-    tmp_ra_buf->len = in_buf_len;
-
-    *in = tmp_ra_buf;
-end:
-    cJSON_free(in_buf);
-    cJSON_Delete(in_json);
-    return ret;
-}
-
-/* caller need to free (cc_ra_buf_t **in) */
-cc_enclave_result_t gen_ra_report_in_buff(gp_get_ra_report_input_t *param, cc_ra_buf_t **json_buf)
-{
-    cc_enclave_result_t ret = CC_SUCCESS;
-    cJSON *in_json = cJSON_CreateObject();
-    cJSON_AddStringToObject(in_json, "handler", "report-input");
-
-    char b64_nonce[MAX_NONCE_BUF_LEN] = {0};
-    int b64_nonce_len = MAX_NONCE_BUF_LEN;
-    base64urlencode(param->nonce, param->nonce_len, (uint8_t *)b64_nonce, &b64_nonce_len);
-    print_debug("nonce_buf_len:%d, nonce_buf:%s\n", b64_nonce_len, b64_nonce);
-
-    cJSON *in_payload = cJSON_CreateObject();
-    cJSON_AddStringToObject(in_payload, "version", "TEE.RA.1.0");
-    cJSON_AddStringToObject(in_payload, "nonce", b64_nonce);
-    cJSON_AddStringToObject(in_payload, "uuid", (char *)param->uuid);
-    cJSON_AddStringToObject(in_payload, "hash_alg", "HS256");
-    cJSON_AddBoolToObject(in_payload, "with_tcb", param->with_tcb);
-
-    cJSON_AddItemToObject(in_json, "payload", in_payload);
-
-    // char *in_buf = cJSON_PrintUnformatted(in_json);
-    char *in_buf = cJSON_Print(in_json);
-    uint32_t in_buf_len = strlen(in_buf) + 1;
-
-    print_debug("get ra report input json buf:%s\n", in_buf);
-
-    cc_ra_buf_t *tmp_ra_buf = calloc(1, sizeof(cc_ra_buf_t));
-    if (tmp_ra_buf == NULL) {
-        ret = CC_ERROR_RA_MEMORY;
-        goto end;
-    }
-    tmp_ra_buf->buf = calloc(1, in_buf_len);
-    if (tmp_ra_buf->buf == NULL) {
-        ret = CC_ERROR_RA_MEMORY;
-        free(tmp_ra_buf);
-        goto end;
-    }
-    (void)memcpy(tmp_ra_buf->buf, in_buf, in_buf_len);
-    tmp_ra_buf->len = in_buf_len;
-
-    *json_buf = (cc_ra_buf_t *)tmp_ra_buf;
-end:
-    cJSON_free(in_buf);
-    cJSON_Delete(in_json);
-    return ret;
-}
-
-void print_ra_report(cc_ra_buf_t *report)
-{
-    cJSON *cj_report = cJSON_ParseWithLength((char *)report->buf, report->len);
-    if (cj_report == NULL) {
-        print_debug("cjson parse report error!\n");
-        return;
-    }
-    char *str_report = cJSON_Print(cj_report);
-
-    print_debug("report:%s\n", str_report);
-
-    cJSON_free(str_report);
-    cJSON_Delete(cj_report);
-    return;
-}
-
-
-
diff --git a/component/remote_attest/ra_report/gp_ra_report.c b/component/remote_attest/ra_report/gp_ra_report.c
index dd02d7d..978127a 100644
--- a/component/remote_attest/ra_report/gp_ra_report.c
+++ b/component/remote_attest/ra_report/gp_ra_report.c
@@ -13,12 +13,142 @@
 #include "gp_ra_report.h"
 
 #include <stdlib.h>
-#include "gp_ra_helper.h"
+#include <string.h>
 #include "ra_client_api.h"
 #include "enclave_log.h"
+#include "cJSON.h"
+#include "base64url.h"
 
-#define TEST_REPORT_OUT_LEN 0x3000
-cc_enclave_result_t gp_ra_provision_no_as()
+#include "uni_ree_agent.h"
+
+static void free_cc_ra_buf(cc_ra_buf_t *ra_buf)
+{
+    if (ra_buf == NULL) {
+        return;
+    }
+    if (ra_buf->buf != NULL) {
+        free(ra_buf->buf);
+    }
+
+    free(ra_buf);
+    return;
+}
+
+/* caller need to free (cc_ra_buf_t **in) */
+static cc_enclave_result_t gen_provision_no_as_in_buff(cc_ra_buf_t **in)
+{
+    if (in == NULL) {
+        return CC_ERROR_BAD_PARAMETERS;
+    }
+    cc_enclave_result_t ret = CC_SUCCESS;
+    cJSON *in_json = cJSON_CreateObject();
+    cJSON_AddStringToObject(in_json, "handler", "provisioning-input");
+
+    cJSON *in_payload = cJSON_CreateObject();
+    cJSON_AddStringToObject(in_payload, "version", "TEE.RA.1.0");
+    cJSON_AddStringToObject(in_payload, "scenario", "sce_no_as");
+    cJSON_AddStringToObject(in_payload, "hash_alg", "HS256");
+
+    cJSON_AddItemToObject(in_json, "payload", in_payload);
+
+    char *in_buf = cJSON_PrintUnformatted(in_json);
+    uint32_t in_buf_len = strlen(in_buf) + 1;
+
+    cc_ra_buf_t *tmp_ra_buf = calloc(1, sizeof(cc_ra_buf_t));
+    if (tmp_ra_buf == NULL) {
+        ret = CC_ERROR_RA_MEMORY;
+        goto end;
+    }
+    tmp_ra_buf->buf = calloc(1, in_buf_len);
+    if (tmp_ra_buf->buf == NULL) {
+        ret = CC_ERROR_RA_MEMORY;
+        free(tmp_ra_buf);
+        goto end;
+    }
+    (void)memcpy(tmp_ra_buf->buf, in_buf, in_buf_len);
+    tmp_ra_buf->len = in_buf_len;
+
+    *in = tmp_ra_buf;
+end:
+    cJSON_free(in_buf);
+    cJSON_Delete(in_json);
+    return ret;
+}
+
+/* caller need to free (cc_ra_buf_t **in) */
+static cc_enclave_result_t gen_ra_report_in_buff(cc_get_ra_report_input_t *param, cc_ra_buf_t **json_buf)
+{
+    if (param == NULL || param->taid == NULL || json_buf == NULL) {
+        return CC_ERROR_BAD_PARAMETERS;
+    }
+    cc_enclave_result_t ret = CC_SUCCESS;
+    cJSON *in_json = cJSON_CreateObject();
+    cJSON_AddStringToObject(in_json, "handler", "report-input");
+
+    size_t b64_nonce_len = 0;
+    char *b64_nonce = kpsecl_base64urlencode(param->nonce, param->nonce_len, &b64_nonce_len);
+
+    cJSON *in_payload = cJSON_CreateObject();
+    cJSON_AddStringToObject(in_payload, "version", "TEE.RA.1.0");
+    cJSON_AddStringToObject(in_payload, "nonce", b64_nonce);
+    free(b64_nonce);
+    cJSON_AddStringToObject(in_payload, "uuid", (char *)param->taid);
+    cJSON_AddStringToObject(in_payload, "hash_alg", "HS256");
+    cJSON_AddBoolToObject(in_payload, "with_tcb", param->with_tcb);
+    if (param->req_key) {
+        cJSON_AddBoolToObject(in_payload, "request_key", param->req_key);
+    }
+
+    cJSON_AddItemToObject(in_json, "payload", in_payload);
+
+    char *in_buf = cJSON_PrintUnformatted(in_json);
+    uint32_t in_buf_len = strlen(in_buf) + 1;
+
+    print_debug("get ra report input json buf:%s\n", in_buf);
+
+    cc_ra_buf_t *tmp_ra_buf = calloc(1, sizeof(cc_ra_buf_t));
+    if (tmp_ra_buf == NULL) {
+        ret = CC_ERROR_RA_MEMORY;
+        goto end;
+    }
+    tmp_ra_buf->buf = calloc(1, in_buf_len);
+    if (tmp_ra_buf->buf == NULL) {
+        ret = CC_ERROR_RA_MEMORY;
+        free(tmp_ra_buf);
+        goto end;
+    }
+    (void)memcpy(tmp_ra_buf->buf, in_buf, in_buf_len);
+    tmp_ra_buf->len = in_buf_len;
+
+    *json_buf = (cc_ra_buf_t *)tmp_ra_buf;
+end:
+    cJSON_free(in_buf);
+    cJSON_Delete(in_json);
+    return ret;
+}
+
+static void print_ra_report(cc_ra_buf_t *report)
+{
+    if (report == NULL || report->buf == NULL) {
+        return;
+    }
+    cJSON *cj_report = cJSON_ParseWithLength((char *)report->buf, report->len);
+    if (cj_report == NULL) {
+        // print_debug("cjson parse report error!\n");
+        return;
+    }
+    char *str_report = cJSON_Print(cj_report);
+
+    print_debug("report:%s\n", str_report);
+    print_debug("report len:%u, str_len:%lu\n", report->len, strlen(str_report));
+
+    cJSON_free(str_report);
+    cJSON_Delete(cj_report);
+    return;
+}
+
+#define PROVISION_OUT_LEN 0x3000
+static cc_enclave_result_t gp_ra_provision_no_as()
 {
     cc_ra_buf_t *in = NULL;
     cc_enclave_result_t ret;
@@ -27,11 +157,11 @@ cc_enclave_result_t gp_ra_provision_no_as()
     if (ret != CC_SUCCESS) {
         return ret;
     }
-    uint8_t data[TEST_REPORT_OUT_LEN] = {0};
-    cc_ra_buf_t report = {TEST_REPORT_OUT_LEN, data};
+    uint8_t data[PROVISION_OUT_LEN] = {0};
+    cc_ra_buf_t out = {PROVISION_OUT_LEN, data};
 
-    TEEC_Result gp_ret = RemoteAttest((struct ra_buffer_data *)in, (struct ra_buffer_data *)&report);
-    free_gp_ra_buf(in);
+    TEEC_Result gp_ret = RemoteAttest((struct ra_buffer_data *)in, (struct ra_buffer_data *)&out);
+    free_cc_ra_buf(in);
 
     if (gp_ret != TEEC_SUCCESS) {
         print_error_term("gp ra provision no as failed ret:%x\n", gp_ret);
@@ -44,7 +174,7 @@ cc_enclave_result_t gp_ra_provision_no_as()
 cc_enclave_result_t gp_prepare_ra_env(cc_ra_scenario_t scenario)
 {
     cc_enclave_result_t ret = CC_SUCCESS;
-    switch(scenario) {
+    switch (scenario) {
         case CC_RA_SCENARIO_NO_AS:
             ret = gp_ra_provision_no_as();
             break;
@@ -54,16 +184,31 @@ cc_enclave_result_t gp_prepare_ra_env(cc_ra_scenario_t scenario)
     return ret;
 }
 
-cc_enclave_result_t gp_get_ra_report(cc_ra_buf_t *in, cc_ra_buf_t *report)
+cc_enclave_result_t gp_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report)
 {
-    TEEC_Result gp_ret = RemoteAttest((struct ra_buffer_data *)in, (struct ra_buffer_data *)report);
+    cc_ra_buf_t *ra_buf_in = NULL;
+    cc_enclave_result_t ret = gen_ra_report_in_buff(in, &ra_buf_in);
+    if (ret != CC_SUCCESS) {
+        print_error_term("gen ra report ra buf in failed\n");
+        return CC_FAIL;
+    }
+    TEEC_Result gp_ret = RemoteAttest((struct ra_buffer_data *)ra_buf_in, (struct ra_buffer_data *)report);
+    free_cc_ra_buf(ra_buf_in);
     if (gp_ret != TEEC_SUCCESS) {
         print_error_term("get ra report failed, ret:%x\n", gp_ret);
         return CC_ERROR_RA_GET_REPORT;
     }
+    print_ra_report(report);
 
     return CC_SUCCESS;
 }
 
-
-
+uni_ree_agent_t g_gp_agent = {
+    .tee_type = CC_TEE_TYPE_GP,
+    .prepare_ra_env = gp_prepare_ra_env,
+    .get_ra_report = gp_get_ra_report,
+};
+static __attribute__((constructor)) void gp_register_ree_agent()
+{
+    cc_register_ree_agent(&g_gp_agent);
+}
\ No newline at end of file
diff --git a/component/remote_attest/ra_report/gp_ra_report.h b/component/remote_attest/ra_report/gp_ra_report.h
index 9d02ce3..ed58bb0 100644
--- a/component/remote_attest/ra_report/gp_ra_report.h
+++ b/component/remote_attest/ra_report/gp_ra_report.h
@@ -18,7 +18,7 @@
 
 cc_enclave_result_t gp_prepare_ra_env(cc_ra_scenario_t scenario);
 
-cc_enclave_result_t gp_get_ra_report(cc_ra_buf_t *in, cc_ra_buf_t *report);
+cc_enclave_result_t gp_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report);
 
 #endif
 
diff --git a/component/remote_attest/ra_report/sg_ra_report.c b/component/remote_attest/ra_report/sg_ra_report.c
index 1cc4bdc..21ad417 100644
--- a/component/remote_attest/ra_report/sg_ra_report.c
+++ b/component/remote_attest/ra_report/sg_ra_report.c
@@ -9,18 +9,30 @@
  * PURPOSE.
  * See the Mulan PSL v2 for more details.
  */
+#include "sg_ra_report.h"
+#include "uni_ree_agent.h"
 
-#include "gp_ra_report.h"
-
+static uni_ree_agent_t *g_ree_agent = NULL;
 cc_enclave_result_t cc_prepare_ra_env(cc_ra_scenario_t scenario)
 {
-    return gp_prepare_ra_env(scenario);
+    if (g_ree_agent == NULL) {
+        return CC_ERROR_REE_AGENT_NOT_INIT;
+    }
+    return g_ree_agent->prepare_ra_env(scenario);
 }
 
-cc_enclave_result_t cc_get_ra_report(cc_ra_buf_t *in, cc_ra_buf_t *report)
+cc_enclave_result_t cc_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report)
 {
-    return gp_get_ra_report(in, report);
+    if (in == NULL || in->taid == NULL || report == NULL || report->buf == NULL) {
+        return CC_ERROR_BAD_PARAMETERS;
+    }
+    if (g_ree_agent == NULL) {
+        return CC_ERROR_REE_AGENT_NOT_INIT;
+    }
+    return g_ree_agent->get_ra_report(in, report);
 }
 
-
-
+void cc_register_ree_agent(uni_ree_agent_t *agent)
+{
+    g_ree_agent = agent;
+}
diff --git a/component/remote_attest/ra_report/sg_ra_report.h b/component/remote_attest/ra_report/sg_ra_report.h
index 960cb02..f3294c5 100644
--- a/component/remote_attest/ra_report/sg_ra_report.h
+++ b/component/remote_attest/ra_report/sg_ra_report.h
@@ -24,8 +24,17 @@ extern "C" {
 
 CC_API_SPEC cc_enclave_result_t cc_prepare_ra_env(cc_ra_scenario_t scenario);
 
-CC_API_SPEC cc_enclave_result_t cc_get_ra_report(cc_ra_buf_t *in, cc_ra_buf_t *report);
-
+/**
+* get remote attestation report
+*
+* @param[in] in, bytes of input
+*
+* @param[out] report, remote attestion report, 0x3000 =< len < 0x100000
+*
+* @retval, On success, return 0. 
+*          On error, cc_enclave_result_t errorno is returned.
+*/
+CC_API_SPEC cc_enclave_result_t cc_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report);
 
 #ifdef __cplusplus
 }
diff --git a/component/remote_attest/ra_report/sgx_ra_report.c b/component/remote_attest/ra_report/sgx_ra_report.c
new file mode 100644
index 0000000..8d02fc3
--- /dev/null
+++ b/component/remote_attest/ra_report/sgx_ra_report.c
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#include "sgx_ra_report.h"
+#include "uni_ree_agent.h"
+
+cc_enclave_result_t sgx_prepare_ra_env(cc_ra_scenario_t scenario)
+{
+    (void)scenario;
+    return CC_SUCCESS;
+}
+
+cc_enclave_result_t sgx_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report)
+{
+    (void)in;
+    (void)report;
+
+    return CC_SUCCESS;
+}
+
+uni_ree_agent_t g_sgx_agent = {
+    .tee_type = CC_TEE_TYPE_SGX,
+    .prepare_ra_env = sgx_prepare_ra_env,
+    .get_ra_report = sgx_get_ra_report,
+};
+static __attribute__((constructor)) void sgx_register_ree_agent()
+{
+    cc_register_ree_agent(&g_sgx_agent);
+}
\ No newline at end of file
diff --git a/component/remote_attest/ra_report/sgx_ra_report.h b/component/remote_attest/ra_report/sgx_ra_report.h
new file mode 100644
index 0000000..d9a33cc
--- /dev/null
+++ b/component/remote_attest/ra_report/sgx_ra_report.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#ifndef SECGEAR_SGX_RA_REPORT_H
+#define SECGEAR_SGX_RA_REPORT_H
+
+#include "status.h"
+#include "sg_report_st.h"
+
+cc_enclave_result_t sgx_prepare_ra_env(cc_ra_scenario_t scenario);
+
+cc_enclave_result_t sgx_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report);
+
+#endif
+
diff --git a/component/remote_attest/ra_report/uni_ree_agent.h b/component/remote_attest/ra_report/uni_ree_agent.h
new file mode 100644
index 0000000..65a46d1
--- /dev/null
+++ b/component/remote_attest/ra_report/uni_ree_agent.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#ifndef SECGEAR_UNI_REE_AGENT_H
+#define SECGEAR_UNI_REE_AGENT_H
+
+#include <stdint.h>
+#include "status.h"
+#include "sg_report_st.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef cc_enclave_result_t (*uni_prepare_ra_env_proc_t)(cc_ra_scenario_t scenario);
+typedef cc_enclave_result_t (*uni_get_ra_report_proc_t)(cc_get_ra_report_input_t *in, cc_ra_buf_t *report);
+
+typedef enum {
+    CC_TEE_TYPE_GP,
+    CC_TEE_TYPE_SGX,
+} cc_tee_type_t;
+
+typedef struct {
+    cc_tee_type_t tee_type;
+    uni_prepare_ra_env_proc_t prepare_ra_env;
+    uni_get_ra_report_proc_t get_ra_report;
+} uni_ree_agent_t;
+
+void cc_register_ree_agent(uni_ree_agent_t *agent);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/component/remote_attest/ra_verify/CMakeLists.txt b/component/remote_attest/ra_verify/CMakeLists.txt
index fc92d9c..53707b1 100644
--- a/component/remote_attest/ra_verify/CMakeLists.txt
+++ b/component/remote_attest/ra_verify/CMakeLists.txt
@@ -13,10 +13,21 @@ project(sg_ra_verify C)
 set(TARGET secgear_verify)
 aux_source_directory(. SRC_FILES)
 
+set(SRC_FILES sg_ra_report_verify.c)
+if(CC_SGX)
+set(SRC_FILES ${SRC_FILES} sgx_ra_report_verify.c)
+endif()
+
+if(CC_GP)
+    set(SRC_FILES ${SRC_FILES} gp_ra_report_verify.c)
+    set(INCLUDE_DIR ${LOCAL_ROOT_PATH}/thirdparty/kunpengsecl/verifier)
+    #set(LINK_LIB teeverifier)
+endif()
+
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC")
 
 if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
-    link_directories(/usr/lib64)
+    link_directories(/usr/local/lib)
 endif()
 
 include_directories( 
@@ -24,17 +35,15 @@ include_directories(
     ${CMAKE_CURRENT_SOURCE_DIR}
     ${CMAKE_CURRENT_SOURCE_DIR}/..
     ${LOCAL_ROOT_PATH}/inc/host_inc
-    ${LOCAL_ROOT_PATH}/thirdparty/kunpengsecl/verifier
+    ${INCLUDE_DIR}
 )
 add_library(${TARGET} SHARED ${SRC_FILES})
 
 if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
-    target_link_directories(${TARGET} PRIVATE /usr/lib64)
+    target_link_directories(${TARGET} PRIVATE /usr/local/lib)
 endif()
 
-target_link_libraries(${TARGET})
-
-set(LIBRARY_INSTALL ${LOCAL_ROOT_PATH_INSTALL}/usr/lib64)
+target_link_libraries(${TARGET} ${LINK_LIB})
 
 install(TARGETS ${TARGET} 
         LIBRARY
diff --git a/component/remote_attest/ra_verify/gp_ra_report_verify.c b/component/remote_attest/ra_verify/gp_ra_report_verify.c
index 0917f7a..76debb4 100644
--- a/component/remote_attest/ra_verify/gp_ra_report_verify.c
+++ b/component/remote_attest/ra_verify/gp_ra_report_verify.c
@@ -15,19 +15,22 @@
 #include "teeverifier.h"
 #include "enclave_log.h"
 
+#include "uni_ra_verify_agent.h"
+
 int convert_cctype_to_gptype(cc_ra_verify_type_t type)
 {
     // gp type, 1: compare image hash; 2: compare mem hash; 3: compare image and mem hash
     if (type == CC_RA_VERIFY_TYPE_LOOSE) {
-        return 1; 
+        return 1;
     } else if (type == CC_RA_VERIFY_TYPE_STRICT) {
-        return 3;
+        return 3; // 3: compare image and mem hash
     } else {
         return CC_ERROR_RA_REPORT_VERIFY_INVALID_TYPE;
     }
 }
 
-cc_enclave_result_t gp_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce, cc_ra_verify_type_t type, char *basevalue)
+cc_enclave_result_t gp_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
+    cc_ra_verify_type_t type, char *basevalue)
 {
     int gp_type = convert_cctype_to_gptype(type);
     if (gp_type == (int)CC_ERROR_RA_REPORT_VERIFY_INVALID_TYPE) {
@@ -44,7 +47,15 @@ cc_enclave_result_t gp_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce, cc
         case TVS_VERIFIED_HASH_FAILED:
             return CC_ERROR_RA_REPORT_VERIFY_HASH;
         default:
-            print_debug("verify report failed, unknown errorcode:%d!\n", ret);
+            printf("verify report failed, unknown errorcode:%d!\n", ret);
     }
     return ret;
+}
+
+uni_ra_verify_agent_t g_gp_ra_verify_agent = {
+    .verify_ra_report = gp_verify_report,
+};
+static __attribute__((constructor)) void gp_register_ra_agent()
+{
+    cc_register_ra_verify_agent(&g_gp_ra_verify_agent);
 }
\ No newline at end of file
diff --git a/component/remote_attest/ra_verify/gp_ra_report_verify.h b/component/remote_attest/ra_verify/gp_ra_report_verify.h
index ffd8387..68a7c38 100644
--- a/component/remote_attest/ra_verify/gp_ra_report_verify.h
+++ b/component/remote_attest/ra_verify/gp_ra_report_verify.h
@@ -10,18 +10,18 @@
  * See the Mulan PSL v2 for more details.
  */
 
-#ifndef SECGEAR_GP_VERIFY_REPORT_H
-#define SECGEAR_GP_VERIFY_REPORT_H
+#ifndef SECGEAR_GP_RA_REPORT_VERIFY_H
+#define SECGEAR_GP_RA_REPORT_VERIFY_H
 
 #include "status.h"
-#include "secgear_defs.h"
 #include "sg_report_st.h"
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-CC_API_SPEC cc_enclave_result_t gp_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce, cc_ra_verify_type_t type, char *basevalue);
+cc_enclave_result_t gp_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
+    cc_ra_verify_type_t type, char *basevalue);
 
 #ifdef __cplusplus
 }
diff --git a/component/remote_attest/ra_verify/sg_ra_report_verify.c b/component/remote_attest/ra_verify/sg_ra_report_verify.c
index 63f26c4..b85615b 100644
--- a/component/remote_attest/ra_verify/sg_ra_report_verify.c
+++ b/component/remote_attest/ra_verify/sg_ra_report_verify.c
@@ -10,11 +10,23 @@
  * See the Mulan PSL v2 for more details.
  */
 
-#include "gp_ra_report_verify.h"
+#include "sg_ra_report_verify.h"
+#include "uni_ra_verify_agent.h"
 
-#include "enclave_log.h"
+static uni_ra_verify_agent_t *g_ra_agent = NULL;
 
 cc_enclave_result_t cc_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce, cc_ra_verify_type_t type, char *basevalue)
 {
-    return gp_verify_report(report, nonce, type, basevalue);
+    if (report == NULL || report->buf == NULL || nonce == NULL || nonce->buf == NULL || basevalue == NULL) {
+        return CC_ERROR_BAD_PARAMETERS;
+    }
+    if (g_ra_agent == NULL) {
+        return CC_ERROR_RA_VERIFY_AGENT_NOT_INIT;
+    }
+    return g_ra_agent->verify_ra_report(report, nonce, type, basevalue);
+}
+
+void cc_register_ra_verify_agent(uni_ra_verify_agent_t *agent)
+{
+    g_ra_agent = agent;
 }
\ No newline at end of file
diff --git a/component/remote_attest/ra_verify/sg_ra_report_verify.h b/component/remote_attest/ra_verify/sg_ra_report_verify.h
index 92ca953..b566cef 100644
--- a/component/remote_attest/ra_verify/sg_ra_report_verify.h
+++ b/component/remote_attest/ra_verify/sg_ra_report_verify.h
@@ -10,8 +10,8 @@
  * See the Mulan PSL v2 for more details.
  */
 
-#ifndef SECGEAR_VERIFY_REPORT_H
-#define SECGEAR_VERIFY_REPORT_H
+#ifndef SECGEAR_RA_VERIFY_REPORT_H
+#define SECGEAR_RA_VERIFY_REPORT_H
 
 #include "status.h"
 #include "secgear_defs.h"
@@ -21,7 +21,8 @@
 extern "C" {
 #endif
 
-CC_API_SPEC cc_enclave_result_t cc_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce, cc_ra_verify_type_t type, char *basevalue);
+CC_API_SPEC cc_enclave_result_t cc_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
+    cc_ra_verify_type_t type, char *basevalue);
 
 #ifdef __cplusplus
 }
diff --git a/component/remote_attest/ra_verify/sgx_ra_report_verify.c b/component/remote_attest/ra_verify/sgx_ra_report_verify.c
new file mode 100644
index 0000000..0e2e81f
--- /dev/null
+++ b/component/remote_attest/ra_verify/sgx_ra_report_verify.c
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#include "sgx_ra_report_verify.h"
+
+#include "uni_ra_verify_agent.h"
+
+cc_enclave_result_t sgx_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
+    cc_ra_verify_type_t type, char *basevalue)
+{
+    (void)report;
+    (void)nonce;
+    (void)type;
+    (void)basevalue;
+    return CC_SUCCESS;
+}
+
+uni_ra_verify_agent_t g_sgx_ra_verify_agent = {
+    .verify_ra_report = sgx_verify_report,
+};
+static __attribute__((constructor)) void gp_register_ra_agent()
+{
+    cc_register_ra_verify_agent(&g_sgx_ra_verify_agent);
+}
\ No newline at end of file
diff --git a/component/remote_attest/ra_verify/sgx_ra_report_verify.h b/component/remote_attest/ra_verify/sgx_ra_report_verify.h
new file mode 100644
index 0000000..773f484
--- /dev/null
+++ b/component/remote_attest/ra_verify/sgx_ra_report_verify.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#ifndef SECGEAR_SGX_RA_REPORT_VERIFY_H
+#define SECGEAR_SGX_RA_REPORT_VERIFY_H
+
+#include "status.h"
+#include "sg_report_st.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+cc_enclave_result_t sgx_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
+    cc_ra_verify_type_t type, char *basevalue);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/component/remote_attest/ra_report/gp_ra_helper.h b/component/remote_attest/ra_verify/uni_ra_verify_agent.h
similarity index 57%
rename from component/remote_attest/ra_report/gp_ra_helper.h
rename to component/remote_attest/ra_verify/uni_ra_verify_agent.h
index 6bee143..d1e1995 100644
--- a/component/remote_attest/ra_report/gp_ra_helper.h
+++ b/component/remote_attest/ra_verify/uni_ra_verify_agent.h
@@ -10,25 +10,28 @@
  * See the Mulan PSL v2 for more details.
  */
 
-#ifndef SECGEAR_RA_HELPER_H
-#define SECGEAR_RA_HELPER_H
+#ifndef SECGEAR_UNI_RA_VERIFY_AGENT_H
+#define SECGEAR_UNI_RA_VERIFY_AGENT_H
 
 #include <stdint.h>
-#include <stdbool.h>
 #include "status.h"
 #include "sg_report_st.h"
 
-#define MAX_NONCE_BUF_LEN 512
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef cc_enclave_result_t (*uni_ra_report_verify_proc_t)(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
+    cc_ra_verify_type_t type, char *basevalue);
+
 typedef struct {
-    uint8_t *uuid;
-    uint32_t nonce_len;
-    uint8_t nonce[MAX_NONCE_BUF_LEN];
-    bool with_tcb;
-} gp_get_ra_report_input_t;
-
-cc_enclave_result_t gen_provision_no_as_in_buff(cc_ra_buf_t **in);
-cc_enclave_result_t gen_ra_report_in_buff(gp_get_ra_report_input_t *param, cc_ra_buf_t **json_buf);
-void print_ra_report(cc_ra_buf_t *report);
-void free_gp_ra_buf(cc_ra_buf_t *ra_buf);
+    uni_ra_report_verify_proc_t verify_ra_report;
+} uni_ra_verify_agent_t;
+
+void cc_register_ra_verify_agent(uni_ra_verify_agent_t *agent);
+
+#ifdef __cplusplus
+}
 #endif
 
+#endif
diff --git a/component/remote_attest/sg_report_st.h b/component/remote_attest/sg_report_st.h
index 89ee25a..d15a7f9 100644
--- a/component/remote_attest/sg_report_st.h
+++ b/component/remote_attest/sg_report_st.h
@@ -14,20 +14,19 @@
 #define SECGEAR_REPORT_STRUCT_H
 
 #include <stdint.h>
+#include <stdbool.h>
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-typedef struct cc_ra_buf {
+typedef struct {
     uint32_t len;
     uint8_t *buf;
 } cc_ra_buf_t;
 
 typedef enum {
     CC_RA_SCENARIO_NO_AS,
-    // CC_RA_SCENARIO_AS_NO_DAA,
-    // CC_RA_SCENARIO_AS_WITH_DAA
 } cc_ra_scenario_t;
 
 typedef enum {
@@ -36,6 +35,15 @@ typedef enum {
     CC_RA_VERIFY_TYPE_MAX
 } cc_ra_verify_type_t;
 
+#define MAX_NONCE_BUF_LEN 512
+typedef struct {
+    uint8_t *taid;
+    uint32_t nonce_len;
+    uint8_t nonce[MAX_NONCE_BUF_LEN];
+    bool with_tcb;
+    bool req_key;
+} cc_get_ra_report_input_t;
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/inc/host_inc/enclave_internal.h b/inc/host_inc/enclave_internal.h
index a66d1a3..fa0cbf4 100644
--- a/inc/host_inc/enclave_internal.h
+++ b/inc/host_inc/enclave_internal.h
@@ -141,6 +141,7 @@ uint32_t check_node_exists_add(const struct list_ops_desc *node);
 
 cc_enclave_result_t conversion_res_status(uint32_t enclave_res, enclave_type_version_t type_version);
 
+CC_API_SPEC bool is_support_remote_attest(cc_enclave_t *context);
 # ifdef  __cplusplus
 }
 # endif
diff --git a/inc/host_inc/status.h b/inc/host_inc/status.h
index ea7b93b..56f4da4 100644
--- a/inc/host_inc/status.h
+++ b/inc/host_inc/status.h
@@ -86,6 +86,9 @@ typedef enum _enclave_result_t
     CC_ERROR_RA_REPORT_VERIFY_SIGNATURE,
     CC_ERROR_RA_REPORT_VERIFY_HASH,
     CC_ERROR_RA_REPORT_VERIFY_INVALID_TYPE,
+
+    CC_ERROR_REE_AGENT_NOT_INIT,
+    CC_ERROR_RA_VERIFY_AGENT_NOT_INIT,
 /* secure channel */
     CC_ERROR_SEC_CHL_INVALID_CONN,          /* invalid connection */
     CC_ERROR_SEC_CHL_LEN_NOT_ENOUGH,       /* the buf length to store secure channle encrypt/decrypt is not enough */
@@ -96,6 +99,7 @@ typedef enum _enclave_result_t
     CC_ERROR_SEC_CHL_WAITING_RECV_MSG,
     CC_ERROR_SEC_CHL_RECV_MSG_LEN_INVALID,
     CC_ERROR_SEC_CHL_GET_SVR_PUBKEY,
+    CC_ERROR_SEC_CHL_PARSE_SVR_PUBKEY,
     CC_ERROR_SEC_CHL_GET_PEER_EXCH_PARAM,
     CC_ERROR_SEC_CHL_VERIFY_PEER_EXCH_BUF_SIGNATURE,
     CC_ERROR_SEC_CHL_INVALID_EXCH_BUF,
@@ -110,6 +114,13 @@ typedef enum _enclave_result_t
     CC_ERROR_SEC_CHL_SVR_INIT,
     CC_ERROR_SEC_CHL_NOTREADY,
     CC_ERROR_SEC_CHL_CLI_NUM_EXCEED_MAX_LIMIT, // client num exceed max limit
+    CC_ERROR_SEC_CHL_INIT_GET_TAID,
+    CC_ERROR_SEC_CHL_GET_RA_REPORT,
+    CC_ERROR_SEC_CHL_INIT_VERIFY_REPORT,
+    CC_ERROR_SEC_CHL_INVALID_REPORT,
+    CC_ERROR_SEC_CHL_ENCLAVE_UNSEAL_ENC_KEY,
+    CC_ERROR_SEC_CHL_INVALID_SESSION,
+    CC_ERROR_SEC_CHL_INIT_SESSEION,
 
     CC_ERROR_OTRP_BASE = 0x80000100,  /* sec file config source is not inconsistent with the loading mode. */
     CC_ERROR_STORAGE_EIO        = 0x80001001, /* *<安全存储I/O错误 */
diff --git a/src/host_src/enclave_internal.c b/src/host_src/enclave_internal.c
index abe121e..24fb95d 100644
--- a/src/host_src/enclave_internal.c
+++ b/src/host_src/enclave_internal.c
@@ -406,3 +406,13 @@ uint32_t check_node_exists_add(const struct list_ops_desc *node)
     }
     return res;
 }
+
+bool is_support_remote_attest(cc_enclave_t *context)
+{
+    if (context->list_ops_node != NULL) {
+        if (context->list_ops_node->ops_desc->type_version == GP_ENCLAVE_TYPE_0) {
+            return true;
+        }
+    }
+    return false;
+}
diff --git a/thirdparty/base64url/b64/LICENSE b/thirdparty/base64url/b64/LICENSE
new file mode 100644
index 0000000..78b34d5
--- /dev/null
+++ b/thirdparty/base64url/b64/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Little Star Media, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
\ No newline at end of file
diff --git a/thirdparty/base64url/b64/README.md b/thirdparty/base64url/b64/README.md
new file mode 100644
index 0000000..0555c0d
--- /dev/null
+++ b/thirdparty/base64url/b64/README.md
@@ -0,0 +1,84 @@
+b64.c
+=====
+
+Base64 encode/decode
+
+## install
+
+```sh
+$ clib install jwerle/b64.c
+```
+
+## usage
+
+```c
+#include <b64/b64.h>
+```
+
+or
+
+```c
+#include <b64.h>
+```
+
+## example
+
+```c
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "b64.h"
+
+int
+main (void) {
+  unsigned char *str = "brian the monkey and bradley the kinkajou are friends";
+  char *enc = b64_encode(str, strlen(str));
+
+  printf("%s\n", enc); // YnJpYW4gdGhlIG1vbmtleSBhbmQgYnJhZGxleSB0aGUga2lua2Fqb3UgYXJlIGZyaWVuZHM=
+
+  char *dec = b64_decode(enc, strlen(enc));
+
+  printf("%s\n", dec); // brian the monkey and bradley the kinkajou are friends
+  free(enc);
+  free(dec);
+  return 0;
+}
+```
+
+## api
+
+Base64 index table
+
+```c
+
+static const char b64_table[] = {
+  'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
+  'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
+  'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X',
+  'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f',
+  'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
+  'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
+  'w', 'x', 'y', 'z', '0', '1', '2', '3',
+  '4', '5', '6', '7', '8', '9', '+', '/'
+};
+```
+
+Encode `unsigned char *` source with `size_t` size.
+Returns a `char *` base64 encoded string
+
+```c
+char *
+b64_encode (const unsigned char *, size_t);
+```
+
+Decode `char *` source with `size_t` size.
+Returns a `unsigned char *` base64 decoded string
+
+```c
+unsigned char *
+b64_decode (const char *, size_t);
+```
+
+## license
+
+MIT
diff --git a/thirdparty/base64url/b64/b64.h b/thirdparty/base64url/b64/b64.h
new file mode 100644
index 0000000..e39d746
--- /dev/null
+++ b/thirdparty/base64url/b64/b64.h
@@ -0,0 +1,84 @@
+
+/**
+ * `b64.h' - b64
+ *
+ * copyright (c) 2014 joseph werle
+ */
+
+#ifndef B64_H
+#define B64_H 1
+
+typedef struct b64_buffer {
+    char * ptr;
+    int bufc;
+} b64_buffer_t;
+
+/**
+ *  Memory allocation functions to use. You can define b64_malloc and
+ * b64_realloc to custom functions if you want.
+ */
+
+#ifndef b64_malloc
+#  define b64_malloc(ptr) malloc(ptr)
+#endif
+#ifndef b64_realloc
+#  define b64_realloc(ptr, size) realloc(ptr, size)
+#endif
+
+ // How much memory to allocate per buffer
+#define B64_BUFFER_SIZE		(1024 * 64) // 64K
+
+ // Start buffered memory
+int b64_buf_malloc(b64_buffer_t * buffer);
+
+// Update memory size. Returns the same pointer if we
+// have enough space in the buffer. Otherwise, we add
+// additional buffers.
+int b64_buf_realloc(b64_buffer_t * buffer, size_t size);
+
+/**
+ * Base64 index table.
+ */
+
+static const char b64_table[] = {
+  'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
+  'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
+  'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X',
+  'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f',
+  'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
+  'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
+  'w', 'x', 'y', 'z', '0', '1', '2', '3',
+  '4', '5', '6', '7', '8', '9', '+', '/'
+};
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Encode `unsigned char *' source with `size_t' size.
+ * Returns a `char *' base64 encoded string.
+ */
+
+char *
+b64_encode (const unsigned char *, size_t);
+
+/**
+ * Decode `char *' source with `size_t' size.
+ * Returns a `unsigned char *' base64 decoded string.
+ */
+unsigned char *
+b64_decode (const char *, size_t);
+
+/**
+ * Decode `char *' source with `size_t' size.
+ * Returns a `unsigned char *' base64 decoded string + size of decoded string.
+ */
+unsigned char *
+b64_decode_ex (const char *, size_t, size_t *);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/thirdparty/base64url/b64/buffer.c b/thirdparty/base64url/b64/buffer.c
new file mode 100644
index 0000000..708c882
--- /dev/null
+++ b/thirdparty/base64url/b64/buffer.c
@@ -0,0 +1,33 @@
+#include <stdlib.h>
+#include <ctype.h>
+#include "b64.h"
+
+#ifdef b64_USE_CUSTOM_MALLOC
+extern void* b64_malloc(size_t);
+#endif
+
+#ifdef b64_USE_CUSTOM_REALLOC
+extern void* b64_realloc(void*, size_t);
+#endif
+
+int b64_buf_malloc(b64_buffer_t * buf)
+{
+	buf->ptr = b64_malloc(B64_BUFFER_SIZE);
+	if(!buf->ptr) return -1;
+
+	buf->bufc = 1;
+
+	return 0;
+}
+
+int b64_buf_realloc(b64_buffer_t* buf, size_t size)
+{
+	if (size > (size_t)buf->bufc * B64_BUFFER_SIZE)
+	{
+		while (size > (size_t)buf->bufc * B64_BUFFER_SIZE) buf->bufc++;
+		buf->ptr = b64_realloc(buf->ptr, B64_BUFFER_SIZE * buf->bufc);
+		if (!buf->ptr) return -1;
+	}
+
+	return 0;
+}
diff --git a/thirdparty/base64url/b64/decode.c b/thirdparty/base64url/b64/decode.c
new file mode 100644
index 0000000..38093bb
--- /dev/null
+++ b/thirdparty/base64url/b64/decode.c
@@ -0,0 +1,117 @@
+
+/**
+ * `decode.c' - b64
+ *
+ * copyright (c) 2014 joseph werle
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include "b64.h"
+
+#ifdef b64_USE_CUSTOM_MALLOC
+extern void* b64_malloc(size_t);
+#endif
+
+#ifdef b64_USE_CUSTOM_REALLOC
+extern void* b64_realloc(void*, size_t);
+#endif
+
+unsigned char *
+b64_decode (const char *src, size_t len) {
+  return b64_decode_ex(src, len, NULL);
+}
+
+unsigned char *
+b64_decode_ex (const char *src, size_t len, size_t *decsize) {
+  int i = 0;
+  int j = 0;
+  int l = 0;
+  size_t size = 0;
+  b64_buffer_t decbuf;
+  unsigned char buf[3];
+  unsigned char tmp[4];
+
+  // alloc
+  if (b64_buf_malloc(&decbuf) == -1) { return NULL; }
+
+  // parse until end of source
+  while (len--) {
+    // break if char is `=' or not base64 char
+    if ('=' == src[j]) { break; }
+    if (!(isalnum(src[j]) || '+' == src[j] || '/' == src[j])) { break; }
+
+    // read up to 4 bytes at a time into `tmp'
+    tmp[i++] = src[j++];
+
+    // if 4 bytes read then decode into `buf'
+    if (4 == i) {
+      // translate values in `tmp' from table
+      for (i = 0; i < 4; ++i) {
+        // find translation char in `b64_table'
+        for (l = 0; l < 64; ++l) {
+          if (tmp[i] == b64_table[l]) {
+            tmp[i] = l;
+            break;
+          }
+        }
+      }
+
+      // decode
+      buf[0] = (tmp[0] << 2) + ((tmp[1] & 0x30) >> 4);
+      buf[1] = ((tmp[1] & 0xf) << 4) + ((tmp[2] & 0x3c) >> 2);
+      buf[2] = ((tmp[2] & 0x3) << 6) + tmp[3];
+
+      // write decoded buffer to `decbuf.ptr'
+      if (b64_buf_realloc(&decbuf, size + 3) == -1)  return NULL;
+      for (i = 0; i < 3; ++i) {
+        ((unsigned char*)decbuf.ptr)[size++] = buf[i];
+      }
+
+      // reset
+      i = 0;
+    }
+  }
+
+  // remainder
+  if (i > 0) {
+    // fill `tmp' with `\0' at most 4 times
+    for (j = i; j < 4; ++j) {
+      tmp[j] = '\0';
+    }
+
+    // translate remainder
+    for (j = 0; j < 4; ++j) {
+        // find translation char in `b64_table'
+        for (l = 0; l < 64; ++l) {
+          if (tmp[j] == b64_table[l]) {
+            tmp[j] = l;
+            break;
+          }
+        }
+    }
+
+    // decode remainder
+    buf[0] = (tmp[0] << 2) + ((tmp[1] & 0x30) >> 4);
+    buf[1] = ((tmp[1] & 0xf) << 4) + ((tmp[2] & 0x3c) >> 2);
+    buf[2] = ((tmp[2] & 0x3) << 6) + tmp[3];
+
+    // write remainer decoded buffer to `decbuf.ptr'
+    if (b64_buf_realloc(&decbuf, size + (i - 1)) == -1)  return NULL;
+    for (j = 0; (j < i - 1); ++j) {
+      ((unsigned char*)decbuf.ptr)[size++] = buf[j];
+    }
+  }
+
+  // Make sure we have enough space to add '\0' character at end.
+  if (b64_buf_realloc(&decbuf, size + 1) == -1)  return NULL;
+  ((unsigned char*)decbuf.ptr)[size] = '\0';
+
+  // Return back the size of decoded string if demanded.
+  if (decsize != NULL) {
+    *decsize = size;
+  }
+
+  return (unsigned char*) decbuf.ptr;
+}
diff --git a/thirdparty/base64url/b64/encode.c b/thirdparty/base64url/b64/encode.c
new file mode 100644
index 0000000..68e7924
--- /dev/null
+++ b/thirdparty/base64url/b64/encode.c
@@ -0,0 +1,93 @@
+
+/**
+ * `encode.c' - b64
+ *
+ * copyright (c) 2014 joseph werle
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "b64.h"
+
+#ifdef b64_USE_CUSTOM_MALLOC
+extern void* b64_malloc(size_t);
+#endif
+
+#ifdef b64_USE_CUSTOM_REALLOC
+extern void* b64_realloc(void*, size_t);
+#endif
+
+char *
+b64_encode (const unsigned char *src, size_t len) {
+  int i = 0;
+  int j = 0;
+  b64_buffer_t encbuf;
+  size_t size = 0;
+  unsigned char buf[4];
+  unsigned char tmp[3];
+
+  // alloc
+  if(b64_buf_malloc(&encbuf) == -1) { return NULL; }
+
+  // parse until end of source
+  while (len--) {
+    // read up to 3 bytes at a time into `tmp'
+    tmp[i++] = *(src++);
+
+    // if 3 bytes read then encode into `buf'
+    if (3 == i) {
+      buf[0] = (tmp[0] & 0xfc) >> 2;
+      buf[1] = ((tmp[0] & 0x03) << 4) + ((tmp[1] & 0xf0) >> 4);
+      buf[2] = ((tmp[1] & 0x0f) << 2) + ((tmp[2] & 0xc0) >> 6);
+      buf[3] = tmp[2] & 0x3f;
+
+      // allocate 4 new byts for `enc` and
+      // then translate each encoded buffer
+      // part by index from the base 64 index table
+      // into `encbuf.ptr' unsigned char array
+      if (b64_buf_realloc(&encbuf, size + 4) == -1) return NULL;
+
+      for (i = 0; i < 4; ++i) {
+        encbuf.ptr[size++] = b64_table[buf[i]];
+      }
+
+      // reset index
+      i = 0;
+    }
+  }
+
+  // remainder
+  if (i > 0) {
+    // fill `tmp' with `\0' at most 3 times
+    for (j = i; j < 3; ++j) {
+      tmp[j] = '\0';
+    }
+
+    // perform same codec as above
+    buf[0] = (tmp[0] & 0xfc) >> 2;
+    buf[1] = ((tmp[0] & 0x03) << 4) + ((tmp[1] & 0xf0) >> 4);
+    buf[2] = ((tmp[1] & 0x0f) << 2) + ((tmp[2] & 0xc0) >> 6);
+    buf[3] = tmp[2] & 0x3f;
+
+    // perform same write to `encbuf->ptr` with new allocation
+    for (j = 0; (j < i + 1); ++j) {
+      if (b64_buf_realloc(&encbuf, size + 1) == -1) return NULL;
+
+      encbuf.ptr[size++] = b64_table[buf[j]];
+    }
+
+    // while there is still a remainder
+    // append `=' to `encbuf.ptr'
+    while ((i++ < 3)) {
+      if (b64_buf_realloc(&encbuf, size + 1) == -1) return NULL;
+
+      encbuf.ptr[size++] = '=';
+    }
+  }
+
+  // Make sure we have enough space to add '\0' character at end.
+  if (b64_buf_realloc(&encbuf, size + 1) == -1) return NULL;
+  encbuf.ptr[size] = '\0';
+
+  return encbuf.ptr;
+}
diff --git a/thirdparty/base64url/b64/notes.md b/thirdparty/base64url/b64/notes.md
new file mode 100644
index 0000000..63d23ba
--- /dev/null
+++ b/thirdparty/base64url/b64/notes.md
@@ -0,0 +1,10 @@
+## b64.c
+
+### Download
+
+This library can be downloaded from address https://github.com/jwerle/b64.c.
+
+### Version
+
+The version of this library is **tag 0.1.0**.
+
diff --git a/thirdparty/base64url/base64url.c b/thirdparty/base64url/base64url.c
new file mode 100644
index 0000000..0cb5eb1
--- /dev/null
+++ b/thirdparty/base64url/base64url.c
@@ -0,0 +1,74 @@
+/*
+kunpengsecl licensed under the Mulan PSL v2.
+You can use this software according to the terms and conditions of
+the Mulan PSL v2. You may obtain a copy of Mulan PSL v2 at:
+    http://license.coscl.org.cn/MulanPSL2
+THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+See the Mulan PSL v2 for more details.
+
+Author: leezhenxiang
+Create: 2022-11-04
+Description: ta authenticating module in kta.
+	1. 2022-11-04	leezhenxiang
+		define the structures.
+*/
+#include "base64url.h"
+
+#include <string.h>
+#include <stdlib.h>
+#include "b64/b64.h"
+
+//Encode unsigned char source to base64url.
+//Neither of param source_len or dest_len include character '\0'.
+//Return the first address of encoded string. 【warning】caller need free return ptr
+char* kpsecl_base64urlencode(const uint8_t *source, size_t source_len, size_t *dest_len) {
+    char *dest = b64_encode(source, source_len);
+    *dest_len = strlen(dest);
+    //change "+" to "-", "/" to "_", remove "=".
+    for(int i = *(int *)dest_len; i >= 0; i--) {
+        if(*(dest + i) == '+')
+            *(dest + i) = '-';
+        else if(*(dest + i) == '/')
+            *(dest + i) = '_';
+        else if(*(dest + i) == '=') 
+            *(dest + i) = *(dest + i + 1);
+    }
+    return dest;
+}
+
+//Decode base64url string source to unsigned char.
+//Neither of param source_len or dest_len include character '\0'.
+//Return the first address of decoded unsigned string.  【warning】caller need free return ptr
+uint8_t* kpsecl_base64urldecode(const char *source, size_t source_len, size_t *dest_len) {
+    //change "-" to "+", "_" to "/", add back "=".
+    size_t i = 0;
+    char *tail1 = "=";
+    char *tail2 = "==";
+    char *b64 = calloc(1, source_len + 3);
+    if (b64 == NULL) {
+        return NULL;
+    }
+    memcpy(b64, source, source_len);
+    for(i = 0; i < source_len; i++) {
+        if(*(b64 + i) == '-')
+            *(b64 + i) = '+';
+        else if(*(b64 + i) == '_')
+            *(b64 + i) = '/';
+    }
+    *(b64 + i) = '\0';
+    if(source_len % 4 == 2) {
+        strcat(b64, tail2);
+        *dest_len = (source_len + 2) / 4 * 3 - 2;
+    }
+    else if(source_len % 4 == 3) {
+        strcat(b64, tail1);
+        *dest_len = (source_len + 1) / 4 * 3 - 1;
+    }
+    else if(source_len % 4 == 0)
+        *dest_len = source_len / 4 * 3;
+    uint8_t *dest = b64_decode(b64, strlen(b64));
+    free(b64);
+    return dest;
+}
diff --git a/thirdparty/base64url/base64url.h b/thirdparty/base64url/base64url.h
new file mode 100644
index 0000000..404621c
--- /dev/null
+++ b/thirdparty/base64url/base64url.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#ifndef SECGEAR_BASE64URL_H
+#define SECGEAR_BASE64URL_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+// warning, caller need free return ptr
+char* kpsecl_base64urlencode(const uint8_t *source, size_t source_len, size_t *dest_len);
+
+// warning, caller need free return ptr
+uint8_t* kpsecl_base64urldecode(const char *source, size_t source_len, size_t *dest_len);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/tools/sign_tool/sign_tool.sh b/tools/sign_tool/sign_tool.sh
index f150aed..c567423 100755
--- a/tools/sign_tool/sign_tool.sh
+++ b/tools/sign_tool/sign_tool.sh
@@ -122,8 +122,8 @@ itrustee_start_sign() {
         cp ${IN_ENCLAVE} ${IN_PATH}/libcombine.so
         OUT_PATH=$(dirname ${OUT_FILE})
         echo ${IN_PATH} ${OUT_PATH}
-        python -B ${signtoolpath}/signtool_v3.py ${IN_PATH} ${OUT_PATH} --privateCfg ${A_CONFIG_FILE}
-        #rm -rf ${IN_PATH}/libcombine.so
+        python3 -B ${signtoolpath}/signtool_v3.py ${IN_PATH} ${OUT_PATH} --privateCfg ${A_CONFIG_FILE}
+        rm -rf ${IN_PATH}/libcombine.so
     else
         echo "Error: illegal command"
     fi
-- 
2.33.0