gramineproject
[tools/sgx,common,Doc] Enable configurable signing algo for RA-TLS certs
Resolves https://github.com/gramineproject/gramine/issues/156 and an initial PR was created by @dimakuv at https://github.com/gramineproject/graphene/pull/2314. This PR augments it w/ the possible RSA key size selection and drops ECDSA_SECP256K1 and ECDSA_SECP256R1 support based on Intel crypto guidelines/recommandations.
Previously, RA-TLS generated only RSA-3072 keypairs (and signed self-signed RA-TLS X.509 certificates with these RSA keys). This commit adds the ability to specify the signing algo: RSA (RSA-3072, RSA-4096) or ECDSA (ECDSA-384, ECDSA-521) for RA-TLS via a new envvar RA_TLS_CERT_SIGNATURE_ALGO.
This change is 
Jenkins, retest Jenkins-SGX-18.04-apps please
An interesting error log which doesn't seem to be related to this PR:
17:11:08 gramine-sgx server & SERVER_ID=$!; \
17:11:08 ./client epid > OUTPUT; \
17:11:10 User requested RA-TLS attestation but cannot find lib
17:11:42 Makefile:158: recipe for target 'check_epid' failed
Surprisingly, Jenkins-SGX-20.04-apps pipeline succeeded, even though it runs the same test. Let's see if it reproduces.