Dump attested TLS credentials upon starting up

[jxyang]

[letmaik]

For each failure mode, could you add a SGXLKL_VERBOSE line?

[letmaik]

I wonder if this should be an optional feature enabled in the app config since it adds a strict dependency to DCAP and hence network.

[davidchisnall]

[ Duplicating our private discussion here ]

We need to address the layering here before it can be merged. We should not be introducing new code into src/enclave that has nontrivial dependencies on libc. Probably the best structure for this is to:

• Provide functionality in src/enclave for getting the raw attestation information, without mbedTLS dependencies. This can talk to OE APIs directly.
• Modify LKL to allow exposing that somewhere in sysfs (or possibly as a device node) by calling the APIs added in src/enclave.
• Add the userspace component that reads the raw data from the kernel-owned file, uses mbedTLS to generate the certificates, and puts them in a well-known location.