aa: drop deprecated eaa_kbc

CoCo quickstart has had a warning about EAA/verdict deprecation for more
than a year and over 2 CoCo releases.

Drop the unmaintained/deprecated code from the repo.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>

.github/workflows/ocicrypt_rs_build.yml

@@ -33,21 +33,12 @@ jobs:
           - 1.76.0
           - stable
 
-    # Run all steps in the compilation testing containers
-    container:
-      image: runetest/compilation-testing:ubuntu20.04
-      env:
-        LD_LIBRARY_PATH: /usr/local/lib/rats-tls
-
     steps:
       - name: Code checkout
         uses: actions/checkout@v4
         with:
           fetch-depth: 1
-      - name: Update cargo home
-        run: |
-          apt-get update && apt-get install -y cargo
-          cp -r /root/.cargo /github/home/.cargo
+
       - name: Install Rust toolchain (${{ matrix.rust }})
         uses: actions-rs/toolchain@v1
         with:
@@ -58,19 +49,7 @@ jobs:
 
       - name: Install tonic's protoc dependencies
         run: |
-          apt install -y protobuf-compiler libprotobuf-dev
-
-      - name: Build and install rats-tls
-        run: |
-          PWD=$(pwd)
-          cd /tmp
-          apt-get install -y libcurl4-openssl-dev
-          git clone https://github.com/inclavare-containers/rats-tls
-          cd rats-tls
-          git reset --hard 8fbfdb6
-          cmake -DBUILD_SAMPLES=on -H. -Bbuild
-          make -C build install
-          cd $PWD
+          sudo apt install -y protobuf-compiler libprotobuf-dev
 
       - name: Run cargo build
         uses: actions-rs/cargo@v1

attestation-agent/coco_keyprovider/README.md

@@ -6,7 +6,6 @@ The encrypted image can be decrypted using the following Key Broker Client (KBC)
  * offline-fs-kbc
  * offline-sev-kbc
  * online-sev-kbc
- * eaa-kbc
  * sample kbc (toy KBC still supported for historical reason)
 
 The following guide will help make an encrypted image using [skopeo](https://github.com/containers/skopeo) and CoCo keyprovider, inspect the image as well as decrypt it.

attestation-agent/docs/IMAGE_ENCRYPTION.md

@@ -37,7 +37,6 @@ Here are the steps.
 3. `Attestation-Agent` will parse the annotation into an `AnnotationPacket`.
 4. `Attestation-Agent` will use the `AnnotationPacket` to call related KBC's `decrypt_payload()` api to retrieve the `PLBCO`.
     * For `*_sev_kbc`, `offline_fs_kbc`, `get_key()` helps to get the `KEK` due to the `key id`, and then `crypto` module decrypts the PLBCO.
-    * For `eaa_kbc` and those KBCes who do not expose the plaintext of the `KEK`, `decrypt_payload()` api will perform its own decryption action.
 7. `ocicrypt-rs` uses `PLBCO` to decrypt the layer.
 
 ## Specs

attestation-agent/kbc/Cargo.toml

@@ -11,7 +11,6 @@ async-trait.workspace = true
 base64.workspace = true
 bincode = { workspace = true, optional = true }
 crypto = { path = "../deps/crypto", default-features = false }
-foreign-types = { version = "0.5.0", optional = true }
 kbs_protocol = { path = "../kbs_protocol", default-features = false, optional = true }
 log.workspace = true
 prost = { workspace = true, optional = true }
@@ -47,7 +46,6 @@ cca-attester = ["kbs_protocol/cca-attester"]
 se-attester  = ["kbs_protocol/se-attester"]
 
 sample_kbc = []
-eaa_kbc = ["foreign-types"]
 offline_fs_kbc = []
 offline_sev_kbc = []
 online_sev_kbc = ["tonic", "sev", "prost", "uuid", "bincode", "tokio"]

attestation-agent/kbc/build.rs

@@ -4,12 +4,6 @@
 //
 
 fn main() -> std::io::Result<()> {
-    #[cfg(feature = "eaa_kbc")]
-    {
-        println!("cargo:rustc-link-search=native=/usr/local/lib/rats-tls");
-        println!("cargo:rustc-link-lib=dylib=rats_tls");
-    }
-
     #[cfg(feature = "gen-proto")]
     {
         tonic_build::configure()