feat: use real RA-TLS for everything

* add `tee-ratls-preexec` for creating the vault certificate * remove the old attestation API Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-07-25 00:34:46 +02:00 · 2024-02-27 12:07:15 +01:00 · 2024-02-27 12:07:15 +01:00 · 0b60abc030
commit 0b60abc030
parent 020159b9d7
21 changed files with 837 additions and 834 deletions
--- a/bin/vault-admin/src/main.rs
+++ b/bin/vault-admin/src/main.rs
@ -1,5 +1,5 @@
 // SPDX-License-Identifier: Apache-2.0
-// Copyright (c) 2023 Matter Labs
+// Copyright (c) 2023-2024 Matter Labs

 use anyhow::{anyhow, bail, Context, Result};
 use clap::{Args, Parser, Subcommand};
@ -13,7 +13,7 @@ use std::path::{Path, PathBuf};
 use teepot::client::{AttestationArgs, TeeConnection};
 use teepot::json::http::{
    SignRequest, SignRequestData, SignResponse, VaultCommandRequest, VaultCommands,
-    VaultCommandsResponse, ATTESTATION_URL, DIGEST_URL,
+    VaultCommandsResponse, DIGEST_URL,
 };
 use teepot::server::signatures::verify_sig;
 use teepot::sgx::sign::Signature;
@ -221,7 +221,7 @@ async fn send_commands(args: SendArgs) -> Result<()> {
        signatures,
    };

-    let conn = TeeConnection::new(&args.attestation, ATTESTATION_URL).await?;
+    let conn = TeeConnection::new(&args.attestation);

    let mut response = conn
        .client()
@ -299,7 +299,7 @@ async fn send_sig_request(args: SignTeeArgs) -> Result<()> {
        signatures,
    };

-    let conn = TeeConnection::new(&args.attestation, ATTESTATION_URL).await?;
+    let conn = TeeConnection::new(&args.attestation);

    let mut response = conn
        .client()
@ -338,7 +338,7 @@ async fn send_sig_request(args: SignTeeArgs) -> Result<()> {
 }

 async fn digest(args: DigestArgs) -> Result<()> {
-    let conn = TeeConnection::new(&args.attestation, ATTESTATION_URL).await?;
+    let conn = TeeConnection::new(&args.attestation);

    let mut response = conn
        .client()