feat: add TDX support

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-07-21 07:03:56 +02:00 · 2024-12-20 09:07:36 +01:00 · 2024-12-20 09:07:36 +01:00 · 4610475fae
commit 4610475fae
parent f4fba51e3e
18 changed files with 2316 additions and 369 deletions
--- a/packages/teepot/default.nix
+++ b/packages/teepot/default.nix
@ -1,10 +1,12 @@
 # SPDX-License-Identifier: Apache-2.0
 # Copyright (c) 2024 Matter Labs
-{ teepotCrate }: teepotCrate.craneLib.buildPackage (
+{ lib, pkgs, makeWrapper, teepotCrate }: teepotCrate.craneLib.buildPackage (
  teepotCrate.commonArgs // {
    pname = "teepot";
    inherit (teepotCrate) cargoArtifacts;

+    nativeBuildInputs = teepotCrate.commonArgs.nativeBuildInputs ++ [ makeWrapper ];
+
    passthru = {
      inherit (teepotCrate) rustPlatform
        rustVersion
@ -28,6 +30,7 @@
      "verify_attestation"
      "verify_era_proof_attestation"
    ];
+
    postInstall = ''
      removeReferencesToVendoredSources "$out" "$cargoVendorDir"
      removeReferencesToVendoredSources "$out" "${teepotCrate.rustVersion}/lib/rustlib/"
@ -38,6 +41,11 @@
        echo -n "''${!i} " >> $out/nix-support/propagated-user-env-packages
        binname=''${i//_/-}
        mv "$out/bin/$binname" "''${!i}/bin/"
+
+        makeWrapper "''${!i}/bin/$binname" "''${!i}/bin/$binname-dcap" \
+          --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ pkgs.nixsgx.sgx-dcap.quote_verify pkgs.nixsgx.sgx-dcap.default_qpl pkgs.curl ]}" \
+          --set-default QCNL_CONF_PATH "${pkgs.nixsgx.sgx-dcap.default_qpl}/etc/sgx_default_qcnl.conf"
+
      done
      rmdir "$out/bin"
    '';