harald/teepot
1
0
Fork 0
mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 15:13:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
503 commits 23 branches 61 tags 2.2 MiB
Commit graph

78 commits

Author SHA1 Message Date
Patrick
0e6eb2b74e
feat(verify-era-proof-attestation): add support for verifying a range of batches (#194) 
Co-authored-by: Harald Hoyer <harald@matterlabs.dev>
 2024-09-03 12:48:04 +00:00
Harald Hoyer
c94912d832
feat(tee-key-preexec): add cmdline arg for env prefix 
- Introduced `clap` for command-line argument parsing.
- Replaced manual argument handling with `clap`'s derived `Args` struct.
- Updated environmental variables to use dynamic prefixes.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-09-03 10:42:42 +02:00
Patryk Bęza
5e4b8901b0
feat(verify-attestation): RPC attestation and batch signature verification binary 
This is another variant of the binary tool for verifying attestation and
the signature of a given batch. Unlike the existing tool, this variant
does not require you to provide two separate files—one for the
attestation and one for the signature. Instead, it automatically fetches
both from the RPC node.

Unfortunately, after discussing with @popzxc, we found that there is no way
to reuse the RPC client because our published crates on crates.io are
outdated and do not include the recently merged TEE-specific code
changes. To be fixed in the future.
 2024-08-30 12:14:55 +02:00
Harald Hoyer
0bdc3425e4
chore: cargo update 
and fix `cargo clippy` issues.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-08-07 15:26:20 +02:00
Patryk Bęza
ad6ce872f8
fix(verify-attestation): simplify dependencies 
The zksync crates have recently been published on crates.io. Let's take
advantage of them! Specifically, we are replacing alloy-primitives with
zksync_basic_types to avoid the additional transitive dependencies
introduced by alloy.
 2024-07-22 14:45:27 +02:00
Patryk Bęza
51c1e72a03
Use Docker's entrypoint instead of command 2024-07-11 17:49:37 +02:00
Patryk Bęza
78447ea307
Unify verify-attestation-sgx and verify-attestation 
Rationale: too much copy-paste
 2024-07-11 17:13:11 +02:00
Patryk Bęza
f3f6ea1dba
Introduce root_hash option 2024-07-11 11:29:37 +02:00
Patryk Bęza
f90088be76
SGX attestation & batch signature verification tool 2024-07-10 14:47:07 +02:00
Harald Hoyer
204aa33f7f
fix(tee-vault-unseal): pick either VAULT_AUTH_TEE_SHA256 string or file 
Pick either `VAULT_AUTH_TEE_SHA256` or `VAULT_AUTH_TEE_SHA256_FILE`,
with `VAULT_AUTH_TEE_SHA256` having the precedence.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-07-03 14:42:06 +02:00
Harald Hoyer
f1b8a48a6a
fix: update the common cacert and include it in the unseal container 
The previous cacert expired. A new one was created and also included in the unseal container.

The path to access the cacert was fixed in the unseal app and made configurable via an environment variable.
 2024-07-03 11:26:29 +02:00
Patryk Bęza
4c76318702
Replace secp256k1 with k256 crate 
Rationale: we already have secp256k1 in our dependencies, as suggested
by Igor:
https://github.com/matter-labs/zksync-era/pull/2333#discussion_r1656531731
 2024-07-01 14:17:13 +02:00
Harald Hoyer
1505b14db0
chore: remove obsolete Dockerfiles 
all is built via nix and maintaining those files would mean more work.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-21 11:23:41 +02:00
Harald Hoyer
df7973c501
chore: cargo update + taplo fmt 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-20 14:00:18 +02:00
Harald Hoyer
d77243b8fd
fix(tee-key-preexec): export the key in PEM 
makes it easier to import

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-13 14:00:43 +02:00
Harald Hoyer
d0c5950c0e
feat: use nixsgx nix function to create containers 
It refactors the way the SGX containers are built.
This removes all `Dockerfile` and gramine manifest files.
It also enables a single recipe for azure and non-azure variants.

Additionally the `teepot-crate.nix` is now the inherited recipe to
build the rust `teepot` crate.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-10 16:32:02 +02:00
Harald Hoyer
1f850d060e
feat(tee-vault-unseal): add VAULT_AUTH_TEE_SHA256_FILE 
If `VAULT_AUTH_TEE_SHA256_FILE` is set,
read the sha value from the file,
rather from the environment variable.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-10 14:19:25 +02:00
Harald Hoyer
a9bb266668
chore(deps): update to rust version 1.78 
and fix the clippy warnings

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-10 13:09:05 +02:00
snoppy
7c2d3259b1
fix typos 2024-03-18 22:22:31 +08:00
Harald Hoyer
0654bacdb5
ci: use crane flake to build with nix 
This enables to add cargo `fmt`, `clippy` and `deny` to nix, using cached results.

Move the `teepot` crate to the `crates` subdir to make the life easier for
the `crane` flake.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-03-11 10:01:59 +01:00
Harald Hoyer
9f760da23e
docs: add bin/tee-self-attestation-test/README.md 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-03-08 15:50:00 +01:00
Harald Hoyer
97420df006
feat: attestation test on azure and default dcap 
```
❯ docker run -i --rm --privileged  --device /dev/sgx_enclave --net host \
  matterlabsrobot/teepot-self-attestation-test-sgx-azure:latest \
  | base64 -d --ignore-garbage \
  | docker run -i --rm --net host matterlabsrobot/verify-attestation-sgx-azure:latest
```

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-03-07 16:05:27 +01:00
Harald Hoyer
59807c4286
chore(deps): remove unused dependencies 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-02-28 15:18:28 +01:00
Harald Hoyer
91f1612e0f
chore: cleanup and nixify 
* create containers with nix
* updated README.md
* added SPDX license headers

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-02-28 11:09:34 +01:00
Harald Hoyer
0b60abc030
feat: use real RA-TLS for everything 
* add `tee-ratls-preexec` for creating the vault certificate
* remove the old attestation API

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-02-27 16:44:28 +01:00
Harald Hoyer
dc4434938e
fix(tee-key-preexec): don't hash public key 
No need to hash the public key for the attestation report data.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-02-15 10:31:54 +01:00
Harald Hoyer
2591bf0807
chore(deps): rustls-pemfile 2 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-02-15 10:23:29 +01:00
Harald Hoyer
89ffbd35a8
feat: initial commit 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-02-09 10:10:53 +01:00