teepot

mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 15:13:56 +02:00

Author	SHA1	Message	Date
Harald Hoyer	eb39705ff1	feat: compat code for non `x86_64-linux` - do not build packages, which require `x86_64-linux` - use Phala `dcap-qvl` crate for remote attestation, if possible - nix: exclude `nixsgx` on non `x86_64-linux` platforms Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-04-10 11:57:46 +02:00
Harald Hoyer	d88f79d239	chore: rename `nixsgxLib.mkSGXContainer` to `pkgs.lib.tee.sgxGramineContainer` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-09-03 13:24:20 +02:00
Harald Hoyer	8d3f378392	fix(container-vault-sgx-azure): remove insecure eventfd setting Removed the sys.insecure__allow_eventfd setting, because gramine has a secure eventfd implementation since [v1.7](https://github.com/gramineproject/gramine/releases/tag/v1.7).	2024-08-29 10:58:46 +02:00
Harald Hoyer	33fe7f17fa	fix(vault): maybe fix `netpollBreak` issues - Updated the flake.lock for nixsgx dependency with new revision to get a patched gramine https://github.com/matter-labs/nixsgx/pull/54 - Enabled `sys.insecure__allow_eventfd` to support recent golang changes in the `netpoll` implementation	2024-08-08 14:51:04 +02:00
Harald Hoyer	2d1d68210b	fix(container-vault-sgx-azure): increase max file descriptors for vault Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-08-08 11:06:56 +02:00
Harald Hoyer	97a1654c59	chore: turn off debug again The increase of `max_threads` and `stack.size` did the trick. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-08-07 12:22:17 +02:00
Harald Hoyer	0de5447580	chore: tweak vault parameters for slow plugin loading Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-08-07 10:12:36 +02:00
Harald Hoyer	a0a08d2ce7	chore: debug vault with gramine debug Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-08-06 16:34:36 +02:00
Harald Hoyer	cd108a5d9f	chore: debug vault with gramine trace Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-08-06 15:12:12 +02:00
Harald Hoyer	840730d598	chore: debug vault with gramine warning Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-08-06 12:57:48 +02:00
otani	ace415a43e	fix: dns for vault nodes	2024-07-09 16:39:04 +03:00
Harald Hoyer	ae01290bcc	chore: change dns names for the vault cluster Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-07-09 11:11:10 +02:00
Harald Hoyer	fc3fe37f81	fix: `sgx.nonpie_binary` option is deprecated see https://github.com/gramineproject/gramine/pull/1187 Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-07-02 13:14:38 +02:00
Harald Hoyer	943ef8c878	feat: use `nixsgxLib.mkSGXContainer` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-07-01 17:25:00 +02:00
Harald Hoyer	de06acbef9	fix: don't tag the nix produced container with `latest` leave it to the github workflow on push to main Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-06-12 13:21:44 +02:00
Harald Hoyer	d0c5950c0e	feat: use nixsgx nix function to create containers It refactors the way the SGX containers are built. This removes all `Dockerfile` and gramine manifest files. It also enables a single recipe for azure and non-azure variants. Additionally the `teepot-crate.nix` is now the inherited recipe to build the rust `teepot` crate. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-06-10 16:32:02 +02:00
Harald Hoyer	284393bf76	fix: only restart `aesmd` if `aesm.socket` is not readable Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-05-21 13:41:08 +02:00
Harald Hoyer	9680e32e82	fix: cleanup the nix packages `curl` and `openssl` have to be specified with `.out` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-03-08 14:19:31 +01:00
Harald Hoyer	91f1612e0f	chore: cleanup and nixify * create containers with nix * updated README.md * added SPDX license headers Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-02-28 11:09:34 +01:00

19 commits