teepot

mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 23:23:57 +02:00

Author	SHA1	Message	Date
Harald Hoyer	1e853f653a	refactor(quote): move TCB level logic to a dedicated module - Extracted `TcbLevel` functionality from `sgx` module to `quote::tcblevel`. - Updated all references to import `TcbLevel` and related utilities from `quote::tcblevel`. - Updated copyright headers to reflect the new year range. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-04-04 17:05:23 +02:00
Harald Hoyer	2ba5c45d31	Merge pull request #299 from matter-labs/leftover fix(teepot-vault): remove leftover `tdx` module	2025-04-04 16:04:09 +02:00
Harald Hoyer	8596e0dc6a	fix(teepot-vault): remove leftover `tdx` module Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-04-04 14:40:43 +02:00
Harald Hoyer	fdad63e4b1	Merge pull request #298 from matter-labs/yaml feat(ci): switch to GitHub Container Registry for images	2025-04-02 17:28:06 +02:00
Harald Hoyer	3257f316b5	feat(ci): switch to GitHub Container Registry for images Updated the workflow to push container images to GitHub Container Registry instead of Docker Hub. Added a login step for GHCR and updated image tagging and pushing commands accordingly. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-04-02 17:10:20 +02:00
Harald Hoyer	542e3a9fcc	Merge pull request #297 from matter-labs/pre-exec-context fix(tee-key-preexec): add context to file write operations	2025-04-02 16:43:25 +02:00
Harald Hoyer	e27b5da856	fix(tee-key-preexec): add context to file write operations - Add context to `std::fs::write` calls to improve error tracing. - Ensures better debugging by attaching filenames to potential errors. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-04-02 16:18:27 +02:00
Harald Hoyer	9114c47b90	Merge pull request #292 from matter-labs/teepot_vault chore: split-out vault code from `teepot` in `teepot-vault`	2025-04-02 15:18:01 +02:00
Harald Hoyer	f03a8ba643	Merge branch 'main' into teepot_vault	2025-03-28 14:13:14 +01:00
Harald Hoyer	49568c66a7	Merge pull request #295 from matter-labs/sha384-extend feat(bin): enhance SHA384 extend utility with padding and tests	2025-03-28 13:57:21 +01:00
Harald Hoyer	fa2ecee4bd	feat(sha384-extend): enhance SHA384 extend utility with padding and tests - Refactor `sha384-extend` to include digest padding and validation. - Add `extend_sha384` function for hex-string-based digest extension. - Introduce comprehensive test coverage for edge cases and errors. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-03-28 12:55:13 +01:00
Harald Hoyer	7258452b79	Merge pull request #294 from matter-labs/proper_otlp_http_logging feat(config): update OTLP endpoint and protocol handling	2025-03-26 16:21:07 +01:00
Harald Hoyer	982fcc363b	Merge branch 'main' into teepot_vault	2025-03-25 13:40:50 +01:00
Harald Hoyer	e62aff3511	feat(config): update OTLP endpoint and protocol handling - Change default OTLP endpoint to match the HTTP/JSON spec. - Add dynamic protocol-based exporter configuration. - Support both gRPC and HTTP/JSON transports for logging. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-03-25 11:49:57 +01:00
Harald Hoyer	6c3bd96617	Merge pull request #293 from matter-labs/tdx_wait_for_vector feat(tdx_google): add iproute2 and vector initialization wait	2025-03-21 13:26:34 +01:00
Harald Hoyer	3f90e4f80b	feat(tdx_google): add iproute2 and vector initialization wait - Include iproute2 in the container path for required networking tools. - Add a script to wait for vector to initialize before proceeding.	2025-03-21 13:11:23 +01:00
Harald Hoyer	f8bd9e6a08	chore: split-out vault code from `teepot` in `teepot-vault` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-03-06 09:47:51 +01:00
Harald Hoyer	63c16b1177	Merge pull request #291 from matter-labs/no_quote fix(verify-attestation): bail out, if no quote provided	2025-03-06 09:44:32 +01:00
Harald Hoyer	7cb3af4b65	Merge branch 'main' into no_quote	2025-03-06 09:30:33 +01:00
Harald Hoyer	51dc68b12f	Merge pull request #290 from matter-labs/self-attestation-readme-podman docs(tee-self-attestation-test): add podman example	2025-03-06 09:30:17 +01:00
Harald Hoyer	55ea2a6069	fix(verify-attestation): bail out, if no quote provided Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-03-06 09:07:31 +01:00
Harald Hoyer	98ed802b75	docs(tee-self-attestation-test): add podman example Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-03-06 08:57:55 +01:00
Harald Hoyer	89145514b0	Merge pull request #285 from matter-labs/missing_recoverid_two fix(verify-era-proof-attestation): handle missing RecoveryId signatures	2025-03-03 10:47:59 +01:00
Harald Hoyer	bece17f7bf	Merge branch 'main' into missing_recoverid_two	2025-03-03 08:52:32 +01:00
Harald Hoyer	bce991f77c	Merge pull request #283 from matter-labs/rustls_ring_provider fix(teepot-vault): use `ring` as `CryptoProvider` for `rustls`	2025-03-01 09:36:27 +01:00
Harald Hoyer	589e375d47	Merge branch 'main' into rustls_ring_provider	2025-03-01 09:11:21 +01:00
Harald Hoyer	a6ea98a096	fix(verify-era-proof-attestation): handle missing RecoveryId signatures - add `RecoveryId::Two` and `RecoveryId::Three` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-03-01 09:07:29 +01:00
Harald Hoyer	736fe10200	Merge pull request #284 from matter-labs/missing_recoverid fix(verify-era-proof-attestation): handle missing RecoveryId signatures	2025-02-28 19:31:49 +01:00
Harald Hoyer	c26b3db290	fix(verify-era-proof-attestation): handle missing RecoveryId signatures - Add fallback for missing RecoveryId in 64-byte signatures. - Improve error context for invalid signature length. - Add debug and trace logs for better diagnosis during verification. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-02-28 17:31:59 +01:00
Harald Hoyer	d6061c35a8	fix(teepot-vault): use `ring` as `CryptoProvider` for `rustls` New `rustls` needs global install of default `CryptoProvider`. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-02-28 14:14:57 +01:00
Harald Hoyer	0a73ed5012	Merge pull request #279 from matter-labs/cargo_update chore: remove unused `rand` dependency and update crates	2025-02-27 10:40:34 +01:00
Harald Hoyer	d3c17a7ace	Merge branch 'main' into cargo_update	2025-02-25 13:22:35 +01:00
Harald Hoyer	942091d3ae	Merge pull request #277 from matter-labs/rtmr3 feat(tdx): add TDX RTMR extension support with UEFI marker	2025-02-25 13:21:57 +01:00
Harald Hoyer	bd24825ece	Merge branch 'main' into cargo_update	2025-02-21 09:31:25 +01:00
Harald Hoyer	46b9269fc1	Merge branch 'main' into rtmr3	2025-02-21 09:31:18 +01:00
Harald Hoyer	d345c62db7	Merge pull request #278 from matter-labs/metadata-fail feat(tdx_google): add onFailure action to reboot on metadata.service errors	2025-02-21 09:28:28 +01:00
Harald Hoyer	f822c70721	chore: remove unused `rand` dependency and update crates - Removed `rand` dependency from multiple `.toml` files and updated relevant imports to use `rand_core::OsRng`. - Updated OpenTelemetry dependencies to latest versions and refactored SDK initialization to use `SdkLoggerProvider`. - Bumped versions of several dependencies including `clap`, `awc`, `ring`, and `smallvec` for compatibility and features. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-02-20 15:40:13 +01:00
Harald Hoyer	cf4a6cfb60	feat(tdx_google): add onFailure action to reboot on metadata.service errors - Introduce `onFailure` handler to trigger reboot after 5 minutes. - Enhances system reliability by automating recovery measures. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-02-20 15:32:51 +01:00
Harald Hoyer	049f1b3de8	feat(tdx): add TDX RTMR extension support with UEFI marker - Added `UEFI_MARKER_DIGEST_BYTES` constant for TDX RTMR extension. - Implemented RTMR3 extension in `tee-key-preexec` for TDX attestation flow. - Updated `rtmr-calc` to use `UEFI_MARKER_DIGEST_BYTES` for RTMR1 extension. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-02-20 15:15:44 +01:00
Harald Hoyer	a430e2f93b	Merge pull request #276 from matter-labs/sys feat(tdx_google): add support for attestation in container	2025-02-20 12:55:39 +01:00
Harald Hoyer	a5cf220c57	feat(tdx_google): add support for attestation in container - Mount `/sys/kernel/config` to enable attestation for TDX containers. - Ensures compatibility with TDX guest measurements during runtime.	2025-02-20 12:14:10 +01:00
Harald Hoyer	e936f5079d	Merge pull request #272 from matter-labs/refactor refactor(tdx_google): modularize tdx_google configuration	2025-02-20 10:04:11 +01:00
Harald Hoyer	439574f22c	chore(tdx_google): remove unused `teepot` package from system environment Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-02-19 15:01:02 +01:00
Harald Hoyer	760ff7eff1	refactor(tdx_google): simplify service configurations - Replaced hardcoded metadata-fetching logic with shared metadata service. - Removed custom pre-start scripts and refactored environment handling. - Updated Vector configuration to include custom field transformations. - Streamlined container startup process and ensured proper cleanup. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-02-19 15:00:43 +01:00
Harald Hoyer	5d2ad57cfd	refactor(tdx_google): modularize tdx_google configuration - Split `tdx_google/configuration.nix` into smaller modules: `vector.nix`, and `container.nix`. - Simplified the main configuration by leveraging modular imports for better readability and maintainability. Signed-off-by: Harald Hoyer <harald@matterlabs.dev> # Conflicts: # packages/tdx_google/configuration.nix	2025-02-19 15:00:42 +01:00
Harald Hoyer	4d273076ee	Merge pull request #271 from matter-labs/Metadata-Flavor fix(teepot): add custom HTTP header for google metadata and update default endpoint	2025-02-19 14:59:09 +01:00
Harald Hoyer	98a71b3e3a	fix(teepot): add custom HTTP header for google metadata and update default endpoint - Replace `reqwest::get` with a configured `reqwest::Client` to support custom headers (e.g., "Metadata-Flavor: Google"). - Update default OTLP endpoint to include the "http://" prefix for clarity.	2025-02-19 13:58:39 +01:00
Harald Hoyer	ee3061b2ec	Merge pull request #270 from matter-labs/serial feat(configuration): update journald and serial settings	2025-02-19 11:30:28 +01:00
Harald Hoyer	bbbce81541	feat(configuration): update journald and serial settings - Set journald console to `/dev/ttyS0` for improved logging. - Disable `serial-getty@ttyS0` service to avoid conflicts.	2025-02-19 11:16:34 +01:00
Harald Hoyer	c4b1431221	Merge pull request #268 from matter-labs/tdx-test feat: rewrite google-metadata test as tdx-test	2025-02-18 08:36:12 +01:00

1 2 3 4 5 ...

434 commits