teepot

mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 15:13:56 +02:00

Author	SHA1	Message	Date
Harald Hoyer	49bb4a3bef	chore(deps): update `teepot` crates to version 0.6.0 - Set `teepot`, `teepot-tee-quote-verification-rs`, and `teepot-vault` crate versions to 0.6.0 in `Cargo.toml`. - Ensures consistency with the planned 0.6.0 release preparation.	2025-06-25 09:31:29 +02:00
Harald Hoyer	b4e0014e4e	chore(deps): prepare release 0.6.0 - vendor unpublished tdx-attest-rs and tdx-attest-sys crates to be able to publish to crates.io - Updated package versions in `Cargo.toml` and `Cargo.lock` to 0.6.0. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-06-24 16:39:00 +02:00
Lucille L. Blumire	412e3b1698	chore(deps): Update all dependencies to latest	2025-06-23 10:09:50 +01:00
Harald Hoyer	716c782e6f	chore(deps): update crates and nix flakes - Updated multiple Rust dependencies, including `opentelemetry`, `const-oid`, and `webpki-roots` for enhanced features and bug fixes. - Upgraded `nixpkgs` and `crane` in the nix flake configuration. - Removed unused dependencies and introduced missing dependencies for improved build integrity. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-05-30 17:54:30 +02:00
Harald Hoyer	2bbfb2415c	feat(quote): add FMSPC and CPUSVN extraction support - Introduced new types `Fmspc`, `CpuSvn`, and `Svn` for SGX metadata. - Added methods to extract raw certificate chains and FMSPC from SGX quotes. - Created new test file for validating FMSPC extraction with example quotes. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-05-06 11:43:51 +02:00
Harald Hoyer	ed84a424db	feat(api): add Intel DCAP API client module Introduced a new `intel-dcap-api` crate for interacting with Intel's DCAP APIs. - Implemented various API client functionalities for SGX/TDX attestation services. - Added support for registration, certification, enclave identity, and FMSPC retrieval. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-04-10 14:51:51 +02:00
Harald Hoyer	eb39705ff1	feat: compat code for non `x86_64-linux` - do not build packages, which require `x86_64-linux` - use Phala `dcap-qvl` crate for remote attestation, if possible - nix: exclude `nixsgx` on non `x86_64-linux` platforms Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-04-10 11:57:46 +02:00
Harald Hoyer	2605e2ae3a	refactor(verify-era-proof-attestation): modularize and restructure proof verification logic - Split `verify-era-proof-attestation` into modular subcomponents for maintainability. - Moved client, proof handling, and core types into dedicated modules.	2025-04-04 17:05:30 +02:00
Harald Hoyer	f8bd9e6a08	chore: split-out vault code from `teepot` in `teepot-vault` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-03-06 09:47:51 +01:00
Harald Hoyer	d6061c35a8	fix(teepot-vault): use `ring` as `CryptoProvider` for `rustls` New `rustls` needs global install of default `CryptoProvider`. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-02-28 14:14:57 +01:00
Harald Hoyer	f822c70721	chore: remove unused `rand` dependency and update crates - Removed `rand` dependency from multiple `.toml` files and updated relevant imports to use `rand_core::OsRng`. - Updated OpenTelemetry dependencies to latest versions and refactored SDK initialization to use `SdkLoggerProvider`. - Bumped versions of several dependencies including `clap`, `awc`, `ring`, and `smallvec` for compatibility and features. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-02-20 15:40:13 +01:00
Harald Hoyer	908579cd60	feat: rewrite google-metadata test as tdx-test Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-02-14 16:47:42 +01:00
Harald Hoyer	45309e58f4	chore: cargo deps update with code fixes for the new versions. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-02-10 15:44:16 +01:00
Harald Hoyer	11a22c9e67	feat: add Google Metadata support and TDX container test - Introduced `google-metadata` binary for reading GCP instance attributes. - Added TDX container test with new `container-test-tdx` package. - Updated Nix workflow and deployment scripts for Google Metadata integration. - Bumped `anyhow` to 1.0.95 and updated Cargo.lock. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-01-27 16:18:58 +01:00
Patryk Bęza	2d04ba0508	feat(tee-key-preexec): add support for Solidity-compatible pubkey in report_data This PR is part of the effort to implement on-chain TEE proof verification. This PR goes hand in hand with https://github.com/matter-labs/zksync-era/pull/3414.	2025-01-16 20:46:16 +01:00
Harald Hoyer	5d32396966	feat: add tdx-extend, sha384-extend and rtmr-calc This enables pre-calculating the TDX rtmr[1,2,3] values for an attested boot process. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-12-20 13:27:55 +01:00
Harald Hoyer	0b67a14cd1	chore: cargo update Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-12-20 12:20:39 +01:00
Harald Hoyer	4610475fae	feat: add TDX support Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-12-20 10:54:24 +01:00
Harald Hoyer	77818cffef	chore: Release	2024-09-16 17:01:14 +02:00
Harald Hoyer	7743c1321a	chore: prepare release tags * set `publish = false` for multiple Cargo.toml files * cargo update * fix taplo.toml * sort `workspace.dependencies` * add `cargo-release` to nix shell Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-09-16 16:14:26 +02:00
Patryk Bęza	4fcaaa7398	feat(verify-era-proof-attestation): continuous mode with attestation policies This PR introduces TEE Prover continuous mode with attestation policies. Attestation policies are a set of criteria that determine whether an SGX attestation should be considered valid or invalid. In practice, this means checking against a specified set of mrsigners, mrenclaves, and TCB levels. If the attestation’s mrenclave/mrsigner/TCB levels matches those in the provided --sgx-mrenclaves/--sgx-mrsigners/--sgx-allowed-tcb-levels, we treat the attestation as successfully verified. Otherwise, the attestation is considered invalid. The --continuous mode for the TEE Prover allows it to run continuously, verifying new batches exposed by the node's RPC API in real-time. To try it out, run the following commands: $ nix build -L .#container-verify-era-proof-attestation-sgx $ export IMAGE_TAG=$(docker load -i result \| grep -Po 'Loaded image.: \K.') $ docker run -i --init --rm $IMAGE_TAG --continuous 11505 --rpc https://sepolia.era.zksync.dev --sgx-allowed-tcb-levels Ok,SwHardeningNeeded --log-level debug $ docker run -i --init --rm $IMAGE_TAG --batch 11509 --rpc https://sepolia.era.zksync.dev --sgx-allowed-tcb-levels Ok,SwHardeningNeeded --log-level debug	2024-09-13 19:34:37 +02:00
Patryk Bęza	5e4b8901b0	feat(verify-attestation): RPC attestation and batch signature verification binary This is another variant of the binary tool for verifying attestation and the signature of a given batch. Unlike the existing tool, this variant does not require you to provide two separate files—one for the attestation and one for the signature. Instead, it automatically fetches both from the RPC node. Unfortunately, after discussing with @popzxc, we found that there is no way to reuse the RPC client because our published crates on crates.io are outdated and do not include the recently merged TEE-specific code changes. To be fixed in the future.	2024-08-30 12:14:55 +02:00
Harald Hoyer	0bdc3425e4	chore: cargo update and fix `cargo clippy` issues. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-08-07 15:26:20 +02:00
Patryk Bęza	ad6ce872f8	fix(verify-attestation): simplify dependencies The zksync crates have recently been published on crates.io. Let's take advantage of them! Specifically, we are replacing alloy-primitives with zksync_basic_types to avoid the additional transitive dependencies introduced by alloy.	2024-07-22 14:45:27 +02:00
Patryk Bęza	0a0811e99e	Fix formatting	2024-07-11 13:16:16 +02:00
Patryk Bęza	f3f6ea1dba	Introduce root_hash option	2024-07-11 11:29:37 +02:00
Patryk Bęza	4c76318702	Replace secp256k1 with k256 crate Rationale: we already have secp256k1 in our dependencies, as suggested by Igor: https://github.com/matter-labs/zksync-era/pull/2333#discussion_r1656531731	2024-07-01 14:17:13 +02:00
Harald Hoyer	df7973c501	chore: cargo update + taplo fmt Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-06-20 14:00:18 +02:00
renovate[bot]	0a01ae50e2	chore(deps): update rust crate pgp to 0.13	2024-06-18 09:15:55 +00:00
renovate[bot]	603cf9b38d	chore(deps): update rust crate thiserror to 1.0.59	2024-04-29 09:50:50 +00:00
renovate[bot]	e61e970e16	chore(deps): update rust crate serde_with to 3.8	2024-04-29 08:51:25 +00:00
renovate[bot]	e315d057a3	chore(deps): update rust crate getrandom to 0.2.14	2024-04-18 12:07:26 +00:00
renovate[bot]	5d29dc0cba	chore(deps): update rust crate der to 0.7.9	2024-04-17 08:43:33 +00:00
renovate[bot]	c1874c16f6	chore(deps): update rust crate anyhow to 1.0.82	2024-04-10 08:24:47 +00:00
renovate[bot]	0cd832aca3	chore(deps): update rust crate bitflags to 2.5	2024-03-28 09:09:55 +00:00
Harald Hoyer	562dc1071d	chore: strip release executables by default Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-03-14 10:47:42 +01:00
renovate[bot]	992d97e836	chore(deps): update rust crate bytemuck to 1.15.0	2024-03-13 08:10:13 +00:00
Harald Hoyer	af5df7864c	chore: Release	2024-03-12 15:23:51 +01:00
Harald Hoyer	2f71d4b42e	chore: Release	2024-03-12 15:10:22 +01:00
Harald Hoyer	ec553240c2	chore: Release	2024-03-12 15:09:31 +01:00
Harald Hoyer	8dd4c1292a	chore: rename intel-tee-quote-verification-rs to teepot-tee-quote-verification-rs and prepare to publish on crates.io Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-03-12 11:57:21 +01:00
renovate[bot]	fbae6b3027	chore(deps): update rust crate serde_with to 3.7	2024-03-12 09:50:19 +00:00
renovate[bot]	a27aebcd4a	chore(deps): update rust crate anyhow to 1.0.81	2024-03-12 09:39:04 +00:00
renovate[bot]	46580fd85b	chore(deps): update rust crate thiserror to 1.0.58	2024-03-12 09:32:52 +00:00
Harald Hoyer	0654bacdb5	ci: use `crane` flake to build with nix This enables to add cargo `fmt`, `clippy` and `deny` to nix, using cached results. Move the `teepot` crate to the `crates` subdir to make the life easier for the `crane` flake. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-03-11 10:01:59 +01:00
Harald Hoyer	f875e7a6e4	chore(deps): update rust crate base64 to 0.22.0 Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-03-05 11:10:41 +01:00
renovate[bot]	5ac6e3965b	chore(deps): update rust crate mio to 0.8.11	2024-03-05 08:37:48 +00:00
Harald Hoyer	59807c4286	chore(deps): remove unused dependencies Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-02-28 15:18:28 +01:00
Harald Hoyer	0b60abc030	feat: use real RA-TLS for everything * add `tee-ratls-preexec` for creating the vault certificate * remove the old attestation API Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-02-27 16:44:28 +01:00
renovate[bot]	a09061d01f	chore(deps): update rust crate pgp to 0.11	2024-02-21 21:49:44 +00:00

1 2

58 commits