teepot

mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 15:13:56 +02:00

Author	SHA1	Message	Date
Harald Hoyer	4610475fae	feat: add TDX support Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-12-20 10:54:24 +01:00
Harald Hoyer	f4fba51e3e	chore: rustfmt	2024-12-20 09:31:03 +01:00
Harald Hoyer	c2e8bb6f94	chore(licensing): clarify licenses for TDX packages - Added explicit license clarifications for `tdx-attest-sys` and `tdx-attest-rs` packages. - Ensured compliance with BSD-3-Clause for both packages.	2024-12-20 09:31:02 +01:00
Harald Hoyer	a0f101acf1	feat(teepot-crate): add libtdx_attest to dependencies - Included `nixsgx.sgx-dcap.libtdx_attest` in the dependencies list. - Ensures support for TDX attestation in the build environment.	2024-12-20 09:31:01 +01:00
Harald Hoyer	34a00bc5bd	feat(shell): enhance teepot shell with Rust tools support - Add rustfmt, clippy, and rust-src as extensions in the Rust toolchain. - Include bindgenHook and pkg-config in nativeBuildInputs for improved build support. - Set RUST_SRC_PATH for better Rust library integration.	2024-12-20 09:31:01 +01:00
Harald Hoyer	b066cdd15a	fix: update build process for teepot package - Fix output format for propagated-user-env-packages. - Remove empty bin directory after binaries are moved.	2024-12-20 09:31:00 +01:00
Harald Hoyer	f818ac61c2	chore(flake.nix): update crane to ref 8ff9c45 - Upgraded crane from v0.17.3 to v0.19.3 using a specific commit ref. - Ensures compatibility with the latest improvements and fixes in crane. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-12-20 09:30:59 +01:00
Harald Hoyer	83d57bf354	chore: update Rust toolchain to version 1.83 - Upgraded the Rust version in rust-toolchain.toml to 1.83. - Ensures compatibility and access to the latest features and fixes. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-12-20 09:29:43 +01:00
Patrick	e4629aee55	Merge pull request #225 from matter-labs/handle_old_proof_response fix(proof-validation): handle optional proof status	2024-11-28 17:45:21 +01:00
Patrick	78471f5b64	Merge branch 'main' into handle_old_proof_response	2024-11-28 17:28:53 +01:00
Patrick	6e88e200da	Merge pull request #224 from matter-labs/fix_logging refactor(logging): enhance logging setup and usage	2024-11-28 17:25:25 +01:00
Harald Hoyer	a7951f95bc	Merge branch 'main' into handle_old_proof_response	2024-11-28 16:49:04 +01:00
Harald Hoyer	4c2a096917	Merge branch 'main' into fix_logging	2024-11-28 16:48:28 +01:00
Harald Hoyer	ba7868c6b0	Merge pull request #223 from matter-labs/nix_flake_update chore: update dependencies and enhance shell configuration	2024-11-28 16:48:13 +01:00
Harald Hoyer	f0fea5c122	refactor(logging): enhance logging setup and usage - Modified the `setup_logging` function to return a `Subscriber`, improving flexibility and reuse. - Integrated `tracing::subscriber::set_global_default` in the main functions to establish the logging subscriber globally. - Added configurations for span events and control over file and line information display. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-11-28 15:49:15 +01:00
Harald Hoyer	4a0a4f6e5e	fix(proof-validation): handle optional proof status Ensure proof status is treated as optional, preventing crashes when status is absent. - Modify status field to `Option<String>` in `Proof` struct. - Update validation logic to handle `None` values safely. - Adjust main logic to check for "permanently_ignored" safely.	2024-11-28 15:48:23 +01:00
Harald Hoyer	d8239dba2f	chore: update dependencies and enhance shell configuration - Updated multiple dependencies in flake.lock to their latest revisions. - Improved the shell configuration in the teepot with enhanced environment variable settings for SGX support. - Reinstated OPENSSL_NO_VENDOR and added library paths to ensure compatibility and proper linking.	2024-11-28 15:45:39 +01:00
Harald Hoyer	5b7f7482e6	Merge pull request #221 from matter-labs/tee/pab/error-handling-get-tee-proofs-api feat(verifier): don't retry verifying permanently ignored batches	2024-11-27 11:09:21 +01:00
Harald Hoyer	35db54779e	Merge branch 'main' into tee/pab/error-handling-get-tee-proofs-api	2024-11-27 10:48:35 +01:00
Patrick	73ce227070	Merge pull request #222 from matter-labs/license chore: update lint workflow actions	2024-11-27 10:33:30 +01:00
Harald Hoyer	2c6a62a471	chore: update lint workflow actions - Changed spdx action to reference a stable commit instead of master. - Changed license list to conform to new action parameter format	2024-11-27 08:50:42 +01:00
Patryk Bęza	e63d0901fa	feat(verifier): don't retry verifying permanently ignored batches Currently, the [TEE verifier][1] – the tool for continuous SGX attestation and batch signature verification – is [stuck][2] on batches that failed to be proven and are marked as `permanently_ignored`. The tool should be able to distinguish between batches that are permanently ignored (and should be skipped) and batches that have failed but will be retried. This PR enables that distinction. This commit goes hand in hand with the following PR: https://github.com/matter-labs/zksync-era/pull/3321 [1]: https://github.com/matter-labs/teepot/blob/main/bin/verify-era-proof-attestation/src/main.rs [2]: https://grafana.matterlabs.dev/goto/unFqf57Hg?orgId=1	2024-11-26 17:19:55 +01:00
Harald Hoyer	1a8a9f17fa	Merge pull request #212 from matter-labs/logging feat(logging): centralize logging setup in teepot crate	2024-09-18 16:38:39 +02:00
Harald Hoyer	af3ab51320	feat(logging): centralize logging setup in teepot crate - Added a new logging module in `teepot` crate. - Removed redundant logging setup code from individual projects. - Updated dependencies and references for logging setup. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-09-18 16:08:13 +02:00
Harald Hoyer	2ff3b1168d	Merge pull request #210 from matter-labs/crane fix(flake.nix): remove redundant crane input follow	2024-09-18 15:46:41 +02:00
Harald Hoyer	b7f4828a6d	Merge branch 'main' into crane	2024-09-18 15:36:26 +02:00
Harald Hoyer	7c61f81137	Merge pull request #211 from matter-labs/magix_nix_cache ci: remove magic nix cache	2024-09-18 15:36:15 +02:00
Harald Hoyer	69ae1d39e3	Merge branch 'main' into magix_nix_cache	2024-09-18 15:24:08 +02:00
Harald Hoyer	538782e1f9	Merge pull request #209 from matter-labs/feat/hex-serialization feat(tee): use hex deserialization for RPC requests	2024-09-18 15:22:43 +02:00
Harald Hoyer	9bce6edfaa	ci: remove magic nix cache Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-09-18 14:56:04 +02:00
Harald Hoyer	21a9ecdee1	fix(flake.nix): remove redundant crane input follow - Removed the unnecessary crane input follow from flake.nix. ``` warning: input 'crane' has an override for a non-existent input 'nixpkgs' ```	2024-09-18 14:46:33 +02:00
Patryk Bęza	9bf40c9cb9	feat(tee): use hex deserialization for RPC requests Following Anton's suggestion, we have switched to hex serialization for API/RPC requests and responses. Previously, we used default JSON serialization for Vec<u8>, which resulted in a lengthy comma-separated list of integers. This change standardizes serialization, making it more efficient and reducing the size of the responses. The previous format, with a series of comma-separated integers for pubkey-like fields, looked odd. Then: ``` curl -X POST\ -H "Content-Type: application/json" \ --data '{"jsonrpc": "2.0", "id": 1, "method": "unstable_getTeeProofs", "params": [491882, "Sgx"] }' \ https://mainnet.era.zksync.io {"jsonrpc":"2.0","result":[{"attestation":[3,0,2,0,0,0,0,0,10,<dozens of comma-separated integers here> ``` Now: ``` $ curl -X POST \ -H "Content-Type: application/json" \ --data '{"jsonrpc": "2.0", "id": 1, "method": "unstable_getTeeProofs", "params": [1, "sgx"] }' \ http://localhost:3050 {"jsonrpc":"2.0","result":[{"l1BatchNumber":1,"teeType":"sgx","pubkey":"0506070809","signature":"0001020304","proof":"0a0b0c0d0e","provedAt":"2024-09-16T11:53:38.253033Z","attestation":"0403020100"}],"id":1} ``` This change needs to be deployed in lockstep with: https://github.com/matter-labs/zksync-era/pull/2887.	2024-09-18 14:10:21 +02:00
Harald Hoyer	2c326f83bd	Merge pull request #207 from matter-labs/container-tag chore: tag container with git tag	2024-09-17 15:09:02 +02:00
Harald Hoyer	e7b743b213	chore: tag container with git tag Allow all tags and tag the matterlabsrobot container with it. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-09-17 14:48:49 +02:00
Harald Hoyer	3b7041b459	Merge pull request #206 from matter-labs/cargo-release chore: Release	2024-09-16 17:38:14 +02:00
Harald Hoyer	77818cffef	chore: Release	2024-09-16 17:01:14 +02:00
Harald Hoyer	2b6e68e269	Merge pull request #205 from matter-labs/cargo-release chore: prepare release tags	2024-09-16 16:39:51 +02:00
Harald Hoyer	7743c1321a	chore: prepare release tags * set `publish = false` for multiple Cargo.toml files * cargo update * fix taplo.toml * sort `workspace.dependencies` * add `cargo-release` to nix shell Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-09-16 16:14:26 +02:00
Harald Hoyer	108ef8cc07	Merge pull request #198 from matter-labs/patrick/attestation-acceptance-params feat(verify-era-proof-attestation): added continuous mode with attestation policies	2024-09-16 12:04:42 +02:00
Patryk Bęza	4fcaaa7398	feat(verify-era-proof-attestation): continuous mode with attestation policies This PR introduces TEE Prover continuous mode with attestation policies. Attestation policies are a set of criteria that determine whether an SGX attestation should be considered valid or invalid. In practice, this means checking against a specified set of mrsigners, mrenclaves, and TCB levels. If the attestation’s mrenclave/mrsigner/TCB levels matches those in the provided --sgx-mrenclaves/--sgx-mrsigners/--sgx-allowed-tcb-levels, we treat the attestation as successfully verified. Otherwise, the attestation is considered invalid. The --continuous mode for the TEE Prover allows it to run continuously, verifying new batches exposed by the node's RPC API in real-time. To try it out, run the following commands: $ nix build -L .#container-verify-era-proof-attestation-sgx $ export IMAGE_TAG=$(docker load -i result \| grep -Po 'Loaded image.: \K.') $ docker run -i --init --rm $IMAGE_TAG --continuous 11505 --rpc https://sepolia.era.zksync.dev --sgx-allowed-tcb-levels Ok,SwHardeningNeeded --log-level debug $ docker run -i --init --rm $IMAGE_TAG --batch 11509 --rpc https://sepolia.era.zksync.dev --sgx-allowed-tcb-levels Ok,SwHardeningNeeded --log-level debug	2024-09-13 19:34:37 +02:00
Harald Hoyer	dd2a0304be	Merge pull request #199 from matter-labs/devshell_env chore(nix): set shell environment for openssl	2024-09-11 15:31:50 +02:00
Harald Hoyer	d37d8c4845	chore(nix): set shell environment for openssl The shellHook statement has been added to export OPENSSL_NO_VENDOR as 1. This should prevent building the vendored version of openssl.	2024-09-11 10:35:32 +02:00
Harald Hoyer	e13bf353e0	Merge pull request #197 from matter-labs/extracmd chore: add extra startup information to unseal and admin enclaves	2024-09-04 10:00:07 +02:00
Harald Hoyer	488dcfcdca	chore: add extra startup information to unseal and admin enclaves This eases testing and debugging. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-09-04 09:47:20 +02:00
Harald Hoyer	537521f0ee	Merge pull request #184 from matter-labs/renovate/trufflesecurity-trufflehog-3.x chore(deps): update trufflesecurity/trufflehog action to v3.81.10	2024-09-03 15:24:37 +02:00
renovate[bot]	5162acd666	chore(deps): update trufflesecurity/trufflehog action to v3.81.10	2024-09-03 13:17:07 +00:00
Harald Hoyer	3b9735499c	Merge pull request #195 from matter-labs/cargo-update chore: cargo and flake update	2024-09-03 15:15:46 +02:00
Harald Hoyer	301f91d269	Merge branch 'main' into cargo-update	2024-09-03 14:51:51 +02:00
Patrick	0e6eb2b74e	feat(verify-era-proof-attestation): add support for verifying a range of batches (#194 ) Co-authored-by: Harald Hoyer <harald@matterlabs.dev>	2024-09-03 12:48:04 +00:00
Harald Hoyer	d88f79d239	chore: rename `nixsgxLib.mkSGXContainer` to `pkgs.lib.tee.sgxGramineContainer` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-09-03 13:24:20 +02:00

1 2 3 4 5 ...

335 commits