harald/teepot
1
0
Fork 0
mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 15:13:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
296 commits 23 branches 61 tags 2.2 MiB
Commit graph

59 commits

Author SHA1 Message Date
Patryk Bęza
4fcaaa7398
feat(verify-era-proof-attestation): continuous mode with attestation policies 
This PR introduces TEE Prover continuous mode with attestation policies.

Attestation policies are a set of criteria that determine whether an SGX
attestation should be considered valid or invalid. In practice, this
means checking against a specified set of mrsigners, mrenclaves, and TCB
levels. If the attestation’s mrenclave/mrsigner/TCB levels matches those
in the provided --sgx-mrenclaves/--sgx-mrsigners/--sgx-allowed-tcb-levels,
we treat the attestation as successfully verified. Otherwise, the
attestation is considered invalid.

The --continuous mode for the TEE Prover allows it to run continuously,
verifying new batches exposed by the node's RPC API in real-time.

To try it out, run the following commands:

    $ nix build -L .#container-verify-era-proof-attestation-sgx
    $ export IMAGE_TAG=$(docker load -i result | grep -Po 'Loaded image.*: \K.*')
    $ docker run  -i --init --rm $IMAGE_TAG --continuous 11505 --rpc https://sepolia.era.zksync.dev --sgx-allowed-tcb-levels Ok,SwHardeningNeeded --log-level debug
    $ docker run  -i --init --rm $IMAGE_TAG --batch 11509 --rpc https://sepolia.era.zksync.dev --sgx-allowed-tcb-levels Ok,SwHardeningNeeded --log-level debug
 2024-09-13 19:34:37 +02:00
Harald Hoyer
b0ac83b78e
chore: update Cargo.lock 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-09-03 13:24:18 +02:00
Harald Hoyer
c94912d832
feat(tee-key-preexec): add cmdline arg for env prefix 
- Introduced `clap` for command-line argument parsing.
- Replaced manual argument handling with `clap`'s derived `Args` struct.
- Updated environmental variables to use dynamic prefixes.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-09-03 10:42:42 +02:00
Patryk Bęza
5e4b8901b0
feat(verify-attestation): RPC attestation and batch signature verification binary 
This is another variant of the binary tool for verifying attestation and
the signature of a given batch. Unlike the existing tool, this variant
does not require you to provide two separate files—one for the
attestation and one for the signature. Instead, it automatically fetches
both from the RPC node.

Unfortunately, after discussing with @popzxc, we found that there is no way
to reuse the RPC client because our published crates on crates.io are
outdated and do not include the recently merged TEE-specific code
changes. To be fixed in the future.
 2024-08-30 12:14:55 +02:00
renovate[bot]
6b7e1b09cb
chore(deps): update rust crate serde to v1.0.205 2024-08-08 02:33:26 +00:00
Harald Hoyer
0bdc3425e4
chore: cargo update 
and fix `cargo clippy` issues.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-08-07 15:26:20 +02:00
renovate[bot]
6b3a60c3d1
chore(deps): update rust crate tokio to v1.39.1 2024-07-23 16:34:36 +00:00
Patryk Bęza
ad6ce872f8
fix(verify-attestation): simplify dependencies 
The zksync crates have recently been published on crates.io. Let's take
advantage of them! Specifically, we are replacing alloy-primitives with
zksync_basic_types to avoid the additional transitive dependencies
introduced by alloy.
 2024-07-22 14:45:27 +02:00
Patryk Bęza
78447ea307
Unify verify-attestation-sgx and verify-attestation 
Rationale: too much copy-paste
 2024-07-11 17:13:11 +02:00
Patryk Bęza
f3f6ea1dba
Introduce root_hash option 2024-07-11 11:29:37 +02:00
Patryk Bęza
f90088be76
SGX attestation & batch signature verification tool 2024-07-10 14:47:07 +02:00
renovate[bot]
50bf6bd57b
chore(deps): update rust crate serde_with to v3.8.2 2024-07-02 14:59:45 +00:00
renovate[bot]
4d10b7368e
chore(deps): update rust crate pgp to v0.13.1 2024-07-02 14:15:24 +00:00
renovate[bot]
cce76133e0
chore(deps): update rust crate clap to v4.5.8 2024-07-02 13:42:52 +00:00
renovate[bot]
c0b49359b0
chore(deps): update rust crate serde_json to v1.0.120 2024-07-02 12:44:20 +00:00
Patryk Bęza
4c76318702
Replace secp256k1 with k256 crate 
Rationale: we already have secp256k1 in our dependencies, as suggested
by Igor:
https://github.com/matter-labs/zksync-era/pull/2333#discussion_r1656531731
 2024-07-01 14:17:13 +02:00
renovate[bot]
1737f2d149
chore(deps): update rust crate log to v0.4.22 2024-06-28 01:01:27 +00:00
renovate[bot]
b77f130ffa
chore(deps): update rust crate serde_json to v1.0.118 2024-06-27 14:58:33 +00:00
renovate[bot]
6a3d2eaaa7
chore(deps): update rust crate bitflags to v2.6.0 2024-06-25 01:46:09 +00:00
Harald Hoyer
df7973c501
chore: cargo update + taplo fmt 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-20 14:00:18 +02:00
renovate[bot]
0a01ae50e2
chore(deps): update rust crate pgp to 0.13 2024-06-18 09:15:55 +00:00
Harald Hoyer
795965dbbd
chore(deps): update deps and licenses 
add `Unicode-3.0` as approved license.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-12 15:00:10 +02:00
Harald Hoyer
81d4077a6e
chore(deps): cargo update 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-05-21 13:26:29 +02:00
renovate[bot]
5dd131c078
chore(deps): update rust crate bytemuck to v1.16.0 2024-05-21 10:58:39 +00:00
renovate[bot]
1ee5f10eb3
chore(deps): update rust crate anyhow to v1.0.83 2024-05-07 20:12:16 +00:00
renovate[bot]
3549a79bb6
chore(deps): update rust crate serde to v1.0.200 2024-05-07 18:45:29 +00:00
renovate[bot]
39ce83ffca
chore(deps): update rust crate bytes to v1.6.0 2024-05-07 15:31:30 +00:00
renovate[bot]
1d3e51594b
chore(deps): update rust crate tokio to v1.37.0 2024-05-07 15:26:11 +00:00
renovate[bot]
118bb076af
chore(deps): update rust crate rustls to v0.22.4 [security] 2024-04-29 10:57:16 +00:00
renovate[bot]
603cf9b38d
chore(deps): update rust crate thiserror to 1.0.59 2024-04-29 09:50:50 +00:00
renovate[bot]
e61e970e16
chore(deps): update rust crate serde_with to 3.8 2024-04-29 08:51:25 +00:00
renovate[bot]
e315d057a3
chore(deps): update rust crate getrandom to 0.2.14 2024-04-18 12:07:26 +00:00
renovate[bot]
5d29dc0cba
chore(deps): update rust crate der to 0.7.9 2024-04-17 08:43:33 +00:00
renovate[bot]
c1874c16f6
chore(deps): update rust crate anyhow to 1.0.82 2024-04-10 08:24:47 +00:00
renovate[bot]
0cd832aca3
chore(deps): update rust crate bitflags to 2.5 2024-03-28 09:09:55 +00:00
renovate[bot]
992d97e836
chore(deps): update rust crate bytemuck to 1.15.0 2024-03-13 08:10:13 +00:00
Harald Hoyer
af5df7864c
chore: Release 2024-03-12 15:23:51 +01:00
Harald Hoyer
2f71d4b42e
chore: Release 2024-03-12 15:10:22 +01:00
Harald Hoyer
ec553240c2
chore: Release 2024-03-12 15:09:31 +01:00
Harald Hoyer
8dd4c1292a
chore: rename intel-tee-quote-verification-rs to teepot-tee-quote-verification-rs 
and prepare to publish on crates.io

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-03-12 11:57:21 +01:00
renovate[bot]
fbae6b3027
chore(deps): update rust crate serde_with to 3.7 2024-03-12 09:50:19 +00:00
renovate[bot]
a27aebcd4a
chore(deps): update rust crate anyhow to 1.0.81 2024-03-12 09:39:04 +00:00
renovate[bot]
46580fd85b
chore(deps): update rust crate thiserror to 1.0.58 2024-03-12 09:32:52 +00:00
Harald Hoyer
0654bacdb5
ci: use crane flake to build with nix 
This enables to add cargo `fmt`, `clippy` and `deny` to nix, using cached results.

Move the `teepot` crate to the `crates` subdir to make the life easier for
the `crane` flake.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-03-11 10:01:59 +01:00
Harald Hoyer
97420df006
feat: attestation test on azure and default dcap 
```
❯ docker run -i --rm --privileged  --device /dev/sgx_enclave --net host \
  matterlabsrobot/teepot-self-attestation-test-sgx-azure:latest \
  | base64 -d --ignore-garbage \
  | docker run -i --rm --net host matterlabsrobot/verify-attestation-sgx-azure:latest
```

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-03-07 16:05:27 +01:00
Harald Hoyer
f875e7a6e4
chore(deps): update rust crate base64 to 0.22.0 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-03-05 11:10:41 +01:00
renovate[bot]
26cfc8cc69
chore(deps): update rust crate mio to v0.8.11 [security] 2024-03-04 22:39:59 +00:00
Harald Hoyer
59807c4286
chore(deps): remove unused dependencies 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-02-28 15:18:28 +01:00
Harald Hoyer
0b60abc030
feat: use real RA-TLS for everything 
* add `tee-ratls-preexec` for creating the vault certificate
* remove the old attestation API

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-02-27 16:44:28 +01:00
renovate[bot]
a09061d01f
chore(deps): update rust crate pgp to 0.11 2024-02-21 21:49:44 +00:00