harald/teepot
1
0
Fork 0
mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 23:23:57 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
239 commits 23 branches 61 tags 2.2 MiB
Commit graph

22 commits

Author SHA1 Message Date
Patryk Bęza
78447ea307
Unify verify-attestation-sgx and verify-attestation 
Rationale: too much copy-paste
 2024-07-11 17:13:11 +02:00
Patryk Bęza
f3f6ea1dba
Introduce root_hash option 2024-07-11 11:29:37 +02:00
Patryk Bęza
f90088be76
SGX attestation & batch signature verification tool 2024-07-10 14:47:07 +02:00
Harald Hoyer
204aa33f7f
fix(tee-vault-unseal): pick either VAULT_AUTH_TEE_SHA256 string or file 
Pick either `VAULT_AUTH_TEE_SHA256` or `VAULT_AUTH_TEE_SHA256_FILE`,
with `VAULT_AUTH_TEE_SHA256` having the precedence.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-07-03 14:42:06 +02:00
Harald Hoyer
f1b8a48a6a
fix: update the common cacert and include it in the unseal container 
The previous cacert expired. A new one was created and also included in the unseal container.

The path to access the cacert was fixed in the unseal app and made configurable via an environment variable.
 2024-07-03 11:26:29 +02:00
Patryk Bęza
4c76318702
Replace secp256k1 with k256 crate 
Rationale: we already have secp256k1 in our dependencies, as suggested
by Igor:
https://github.com/matter-labs/zksync-era/pull/2333#discussion_r1656531731
 2024-07-01 14:17:13 +02:00
Harald Hoyer
1505b14db0
chore: remove obsolete Dockerfiles 
all is built via nix and maintaining those files would mean more work.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-21 11:23:41 +02:00
Harald Hoyer
df7973c501
chore: cargo update + taplo fmt 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-20 14:00:18 +02:00
Harald Hoyer
d77243b8fd
fix(tee-key-preexec): export the key in PEM 
makes it easier to import

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-13 14:00:43 +02:00
Harald Hoyer
d0c5950c0e
feat: use nixsgx nix function to create containers 
It refactors the way the SGX containers are built.
This removes all `Dockerfile` and gramine manifest files.
It also enables a single recipe for azure and non-azure variants.

Additionally the `teepot-crate.nix` is now the inherited recipe to
build the rust `teepot` crate.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-10 16:32:02 +02:00
Harald Hoyer
1f850d060e
feat(tee-vault-unseal): add VAULT_AUTH_TEE_SHA256_FILE 
If `VAULT_AUTH_TEE_SHA256_FILE` is set,
read the sha value from the file,
rather from the environment variable.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-10 14:19:25 +02:00
Harald Hoyer
a9bb266668
chore(deps): update to rust version 1.78 
and fix the clippy warnings

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-10 13:09:05 +02:00
snoppy
7c2d3259b1
fix typos 2024-03-18 22:22:31 +08:00
Harald Hoyer
0654bacdb5
ci: use crane flake to build with nix 
This enables to add cargo `fmt`, `clippy` and `deny` to nix, using cached results.

Move the `teepot` crate to the `crates` subdir to make the life easier for
the `crane` flake.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-03-11 10:01:59 +01:00
Harald Hoyer
9f760da23e
docs: add bin/tee-self-attestation-test/README.md 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-03-08 15:50:00 +01:00
Harald Hoyer
97420df006
feat: attestation test on azure and default dcap 
```
❯ docker run -i --rm --privileged  --device /dev/sgx_enclave --net host \
  matterlabsrobot/teepot-self-attestation-test-sgx-azure:latest \
  | base64 -d --ignore-garbage \
  | docker run -i --rm --net host matterlabsrobot/verify-attestation-sgx-azure:latest
```

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-03-07 16:05:27 +01:00
Harald Hoyer
59807c4286
chore(deps): remove unused dependencies 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-02-28 15:18:28 +01:00
Harald Hoyer
91f1612e0f
chore: cleanup and nixify 
* create containers with nix
* updated README.md
* added SPDX license headers

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-02-28 11:09:34 +01:00
Harald Hoyer
0b60abc030
feat: use real RA-TLS for everything 
* add `tee-ratls-preexec` for creating the vault certificate
* remove the old attestation API

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-02-27 16:44:28 +01:00
Harald Hoyer
dc4434938e
fix(tee-key-preexec): don't hash public key 
No need to hash the public key for the attestation report data.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-02-15 10:31:54 +01:00
Harald Hoyer
2591bf0807
chore(deps): rustls-pemfile 2 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-02-15 10:23:29 +01:00
Harald Hoyer
89ffbd35a8
feat: initial commit 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-02-09 10:10:53 +01:00