teepot

mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 15:13:56 +02:00

Author	SHA1	Message	Date
Harald Hoyer	eb39705ff1	feat: compat code for non `x86_64-linux` - do not build packages, which require `x86_64-linux` - use Phala `dcap-qvl` crate for remote attestation, if possible - nix: exclude `nixsgx` on non `x86_64-linux` platforms Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-04-10 11:57:46 +02:00
Harald Hoyer	488dcfcdca	chore: add extra startup information to unseal and admin enclaves This eases testing and debugging. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-09-04 09:47:20 +02:00
Harald Hoyer	d88f79d239	chore: rename `nixsgxLib.mkSGXContainer` to `pkgs.lib.tee.sgxGramineContainer` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-09-03 13:24:20 +02:00
Harald Hoyer	36449980c2	fix(teepot-vault-unseal-sgx): pass `CA_CERT_FILE` Although the file was included, it was not in the standard location. Passing the absolute path fixes the issue. The CA file is needed for the raft join command. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-08-07 14:34:25 +02:00
Harald Hoyer	fd6fe49be7	fix(container-vault-unseal-sgx-azure): correct `VAULT_AUTH_TEE_SHA256_FILE` use the correct environment variable name... sigh Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-07-03 12:08:49 +02:00
Harald Hoyer	f1b8a48a6a	fix: update the common `cacert` and include it in the unseal container The previous cacert expired. A new one was created and also included in the unseal container. The path to access the cacert was fixed in the unseal app and made configurable via an environment variable.	2024-07-03 11:26:29 +02:00
Harald Hoyer	160d133383	fix: hardcode VAULT_AUTH_TEE_VERSION in vault manifest Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-07-03 09:21:25 +02:00
Harald Hoyer	943ef8c878	feat: use `nixsgxLib.mkSGXContainer` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-07-01 17:25:00 +02:00
Harald Hoyer	de06acbef9	fix: don't tag the nix produced container with `latest` leave it to the github workflow on push to main Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-06-12 13:21:44 +02:00
Harald Hoyer	d0c5950c0e	feat: use nixsgx nix function to create containers It refactors the way the SGX containers are built. This removes all `Dockerfile` and gramine manifest files. It also enables a single recipe for azure and non-azure variants. Additionally the `teepot-crate.nix` is now the inherited recipe to build the rust `teepot` crate. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-06-10 16:32:02 +02:00
Harald Hoyer	284393bf76	fix: only restart `aesmd` if `aesm.socket` is not readable Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-05-21 13:41:08 +02:00
Harald Hoyer	9680e32e82	fix: cleanup the nix packages `curl` and `openssl` have to be specified with `.out` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-03-08 14:19:31 +01:00
Harald Hoyer	91f1612e0f	chore: cleanup and nixify * create containers with nix * updated README.md * added SPDX license headers Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-02-28 11:09:34 +01:00

13 commits