teepot

mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 23:23:57 +02:00

Author	SHA1	Message	Date
Patryk Bęza	5e4b8901b0	feat(verify-attestation): RPC attestation and batch signature verification binary This is another variant of the binary tool for verifying attestation and the signature of a given batch. Unlike the existing tool, this variant does not require you to provide two separate files—one for the attestation and one for the signature. Instead, it automatically fetches both from the RPC node. Unfortunately, after discussing with @popzxc, we found that there is no way to reuse the RPC client because our published crates on crates.io are outdated and do not include the recently merged TEE-specific code changes. To be fixed in the future.	2024-08-30 12:14:55 +02:00
Harald Hoyer	0bdc3425e4	chore: cargo update and fix `cargo clippy` issues. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-08-07 15:26:20 +02:00
Patryk Bęza	ad6ce872f8	fix(verify-attestation): simplify dependencies The zksync crates have recently been published on crates.io. Let's take advantage of them! Specifically, we are replacing alloy-primitives with zksync_basic_types to avoid the additional transitive dependencies introduced by alloy.	2024-07-22 14:45:27 +02:00
Patryk Bęza	51c1e72a03	Use Docker's entrypoint instead of command	2024-07-11 17:49:37 +02:00
Patryk Bęza	78447ea307	Unify verify-attestation-sgx and verify-attestation Rationale: too much copy-paste	2024-07-11 17:13:11 +02:00
Patryk Bęza	f3f6ea1dba	Introduce root_hash option	2024-07-11 11:29:37 +02:00
Patryk Bęza	f90088be76	SGX attestation & batch signature verification tool	2024-07-10 14:47:07 +02:00
Harald Hoyer	204aa33f7f	fix(tee-vault-unseal): pick either `VAULT_AUTH_TEE_SHA256` string or file Pick either `VAULT_AUTH_TEE_SHA256` or `VAULT_AUTH_TEE_SHA256_FILE`, with `VAULT_AUTH_TEE_SHA256` having the precedence. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-07-03 14:42:06 +02:00
Harald Hoyer	f1b8a48a6a	fix: update the common `cacert` and include it in the unseal container The previous cacert expired. A new one was created and also included in the unseal container. The path to access the cacert was fixed in the unseal app and made configurable via an environment variable.	2024-07-03 11:26:29 +02:00
Patryk Bęza	4c76318702	Replace secp256k1 with k256 crate Rationale: we already have secp256k1 in our dependencies, as suggested by Igor: https://github.com/matter-labs/zksync-era/pull/2333#discussion_r1656531731	2024-07-01 14:17:13 +02:00
Harald Hoyer	1505b14db0	chore: remove obsolete Dockerfiles all is built via nix and maintaining those files would mean more work. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-06-21 11:23:41 +02:00
Harald Hoyer	df7973c501	chore: cargo update + taplo fmt Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-06-20 14:00:18 +02:00
Harald Hoyer	d77243b8fd	fix(tee-key-preexec): export the key in PEM makes it easier to import Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-06-13 14:00:43 +02:00
Harald Hoyer	d0c5950c0e	feat: use nixsgx nix function to create containers It refactors the way the SGX containers are built. This removes all `Dockerfile` and gramine manifest files. It also enables a single recipe for azure and non-azure variants. Additionally the `teepot-crate.nix` is now the inherited recipe to build the rust `teepot` crate. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-06-10 16:32:02 +02:00
Harald Hoyer	1f850d060e	feat(tee-vault-unseal): add `VAULT_AUTH_TEE_SHA256_FILE` If `VAULT_AUTH_TEE_SHA256_FILE` is set, read the sha value from the file, rather from the environment variable. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-06-10 14:19:25 +02:00
Harald Hoyer	a9bb266668	chore(deps): update to rust version 1.78 and fix the clippy warnings Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-06-10 13:09:05 +02:00
snoppy	7c2d3259b1	fix typos	2024-03-18 22:22:31 +08:00
Harald Hoyer	0654bacdb5	ci: use `crane` flake to build with nix This enables to add cargo `fmt`, `clippy` and `deny` to nix, using cached results. Move the `teepot` crate to the `crates` subdir to make the life easier for the `crane` flake. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-03-11 10:01:59 +01:00
Harald Hoyer	9f760da23e	docs: add bin/tee-self-attestation-test/README.md Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-03-08 15:50:00 +01:00
Harald Hoyer	97420df006	feat: attestation test on azure and default dcap ``` ❯ docker run -i --rm --privileged --device /dev/sgx_enclave --net host \ matterlabsrobot/teepot-self-attestation-test-sgx-azure:latest \ \| base64 -d --ignore-garbage \ \| docker run -i --rm --net host matterlabsrobot/verify-attestation-sgx-azure:latest ``` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-03-07 16:05:27 +01:00
Harald Hoyer	59807c4286	chore(deps): remove unused dependencies Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-02-28 15:18:28 +01:00
Harald Hoyer	91f1612e0f	chore: cleanup and nixify * create containers with nix * updated README.md * added SPDX license headers Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-02-28 11:09:34 +01:00
Harald Hoyer	0b60abc030	feat: use real RA-TLS for everything * add `tee-ratls-preexec` for creating the vault certificate * remove the old attestation API Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-02-27 16:44:28 +01:00
Harald Hoyer	dc4434938e	fix(tee-key-preexec): don't hash public key No need to hash the public key for the attestation report data. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-02-15 10:31:54 +01:00
Harald Hoyer	2591bf0807	chore(deps): rustls-pemfile 2 Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-02-15 10:23:29 +01:00
Harald Hoyer	89ffbd35a8	feat: initial commit Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-02-09 10:10:53 +01:00

1 2

76 commits