harald/teepot
1
0
Fork 0
mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 15:13:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
Nix, crates and tools for TEE handling
61 commits 23 branches 61 tags 2.2 MiB
Find a file
Harald Hoyer 97420df006
feat: attestation test on azure and default dcap 
```
❯ docker run -i --rm --privileged  --device /dev/sgx_enclave --net host \
  matterlabsrobot/teepot-self-attestation-test-sgx-azure:latest \
  | base64 -d --ignore-garbage \
  | docker run -i --rm --net host matterlabsrobot/verify-attestation-sgx-azure:latest
```

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2024-03-07 16:05:27 +01:00
.github feat: attestation test on azure and default dcap 2024-03-07 16:05:27 +01:00
assets feat: attestation test on azure and default dcap 2024-03-07 16:05:27 +01:00
bin feat: attestation test on azure and default dcap 2024-03-07 16:05:27 +01:00
crates/intel-tee-quote-verification-rs feat: remove intel-tee-quote-verification-sys 2024-02-14 14:27:41 +01:00
examples chore: cleanup and nixify 2024-02-28 11:09:34 +01:00
packages feat: attestation test on azure and default dcap 2024-03-07 16:05:27 +01:00
shells/teepot chore: cleanup and nixify 2024-02-28 11:09:34 +01:00
src feat: use real RA-TLS for everything 2024-02-27 16:44:28 +01:00
tests feat: use real RA-TLS for everything 2024-02-27 16:44:28 +01:00
.dockerignore feat: initial commit 2024-02-09 10:10:53 +01:00
.gitignore feat: initial commit 2024-02-09 10:10:53 +01:00
Cargo.lock feat: attestation test on azure and default dcap 2024-03-07 16:05:27 +01:00
Cargo.toml chore(deps): update rust crate base64 to 0.22.0 2024-03-05 11:10:41 +01:00
deny.toml feat: initial commit 2024-02-09 10:10:53 +01:00
flake.lock chore: cleanup and nixify 2024-02-28 11:09:34 +01:00
flake.nix chore: cleanup and nixify 2024-02-28 11:09:34 +01:00
LICENSE-APACHE feat: initial commit 2024-02-09 10:10:53 +01:00
LICENSE-MIT feat: initial commit 2024-02-09 10:10:53 +01:00
README.md feat: initial commit 2024-02-09 10:10:53 +01:00
rust-toolchain.toml feat: initial commit 2024-02-09 10:10:53 +01:00
taplo.toml chore(taplo): ignore some directories 2024-02-28 09:53:05 +01:00

README.md

teepot

Key Value store in a TEE with Remote Attestation for Authentication

Introduction

This project is a key-value store that runs in a Trusted Execution Environment (TEE) and uses Remote Attestation for Authentication. The key-value store is implemented using Hashicorp Vault running in an Intel SGX enclave via the Gramine runtime.

Parts of this project

  • teepot: The main rust crate that abstracts TEEs and key-value stores.
  • tee-vault-unseal: An enclave that uses the Vault API to unseal a vault as a proxy.
  • vault-unseal: A client utility, that talks to tee-vault-unseal to unseal a vault.
  • tee-vault-admin: An enclave that uses the Vault API to administer a vault as a proxy.
  • vault-admin: A client utility, that talks to tee-vault-admin to administer a vault.
  • teepot-read : A pre-exec utility that reads from the key-value store and passes the key-value pairs as environment variables to the enclave.
  • teepot-write : A pre-exec utility that reads key-values from the environment variables and writes them to the key-value store.
  • verify-attestation: A client utility that verifies the attestation of an enclave.
  • tee-key-preexec: A pre-exec utility that generates a p256 secret key and passes it as an environment variable to the enclave along with the attestation quote containing the hash of the public key.