harald/teepot
1
0
Fork 0
mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 15:13:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
teepot/crates/teepot
History
Harald Hoyer ddbf099e45
docs: add README files for teepot-related crates 
- Added comprehensive README files for the following new crates:
  - `teepot`
  - `teepot-tdx-attest-rs`
  - `teepot-tdx-attest-sys`
  - `teepot-tee-quote-verification-rs`
  - `teepot-vault`
- Each includes an overview, usage examples, installation instructions, and licensing details.
2025-06-25 13:55:00 +02:00
..
src chore(deps): update crates and nix flakes 2025-05-30 17:54:30 +02:00
tests feat: add platform-specific implementations for quote verification 2025-05-06 12:36:01 +02:00
Cargo.toml chore(deps): Update all dependencies to latest 2025-06-23 10:09:50 +01:00
README.md docs: add README files for teepot-related crates 2025-06-25 13:55:00 +02:00

README.md

teepot

TEE (Trusted Execution Environment) utilities for Intel SGX and TDX attestation.

Overview

Teepot provides comprehensive support for generating and verifying attestation quotes from Intel SGX enclaves and TDX trust domains. It handles the complete attestation workflow including quote generation, collateral fetching, and verification with detailed TCB (Trusted Computing Base) status reporting.

Features

  • Multi-TEE Support: Works with both Intel SGX and Intel TDX
  • Attestation Quote Generation: Generate quotes with custom report data
  • Quote Verification: Verify quotes with automatic collateral fetching
  • TCB Level Management: Filter quotes by security level
  • Cross-Platform: Native support for Linux x86_64, fallback implementation for other platforms
  • Gramine SGX Support: Special support for Gramine-based SGX enclaves
  • Comprehensive Error Handling: Detailed error context for debugging

Usage

Basic Quote Generation and Verification

use teepot::quote::{get_quote, get_collateral, verify_quote_with_collateral};

// Generate a quote with custom data
let report_data = [0u8; 64]; // Your custom data here
let quote = get_quote(&report_data)?;

// Fetch collateral for verification
let collateral = get_collateral(&quote)?;

// Verify the quote
let result = verify_quote_with_collateral(&quote, collateral.as_ref(), None)?;
println!("TCB Level: {:?}", result.tcb_level);

High-Level Attestation API

use teepot::quote::attestation::get_quote_and_collateral;

// Generate quote and fetch collateral in one call
let (quote, collateral, result) = get_quote_and_collateral(&report_data)?;

TCB Level Filtering

use teepot::quote::{TcbLevel, verify_quote_with_collateral};

// Only accept quotes with up-to-date TCB
let accepted_levels = vec![TcbLevel::Ok];
let result = verify_quote_with_collateral(&quote, collateral.as_ref(), Some(&accepted_levels))?;

Supported Platforms

  • Full support: Linux x86_64 with Intel SGX/TDX drivers
  • Verification only: All other platforms via dcap-qvl

Dependencies

On Linux x86_64, the crate uses Intel's DCAP libraries for quote generation. Make sure you have:

  • Intel SGX DCAP Quote Generation Library
  • Intel SGX DCAP Quote Verification Library

License

This project is licensed under the Apache License, Version 2.0 - see the LICENSE file for details.

Note: Some code is derived from the Enarx project.