-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: tee quote endpoint #588
base: dev
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice stuff, left some comments :)
crates/notary/server/Cargo.toml
Outdated
@@ -44,3 +47,4 @@ tracing = { workspace = true } | |||
tracing-subscriber = { workspace = true, features = ["env-filter"] } | |||
uuid = { workspace = true, features = ["v4", "fast-rng"] } | |||
ws_stream_tungstenite = { workspace = true, features = ["tokio_io"] } | |||
sgx-dcap-ql-rs = { git = "https://github.com/intel/SGXDataCenterAttestationPrimitives", tag = "DCAP_1.21", optional = true } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice find! can we leave a comment here on why we choose this repo instead of the other listed in https://github.com/intel/linux-sgx?tab=readme-ov-file#introduction? just for future reference :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sgx-dcap-ql-rs = { git = "https://github.com/intel/SGXDataCenterAttestationPrimitives", tag = "DCAP_1.21", optional = true } | |
sgx-dcap-ql-rs = { git = "https://github.com/intel/SGXDataCenterAttestationPrimitives", tag = "DCAP_1.21", optional = true } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice find! can we leave a comment here on why we choose this repo instead of the other listed in https://github.com/intel/linux-sgx?tab=readme-ov-file#introduction? just for future reference :)
Which other libs? The other things mentioned at your link are a kernel module for older versions of Linux, a patched openssl impl, a k8s gadget, etc
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice find! can we leave a comment here on why we choose this repo instead of the other listed in https://github.com/intel/linux-sgx?tab=readme-ov-file#introduction? just for future reference :)
Which other libs? The other things mentioned at your link are a kernel module for older versions of Linux, a patched openssl impl, a k8s gadget, etc
not referring to any specific one, but just thought a comment in the Cargo.toml
explaining why we picked this SGXDataCenterAttestationPrimitives
repo will be informative
crates/notary/server/src/tee.rs
Outdated
) -> Result<Option<Vec<u8>>, quote3_error_t> { | ||
let sgx_report: sgx_report_t = Default::default(); | ||
|
||
let (result, sgx_quote) = sgx_dcap_ql_rs::sgx_qe_get_quote(&sgx_report); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
question: does this sgx library have async ability?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
<ignore this, vs code github plugin bug>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
<ignore this, vs code github plugin bug>
exit 0 | ||
- name: ✨ fet quotech from gh, write it to runner | ||
run: | | ||
curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.PAT_SET_ENV }}" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/repos/$GITHUB_REPOSITORY/environments/TEE/variables/AZURE_TEE_BUILD_PORT > /home/runner/work/_temp/sgx-build-quote.txt |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why curl
here? This is running on GH, so I assume you have direct access to AZURE_TEE_BUILD_PORT
…ware for quote gen
tmp ssh ci script to build --feature tee_quote on azure SGX hardware
uses ssh keys due to delay in keys needed, will remove this in favor of direct azure integration horrible bash scripting
e5f2f3c
to
728f2b7
Compare
sgx only, default report data