feat: attestation test on azure and default dcap

``` ❯ docker run -i --rm --privileged --device /dev/sgx_enclave --net host \ matterlabsrobot/teepot-self-attestation-test-sgx-azure:latest \ | base64 -d --ignore-garbage \ | docker run -i --rm --net host matterlabsrobot/verify-attestation-sgx-azure:latest ``` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
matter-labs · Mar 7, 2024 · 97420df · 97420df
1 parent 96f5375
commit 97420df
Show file tree

Hide file tree

Showing 15 changed files with 355 additions and 28 deletions.
diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml
@@ -89,10 +89,13 @@ jobs:
       fail-fast: false
       matrix:
         config:
-          - { nixpackage: 'container-vault-sgx-azure', dockerfile: 'packages/container-vault-sgx-azure/Dockerfile', tag: 'vault:latest', repository: 'teepot-vault' }
-          - { nixpackage: 'container-vault-unseal-sgx-azure', dockerfile: 'packages/container-vault-unseal-sgx-azure/Dockerfile', tag: 'tvu:latest', repository: 'teepot-tvu' }
-          - { nixpackage: 'container-vault-admin-sgx-azure', dockerfile: 'packages/container-vault-admin-sgx-azure/Dockerfile', tag: 'tva:latest', repository: 'teepot-tva' }
-          - { nixpackage: 'container-verify-attestation' }
+          - { nixpackage: 'container-vault-sgx-azure', dockerfile: 'packages/container-vault-sgx-azure/Dockerfile', repository: 'teepot-vault' }
+          - { nixpackage: 'container-vault-unseal-sgx-azure', dockerfile: 'packages/container-vault-unseal-sgx-azure/Dockerfile', repository: 'teepot-tvu' }
+          - { nixpackage: 'container-vault-admin-sgx-azure', dockerfile: 'packages/container-vault-admin-sgx-azure/Dockerfile', repository: 'teepot-tva' }
+          - { nixpackage: 'container-self-attestation-test-sgx-dcap', dockerfile: 'packages/container-self-attestation-test-sgx-dcap/Dockerfile', repository: 'teepot-self-attestation-test-sgx-dcap' }
+          - { nixpackage: 'container-self-attestation-test-sgx-azure', dockerfile: 'packages/container-self-attestation-test-sgx-azure/Dockerfile', repository: 'teepot-self-attestation-test-sgx-azure' }
+          - { nixpackage: 'container-verify-attestation-sgx-dcap' }
+          - { nixpackage: 'container-verify-attestation-sgx-azure' }
     steps:
       - uses: actions/checkout@v4
       - uses: cachix/install-nix-action@v25

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/assets/sgx_default_qcnl.conf.json b/assets/sgx_default_qcnl.conf.json
@@ -1,5 +1,5 @@
 {
-  "pccs_url": "https://host.containers.internal:8081/sgx/certification/v4/",
+  "pccs_url": "https://127.0.0.1:8081/sgx/certification/v4/",
   "use_secure_cert": false,
   "collateral_service": "https://api.trustedservices.intel.com/sgx/certification/v4/",
   "retry_times": 6,

diff --git a/bin/tee-self-attestation-test/Cargo.toml b/bin/tee-self-attestation-test/Cargo.toml
@@ -9,6 +9,7 @@ repository.workspace = true
 [dependencies]
 actix-web.workspace = true
 anyhow.workspace = true
+base64.workspace = true
 teepot.workspace = true
 tracing-log.workspace = true
 tracing-subscriber.workspace = true

diff --git a/bin/tee-self-attestation-test/src/main.rs b/bin/tee-self-attestation-test/src/main.rs
@@ -1,14 +1,14 @@
 // SPDX-License-Identifier: Apache-2.0
-// Copyright (c) 2023 Matter Labs
+// Copyright (c) 2023-2024 Matter Labs
 
 //! Simple TEE self-attestation test
 
 #![deny(missing_docs)]
 #![deny(clippy::all)]
 
 use anyhow::{Context, Result};
+use base64::{engine::general_purpose, Engine as _};
 use teepot::server::attestation::get_quote_and_collateral;
-use tracing::error;
 use tracing_log::LogTracer;
 use tracing_subscriber::{fmt, prelude::*, EnvFilter, Registry};
 
@@ -22,9 +22,11 @@ async fn main() -> Result<()> {
     tracing::subscriber::set_global_default(subscriber).unwrap();
 
     let report_data = [0u8; 64];
-    if let Err(e) = get_quote_and_collateral(None, &report_data) {
-        error!("failed to get quote and collateral: {e:?}");
-        return Err(e);
-    }
+    let report = get_quote_and_collateral(None, &report_data)
+        .context("failed to get quote and collateral")?;
+
+    let base64_string = general_purpose::STANDARD.encode(report.quote.as_ref());
+    print!("{}", base64_string);
+
     Ok(())
 }
diff --git a/bin/verify-attestation/src/main.rs b/bin/verify-attestation/src/main.rs
@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: Apache-2.0
-// Copyright (c) 2023 Matter Labs
+// Copyright (c) 2023-2024 Matter Labs
 
 //! Simple TEE attestation verification test
 
@@ -19,6 +19,8 @@ fn main() -> Result<()> {
         .read_to_end(&mut myquote)
         .context("Failed to read quote from stdin")?;
 
+    println!("Verifying quote ({} bytes)...", myquote.len());
+
     let collateral = tee_qv_get_collateral(&myquote).context("Failed to get collateral")?;
 
     let unix_time: i64 = std::time::SystemTime::now()

diff --git a/packages/container-self-attestation-test-sgx-azure/Dockerfile b/packages/container-self-attestation-test-sgx-azure/Dockerfile
@@ -0,0 +1,23 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2024 Matter Labs
+
+FROM teepot-self-attestation-test-sgx-azure:base
+
+WORKDIR /app
+
+COPY packages/container-vault-sgx-azure/test-enclave-key.pem /tmp/
+
+RUN set -eux; \
+    gramine-manifest -Darch_libdir=/lib/x86_64-linux-gnu \
+      -Dentrypoint=$(readlink /bin/tee-self-attestation-test) \
+      -Dexecdir=/bin \
+      -Dlog_level=error \
+      tee-self-attestation-test.manifest.toml tee-self-attestation-test.manifest; \
+    gramine-sgx-sign --manifest tee-self-attestation-test.manifest --output tee-self-attestation-test.manifest.sgx --key /tmp/test-enclave-key.pem; \
+    rm /tmp/test-enclave-key.pem
+
+EXPOSE 8443
+
+ENTRYPOINT ["/bin/sh", "-c"]
+ENV SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
+CMD [ "restart-aesmd >&2; exec gramine-sgx tee-self-attestation-test" ]
diff --git a/packages/container-self-attestation-test-sgx-azure/default.nix b/packages/container-self-attestation-test-sgx-azure/default.nix
@@ -0,0 +1,52 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2024 Matter Labs
+{ pkgs
+, vat
+, nixsgx
+, curl
+, teepot
+, bash
+, coreutils
+, openssl
+, vault
+}:
+let manifest = ./tee-self-attestation-test.manifest.toml;
+in pkgs.dockerTools.buildLayeredImage {
+  name = "teepot-self-attestation-test-sgx-azure";
+  tag = "base";
+
+  config.Entrypoint = [ "/bin/sh" "-c" ];
+
+  contents = pkgs.buildEnv {
+    name = "image-root";
+
+    paths = with pkgs.dockerTools; with nixsgx;[
+      bash
+      coreutils
+      openssl.out
+      azure-dcap-client
+      curl.out
+      teepot.teepot.tee_self_attestation_test
+      gramine
+      restart-aesmd
+      sgx-dcap.quote_verify
+      sgx-psw
+      usrBinEnv
+      binSh
+      caCertificates
+      fakeNss
+    ];
+    pathsToLink = [ "/bin" "/lib" "/etc" "/share" "/app" ];
+    postBuild = ''
+      mkdir -p $out/{app,etc}
+      cp ${manifest} $out/app/tee-self-attestation-test.manifest.toml
+      mkdir -p $out/var/run
+      mkdir -p $out/${nixsgx.sgx-psw.out}/aesm/
+      touch $out/etc/sgx_default_qcnl.conf
+      mkdir -p $out/opt/vault/.cache $out/opt/vault/tls
+      ln -s ${curl.out}/lib/libcurl.so $out/${nixsgx.sgx-psw.out}/aesm/
+      ln -s ${nixsgx.azure-dcap-client.out}/lib/libdcap_quoteprov.so $out/${nixsgx.sgx-psw.out}/aesm/libdcap_quoteprov.so.1
+      printf "precedence ::ffff:0:0/96  100\n" > $out/etc/gai.conf
+    '';
+  };
+}
diff --git a/packages/container-self-attestation-test-sgx-azure/tee-self-attestation-test.manifest.toml b/packages/container-self-attestation-test-sgx-azure/tee-self-attestation-test.manifest.toml
@@ -0,0 +1,56 @@
+libos.entrypoint = "{{ entrypoint }}"
+
+[loader]
+argv = ["{{ entrypoint }}"]
+entrypoint = "file:{{ gramine.libos }}"
+log_level = "{{ log_level }}"
+
+[loader.env]
+### DEBUG ###
+RUST_BACKTRACE = "1"
+RUST_LOG = "warning"
+
+### Fixed values ###
+LD_LIBRARY_PATH = "{{ gramine.runtimedir() }}:/lib"
+SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"
+PATH = "/bin"
+HOME = "/app"
+
+MALLOC_ARENA_MAX = "1"
+AZDCAP_DEBUG_LOG_LEVEL = "ignore"
+AZDCAP_COLLATERAL_VERSION = "v4"
+
+[fs]
+root.uri = "file:/"
+start_dir = "/app"
+mounts = [
+  { type = "tmpfs", path = "/var/tmp" },
+  { type = "tmpfs", path = "/tmp" },
+  { type = "tmpfs", path = "/app/.dcap-qcnl" },
+  { type = "tmpfs", path = "/app/.az-dcap-client" },
+]
+
+[sgx]
+trusted_files = [
+  "file:/app/",
+  "file:/bin/",
+  "file:/etc/gai.conf",
+  "file:/etc/ssl/certs/ca-bundle.crt",
+  "file:/lib/",
+  "file:/nix/",
+  "file:{{ gramine.libos }}",
+  "file:{{ gramine.runtimedir() }}/",
+]
+remote_attestation = "dcap"
+max_threads = 64
+edmm_enable = false
+## max enclave size
+enclave_size = "2G"
+
+[sys]
+enable_extra_runtime_domain_names_conf = true
+enable_sigterm_injection = true
+
+# possible tweak option, if problems with mio
+# currently mio is compiled with `mio_unsupported_force_waker_pipe`
+# insecure__allow_eventfd = true
diff --git a/packages/container-self-attestation-test-sgx-dcap/Dockerfile b/packages/container-self-attestation-test-sgx-dcap/Dockerfile
@@ -0,0 +1,25 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2024 Matter Labs
+
+FROM teepot-self-attestation-test-sgx-dcap:base
+
+WORKDIR /app
+
+COPY packages/container-vault-sgx-azure/test-enclave-key.pem /tmp/
+COPY assets/sgx_default_qcnl.conf.json /etc/sgx_default_qcnl.conf
+
+RUN set -eux; \
+    touch -r /nix/store /etc/sgx_default_qcnl.conf; \
+    gramine-manifest -Darch_libdir=/lib/x86_64-linux-gnu \
+      -Dentrypoint=$(readlink /bin/tee-self-attestation-test) \
+      -Dexecdir=/bin \
+      -Dlog_level=error \
+      tee-self-attestation-test.manifest.toml tee-self-attestation-test.manifest; \
+    gramine-sgx-sign --manifest tee-self-attestation-test.manifest --output tee-self-attestation-test.manifest.sgx --key /tmp/test-enclave-key.pem; \
+    rm /tmp/test-enclave-key.pem
+
+EXPOSE 8443
+
+ENTRYPOINT ["/bin/sh", "-c"]
+ENV SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
+CMD [ "restart-aesmd >&2; exec gramine-sgx tee-self-attestation-test" ]
diff --git a/packages/container-self-attestation-test-sgx-dcap/default.nix b/packages/container-self-attestation-test-sgx-dcap/default.nix
@@ -0,0 +1,49 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2024 Matter Labs
+{ pkgs
+, vat
+, nixsgx
+, curl
+, teepot
+, bash
+, coreutils
+, openssl
+}:
+let manifest = ./tee-self-attestation-test.manifest.toml;
+in pkgs.dockerTools.buildLayeredImage {
+  name = "teepot-self-attestation-test-sgx-dcap";
+  tag = "base";
+
+  config.Entrypoint = [ "/bin/sh" "-c" ];
+
+  contents = pkgs.buildEnv {
+    name = "image-root";
+
+    paths = with pkgs.dockerTools; with nixsgx;[
+      bash
+      coreutils
+      openssl.out
+      curl.out
+      teepot.teepot.tee_self_attestation_test
+      gramine
+      restart-aesmd
+      sgx-dcap.quote_verify
+      sgx-dcap.default_qpl
+      sgx-psw
+      usrBinEnv
+      binSh
+      caCertificates
+      fakeNss
+    ];
+    pathsToLink = [ "/bin" "/lib" "/etc" "/share" "/app" ];
+    postBuild = ''
+      mkdir -p $out/{app,etc}
+      mkdir -p $out/app/{.dcap-qcnl,.az-dcap-client}
+      mkdir -p $out/var/run
+      mkdir -p $out/${nixsgx.sgx-psw.out}/aesm/
+      ln -s ${curl.out}/lib/libcurl.so $out/${nixsgx.sgx-psw.out}/aesm/
+      cp ${manifest} $out/app/tee-self-attestation-test.manifest.toml
+      printf "precedence ::ffff:0:0/96  100\n" > $out/etc/gai.conf
+    '';
+  };
+}
diff --git a/packages/container-self-attestation-test-sgx-dcap/tee-self-attestation-test.manifest.toml b/packages/container-self-attestation-test-sgx-dcap/tee-self-attestation-test.manifest.toml
@@ -0,0 +1,57 @@
+libos.entrypoint = "{{ entrypoint }}"
+
+[loader]
+argv = ["{{ entrypoint }}"]
+entrypoint = "file:{{ gramine.libos }}"
+log_level = "{{ log_level }}"
+
+[loader.env]
+### DEBUG ###
+RUST_BACKTRACE = "1"
+RUST_LOG = "warning"
+
+### Fixed values ###
+LD_LIBRARY_PATH = "{{ gramine.runtimedir() }}:/lib"
+SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"
+PATH = "/bin"
+HOME = "/app"
+
+MALLOC_ARENA_MAX = "1"
+AZDCAP_DEBUG_LOG_LEVEL = "ignore"
+AZDCAP_COLLATERAL_VERSION = "v4"
+
+[fs]
+root.uri = "file:/"
+start_dir = "/app"
+mounts = [
+  { type = "tmpfs", path = "/var/tmp" },
+  { type = "tmpfs", path = "/tmp" },
+  { type = "tmpfs", path = "/app/.dcap-qcnl" },
+  { type = "tmpfs", path = "/app/.az-dcap-client" },
+]
+
+[sgx]
+trusted_files = [
+  "file:/app/",
+  "file:/bin/",
+  "file:/etc/gai.conf",
+  "file:/etc/sgx_default_qcnl.conf",
+  "file:/etc/ssl/certs/ca-bundle.crt",
+  "file:/lib/",
+  "file:/nix/",
+  "file:{{ gramine.libos }}",
+  "file:{{ gramine.runtimedir() }}/",
+]
+remote_attestation = "dcap"
+max_threads = 64
+edmm_enable = false
+## max enclave size
+enclave_size = "2G"
+
+[sys]
+enable_extra_runtime_domain_names_conf = true
+enable_sigterm_injection = true
+
+# possible tweak option, if problems with mio
+# currently mio is compiled with `mio_unsupported_force_waker_pipe`
+# insecure__allow_eventfd = true
diff --git a/packages/container-verify-attestation-sgx-azure/default.nix b/packages/container-verify-attestation-sgx-azure/default.nix
@@ -0,0 +1,38 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2024 Matter Labs
+{ lib
+, dockerTools
+, buildEnv
+, teepot
+, openssl
+, curl
+, nixsgx
+, ...
+}:
+dockerTools.buildLayeredImage {
+  name = "verify-attestation-sgx-azure";
+  tag = "latest";
+
+  config.Cmd = [ "${teepot.teepot.verify_attestation}/bin/verify-attestation" ];
+  config.Env = [
+   "LD_LIBRARY_PATH=/lib"
+"AZDCAP_DEBUG_LOG_LEVEL=ignore"
+"AZDCAP_COLLATERAL_VERSION=v4"
+  ];
+  contents = buildEnv {
+    name = "image-root";
+
+    paths = with dockerTools; with nixsgx;[
+      openssl.out
+      curl.out
+      azure-dcap-client
+      sgx-dcap.quote_verify
+      teepot.teepot.verify_attestation
+      usrBinEnv
+      binSh
+      caCertificates
+      fakeNss
+    ];
+    pathsToLink = [ "/bin" "/lib" "/etc" "/share" ];
+  };
+}