feat: add multiple TEE modules for handling node key rotation events for different CPU ISAs #195
Conversation
| @@ -11,6 +11,7 @@ license = "Apache-2.0" | |||
| anyhow = "1.0.91" | |||
| async-trait = "0.1.86" | |||
| atoma-auth = { path = "./atoma-auth" } | |||
| atoma-confidential = { git = "https://github.com/atoma-network/atoma-node.git", package = "atoma-confidential", branch = "main", features = ["sev-snp", "tdx"] } | |||
There was a problem hiding this comment.
Can we use a tool to format the toml files ?
There was a problem hiding this comment.
This means that only proxies running on Linux (which is probably fine if it is deployed through docker) but on x86_64architecture can run this code, right ?
There was a problem hiding this comment.
Regarding .toml format, we can do something like this:
[dependencies.atoma-confidential]
git = "url_here"
package = "package_here"
...
which is in sync with the conventions defined here: https://doc.rust-lang.org/style-guide/cargo.html.
Regarding the architecture, I think that only x86_64 supports AMD SNP and Intel CPUs, so yes, correct. If ARM TrustZone is added down the line, then this would require a separate target, i.e. arm64.
Furthermore, regarding Linux, yes if the proxy runs in a container which uses a Linux base image which supports the capabilities required by AMD SEV SNP and Intel TDX, then it will work.
There was a problem hiding this comment.
Also, note that the above implies you are compiling with the confidential feature. It will compile without this feature on any machine for now, but naturally, you won't have the ability to verify attestation reports of confidential compute environments without that feature enabled.
NB! Still a DRAFT.
This shows how to have different modules for verifying different confidential VM implementations.
At the moment:
because it is currently pointing to the
mainbranch which does not have the features in this PR merged: atoma-network/atoma-node#352