Skip to content

Sgx whitelist #1730

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 83 commits into from
Oct 30, 2025
Merged

Sgx whitelist #1730

merged 83 commits into from
Oct 30, 2025

Conversation

@valdok
Copy link
Contributor

@valdok valdok commented Oct 30, 2025

Implementation of SGX allow-list. This includes the following:

  • Fetching machine-specific data from the DCAP attestation
  • Hard-coded allow list of known machines,
  • On-chain governance proposal to add more machines to allow-list
  • Alternative proof of cloud. Currently includes Azure attestation

vlad added 30 commits September 9, 2025 06:09
check-hw - log recipients of new seed
4d520ef
misc
676b742
attestation: fetching PPID from sgx quote
ddff3df
build fix
bfa3405
migrate_op added metadata
40123c1
check-hw - log recipients of new seed
92544bb
check_hw log request (modified)
5d8e02a
check-hw request log parser
946d8c3
Merge branch 'master' into sgx_whitelist
5105feb
check-hw: printing PPID
ac16be3
key_manager: keeping arr of consensus_io_exchange_keypair
86fd03d
added method to get network pubkeys
4f09464
Getting pubkeys from enclave, rather than from files
9888ecc
enclave: allow validator set height jump forward
8770987
rot_seed: make sure imported seed can't be re-exported
8a0b6e8
check-hw - exclude EPID attestation
9606fd7
disabled EPID attestation
0b51f81
build fix
5a2821a
dcap quote ppid whitelist WIP
85c66d0
ppid whitelist test
8234bee
ppid whitelist updated
3254049
Merge branch 'v1.21.6-tweaks' into sgx_whitelist
f5b40fc
check-hw: downloading allow-list
5ef07ee
chec-hw seed_server wrt allow list WIP
65175da
check-hw server_seed fix
619e1f5
added upgrade handler v1.22
0766f20
removed full PPID print
8a9c971
cosmetic
567dcb3
check-hw logging machine-id
91692ca
ecall_get_network_pubkey support for rot-seed
f42977b
vlad and others added 25 commits October 27, 2025 13:05
Attestation: fix jwt verification, added script to obtain and embed a…
1258995 
…zure attestation
embed_azure_attestation.sh adjusted
269ee17
on-chain machine-id WIP
5a1b117
on-chain machine-id WIP(2)
4c813de
on-chain machine-id WIP(4)
fd24587
attestation/jwt: more keys
1895e86
attestation/jwt: misc
bd21079
Aded update-machine-whitelist command
3b51c31
@cboh4
generate protofiles
da241cd
build fix
c3f8e4b
on-chain machine-id WIP(1)
c687921
on-chain machine-id WIP(2)
70b93b0
@iKapitonau
Use CacheContext in queries
3dc2b15
@iKapitonau
Update cometbft
55648f1
on-chain machine-id WIP(3)
2123217
@cboh4
modify machine_id to string
87c8533
machine_id as string (fixes)
052cffe
fixed combined attestation parsing in go code (support for newer format)
1ddf7ca
Merge branch 'master' into sgx_whitelist
8ca5244
added v1.23 upgrade handler (empty)
0fc27af
local_secret build fix
afe0434
removed unneeded func
07099bf
build fix(1)
22787d9
misc
fff96df
clippy fixes
cfebc16
@valdok valdok merged commit 325b265 into master Oct 30, 2025
8 of 11 checks passed
@valdok valdok deleted the sgx_whitelist branch October 30, 2025 09:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Cashmaney Cashmaney Awaiting requested review from Cashmaney Cashmaney is a code owner

@toml01 toml01 Awaiting requested review from toml01 toml01 is a code owner

@liorbond liorbond Awaiting requested review from liorbond liorbond is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@valdok @cboh4 @iKapitonau