Merge pull request #386 from CESSProject/fix/ceseal-bin-verify

Fix/ceseal bin verify

Cargo.toml

@@ -106,6 +106,7 @@ sp-consensus-beefy ={ git = "https://github.com/paritytech/polkadot-sdk.git", br
 sp-consensus-grandpa = { git = "https://github.com/paritytech/polkadot-sdk.git", branch = "release-polkadot-v1.10.1", default-features = false }
 sp-consensus-slots = { git = "https://github.com/paritytech/polkadot-sdk.git", branch = "release-polkadot-v1.10.1", default-features = false }
 sp-core = { git = "https://github.com/paritytech/polkadot-sdk.git", branch = "release-polkadot-v1.10.1", default-features = false }
+sp-crypto-hashing = { git = "https://github.com/paritytech/polkadot-sdk.git", branch = "release-polkadot-v1.10.1", default-features = false }
 sp-externalities = { git = "https://github.com/paritytech/polkadot-sdk.git", branch = "release-polkadot-v1.10.1", default-features = false }
 sp-genesis-builder = { git = "https://github.com/paritytech/polkadot-sdk.git", branch = "release-polkadot-v1.10.1", default-features = false }
 sp-inherents = { git = "https://github.com/paritytech/polkadot-sdk.git", branch = "release-polkadot-v1.10.1", default-features = false }

Makefile

@@ -1,5 +1,13 @@
 BUILD?=release
-XARGS =
+OA?=1
+VC?=1
+XARGS=
+DEV=
+ifeq ($(DEV),1)
+	OA=0
+	VC=0
+	BUILD=debug
+endif
 ifeq ($(BUILD),release)
 	XARGS = --release
 endif
@@ -34,4 +42,4 @@ lint:
 
 clean:
 	cargo clean
-	make -C standalone/teeworker/ceseal clean
+	make -C standalone/teeworker/ceseal clean

crates/ces-types/Cargo.toml

@@ -14,6 +14,7 @@ serde = { workspace = true, optional = true }
 serde_json = { workspace = true, features = ["alloc"] }
 sp-core = { workspace = true }
 sp-std = { workspace = true }
+sp-crypto-hashing = { workspace = true }
 
 ces-mq = { workspace = true  }
 sgx-attestation = { workspace = true, features = ["verify"] }
@@ -41,9 +42,6 @@ enable_serde = [
 	"serde/alloc",
 	"scale-info/serde",
 ]
-sgx = [
-	"full_crypto",
-]
 full_crypto = [
 	"sp-core/full_crypto",
 ]

crates/ces-types/src/attestation.rs

@@ -67,15 +67,8 @@ fn fixed_measurement(mr_enclave: &[u8], isv_prod_id: &[u8], isv_svn: &[u8], mr_s
 	data
 }
 
-#[cfg(feature = "full_crypto")]
 fn fixed_measurement_hash(data: &[u8]) -> H256 {
-	H256(sp_core::blake2_256(data))
-}
-
-#[cfg(not(feature = "full_crypto"))]
-fn fixed_measurement_hash(_data: &[u8]) -> H256 {
-	log::error!("The measurement hash must be in SGX enviroment with \"full_crypto\" feature, now return zero");
-	H256::default()
+	H256(sp_crypto_hashing::blake2_256(data))
 }
 
 #[derive(Encode, Decode, TypeInfo, Debug, Clone, PartialEq, Eq)]

crates/cestory/Cargo.toml

@@ -73,7 +73,7 @@ ces-mq = { workspace = true, features = [
 ces-pallet-mq = { workspace = true }
 ces-serde-more = { workspace = true }
 ces-trie-storage = { workspace = true }
-ces-types = { workspace = true, features = ["enable_serde", "sgx"] }
+ces-types = { workspace = true, features = ["enable_serde", "full_crypto"] }
 cestory-api = { workspace = true }
 cestory-pal = { workspace = true }
 pallet-tee-worker = { workspace = true }

crates/cestory/api/Cargo.toml

@@ -25,7 +25,7 @@ im = { workspace = true }
 tonic = { workspace = true }
 
 ces-trie-storage = { workspace = true, features = ["serde"] }
-ces-types = { workspace = true, features = ["enable_serde", "sgx"] }
+ces-types = { workspace = true, features = ["enable_serde", "full_crypto"] }
 ces-crypto = { workspace = true }
 chain = { workspace = true }
 ces-mq = { workspace = true }

crates/cestory/pal/Cargo.toml

@@ -6,5 +6,5 @@ description = "Platform abstraction layer for Ceseal"
 
 [dependencies]
 anyhow = { workspace = true }
-ces-types = { workspace = true, features = ["enable_serde", "sgx"] }
+ces-types = { workspace = true, features = ["enable_serde", "full_crypto"] }
 cestory-api = { workspace = true }

scripts/docker/build.sh

@@ -11,7 +11,7 @@ image_id=
 image_tag=
 publish=0
 OA=1
-VC=0
+VC=1
 
 function usage() {
     cat <<EOF
@@ -27,7 +27,7 @@ Options:
     -t <image tag>  specific the tag name of the image, exclusion from option -s
     -x <proxy address>  use proxy access network in build
     -o <enable 'only-attestation' feature to build>  options: 1(default) or 0
-    -v <enable 'verify-cesealbin' feature to build>  options: 1 or 0(default)
+    -v <enable 'verify-cesealbin' feature to build>  options: 1(default) or 0
     -m <method of ceseal attestation> options:dcap or epid(default)
     -l <docker build runtime log print out> options: 1 or 0(default)
     -c <ceseal build version>  8-digit integer, date +%y%m%d%H for default value

standalone/teeworker/ceseal/Cargo.toml

@@ -41,7 +41,7 @@ cestory-pal = { path = "../../../crates/cestory/pal" }
 ces-allocator = { path = "../../../crates/ces-allocator" }
 ces-types = { path = "../../../crates/ces-types", default-features = false, features = [
     "enable_serde",
-    "sgx",
+    "full_crypto",
 ] }
 sgx-api-lite = { path = "../../../crates/sgx-api-lite" }
 sgx-attestation = { path = "../../../crates/sgx-attestation", features = ["report"] }

standalone/teeworker/ceseal/Makefile

@@ -1,4 +1,6 @@
 BUILD?=release
+OA?=1
+VC?=1
 ifeq ($(BUILD),release)
 	XARGS=--release
 endif

standalone/teeworker/ceseal/gramine-build/Makefile

@@ -1,6 +1,8 @@
 SGX_SIGNER_KEY ?= ./private.dev.pem
 SGX ?= 1
 BUILD ?= release
+OA?=1
+VC?=1
 
 ARCH_LIBDIR ?= /lib/$(shell $(CC) -dumpmachine)
 

standalone/teeworker/cifrost/src/lib.rs

@@ -889,7 +889,7 @@ async fn schedule_updates_ra_report(
             tip,
         )
         .await{
-            Ok(result) =>{
+            Ok(_) =>{
                 info!("Scheduled update ceseal ra report successfully!")
             },
             Err(error) => {