Make Input TEEKit-compatible #3
Description
Get Input running in a Gramine SGX enclave.
Implementation
This involves making changes in three areas: the TEEKit "build" tooling, the Input backend and the Input frontend.
TEEKit "build" tooling
Changes to the build tooling need to happen in two packages: kettle and kettle-sgx.
- Update kettle so that we can build Kettle apps (i.e. the bundle consisting of app.js and worker.js) outside of the teekit repo (i.e. we can import
@teekit/kettleand then run commands with the kettle CLI). - Update kettle-sgx so that we can use it to package apps (built by kettle) outside of the teekit repo.
Input backend
- Replace node's http library with Hono
- Import TunnelServer from
@teekit/tunnel - Call TunnelServer.initialize when the app starts
- Export the /quote port so that we can collect the TEE attestation
Input frontend
- Import TunnelServer from
@teekit/tunnelfrom the app - Call TunnelClient.initialize with the backend URL and expected TEE attestation as arguments, to initiate the connection with the server
- For requests that go to the server, use the fetch function provided by the tunnel client