-
Notifications
You must be signed in to change notification settings - Fork 106
/
tee.go
51 lines (42 loc) · 1.78 KB
/
tee.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
package node
import "github.com/oasisprotocol/oasis-core/go/common/sgx/quote"
// TEEFeatures are the supported TEE features as advertised by the consensus layer.
type TEEFeatures struct {
// SGX contains the supported TEE features for Intel SGX.
SGX TEEFeaturesSGX `json:"sgx"`
// FreshnessProofs is a feature flag specifying whether ProveFreshness transactions are
// supported and processed, or ignored and handled as non-existing transactions.
FreshnessProofs bool `json:"freshness_proofs"`
}
// TEEFeaturesSGX are the supported Intel SGX-specific TEE features.
type TEEFeaturesSGX struct {
// PCS is a feature flag specifying whether support for Platform Certification Service-based
// remote attestation is supported for Intel SGX-based TEEs.
PCS bool `json:"pcs"`
// SignedAttestations is a feature flag specifying whether attestations need to include an
// additional signature binding it to a specific node.
SignedAttestations bool `json:"signed_attestations,omitempty"`
// DefaultPolicy is the default quote policy.
DefaultPolicy *quote.Policy `json:"default_policy,omitempty"`
// DefaultMaxAttestationAge is the default maximum attestation age (in blocks).
DefaultMaxAttestationAge uint64 `json:"max_attestation_age,omitempty"`
}
// ApplyDefaultConstraints applies configured SGX constraint defaults to the given structure.
func (fs *TEEFeaturesSGX) ApplyDefaultConstraints(sc *SGXConstraints) {
// Default policy.
if fs.DefaultPolicy != nil {
if sc.Policy == nil {
sc.Policy = "e.Policy{}
}
if sc.Policy.IAS == nil {
sc.Policy.IAS = fs.DefaultPolicy.IAS
}
if sc.Policy.PCS == nil && fs.PCS {
sc.Policy.PCS = fs.DefaultPolicy.PCS
}
}
// Default maximum attestation age.
if sc.MaxAttestationAge == 0 {
sc.MaxAttestationAge = fs.DefaultMaxAttestationAge
}
}