diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index fe60e8ed98d6..ddf6b0e63718 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -1,8 +1,8 @@ --- name: Bug report -about: Create a bug report +about: Report a bug in CCF title: "" -labels: bug +type: bug assignees: "" --- diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index f4c1262da2a8..2ff6b52435ee 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -1,8 +1,8 @@ --- name: Feature request -about: Suggest an idea for this project +about: Request that a feature is implemented in CCF title: "" -labels: enhancement +type: feature assignees: "" --- diff --git a/.github/ISSUE_TEMPLATE/task.md b/.github/ISSUE_TEMPLATE/task.md new file mode 100644 index 000000000000..aa15cdfd8815 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/task.md @@ -0,0 +1,18 @@ +--- +name: Project task +about: Create a task/TODO +title: "" +type: task +assignees: "" +--- + +**NOTE**: This type of issue is reserved for the project team. If you are not a member of the team, please use either the bug or feature templates. + +**What is the motivation for this task** +A clear and concise description of the reason why the task must be completed. + +**Dependencies** +A clear and concise description of what this task depends on, and when work on it can start. + +**Describe impact if task is not completed** +A clear and concise description of the consequences if the task is not completed. diff --git a/CHANGELOG.md b/CHANGELOG.md index 525b507895bf..8dccafcebc37 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ### Added - Added a `ccf::any_cert_auth_policy` (C++), or `any_cert` (JS/TS), implementing TLS client certificate authentication, but without checking for the presence of the certificate in the governance user or member tables. This enables applications wanting to do so to perform user management in application space, using application tables (#6608). +- Added OpenAPI support for `std::unordered_set`. ## [6.0.0-dev5] diff --git a/README.md b/README.md index b035859332fe..26f18f1d8715 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,16 @@ # The Confidential Consortium Framework [![CI](https://github.com/microsoft/CCF/actions/workflows/ci.yml/badge.svg)](https://github.com/microsoft/CCF/actions/workflows/ci.yml) -ccf +The Confidential Consortium Framework (CCF) is an open-source framework for building a new category of secure, highly available, and performant applications that focus on multi-party compute and data.

-The Confidential Consortium Framework (CCF) is an open-source framework for building a new category of secure, highly available, -and performant applications that focus on multi-party compute and data. +

+ccf +

## Get Started with CCF -- Read the [CCF overview](https://microsoft.github.io/CCF/main/overview/index.html) and get familiar with [CCF's core concepts](https://microsoft.github.io/CCF/main/overview/what_is_ccf.html) +- Read the [CCF overview](https://microsoft.github.io/CCF/main/overview/index.html) and becime familiar with the [core concepts](https://microsoft.github.io/CCF/main/overview/what_is_ccf.html) - [Install](https://microsoft.github.io/CCF/main/build_apps/install_bin.html) CCF on Linux -- Get familiar with the CCF core developer API with the [template CCF app](https://github.com/microsoft/ccf-app-template) +- Become familiar with the CCF core developer API with the [template CCF app](https://github.com/microsoft/ccf-app-template) - Quickly build and run [sample CCF apps](https://github.com/microsoft/ccf-app-samples) - [Build new CCF applications](https://microsoft.github.io/CCF/main/build_apps/index.html) in TypeScript/JavaScript or C++ @@ -23,7 +24,6 @@ and performant applications that focus on multi-party compute and data. - Browse the [documentation](https://microsoft.github.io/CCF/) - Read the [Research Papers](https://microsoft.github.io/CCF/main/research) -- Learn more about [Azure Confidential Computing](https://azure.microsoft.com/solutions/confidential-compute/) offerings like Azure DC-series (which support Intel SGX TEE) and the [Open Enclave](https://github.com/openenclave/openenclave) SDK ## Third-party components diff --git a/doc/_static/ccf_overview.png b/doc/_static/ccf_overview.png new file mode 100644 index 000000000000..4ca50ba44bf9 Binary files /dev/null and b/doc/_static/ccf_overview.png differ diff --git a/doc/architecture/threading.rst b/doc/architecture/threading.rst index 702a37c10f97..2a27009c6011 100644 --- a/doc/architecture/threading.rst +++ b/doc/architecture/threading.rst @@ -27,7 +27,4 @@ Programming Model To ensure session consistency all commands that originate from the same connection are executed on the same thread. It is strongly advised that during the execution of a command the application does not mutate any global state outside of the key-value store. -Any inter-command communication must be performed via the key-value store, to ensure that CCF can rollback commands or change the primary as required. - -If an application has global state that exists outside the key-value store, CCF offers several concurrency control primitives (via Open Enclave) to protect memory that could be accessed concurrently by multiple threads. -It is recommended that these primitives are used rather than other primitives, such as mutexes, which may result in an OCALL. +Any inter-command communication must be performed via the key-value store, to ensure that CCF can rollback commands or change the primary as required. \ No newline at end of file diff --git a/doc/architecture/tls_internals.rst b/doc/architecture/tls_internals.rst index d3ff90616c57..aa303f5c671d 100644 --- a/doc/architecture/tls_internals.rst +++ b/doc/architecture/tls_internals.rst @@ -4,11 +4,9 @@ TLS Internals Overview ~~~~~~~~ -In CCF, the :term:`TLS` layer is implemented using OpenSSL 1.1.1 from :term:`Open Enclave` (OE). However, the original implementation was using OE's MbedTLS library, which the current implementation replaced. During the transition period, the OpenSSL implementation had to emulate the previous MbedTLS one and the remaining code isn't particularly suited to OpenSSL. +In CCF, the :term:`TLS` layer is implemented using OpenSSL 1.1.1 or 3.1. However, the original implementation was using OE's MbedTLS library, which the current implementation replaced. During the transition period, the OpenSSL implementation had to emulate the previous MbedTLS one and the remaining code isn't particularly suited to OpenSSL. -In addition, we'll soon be adding :term:`QUIC` support to CCF, which has its own usage of TLS (supporting OpenSSL, but from its own tree). - -This document is an attempt to describe how that works, so that we can plan a suited implementation for both TCP-based and QUIC-based endpoints using TLS. +This document is an attempt to describe how that works, to faciliate further changes. Enclave Connections ~~~~~~~~~~~~~~~~~~~ @@ -63,13 +61,9 @@ The main reasons why we moved to OpenSSL are: - We already use OpenSSL for our crypto library ('src/crypto'). - We wanted TLS 1.3 support and MbedTLS doesn't have it. -- We want to support QUIC, that doesn't work with MbedTLS. - -By now we have removed any traces of MbedTLS, but we are still using OE's OpenSSL library, which doesn't have QUIC support. - -To implement the last point above, we need to build QUIC with its own OpenSSL and use that as our library for the remaining crypto, but OE has its own modifications to OpenSSL as well, and we can't have both. +- We wanted to support QUIC, which doesn't work with MbedTLS. -So, for now, the only way to have QUIC support is in 'virtual' mode, retaining OE's OpenSSL for 'sgx' mode. Once we have other types of enclaves that don't require Open Enclave we can use QUIC's version, too. +By now we have removed any traces of MbedTLS, but we are still using a version of OpenSSL which doesn't have QUIC support. MbedTLS vs OpenSSL ~~~~~~~~~~~~~~~~~~ diff --git a/doc/audit/builtin_maps.rst b/doc/audit/builtin_maps.rst index fcd171b16796..b8400f385cc1 100644 --- a/doc/audit/builtin_maps.rst +++ b/doc/audit/builtin_maps.rst @@ -122,7 +122,7 @@ Identity, status and attestations (endorsed quotes) of the nodes hosting the net ``nodes.code_ids`` ~~~~~~~~~~~~~~~~~~ -Versions of the code allowed to join the current network on :doc:`SGX <../operations/platforms/sgx>`. +DEPRECATED. Previously contained versions of the code allowed to join the current network on SGX hardware. **Key** MRENCLAVE, represented as a base64 hex-encoded string (length: 64). diff --git a/doc/audit/python_library.rst b/doc/audit/python_library.rst index a25225128d5c..e352f2d6730c 100644 --- a/doc/audit/python_library.rst +++ b/doc/audit/python_library.rst @@ -118,23 +118,23 @@ The ``ledger_code.py`` command line utility can be used to display the history o .. code-block:: bash $ ledger_code.py -s /path/to/ledger/dir - 2.1 Introduced : [('OE_SGX_v1', '3258fb')] - 2.103 Introduced : [('OE_SGX_v1', '048b8c')] - 3.175 Removed : [('OE_SGX_v1', '3258fb')] + 2.1 Introduced : [('AMD_SEV_SNP_v1', '3258fb')] + 2.103 Introduced : [('AMD_SEV_SNP_v1', '048b8c')] + 3.175 Removed : [('AMD_SEV_SNP_v1', '3258fb')] $ ledger_code.py -vs /path/to/ledger/dir - 2.1: {('OE_SGX_v1', '3258fb'): ['9b013f']} - 2.3: {('OE_SGX_v1', '3258fb'): ['9b013f', 'beb114']} - 2.5: {('OE_SGX_v1', '3258fb'): ['9b013f', 'beb114', '6ff2f4']} - 2.103: {('OE_SGX_v1', '3258fb'): ['9b013f', 'beb114', '6ff2f4'], ('OE_SGX_v1', '048b8c'): ['3ebd58']} - 2.119: {('OE_SGX_v1', '3258fb'): ['9b013f', 'beb114', '6ff2f4'], ('OE_SGX_v1', '048b8c'): ['3ebd58', '53cb2a']} - 2.146: {('OE_SGX_v1', '3258fb'): ['9b013f', 'beb114', '6ff2f4'], ('OE_SGX_v1', '048b8c'): ['3ebd58', '53cb2a', '1d1396']} - 2.152: {('OE_SGX_v1', '3258fb'): ['beb114', '6ff2f4'], ('OE_SGX_v1', '048b8c'): ['3ebd58', '53cb2a', '1d1396']} - 3.156: {('OE_SGX_v1', '3258fb'): ['beb114', '6ff2f4'], ('OE_SGX_v1', '048b8c'): ['3ebd58', '53cb2a', '1d1396']} - 3.165: {('OE_SGX_v1', '3258fb'): ['6ff2f4'], ('OE_SGX_v1', '048b8c'): ['3ebd58', '53cb2a', '1d1396']} - 3.168: {('OE_SGX_v1', '3258fb'): ['6ff2f4'], ('OE_SGX_v1', '048b8c'): ['3ebd58', '53cb2a', '1d1396']} - 3.175: {('OE_SGX_v1', '048b8c'): ['3ebd58', '53cb2a', '1d1396']} - 4.179: {('OE_SGX_v1', '048b8c'): ['3ebd58', '53cb2a', '1d1396']} + 2.1: {('AMD_SEV_SNP_v1', '3258fb'): ['9b013f']} + 2.3: {('AMD_SEV_SNP_v1', '3258fb'): ['9b013f', 'beb114']} + 2.5: {('AMD_SEV_SNP_v1', '3258fb'): ['9b013f', 'beb114', '6ff2f4']} + 2.103: {('AMD_SEV_SNP_v1', '3258fb'): ['9b013f', 'beb114', '6ff2f4'], ('AMD_SEV_SNP_v1', '048b8c'): ['3ebd58']} + 2.119: {('AMD_SEV_SNP_v1', '3258fb'): ['9b013f', 'beb114', '6ff2f4'], ('AMD_SEV_SNP_v1', '048b8c'): ['3ebd58', '53cb2a']} + 2.146: {('AMD_SEV_SNP_v1', '3258fb'): ['9b013f', 'beb114', '6ff2f4'], ('AMD_SEV_SNP_v1', '048b8c'): ['3ebd58', '53cb2a', '1d1396']} + 2.152: {('AMD_SEV_SNP_v1', '3258fb'): ['beb114', '6ff2f4'], ('AMD_SEV_SNP_v1', '048b8c'): ['3ebd58', '53cb2a', '1d1396']} + 3.156: {('AMD_SEV_SNP_v1', '3258fb'): ['beb114', '6ff2f4'], ('AMD_SEV_SNP_v1', '048b8c'): ['3ebd58', '53cb2a', '1d1396']} + 3.165: {('AMD_SEV_SNP_v1', '3258fb'): ['6ff2f4'], ('AMD_SEV_SNP_v1', '048b8c'): ['3ebd58', '53cb2a', '1d1396']} + 3.168: {('AMD_SEV_SNP_v1', '3258fb'): ['6ff2f4'], ('AMD_SEV_SNP_v1', '048b8c'): ['3ebd58', '53cb2a', '1d1396']} + 3.175: {('AMD_SEV_SNP_v1', '048b8c'): ['3ebd58', '53cb2a', '1d1396']} + 4.179: {('AMD_SEV_SNP_v1', '048b8c'): ['3ebd58', '53cb2a', '1d1396']} As with ``read_ledger.py``, non-committed ledger files are ignored, unless the ``--uncommitted`` command line argument is specified. diff --git a/doc/build_apps/install_bin.rst b/doc/build_apps/install_bin.rst index a7173bbbdf3d..a20fe9b8e3b0 100644 --- a/doc/build_apps/install_bin.rst +++ b/doc/build_apps/install_bin.rst @@ -18,7 +18,7 @@ The dependencies required to build and run CCF apps can be conveniently installe .. tab:: Virtual - .. warning:: The `virtual` version of CCF can also be run on hardware that does not support SGX/SNP. Virtual mode does not provide any security guarantees and should be used for development purposes only. + .. warning:: The `virtual` version of CCF can also be run on hardware that does not support SEV-SNP. Virtual mode does not provide any security guarantees and should be used for development purposes only. .. code-block:: bash @@ -34,37 +34,7 @@ Installation from .deb Alternatively, CCF releases are available on the `GitHub repository release page `_. -The CCF Debian package (``ccf___amd64.deb``) contains the libraries and utilities to start a CCF service and build CCF applications. CCF can be installed as follows, for the ``SGX``, ``SNP`` and ``Virtual`` platforms: - -.. tab:: SGX - - .. code-block:: bash - - # Set CCF_VERSION to most recent LTS release - $ export CCF_VERSION=$(curl -ILs -o /dev/null -w %{url_effective} https://github.com/microsoft/CCF/releases/latest | sed 's/^.*ccf-//') - # Alternatively, set this manually, e.g.: - # export CCF_VERSION=4.0.0 - $ wget https://github.com/microsoft/CCF/releases/download/ccf-${CCF_VERSION}/ccf_sgx_${CCF_VERSION}_amd64.deb - $ sudo apt install ./ccf_sgx_${CCF_VERSION}_amd64.deb - - .. tip:: A separate `unsafe` package (``ccf_sgx_unsafe__amd64.deb``) with extremely verbose logging is also provided for troubleshooting purposes. Its version always ends in ``unsafe`` to make it easily distinguishable. The extent of the logging in these packages mean that they cannot be relied upon to offer confidentiality and integrity guarantees. They should never be used for production purposes. - - Assuming that CCF was installed under ``/opt``, the following commands can be run to verify that CCF was installed successfully: - - .. code-block:: bash - - $ /opt/ccf_sgx/bin/cchost --version - CCF host: ccf- - Platform: SGX - - $ /opt/ccf_sgx/bin/sandbox.sh - No package/app specified. Defaulting to installed JS logging app - Setting up Python environment... - Python environment successfully setup - [16:10:16.552] Starting 1 CCF node... - [16:10:23.349] Started CCF network with the following nodes: - [16:10:23.350] Node [0] = https://127.0.0.1:8000 - ... +The CCF Debian package (``ccf___amd64.deb``) contains the libraries and utilities to start a CCF service and build CCF applications. CCF can be installed as follows, for the ``SNP`` and ``Virtual`` platforms: .. tab:: SNP @@ -142,12 +112,6 @@ Uninstall To remove an installation of CCF, run: -.. tab:: SGX - - .. code-block:: bash - - $ sudo apt remove ccf_sgx - .. tab:: SNP .. code-block:: bash @@ -163,28 +127,4 @@ To remove an installation of CCF, run: From Source ----------- -To build and install CCF from source, please see :doc:`/contribute/build_ccf`. - -In Azure --------- - -CCF can be installed on an Azure Virtual Machine by running a single script: - -.. tab:: SGX - - .. code-block:: bash - - $ /opt/ccf_sgx/getting_started/azure_vm/install_ccf_on_azure_vm.sh - -.. tab:: SNP - - .. code-block:: bash - - $ /opt/ccf_snp/getting_started/azure_vm/install_ccf_on_azure_vm.sh - -.. tab:: Virtual - - .. code-block:: bash - - $ /opt/ccf_virtual/getting_started/azure_vm/install_ccf_on_azure_vm.sh - +To build and install CCF from source, please see :doc:`/contribute/build_ccf`. \ No newline at end of file diff --git a/doc/build_apps/js_app_bundle.rst b/doc/build_apps/js_app_bundle.rst index f4ba215e07b9..7100ac80f3b4 100644 --- a/doc/build_apps/js_app_bundle.rst +++ b/doc/build_apps/js_app_bundle.rst @@ -373,7 +373,7 @@ Note that this removes the sandboxing protections described above. If the conten This behaviour is controlled in ``app.json``, with the ``"interpreter_reuse"`` property on each endpoint. The default behaviour, taken when the field is omitted, is to avoid any interpreter reuse, providing strict sandboxing safety. To reuse an interpreter, set ``"interpreter_reuse"`` to an object of the form ``{"key": "foo"}``, where ``foo`` is an arbitrary, app-defined string. Interpreters will be shared between endpoints where this string matches. For instance: -.. code-block:: json +.. code-block:: yaml { "endpoints": { diff --git a/doc/build_apps/logging.rst b/doc/build_apps/logging.rst index 7ef2485d1fc8..b0a231015e7d 100644 --- a/doc/build_apps/logging.rst +++ b/doc/build_apps/logging.rst @@ -26,9 +26,7 @@ These logging functions do several things: - Variable substitution. See `libfmt `_ for more details of the formatting syntax used in C++ - Declare the severity of the entry. CCF defines 5 levels (``trace``, ``debug``, ``info``, ``fail``, and ``fatal``), and production nodes will generally ignore entries below ``info`` - Prefix formatted metadata. The produced log line will include a timestamp, the name and line number where the line was produced, and an ``[app]`` tag -- Write without an ECALL. The final write must be handled by the host, so writing directly from the enclave would require an expensive ECALL. Instead these macros will queue writes to a ringbuffer for the host to process, so diagnostic logging should not cause significant performance drops - -The most-verbose lines which are emitted may be restricted at build-time, if required for security on that platform. On SGX, the ``CCF_APP_TRACE`` and ``CCF_APP_DEBUG`` macros are disabled at compile-time, to avoid leaking confidential information during execution. To enable these, define ``VERBOSE_LOGGING`` before including ``logger.h`` in your application code. The unsafe build variants of CCF include verbose logging of the framework itself, but this can be used independently of verbose logging in the application code. +- Queue writes to a ringbuffer for the host to process, so diagnostic logging should not cause significant performance drops .. note:: The app's logging entries will be interleaved (line-by-line) with the framework's logging messages. Filter for entries containing ``[app]`` to extract only application log lines. diff --git a/doc/build_apps/run_app.rst b/doc/build_apps/run_app.rst index 51a7b22a9074..62971d6e7dac 100644 --- a/doc/build_apps/run_app.rst +++ b/doc/build_apps/run_app.rst @@ -45,7 +45,7 @@ For example, deploying the generic JS application: .. note:: - - ``sandbox.sh`` defaults to using CCF's `virtual` mode, which does not require or make use of SGX. To load debug or release enclaves and make use of SGX, ``--enclave-type`` must be set to the right value, for example: ``sandbox.sh --enclave-type release -p ./libjs.enclave.so.signed`` + - ``sandbox.sh`` automatically uses the platform which either the local build or install of CCF targeted, i.e. either Virtual or SNP. - The ``--verbose`` argument can be used to display all commands issued by operators and members to start the network. The command output shows the addresses of the CCF nodes where commands may be submitted (ie, via ``curl https://127.0.0.1:8000/...``). diff --git a/doc/contribute/build_ccf.rst b/doc/contribute/build_ccf.rst index 40bd500150ad..fe0be1475e87 100644 --- a/doc/contribute/build_ccf.rst +++ b/doc/contribute/build_ccf.rst @@ -9,25 +9,28 @@ First, checkout the CCF repository: $ git clone git@github.com:microsoft/CCF.git -To build CCF from source on a SGX-enabled machine, run the following: +To build CCF from source, run the following: -.. code-block:: bash +.. tab:: SNP - $ cd CCF - $ mkdir build - $ cd build - $ cmake -GNinja .. - $ ninja + .. code-block:: bash -Alternatively, on a non-SGX machine, you can build a `virtual` instance of CCF: + $ cd CCF + $ mkdir build + $ cd build + $ cmake -GNinja -DCOMPILE_TARGET=snp .. + $ ninja -.. code-block:: bash - $ cd CCF - $ mkdir build - $ cd build - $ cmake -GNinja -DCOMPILE_TARGET=virtual .. - $ ninja +.. tab:: Virtual + + .. code-block:: bash + + $ cd CCF + $ mkdir build + $ cd build + $ cmake -GNinja -DCOMPILE_TARGET=virtual .. + $ ninja .. note::: @@ -50,7 +53,7 @@ The most common build switches include: * **BUILD_TESTS**: Boolean. Build all tests for CCF. Default to ON. * **SAN**: Boolean. Build unit tests with Address and Undefined behaviour sanitizers enabled. Default to OFF. -* **COMPILE_TARGET**: String. Target compilation platform. Defaults to ``sgx``. Supported values are ``sgx``, ``snp``, or ``virtual``. +* **COMPILE_TARGET**: String. Target compilation platform. Defaults to ``snp``. Supported values are ``snp``, or ``virtual``. Run Tests --------- diff --git a/doc/contribute/build_images.rst b/doc/contribute/build_images.rst index eaa059f433fb..e4d32197b69c 100644 --- a/doc/contribute/build_images.rst +++ b/doc/contribute/build_images.rst @@ -6,7 +6,7 @@ They can be pulled by unauthenticated users: .. code-block:: bash - $ docker pull ghcr.io/microsoft/ccf/ci/(default|sgx):build-* + $ docker pull ghcr.io/microsoft/ccf/ci/default:build-* Pushing a git tag of the form ``build/*`` will trigger the :ccf_repo:`.github/workflows/ci-containers-ghcr.yml` workflow that builds and pushes a new ``ghcr.io/microsoft/ccf/ci/(default|sgx):build-*`` image. diff --git a/doc/contribute/build_setup.rst b/doc/contribute/build_setup.rst index 5a3220c977c1..2c82c31733d8 100644 --- a/doc/contribute/build_setup.rst +++ b/doc/contribute/build_setup.rst @@ -17,7 +17,7 @@ Then, to quickly set up the dependencies necessary to build CCF itself and CCF a .. tab:: Virtual - .. warning:: The `virtual` version of CCF can also be run on hardware that does not support SGX/SNP. Virtual mode does not provide any security guarantees and should be used for development purposes only. + .. warning:: The `virtual` version of CCF can also be run on hardware that does not support SEV-SNP. Virtual mode does not provide any security guarantees and should be used for development purposes only. .. code-block:: bash @@ -34,16 +34,13 @@ The quickest way to get started building CCF applications is to use the CCF buil .. code-block:: bash $ export VERSION="4.0.0" - $ export PLATFORM="sgx" # One of sgx, snp or virtual + $ export PLATFORM="snp" # snp or virtual $ docker pull mcr.microsoft.com/ccf/app/dev:$VERSION-$PLATFORM The container contains the latest release of CCF along with a complete build toolchain, and startup scripts. -If your hardware does support SGX, and has the appropriate driver installed and loaded, then you will only need to expose the device to the container by passing ``--device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx`` when you start it. It can be run on hardware that does not support SGX, in which case you will want to use the virtual binaries, or build in `virtual mode`. - .. note:: - - When running the build container on SGX-enabled hardware, pass the ``--device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx`` options to use SGX in the container. - `virtual` mode provides no security guarantee. It is only useful for development and prototyping. Visual Studio Code Setup diff --git a/doc/contribute/create_vm.rst b/doc/contribute/create_vm.rst deleted file mode 100644 index 62e9a1be3f88..000000000000 --- a/doc/contribute/create_vm.rst +++ /dev/null @@ -1,11 +0,0 @@ -Create Azure SGX VM -=================== - -:term:`Azure Confidential Compute` (ACC) offers SGX-enabled `DC`_-series VMs, which can be deployed like other Azure SKUs. -Note that `DC`_ SKUs can only be configured as `Gen2`_ VMs, and so only `Gen2`_ compatible VM images can be used. - -.. note:: If you use `Visual Studio Code `_, you can install and set up the `Remote - SSH `_ extension to connect to your SGX-enabled VM. - - -.. _`DC`: https://docs.microsoft.com/en-us/azure/virtual-machines/dcv2-series -.. _`Gen2`: https://docs.microsoft.com/en-us/azure/virtual-machines/generation-2 \ No newline at end of file diff --git a/doc/contribute/index.rst b/doc/contribute/index.rst index 17c60996566c..d910b7958da3 100644 --- a/doc/contribute/index.rst +++ b/doc/contribute/index.rst @@ -15,13 +15,6 @@ The CCF team welcome contributions to any part of the framework, including this --- - :fa:`cloud` :doc:`create_vm` - ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - - Create a SGX-enabled Azure Virtual Machine. - - --- - :fa:`laptop-code` :doc:`build_setup` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -53,7 +46,6 @@ The CCF team welcome contributions to any part of the framework, including this :hidden: onboarding - create_vm build_setup build_ccf release_ccf diff --git a/doc/contribute/onboarding.rst b/doc/contribute/onboarding.rst index 468837880ffa..c7fe2f349112 100644 --- a/doc/contribute/onboarding.rst +++ b/doc/contribute/onboarding.rst @@ -10,11 +10,6 @@ Start by reading :doc:`/overview/what_is_ccf`. If you encounter any terms or acronyms that you do not know, check the :doc:`/overview/glossary`. If the word you are looking for is not defined, create an `issue `_. -Create an SGX VM if necessary ------------------------------ - -If you intend to make changes that need to work on Intel SGX, you will want an :doc:`SGX VM ` to check you didn't introduce instructions that are illegal in enclave, and to evaluate the performance impact of your change. - Build CCF --------- diff --git a/doc/operations/platforms/index.rst b/doc/operations/platforms/index.rst index 243eb6f30002..aba37f5644f2 100644 --- a/doc/operations/platforms/index.rst +++ b/doc/operations/platforms/index.rst @@ -6,7 +6,6 @@ CCF can run on several hardware platforms/trusted execution environments, which .. toctree:: :maxdepth: 1 - sgx snp virtual diff --git a/doc/operations/platforms/sgx.rst b/doc/operations/platforms/sgx.rst deleted file mode 100644 index 0fb16132d597..000000000000 --- a/doc/operations/platforms/sgx.rst +++ /dev/null @@ -1,37 +0,0 @@ -Intel SGX -========= - -How to use the Intel SGX platform ---------------------------------- - -CCF must run on an Intel CPU which supports SGX. - -To use SGX, in the :ref:`operations/configuration:``enclave``` configuration section, the enclave ``platform`` should be set to ``SGX``, and ``type`` to ``Release`` or ``Debug``, depending on the enclave build type. - -Attestation ------------ - -SGX attestations provide a measurement of the code loaded into the enclave, which CCF stores in the :ref:`audit/builtin_maps:``nodes.code_ids``` table. New nodes joining a network will provide their measurement and the primary will perform an identity check against the table entries. - -The first node in a new network will add its code id to the table. Members can then manage which code ids are present in the table with the ``add_node_code`` and ``remove_node_code`` actions. - -Once the proposal has been accepted, nodes running the new code are authorised to join the network. Nodes running older versions of the code can then be retired and stopped. - -.. note:: The identity of the code (``mrenclave``) can be found by running the ``oesign`` utility provided by :term:`Open Enclave` : - - .. code-block:: bash - - $ /opt/openenclave/bin/oesign dump -e enclave_library - === Entry point: - name=_start - address=000000000097fa38 - - === SGX Enclave Properties: - product_id=1 - security_version=1 - debug=1 - xfrm=0 - num_heap_pages=50000 - num_stack_pages=1024 - num_tcs=8 - mrenclave=3175971c02d00c1a8f9dd23ca89e64955c5caa94e24f4a3a0579dcfb2e6aebf9 diff --git a/doc/operations/run_setup.rst b/doc/operations/run_setup.rst index e3a03e658a49..e2f0c60dfe5b 100644 --- a/doc/operations/run_setup.rst +++ b/doc/operations/run_setup.rst @@ -37,13 +37,6 @@ C++ Apps The ``ghcr.io/microsoft/ccf/app/run/*`` containers can be run to deploy C++ apps. They contain the ``cchost`` binary and the dependencies required to spin up a CCF node. -.. tab:: SGX - - .. code-block:: bash - - $ export VERSION="5.0.0-rc0" - $ docker pull ghcr.io/microsoft/ccf/app/run/sgx:ccf-$VERSION - .. tab:: SNP .. code-block:: bash @@ -64,13 +57,6 @@ JavaScript/TypeScript Apps The ``ghcr.io/microsoft/ccf/app/run-js/*`` containers can be run to deploy JavaScript/TypeScripts apps. They contain the ``cchost`` binary, the ``libjs_generic`` native application to run JavaScript/TypeScript apps, and the dependencies required to spin up a CCF node. -.. tab:: SGX - - .. code-block:: bash - - $ export VERSION="5.0.0-rc0" - $ docker pull ghcr.io/microsoft/ccf/app/run-js/sgx:ccf-$VERSION - .. tab:: SNP .. code-block:: bash diff --git a/doc/operations/start_network.rst b/doc/operations/start_network.rst index 60101740859b..aaffca717350 100644 --- a/doc/operations/start_network.rst +++ b/doc/operations/start_network.rst @@ -54,7 +54,7 @@ The joining node takes the certificate of the existing network to join via ``ser The join configuration option should be set in the :ref:`operations/configuration:``command.join``` section of the JSON configuration. -A new node can only join an existing CCF network if its SGX quote is valid [#remote_attestation]_. and runs an enclave application that is :ref:`trusted by the consortium `. +A new node can only join an existing CCF network if its hardware attestation is valid [#remote_attestation]_. and runs an enclave application that is :ref:`trusted by the consortium `. If the network has not yet been opened by members (see :ref:`governance/open_network:Opening the Network`), the joining node becomes part of the network immediately. Otherwise, if the network has already been opened to users, members need to trust the joining node before it can become part of the network and participate in the consensus (see :ref:`governance/common_member_operations:Trusting a New Node`). diff --git a/doc/operations/troubleshooting.rst b/doc/operations/troubleshooting.rst index 37faa53ba6f4..95bf3e892a70 100644 --- a/doc/operations/troubleshooting.rst +++ b/doc/operations/troubleshooting.rst @@ -100,38 +100,4 @@ Returned when a node tries to join a network with too old a snapshot, or no snap See :ref:`this page ` for more information. **Resolution:** This can be resolved by trying to join again with a fresh snapshot. -The seqno of the snapshot a node started from is available as ``startup_seqno`` in :http:GET:`/node/state`. - -Node Startup Issues -------------------- - -``OE_SERVICE_UNAVAILABLE`` -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: - - # Complete node logs on startup - 2022-01-01T12:00:00.000000Z 100 [info ] ../src/host/main.cpp:519 | Initialising enclave: enclave_create_node - [init ../../../psw/ae/aesm_service/source/core/ipc/UnixCommunicationSocket.cpp:225] Failed to connect to socket /var/run/aesmd/aesm.socket - 2022-01-01T12:00:00.000000Z [(H)ERROR] tid(0x7f277c35b740) | SGX AESM service unavailable (oe_result_t=OE_SERVICE_UNAVAILABLE) [/source/openenclave/host/sgx/sgxquote.c:_load_quote_ex_library_once:479] - 2022-01-01T12:00:00.000000Z [(H)ERROR] tid(0x7f277c35b740) | Failed to load SGX quote-ex library - (oe_result_t=OE_SERVICE_UNAVAILABLE) [/source/openenclave/host/sgx/sgxquote.c:oe_sgx_qe_get_target_info:688] - 2022-01-01T12:00:00.000000Z [(H)ERROR] tid(0x7f277c35b740) | :OE_SERVICE_UNAVAILABLE [/source/openenclave/host/sgx/quote.c:sgx_get_qetarget_info:37] - -This may occur on SGX deployments where the ``SGX_AESM_ADDR`` environment variable is set. By default, this variable is automatically set when installing CCF dependencies (specifically, Open Enclave) and indicates that out-of-process attestation quote generation should be used (`using the AESM service `_). - -While CCF supports out-of-process attestation, the AESM service is not installed as part of the CCF dependencies. For local deployments, it is expected that operators use in-process quote generation. - -**Resolution:** Unset the ``SGX_AESM_ADDR`` environment variable: ``$ unset SGX_AESM_ADDR``. - -Info Messages -------------- - -``Ignoring signal: 13`` -~~~~~~~~~~~~~~~~~~~~~~~ - -Signal 13 (`SIGPIPE`) is emitted on writes to closed fds. It is superfluous in programs that handle write errors, such as CCF, and is therefore ignored. This message does not indicate a malfunction. - -Most CCF releases set the `SIG_IGN` handler, but a bug introduced in Open Enclave `0.18.0 `_ caused the process to crash rather than ignore the signal. CCF installed an alternative handler as a workaround in `2.0.2 `_ , which produces this log line. - -The issue was fixed upstream in Open Enclave `0.18.1 `_ (see `#4542 `_). This log line is now redundant and will be removed from later releases. \ No newline at end of file +The seqno of the snapshot a node started from is available as ``startup_seqno`` in :http:GET:`/node/state`. \ No newline at end of file diff --git a/doc/overview/faq.rst b/doc/overview/faq.rst index 4925d3d0beac..21d686094506 100644 --- a/doc/overview/faq.rst +++ b/doc/overview/faq.rst @@ -16,8 +16,4 @@ However, this mode does not provide any security guarantees (e.g. no memory encr ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CCF itself can run on prem as well as in Azure. -However, for the :term:`TEE` security guarantees to be trusted by clients and operators, the deployment environment should have access to the endorsements of the TEE attestation reports. - -While Azure caches these endorsements transparently, on-prem CCF deployments require the development of a specific infrastructure to store and serve the endorsements. -The procedure to follow is described `here `_. -Note that this setup is not tested by the CCF team. Support can be obtained from the :term:`Open Enclave` project. \ No newline at end of file +However, for the :term:`TEE` security guarantees to be trusted by clients and operators, the deployment environment should have access to the endorsements of the TEE attestation reports. \ No newline at end of file diff --git a/doc/overview/glossary.rst b/doc/overview/glossary.rst index 72016a58b34a..edb322f8803f 100644 --- a/doc/overview/glossary.rst +++ b/doc/overview/glossary.rst @@ -5,9 +5,6 @@ Glossary Azure Confidential Compute `Azure Confidential Compute `_ protects the confidentiality and integrity of your data and code while it's processed in the public cloud. - Azure DCAP - Intel SGX Data Centre Attestation Primitives which allows SGX attestation to be used within Microsoft Azure. - Constitution JavaScript module that defines possible governance actions, and how members' proposals are validated, resolved and applied to the service. @@ -21,12 +18,6 @@ Glossary Enclave `Trusted Execution Environments `_, allowing fully encrypted and auditable execution without direct access from the host machine. - FLC - `Flexible Launch Control `_ is a feature of the Intel :term:`SGX` architecture. - - Intel SGX PSW - Intel SGX Platform SoftWare which manages SGX enclaves loading as well as communication with architectural enclaves. More details `here `_. - Members Constitute the consortium governing a CCF network. Their public identity should be registered in CCF. @@ -41,9 +32,6 @@ Glossary Omission Fault Type of failure where consensus messages exchanged between nodes are lost due to unreliable network. This may cause one or more nodes to be isolated from the rest of the network. - - Open Enclave - `Open Enclave SDK `_ is an SDK for building enclave applications in C and C++. Operators Are in charge of operating a CCF network (e.g. adding or removing nodes). Their identities are not registered in CCF. @@ -66,9 +54,6 @@ Glossary SEV-SNP `AMD Secure Encrypted Virtualisation - Secure Nested Paging `_ is a trusted execution environment platform. It is a technology used to isolate virtual machines from the hypervisor with strong memory integrity protection. - SGX - `Intel Software Guard Extensions `_ is a trusted execution environment platform. It is a set of instructions that increases the security of application code and data, giving them more protection from disclosure or modification. Developers can partition sensitive information into enclaves, which are areas of execution in memory with more security protection. - TCP `Transmission Control Protocol `_ is a network protocol over IP that provides sessions and ordered streams, which we use to connect between nodes and external clients. diff --git a/doc/overview/what_is_ccf.rst b/doc/overview/what_is_ccf.rst index 88e7bf5f0167..7f5613d222da 100644 --- a/doc/overview/what_is_ccf.rst +++ b/doc/overview/what_is_ccf.rst @@ -22,7 +22,7 @@ The following diagram shows a basic CCF network made of 3 nodes. All nodes run t Network and Nodes ~~~~~~~~~~~~~~~~~ -A CCF network consists of several nodes, each running on top of a Trusted Execution Environment (:term:`TEE`), such as Intel :term:`SGX`. A CCF network is decentralised and highly-available. +A CCF network consists of several nodes, each running on top of a Trusted Execution Environment (:term:`TEE`), such as AMD :term:`SEV-SNP`. A CCF network is decentralised and highly-available. Nodes are run and maintained by :term:`Operators`. However, nodes must be trusted by the consortium of members before participating in a CCF network. diff --git a/doc/schemas/app_openapi.json b/doc/schemas/app_openapi.json index 0b6561c9e9c0..dc311b370413 100644 --- a/doc/schemas/app_openapi.json +++ b/doc/schemas/app_openapi.json @@ -295,7 +295,7 @@ "info": { "description": "This CCF sample app implements a simple logging application, securely recording messages at client-specified IDs. It demonstrates most of the features available to CCF apps.", "title": "CCF Sample Logging App", - "version": "2.5.0" + "version": "2.6.0" }, "openapi": "3.0.0", "paths": { diff --git a/doc/use_apps/index.rst b/doc/use_apps/index.rst index e70cee93e1f4..b914a917b5c3 100644 --- a/doc/use_apps/index.rst +++ b/doc/use_apps/index.rst @@ -19,13 +19,6 @@ This section describes how :term:`Users` can issue transactions to CCF applicati --- - :fa:`search` :doc:`verify_quote` - ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - - Checking the quote of a CCF node to confirm it is part of a valid network and running in Enclave. - - --- - :fa:`terminal` :doc:`rpc_api` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -37,5 +30,4 @@ This section describes how :term:`Users` can issue transactions to CCF applicati issue_commands verify_tx - verify_quote rpc_api \ No newline at end of file diff --git a/doc/use_apps/verify_quote.rst b/doc/use_apps/verify_quote.rst deleted file mode 100644 index d92be2b8a4a7..000000000000 --- a/doc/use_apps/verify_quote.rst +++ /dev/null @@ -1,40 +0,0 @@ -Verifying Quote -=============== - -A client can verify the validity of the SGX quote of the CCF node that it connects to. This can be done using the ``verify_quote.sh`` script installed as part of the CCF install or ``ccf`` Python package. - -.. code-block:: bash - - $ verify_quote.sh https:// [--mrenclave ] [CURL_OPTIONS] - Retrieved 1 accepted code versions from CCF service. - Node quote successfully retrieved. Verifying quote... - mrenclave: 3175971c02d00c1a8f9dd23ca89e64955c5caa94e24f4a3a0579dcfb2e6aebf9 - Quote verification successful. - -The script verifies the target CCF node's SGX quote by: - -1. Retrieving the node's SGX quote via the :http:GET:`/node/quotes/self` endpoint. -2. Verifying that the cryptographic hash of the node's identity public key (as presented in the node's certificate in the TLS session) matches the quote's report data. -3. Verifying that the quote's measurement (``MRENCLAVE``) matches one of the trusted enclave measurements. - -A specific trusted SGX enclave measurement can be specified ``--mrenclave `` (e.g. using the value returned by the Open Enclave ``oesign dump`` utility) as follows: - -.. code-block:: bash - - $ verify_quote.sh https:// --mrenclave 3175971c02d00c1a8f9dd23ca89e64955c5caa94e24f4a3a0579dcfb2e6aebf9 [CURL_OPTIONS] - Node quote successfully retrieved. Verifying quote... - mrenclave: 3175971c02d00c1a8f9dd23ca89e64955c5caa94e24f4a3a0579dcfb2e6aebf9 - Quote verification successful. - -If no code measurement is specified, the ``verify_quote.sh`` script automatically verifies it against the code versions currently trusted by the CCF service, as returned by the :http:GET:`/node/code` endpoint. - -.. note:: The ``verify_quote.sh`` script uses the ``oeverify`` CLI included in the Open Enclave ``hostverify`` package available on the `Open Enclave release page `_. - -Alternatively, the SGX quotes of all currently trusted nodes can be retrieved via the :http:GET:`/node/quotes` endpoint: - -.. code-block:: bash - - $ curl https:///node/quotes --cacert service_cert.pem - {"quotes": [ - {"mrenclave":", "node_id":, "raw":""}, - {"mrenclave":", "node_id":, "raw":""}]} diff --git a/getting_started/setup_vm/roles/az_dcap/tasks/install.yml b/getting_started/setup_vm/roles/az_dcap/tasks/install.yml deleted file mode 100644 index 14b1d5ead421..000000000000 --- a/getting_started/setup_vm/roles/az_dcap/tasks/install.yml +++ /dev/null @@ -1,18 +0,0 @@ -- name: Add Microsoft repository key - apt_key: - url: "https://packages.microsoft.com/keys/microsoft.asc" - state: present - become: true - -- name: Add Microsoft sources list - apt_repository: - repo: "deb [arch=amd64] https://packages.microsoft.com/ubuntu/{{ ansible_distribution_version }}/prod {{ ansible_distribution_release }} main" - state: present - become: true - -- name: Install the Azure DCAP Client - apt: - name: az-dcap-client - state: present - force: true - become: true diff --git a/getting_started/setup_vm/roles/intel/tasks/sgx-group.yml b/getting_started/setup_vm/roles/intel/tasks/sgx-group.yml deleted file mode 100644 index 7a3949ff1fcf..000000000000 --- a/getting_started/setup_vm/roles/intel/tasks/sgx-group.yml +++ /dev/null @@ -1,20 +0,0 @@ -- name: Include vars - include_vars: - file: common.yml - -- name: Determine available groups - getent: - database: group - -# Required from Linux kernel 5.11 for in-process quote generation -# Note: This may require a VM reboot -- name: Add current user to sgx_prv group - user: - name: "{{ lookup('env', 'USER') }}" - groups: "{{ sgx_group_name }}" - append: true - become: true - when: - - item in ansible_facts.getent_group - with_items: - - "{{ sgx_group_name }}" diff --git a/getting_started/setup_vm/roles/intel/tasks/sgx-psw.yml b/getting_started/setup_vm/roles/intel/tasks/sgx-psw.yml deleted file mode 100644 index 919866a0268c..000000000000 --- a/getting_started/setup_vm/roles/intel/tasks/sgx-psw.yml +++ /dev/null @@ -1,39 +0,0 @@ -- name: Include distribution vars - include_vars: - file: common.yml - -- name: Install apt-transport-https APT package - apt: - name: apt-transport-https - state: latest - become: true - -- name: Add APT repository key - apt_key: - url: "https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key" - state: present - become: true - -- name: Add APT repository - apt_repository: - repo: "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu {{ ansible_distribution_release }} main" - state: present - update_cache: yes - become: true - -- name: Install the Intel libsgx packages - apt: - name: "{{ intel_sgx_packages }}" - state: latest - update_cache: yes - install_recommends: no - become: true - -- name: Install the Intel DCAP packages - apt: - name: "{{ intel_dcap_packages }}" - state: latest - update_cache: yes - install_recommends: no - when: flc_enabled|bool - become: true diff --git a/getting_started/setup_vm/roles/intel/vars/common.yml b/getting_started/setup_vm/roles/intel/vars/common.yml deleted file mode 100644 index caa2b9b9e1da..000000000000 --- a/getting_started/setup_vm/roles/intel/vars/common.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) Open Enclave SDK contributors. -# Licensed under the MIT License. - -flc_enabled: true - -sgx_group_name: "sgx_prv" - -intel_sgx_packages: - - "libsgx-enclave-common" - - "libsgx-ae-qve" - - "libsgx-ae-pce" - - "libsgx-ae-qe3" - - "libsgx-qe3-logic" - - "libsgx-pce-logic" - -intel_dcap_packages: - - "libsgx-dcap-ql" - - "libsgx-urts" - - "libsgx-quote-ex" - # Note: libsgx-dcap-ql-dev used to be automatically pulled by the - # open-enclave deb package until 0.18.4. This is only necessary - # to run <= 2.x CCF nodes that are built against OE <= 0.18.2. - - "libsgx-dcap-ql-dev" diff --git a/getting_started/setup_vm/roles/openenclave/tasks/binary_install.yml b/getting_started/setup_vm/roles/openenclave/tasks/binary_install.yml deleted file mode 100644 index 0612b8932a84..000000000000 --- a/getting_started/setup_vm/roles/openenclave/tasks/binary_install.yml +++ /dev/null @@ -1,7 +0,0 @@ -- name: Include vars - include_vars: common.yml - -- name: Install Open Enclave - apt: - deb: "{{ oe_deb }}" - become: yes diff --git a/getting_started/setup_vm/roles/openenclave/tasks/src_install.yml b/getting_started/setup_vm/roles/openenclave/tasks/src_install.yml deleted file mode 100644 index 0a397976d6a6..000000000000 --- a/getting_started/setup_vm/roles/openenclave/tasks/src_install.yml +++ /dev/null @@ -1,69 +0,0 @@ -- name: Include vars - include_vars: common.yml - -- name: Install git - apt: - name: git - become: true - -- name: Remove Pre-existing Open Enclave source on the remote - file: - path: "{{ workspace }}/openenclave-{{ oe_ver }}" - state: absent - -- name: Create directory for Open Enclave source - file: - path: "{{ workspace }}/openenclave-{{ oe_ver }}" - state: directory - -- name: Check out Open Enclave source - git: - repo: "{{ oe_repo }}" - dest: "{{ workspace }}/openenclave-{{ oe_ver }}" - version: "{{ oe_ver }}" - -- name: Make Open Enclave build dir - file: - path: "{{ workspace }}/openenclave-{{ oe_ver }}/build" - state: directory - -- name: Install Open Enclave dependencies - shell: | - scripts/ansible/install-ansible.sh - ansible-playbook "{{ oe_playbook }}" - args: - chdir: "{{ workspace }}/openenclave-{{ oe_ver }}" - become: true - async: 600 - poll: 5 - -- name: Install ninja - apt: - name: ninja-build - become: true - -- name: Make Open Enclave build dir - file: - path: "{{ workspace }}/openenclave-{{ oe_ver }}/build" - state: directory - -- name: Build Open Enclave - shell: | - cmake -GNinja -DCMAKE_INSTALL_PREFIX:PATH={{ oe_prefix }} -DCMAKE_BUILD_TYPE=RelWithDebInfo {{ oe_build_opts }} .. - ninja - args: - chdir: "{{ workspace }}/openenclave-{{ oe_ver }}/build" - async: 600 - poll: 5 - -- name: Remove Pre-existing Open Enclave install - file: - path: "{{ oe_prefix }}" - state: absent - become: true - -- name: Install Open Enclave - command: ninja install - args: - chdir: "{{ workspace }}/openenclave-{{ oe_ver }}/build" - become: true diff --git a/getting_started/setup_vm/roles/openenclave/vars/common.yml b/getting_started/setup_vm/roles/openenclave/vars/common.yml deleted file mode 100644 index 4fb48f0ea7af..000000000000 --- a/getting_started/setup_vm/roles/openenclave/vars/common.yml +++ /dev/null @@ -1,14 +0,0 @@ -oe_ver: "0.19.7" -# Usually the same, except for rc, where ver is -rc and ver_ is _rc -oe_ver_: "0.19.7" - -# Source install -workspace: "/tmp/" -oe_src: "oe-{{ oe_ver }}.tar.gz" -oe_prefix: "/opt/openenclave" -oe_repo: "https://github.com/openenclave/openenclave.git" -oe_playbook: scripts/ansible/oe-contributors-acc-setup-no-driver.yml -oe_build_opts: "-DLVI_MITIGATION=ControlFlow-GNU" - -# Binary install -oe_deb: "https://github.com/openenclave/openenclave/releases/download/v{{ oe_ver }}/Ubuntu_2004_open-enclave_{{ oe_ver_ }}_amd64.deb" diff --git a/include/ccf/ds/json_schema.h b/include/ccf/ds/json_schema.h index d8216726df90..6bda247a1529 100644 --- a/include/ccf/ds/json_schema.h +++ b/include/ccf/ds/json_schema.h @@ -9,6 +9,7 @@ #include #include #include +#include namespace ccf::ds { @@ -113,7 +114,9 @@ namespace ccf::ds return fmt::format("{}_array", schema_name()); } } - else if constexpr (ccf::nonstd::is_specialization::value) + else if constexpr ( + ccf::nonstd::is_specialization::value || + ccf::nonstd::is_specialization::value) { return fmt::format("{}_set", schema_name()); } @@ -204,7 +207,8 @@ namespace ccf::ds } else if constexpr ( ccf::nonstd::is_specialization::value || - ccf::nonstd::is_specialization::value) + ccf::nonstd::is_specialization::value || + ccf::nonstd::is_specialization::value) { if constexpr (std::is_same>::value) { diff --git a/include/ccf/ds/openapi.h b/include/ccf/ds/openapi.h index c53722fdbd92..a059799e1bff 100644 --- a/include/ccf/ds/openapi.h +++ b/include/ccf/ds/openapi.h @@ -12,6 +12,7 @@ #include #include #include +#include namespace ccf::ds { @@ -281,7 +282,8 @@ namespace ccf::ds } else if constexpr ( ccf::nonstd::is_specialization::value || - ccf::nonstd::is_specialization::value) + ccf::nonstd::is_specialization::value || + ccf::nonstd::is_specialization::value) { if constexpr (std::is_same>::value) { diff --git a/samples/apps/logging/logging.cpp b/samples/apps/logging/logging.cpp index 3a97f29109d1..ff05eb635abe 100644 --- a/samples/apps/logging/logging.cpp +++ b/samples/apps/logging/logging.cpp @@ -470,7 +470,7 @@ namespace loggingapp "recording messages at client-specified IDs. It demonstrates most of " "the features available to CCF apps."; - openapi_info.document_version = "2.5.0"; + openapi_info.document_version = "2.6.0"; index_per_public_key = std::make_shared( PUBLIC_RECORDS, context, 10000, 20); diff --git a/src/ds/test/openapi.cpp b/src/ds/test/openapi.cpp index b4559badbb9a..92e2713063ea 100644 --- a/src/ds/test/openapi.cpp +++ b/src/ds/test/openapi.cpp @@ -160,6 +160,8 @@ TEST_CASE("Complex custom types") doc, "/app/complex", HTTP_POST); openapi::add_response_schema>>( doc, "/app/complex", HTTP_POST, HTTP_STATUS_OK); + openapi::add_response_schema>( + doc, "/app/complex", HTTP_POST, HTTP_STATUS_OK); required_doc_elements(doc); } diff --git a/src/enclave/rpc_sessions.h b/src/enclave/rpc_sessions.h index b1df9b9a3b68..34d4a5cfd72d 100644 --- a/src/enclave/rpc_sessions.h +++ b/src/enclave/rpc_sessions.h @@ -616,15 +616,15 @@ namespace ccf disp, ::tcp::tcp_inbound, [this](const uint8_t* data, size_t size) { auto id = serialized::peek(data, size); - auto search = sessions.find(id); - if (search == sessions.end()) + auto session = find_session(id); + if (session == nullptr) { LOG_DEBUG_FMT( "Ignoring tls_inbound for unknown or refused session: {}", id); return; } - search->second.second->handle_incoming_data({data, size}); + session->handle_incoming_data({data, size}); }); DISPATCHER_SET_MESSAGE_HANDLER( @@ -644,58 +644,66 @@ namespace ccf disp, udp::udp_inbound, [this](const uint8_t* data, size_t size) { auto id = serialized::peek(data, size); - auto search = sessions.find(id); - if (search == sessions.end()) + std::shared_ptr session; { - LOG_DEBUG_FMT( - "Ignoring udp::udp_inbound for unknown or refused session: {}", - id); - return; - } - else if (!search->second.second && custom_protocol_subsystem) - { - LOG_DEBUG_FMT("Creating custom UDP session {}", id); + std::lock_guard guard(lock); - try + auto search = sessions.find(id); + if (search == sessions.end()) { - const auto& conn_id = search->first; - const auto& interface_id = search->second.first; + LOG_DEBUG_FMT( + "Ignoring udp::udp_inbound for unknown or refused session: {}", + id); + return; + } + else if (!search->second.second && custom_protocol_subsystem) + { + LOG_DEBUG_FMT("Creating custom UDP session {}", id); - auto iit = listening_interfaces.find(interface_id); - if (iit == listening_interfaces.end()) + try { - LOG_DEBUG_FMT( - "Failure to create custom protocol session because of " - "unknown interface '{}', ignoring udp::udp_inbound for " - "session: " - "{}", - interface_id, - id); + const auto& conn_id = search->first; + const auto& interface_id = search->second.first; + + auto iit = listening_interfaces.find(interface_id); + if (iit == listening_interfaces.end()) + { + LOG_DEBUG_FMT( + "Failure to create custom protocol session because of " + "unknown interface '{}', ignoring udp::udp_inbound for " + "session: " + "{}", + interface_id, + id); + } + + const auto& interface = iit->second; + + search->second.second = + custom_protocol_subsystem->create_session( + interface.app_protocol, conn_id, nullptr); + + if (!search->second.second) + { + LOG_DEBUG_FMT( + "Failure to create custom protocol session, ignoring " + "udp::udp_inbound for session: {}", + id); + return; + } } - - const auto& interface = iit->second; - - search->second.second = custom_protocol_subsystem->create_session( - interface.app_protocol, conn_id, nullptr); - - if (!search->second.second) + catch (const std::exception& ex) { LOG_DEBUG_FMT( - "Failure to create custom protocol session, ignoring " - "udp::udp_inbound for session: {}", - id); + "Failure to create custom protocol session: {}", ex.what()); return; } } - catch (const std::exception& ex) - { - LOG_DEBUG_FMT( - "Failure to create custom protocol session: {}", ex.what()); - return; - } + + session = search->second.second; } - search->second.second->handle_incoming_data({data, size}); + session->handle_incoming_data({data, size}); }); } }; diff --git a/src/kv/store.h b/src/kv/store.h index e1789e4ef663..08519ac6d0db 100644 --- a/src/kv/store.h +++ b/src/kv/store.h @@ -1255,8 +1255,7 @@ namespace ccf::kv ReservedTx create_reserved_tx(const TxID& tx_id) { - // version_lock should already been acquired in case term_of_last_version - // is incremented. + std::lock_guard vguard(version_lock); return ReservedTx(this, term_of_last_version, tx_id, rollback_count); } diff --git a/src/kv/test/kv_contention.cpp b/src/kv/test/kv_contention.cpp index 62a4178b2244..272933ec38e7 100644 --- a/src/kv/test/kv_contention.cpp +++ b/src/kv/test/kv_contention.cpp @@ -252,6 +252,8 @@ DOCTEST_TEST_CASE("Concurrent kv access" * doctest::test_suite("concurrency")) DOCTEST_TEST_CASE( "get_version_of_previous_write ordering" * doctest::test_suite("concurrency")) { + ccf::logger::config::level() = LoggerLevel::INFO; + // Many threads attempt to produce a chain of transactions pointing at the // previous write to a single key, at that key. ccf::kv::Store kv_store; @@ -315,7 +317,7 @@ DOCTEST_TEST_CASE( std::vector threads; constexpr auto num_threads = 64; - constexpr auto writes_per_thread = 10; + constexpr auto writes_per_thread = 100; for (size_t i = 0; i < num_threads; ++i) { threads.emplace_back([&]() { @@ -331,6 +333,7 @@ DOCTEST_TEST_CASE( thread.join(); } + LOG_INFO_FMT("Found {} conflicts", conflict_count); DOCTEST_CHECK(conflict_count > 0); constexpr auto last_write_version = num_threads * writes_per_thread; diff --git a/src/node/history.h b/src/node/history.h index 2f8962d3091e..d24e9dd3040c 100644 --- a/src/node/history.h +++ b/src/node/history.h @@ -674,7 +674,6 @@ namespace ccf bool init_from_snapshot( const std::vector& hash_at_snapshot) override { - std::lock_guard guard(state_lock); // The history can be initialised after a snapshot has been applied by // deserialising the tree in the signatures table and then applying the // hash of the transaction at which the snapshot was taken @@ -688,6 +687,10 @@ namespace ccf return false; } + // Delay taking this lock until _after_ the read above, to avoid lock + // inversions + std::lock_guard guard(state_lock); + CCF_ASSERT_FMT( !replicated_state_tree.in_range(1), "Tree is not empty before initialising from snapshot"); diff --git a/src/node/node_state.h b/src/node/node_state.h index 6b97f9939e94..cb7a3d9ed5ff 100644 --- a/src/node/node_state.h +++ b/src/node/node_state.h @@ -785,7 +785,6 @@ namespace ccf join_params.certificate_signing_request = node_sign_kp->create_csr( config.node_certificate.subject_name, subject_alt_names); join_params.node_data = config.node_data; - join_params.consensus_type = ConsensusType::CFT; LOG_DEBUG_FMT( "Sending join request to {}", config.join.target_rpc_address); diff --git a/src/node/rpc/cose_signatures_config.h b/src/node/rpc/cose_signatures_config.h new file mode 100644 index 000000000000..c7d29b010567 --- /dev/null +++ b/src/node/rpc/cose_signatures_config.h @@ -0,0 +1,18 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the Apache 2.0 License. +#pragma once + +#include "ccf/ds/json.h" + +#include + +struct COSESignaturesConfig +{ + std::string issuer; + std::string subject; + + bool operator==(const COSESignaturesConfig& other) const = default; +}; + +DECLARE_JSON_TYPE(COSESignaturesConfig); +DECLARE_JSON_REQUIRED_FIELDS(COSESignaturesConfig, issuer, subject); \ No newline at end of file diff --git a/src/node/rpc/node_call_types.h b/src/node/rpc/node_call_types.h index 5e70089fcc4f..d48ff6c016e1 100644 --- a/src/node/rpc/node_call_types.h +++ b/src/node/rpc/node_call_types.h @@ -14,6 +14,7 @@ #include "enclave/interface.h" #include "node/identity.h" #include "node/ledger_secrets.h" +#include "node/rpc/cose_signatures_config.h" #include "node/uvm_endorsements.h" #include @@ -83,9 +84,6 @@ namespace ccf NodeInfoNetwork node_info_network; QuoteInfo quote_info; ccf::crypto::Pem public_encryption_key; - // Always set by the joiner (node_state.h), but defaults to nullopt here - // to make sure serialisation does take place now that it is OPTIONAL. - std::optional consensus_type = std::nullopt; std::optional startup_seqno = std::nullopt; std::optional certificate_signing_request = std::nullopt; @@ -103,45 +101,42 @@ namespace ccf { bool public_only = false; ccf::kv::Version last_recovered_signed_idx = ccf::kv::NoVersion; - ConsensusType consensus_type = ConsensusType::CFT; - std::optional reconfiguration_type = - std::nullopt; // Unused, but kept for backwards compatibility - LedgerSecretsMap ledger_secrets; NetworkIdentity identity; std::optional service_status = std::nullopt; std::optional endorsed_certificate = std::nullopt; + std::optional cose_signatures_config = + std::nullopt; NetworkInfo() {} NetworkInfo( bool public_only, ccf::kv::Version last_recovered_signed_idx, - ReconfigurationType reconfiguration_type, const LedgerSecretsMap& ledger_secrets, const NetworkIdentity& identity, ServiceStatus service_status, - const std::optional& endorsed_certificate) : + const std::optional& endorsed_certificate, + const std::optional& cose_signatures_config_) : public_only(public_only), last_recovered_signed_idx(last_recovered_signed_idx), - reconfiguration_type(reconfiguration_type), ledger_secrets(ledger_secrets), identity(identity), service_status(service_status), - endorsed_certificate(endorsed_certificate) + endorsed_certificate(endorsed_certificate), + cose_signatures_config(cose_signatures_config_) {} bool operator==(const NetworkInfo& other) const { return public_only == other.public_only && last_recovered_signed_idx == other.last_recovered_signed_idx && - consensus_type == other.consensus_type && - reconfiguration_type == other.reconfiguration_type && ledger_secrets == other.ledger_secrets && identity == other.identity && service_status == other.service_status && - endorsed_certificate == other.endorsed_certificate; + endorsed_certificate == other.endorsed_certificate && + cose_signatures_config == other.cose_signatures_config; } bool operator!=(const NetworkInfo& other) const diff --git a/src/node/rpc/node_frontend.h b/src/node/rpc/node_frontend.h index 70c5b5a7eacb..5935654bf46a 100644 --- a/src/node/rpc/node_frontend.h +++ b/src/node/rpc/node_frontend.h @@ -366,11 +366,11 @@ namespace ccf rep.network_info = JoinNetworkNodeToNode::Out::NetworkInfo{ node_operation.is_part_of_public_network(), node_operation.get_last_recovered_signed_idx(), - ReconfigurationType::ONE_TRANSACTION, this->network.ledger_secrets->get(tx), *this->network.identity.get(), service_status, - endorsed_certificate}; + endorsed_certificate, + std::nullopt /* cose_signatures_config */}; } return make_success(rep); } @@ -480,12 +480,12 @@ namespace ccf rep.network_info = JoinNetworkNodeToNode::Out::NetworkInfo( node_operation.is_part_of_public_network(), node_operation.get_last_recovered_signed_idx(), - ReconfigurationType::ONE_TRANSACTION, this->network.ledger_secrets->get( args.tx, existing_node_info->ledger_secret_seqno), *this->network.identity.get(), active_service->status, - existing_node_info->endorsed_certificate); + existing_node_info->endorsed_certificate, + std::nullopt /* cose_signatures_config */); return make_success(rep); } @@ -556,12 +556,12 @@ namespace ccf rep.network_info = JoinNetworkNodeToNode::Out::NetworkInfo( node_operation.is_part_of_public_network(), node_operation.get_last_recovered_signed_idx(), - ReconfigurationType::ONE_TRANSACTION, this->network.ledger_secrets->get( args.tx, existing_node_info->ledger_secret_seqno), *this->network.identity.get(), active_service->status, - existing_node_info->endorsed_certificate); + existing_node_info->endorsed_certificate, + std::nullopt /* cose_signatures_config */); return make_success(rep); } diff --git a/src/node/rpc/serialization.h b/src/node/rpc/serialization.h index 89d0e36065a9..b8fdab00fc81 100644 --- a/src/node/rpc/serialization.h +++ b/src/node/rpc/serialization.h @@ -33,10 +33,7 @@ namespace ccf public_encryption_key, startup_seqno) DECLARE_JSON_OPTIONAL_FIELDS( - JoinNetworkNodeToNode::In, - certificate_signing_request, - node_data, - consensus_type) + JoinNetworkNodeToNode::In, certificate_signing_request, node_data) DECLARE_JSON_ENUM( ccf::IdentityType, @@ -59,8 +56,8 @@ namespace ccf JoinNetworkNodeToNode::Out::NetworkInfo, service_status, endorsed_certificate, - reconfiguration_type, - consensus_type) + cose_signatures_config) + DECLARE_JSON_TYPE_WITH_OPTIONAL_FIELDS(JoinNetworkNodeToNode::Out) DECLARE_JSON_REQUIRED_FIELDS(JoinNetworkNodeToNode::Out, node_status) DECLARE_JSON_OPTIONAL_FIELDS( diff --git a/src/node/test/endorsements.cpp b/src/node/test/endorsements.cpp index 743d615e4b96..b04e3ff718ab 100644 --- a/src/node/test/endorsements.cpp +++ b/src/node/test/endorsements.cpp @@ -24,13 +24,7 @@ TEST_CASE("Check RSA Production endorsement") ccf::pal::PlatformAttestationMeasurement uvm_measurement(measurement); auto endorsements = ccf::verify_uvm_endorsements(endorsement, uvm_measurement); - REQUIRE( - endorsements == - ccf::UVMEndorsements{ - "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3." - "6.1.4.1.311.76.59.1.2", - "ContainerPlat-AMD-UVM", - "100"}); + REQUIRE(endorsements == ccf::default_uvm_roots_of_trust[0]); } TEST_CASE("Check ECDSA Test endorsement") @@ -42,27 +36,28 @@ TEST_CASE("Check ECDSA Test endorsement") REQUIRE(!endorsement.empty()); ccf::pal::SnpAttestationMeasurement measurement( - "5a84c66e9c8dd1a991e6d8b43a8aaae488940f87ce25ef6a62ad180cc3c73554ed7e4ccd10" - "13456602758778d9d65c48"); + "1b66347ceafca663690ff17ed2144b8acdee661edc5d28e69a7c85dde7ba0c3a6f9862096e" + "8b38da7aa622ddeed75c37"); ccf::pal::PlatformAttestationMeasurement uvm_measurement(measurement); - REQUIRE_THROWS_WITH_AS( - ccf::verify_uvm_endorsements(endorsement, uvm_measurement), - "UVM endorsements did " - "did:x509:0:sha256:VFsRLNBh5Zy1HRtVl2IIXAl0lUs-xobEbskZ3XRDpCY::subject:CN:" - "Test%20Leaf%20%28DO%20NOT%20TRUST%29, feed ConfAKS-AMD-UVM-Test, svn 0 do " - "not match any of the known UVM roots of trust", - std::logic_error); std::vector custom_roots_of_trust = { ccf::UVMEndorsements{ - "did:x509:0:sha256:VFsRLNBh5Zy1HRtVl2IIXAl0lUs-xobEbskZ3XRDpCY::subject:" - "CN:Test%20Leaf%20%28DO%20NOT%20TRUST%29", - "ConfAKS-AMD-UVM-Test", - "0"}}; + "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3." + "6.1.4.1.311.76.59.1.5", + "Malicious-ConfAKS-AMD-UVM", + "1"}}; + REQUIRE_THROWS_WITH_AS( + ccf::verify_uvm_endorsements( + endorsement, uvm_measurement, custom_roots_of_trust), + "UVM endorsements did " + "did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6." + "1.4.1.311.76.59.1.5, feed ConfAKS-AMD-UVM, svn 1 do not match any of the " + "known UVM roots of trust", + std::logic_error); - auto endorsements = ccf::verify_uvm_endorsements( - endorsement, uvm_measurement, custom_roots_of_trust); - REQUIRE(endorsements == custom_roots_of_trust[0]); + auto endorsements = + ccf::verify_uvm_endorsements(endorsement, uvm_measurement); + REQUIRE(endorsements == ccf::default_uvm_roots_of_trust[1]); } int main(int argc, char** argv) diff --git a/src/node/uvm_endorsements.h b/src/node/uvm_endorsements.h index c59514a63bd8..f78d7aa75575 100644 --- a/src/node/uvm_endorsements.h +++ b/src/node/uvm_endorsements.h @@ -63,7 +63,7 @@ namespace ccf {"did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6." "1.4.1.311.76.59.1.5", "ConfAKS-AMD-UVM", - "0"}}; + "1"}}; bool inline matches_uvm_roots_of_trust( const UVMEndorsements& endorsements, diff --git a/tests/sandbox/sandbox.sh b/tests/sandbox/sandbox.sh index 0cff166c1ec7..f7c8b94ff36b 100755 --- a/tests/sandbox/sandbox.sh +++ b/tests/sandbox/sandbox.sh @@ -20,11 +20,6 @@ if [ ! -f "${VERSION_FILE}" ]; then PLATFORM_FILE=PLATFORM fi platform=$(<"${PLATFORM_FILE}") -if [ "${platform}" == "sgx" ]; then - enclave_type="release" -else - enclave_type="debug" -fi extra_args=() while [ "$1" != "" ]; do @@ -119,7 +114,6 @@ export CURL_CLIENT=ON export INITIAL_MEMBER_COUNT=1 exec python "${START_NETWORK_SCRIPT}" \ --binary-dir "${BINARY_DIR}" \ - --enclave-type "${enclave_type}" \ --enclave-platform "${platform}" \ --constitution "${CONSTITUTION_DIR}"/actions.js \ --constitution "${CONSTITUTION_DIR}"/validate.js \ diff --git a/tests/uvm_endorsements/ecdsa_test1.cose b/tests/uvm_endorsements/ecdsa_test1.cose index e167c8c80a8a..2fa983d5a927 100644 Binary files a/tests/uvm_endorsements/ecdsa_test1.cose and b/tests/uvm_endorsements/ecdsa_test1.cose differ