#sgx #cosmwasm #cycle #cosmos #smart-contracts #quartz

bin+lib quartz-tcbinfo

Standalone CosmWasm smart contract for storage and verification of TcbInfos for Intel SGX

1 unstable release

0.1.0 Oct 16, 2024

#8 in #quartz

Apache-2.0

52KB
696 lines

CosmWasm SGX TcbInfo Smart Contract

Standalone smart contract for storage and verification of TcbInfos for Intel SGX. The contract ensures that TcbInfos are kept up-to-date so other contracts can query the latest TcbInfo state using the quote's fmspc during remote attestation verification to ensure the attesting enclave setup is up-to-date.

Overview

The contract provides the following functionalities:

  • Instantiate: Initialize the contract with a root certificate.
  • Execute: Store and verify TcbInfo along with the provided certificate and optional timestamp.
  • Query: Retrieve the latest TcbInfo using the FMSPC.

Usage (with wasmd)

  • Submit a new TcbInfo for a specific fmspc
export EXECUTE='{
  "tcb_info": "{\"tcbInfo\":{ /* ... */ },\"signature\":\"647bac99371750892415557b838237839e52b02afe027a43322fe661f4a1a693b04a82717120d74bccf2b3787bf7e9ecbe44caa06e6e532b7a68a21b2765663d\"}
  "certificate": "-----BEGIN CERTIFICATE-----\\n /* ... */ \\n-----END CERTIFICATE-----"
}'
wasmd tx wasm execute "$CONTRACT" "$EXECUTE" --from alice --chain-id testing -y
  • Query the latest TcbInfo by fmspc
wasmd query wasm contract-state smart "$CONTRACT" '{"get_tcb_info": {"fmspc": "00906ED50000"}}'

Dependencies

~16–29MB
~549K SLoC