Add TCP external dependency of TCP and TCP specific LedgerActor

Change-Id: I426c1a533a19ee90450f37ea97b080123acec8fb
google-parfait · Jul 23, 2024 · b3db424 · b3db424
1 parent b6dd662
commit b3db424
Show file tree

Hide file tree

Showing 10 changed files with 997 additions and 184 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -50,10 +50,12 @@ strip = "debuginfo" # Debug info is not always deterministic.
 trim-paths = "all"  # Remove path prefixes outside the workspace root.
 
 [workspace.dependencies]
-micro_rpc = { git = "https://github.com/project-oak/oak", rev = "fee9e1e46751a01579f3a7d4df2f371cb409e2bb" }
-micro_rpc_build = { git = "https://github.com/project-oak/oak", rev = "fee9e1e46751a01579f3a7d4df2f371cb409e2bb" }
-oak_attestation = { git = "https://github.com/project-oak/oak", rev = "fee9e1e46751a01579f3a7d4df2f371cb409e2bb" }
-oak_attestation_explain = { git = "https://github.com/project-oak/oak", rev = "fee9e1e46751a01579f3a7d4df2f371cb409e2bb" }
-oak_attestation_verification = { git = "https://github.com/project-oak/oak", rev = "fee9e1e46751a01579f3a7d4df2f371cb409e2bb" }
-oak_proto_rust = { git = "https://github.com/project-oak/oak", rev = "fee9e1e46751a01579f3a7d4df2f371cb409e2bb" }
-oak_restricted_kernel_sdk = { git = "https://github.com/project-oak/oak", rev = "fee9e1e46751a01579f3a7d4df2f371cb409e2bb" }
+micro_rpc = { git = "https://github.com/project-oak/oak", rev = "e95a37eaf0b1592ca036a64ed2a3e112c1ee5154" }
+micro_rpc_build = { git = "https://github.com/project-oak/oak", rev = "e95a37eaf0b1592ca036a64ed2a3e112c1ee5154" }
+oak_attestation = { git = "https://github.com/project-oak/oak", rev =  "e95a37eaf0b1592ca036a64ed2a3e112c1ee5154" }
+oak_attestation_explain = { git = "https://github.com/project-oak/oak", rev =  "e95a37eaf0b1592ca036a64ed2a3e112c1ee5154" }
+oak_attestation_verification = { git = "https://github.com/project-oak/oak", rev =  "e95a37eaf0b1592ca036a64ed2a3e112c1ee5154" }
+oak_proto_rust = { git = "https://github.com/project-oak/oak", rev =  "e95a37eaf0b1592ca036a64ed2a3e112c1ee5154" }
+oak_restricted_kernel_sdk = { git = "https://github.com/project-oak/oak", rev =  "e95a37eaf0b1592ca036a64ed2a3e112c1ee5154" }
+tcp_runtime = { git = "https://github.com/google-parfait/trusted-computations-platform", rev = "2842cdd292bc5daad471e820b1eca5415784dcb8" }
+tcp_proto = { git = "https://github.com/google-parfait/trusted-computations-platform", rev = "2842cdd292bc5daad471e820b1eca5415784dcb8" }
diff --git a/WORKSPACE b/WORKSPACE
@@ -136,9 +136,9 @@ http_archive(
     patches = [
         "//third_party/oak:BUILD.containers.patch",
     ],
-    sha256 = "194cc48c0d4b9129df962d04cc9d8b87e00d048850ac62ef97225a0fcc0c734f",
-    strip_prefix = "oak-b403859be35f9a88802906a484e56aaa5588a9c2",
-    url = "https://github.com/project-oak/oak/archive/b403859be35f9a88802906a484e56aaa5588a9c2.tar.gz",
+    sha256 = "bdc5084a643212273c2b463683328b5dd645a8e735e28147b6f4bd6f529c4609",
+    strip_prefix = "oak-e95a37eaf0b1592ca036a64ed2a3e112c1ee5154",
+    url = "https://github.com/project-oak/oak/archive/e95a37eaf0b1592ca036a64ed2a3e112c1ee5154.tar.gz",
 )
 
 load("@oak//bazel:repositories.bzl", "oak_toolchain_repositories")

diff --git a/inspecting_attestation_records/README.md b/inspecting_attestation_records/README.md
@@ -80,10 +80,10 @@ _____ Root Layer _____
 
 _____ Application Layer _____
 
-Binary [Digest]:
-SHA2-256:892137def97d26c6b054093a5757919189878732ce4ab111212729007b30c0b4
-Binary [Provenances]:
-https://search.sigstore.dev/?hash=892137def97d26c6b054093a5757919189878732ce4ab111212729007b30c0b4
+binary:
+  sha2_256: 892137def97d26c6b054093a5757919189878732ce4ab111212729007b30c0b4
+config: {}
+
 
 Note: this layer describes the "ledger" application binary, which is generally
 a build of the `ledger_enclave_app` in the
@@ -108,18 +108,35 @@ the following access rules:
   sharing this same budget may only access their source blobs this many times
   combined.
 
+Application matcher for this transform:
+- Tag: app2
+- ...<snip>...
+- Applications performing this transform must provide attestation evidence that
+  can be verified with the following reference values:
+
 Reference values for the Oak Restricted Kernel stack
-oak_restricted_kernel:
-  root_layer:
-    amd_sev:
-      min_tcb_version:
-        boot_loader: 1
-        tee: 2
-        snp: 3
-        microcode: 4
-      stage0:
+_____ Root Layer _____
 
-... <snip> ...
+The attestation must be rooted in an AMD SEV-SNP TEE.
+
+The reference values describing this layer are printed below.
+
+amd_sev:
+... <snip>...
+
+_____ Kernel Layer _____
+
+The reference values describing this layer are printed below.
+
+acpi:
+... <snip>...
+
+_____ Application Layer _____
+
+binary:
+  skip: {}
+configuration:
+  skip: {}
 ```
 
 ## Mapping binaries from an attestation verification record to their provenance

diff --git a/ledger_service/Cargo.toml b/ledger_service/Cargo.toml
@@ -19,6 +19,9 @@ prost = { version = "*", default-features = false, features = ["prost-derive"] }
 prost-types = { version = "*", default-features = false }
 rand = { version = "*", default-features = false, features = ["getrandom"] }
 sha2 = { version = "*", default-features = false }
+slog = { version = "2.2", default-features = false }
+tcp_runtime = { workspace = true }
+tcp_proto = { workspace = true }
 
 [dev-dependencies]
 googletest = "*"