1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108
//! Oasis Core runtime SDK.
//!
//! # Examples
//!
//! To create a minimal runtime that doesn't expose any APIs to the
//! outside world, you need to call the `start_runtime` function:
//! ```rust,ignore
//! oasis_core_runtime::start_runtime(Some(Box::new(reg)), config);
//! ```
//!
//! This will start the required services needed to communicate with
//! the worker host.
#![feature(test)]
#![feature(arbitrary_self_types)]
use lazy_static::lazy_static;
#[cfg(target_env = "sgx")]
use sgx_isa::{AttributesFlags, Report};
#[cfg_attr(test, macro_use)]
extern crate base64_serde;
#[macro_use]
pub mod common;
mod attestation;
pub mod cache;
pub mod config;
pub mod consensus;
pub mod dispatcher;
pub mod enclave_rpc;
pub mod future;
pub mod host;
pub mod identity;
pub mod init;
pub mod macros;
pub mod policy;
pub mod protocol;
pub mod storage;
pub mod transaction;
pub mod types;
use crate::common::version::{Version, PROTOCOL_VERSION};
#[cfg(target_env = "sgx")]
use self::common::sgx::{EnclaveIdentity, MrSigner};
lazy_static! {
pub static ref BUILD_INFO: BuildInfo = {
// Non-SGX builds are insecure by definition.
#[cfg(not(target_env = "sgx"))]
let is_secure = false;
// SGX build security depends on how it was built.
#[cfg(target_env = "sgx")]
let is_secure = {
// Optimistically start out as "it could be secure", and any single
// insecure build time option will propagate failure.
let maybe_secure = true;
// AVR signature verification MUST be enabled.
let maybe_secure = maybe_secure && option_env!("OASIS_UNSAFE_SKIP_AVR_VERIFY").is_none();
// Disallow debug enclaves MUST be enabled.
let maybe_secure = maybe_secure && option_env!("OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES").is_none();
// IAS `GROUP_OUT_OF_DATE` and `CONFIGRUATION_NEEDED` responses
// MUST count as IAS failure.
//
// Rationale: This is how IAS signifies that the host environment
// is insecure (eg: SMT is enabled when it should not be).
let maybe_secure = maybe_secure && option_env!("OASIS_UNSAFE_LAX_AVR_VERIFY").is_none();
// The enclave MUST NOT be a debug one.
let maybe_secure = maybe_secure && !Report::for_self().attributes.flags.contains(AttributesFlags::DEBUG);
// The enclave MUST NOT be signed by a test key,
let enclave_identity = EnclaveIdentity::current().unwrap();
let fortanix_mrsigner = MrSigner::from("9affcfae47b848ec2caf1c49b4b283531e1cc425f93582b36806e52a43d78d1a");
let maybe_secure = maybe_secure && (enclave_identity.mr_signer != fortanix_mrsigner);
maybe_secure
};
BuildInfo {
protocol_version: PROTOCOL_VERSION,
is_secure,
}
};
}
/// Runtime build information.
pub struct BuildInfo {
/// Supported runtime protocol version.
pub protocol_version: Version,
/// True iff the build can provide integrity and confidentiality.
pub is_secure: bool,
}
// Re-exports.
pub use self::{
enclave_rpc::{demux::Demux as RpcDemux, dispatcher::Dispatcher as RpcDispatcher},
init::start_runtime,
protocol::Protocol,
transaction::dispatcher::Dispatcher as TxnDispatcher,
};
// Re-export the cbor crate.
pub use cbor;