oasis_core_runtime/
lib.rs1#![feature(test)]
14#![feature(arbitrary_self_types)]
15
16use lazy_static::lazy_static;
17#[cfg(target_env = "sgx")]
18use sgx_isa::{AttributesFlags, Report};
19
20#[cfg_attr(test, macro_use)]
21extern crate base64_serde;
22
23#[macro_use]
24pub mod common;
25pub mod app;
26mod attestation;
27pub mod cache;
28pub mod config;
29pub mod consensus;
30pub mod dispatcher;
31pub mod enclave_rpc;
32pub mod future;
33pub mod host;
34pub mod identity;
35pub mod init;
36pub mod policy;
37pub mod protocol;
38pub mod storage;
39pub mod transaction;
40pub mod types;
41
42use common::{
43 sgx::{EnclaveIdentity, MrSigner},
44 version::{Version, PROTOCOL_VERSION},
45};
46
47#[cfg(all(target_env = "sgx", feature = "debug-mock-sgx"))]
49compile_error!("the debug-mock-sgx feature can only be enabled on non-sgx targets");
50
51#[cfg(all(target_env = "sgx", feature = "tdx"))]
52compile_error!("the tdx feature can only be enabled on non-sgx targets");
53
54#[cfg(all(feature = "tdx", feature = "debug-mock-sgx"))]
55compile_error!("the tdx feature can't be enabled together with debug-mock-sgx");
56
57lazy_static! {
58 pub static ref BUILD_INFO: BuildInfo = {
59 let tee_type = if cfg!(any(target_env = "sgx", feature = "debug-mock-sgx")) {
61 TeeType::Sgx
62 } else if cfg!(feature = "tdx") {
63 TeeType::Tdx
64 } else {
65 TeeType::None
66 };
67
68 #[allow(clippy::let_and_return)]
70 let is_secure = match tee_type {
71 TeeType::Sgx => {
72 let maybe_secure = true;
77
78 let maybe_secure = maybe_secure && option_env!("OASIS_UNSAFE_SKIP_AVR_VERIFY").is_none();
80
81 let maybe_secure = maybe_secure && option_env!("OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES").is_none();
83
84 let maybe_secure = maybe_secure && option_env!("OASIS_UNSAFE_LAX_AVR_VERIFY").is_none();
90
91 #[cfg(target_env = "sgx")]
93 let maybe_secure = maybe_secure && !Report::for_self().attributes.flags.contains(AttributesFlags::DEBUG);
94
95 let enclave_identity = EnclaveIdentity::current().unwrap();
97 let fortanix_mrsigner = MrSigner::from("9affcfae47b848ec2caf1c49b4b283531e1cc425f93582b36806e52a43d78d1a");
98 let maybe_secure = maybe_secure && (enclave_identity.mr_signer != fortanix_mrsigner);
99
100 maybe_secure
101 }
102 TeeType::Tdx => {
103 let maybe_secure = true;
108
109 let maybe_secure = maybe_secure && option_env!("OASIS_UNSAFE_SKIP_AVR_VERIFY").is_none();
111
112 let maybe_secure = maybe_secure && option_env!("OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES").is_none();
114
115 let maybe_secure = maybe_secure && option_env!("OASIS_UNSAFE_LAX_AVR_VERIFY").is_none();
121
122 maybe_secure
125 }
126 TeeType::None => {
127 false
129 }
130 };
131
132 BuildInfo {
133 tee_type,
134 protocol_version: PROTOCOL_VERSION,
135 is_secure,
136 }
137 };
138}
139
140#[derive(Debug, Default, PartialEq, Eq)]
142pub enum TeeType {
143 #[default]
144 None,
145 Sgx,
146 Tdx,
147}
148
149#[derive(Debug)]
151pub struct BuildInfo {
152 pub tee_type: TeeType,
154 pub protocol_version: Version,
156 pub is_secure: bool,
158}
159
160pub use self::{
162 enclave_rpc::{demux::Demux as RpcDemux, dispatcher::Dispatcher as RpcDispatcher},
163 init::start_runtime,
164 protocol::Protocol,
165 transaction::dispatcher::Dispatcher as TxnDispatcher,
166};
167
168pub use cbor;