oasis_core_runtime/
lib.rs

1//! Oasis Core runtime SDK.
2//!
3//! # Examples
4//!
5//! To create a minimal runtime that doesn't expose any APIs to the
6//! outside world, you need to call the `start_runtime` function:
7//! ```rust,ignore
8//! oasis_core_runtime::start_runtime(Some(Box::new(reg)), config);
9//! ```
10//!
11//! This will start the required services needed to communicate with
12//! the worker host.
13#![feature(test)]
14#![feature(arbitrary_self_types)]
15
16use lazy_static::lazy_static;
17#[cfg(target_env = "sgx")]
18use sgx_isa::{AttributesFlags, Report};
19
20#[cfg_attr(test, macro_use)]
21extern crate base64_serde;
22
23#[macro_use]
24pub mod common;
25pub mod app;
26mod attestation;
27pub mod cache;
28pub mod config;
29pub mod consensus;
30pub mod dispatcher;
31pub mod enclave_rpc;
32pub mod future;
33pub mod host;
34pub mod identity;
35pub mod init;
36pub mod policy;
37pub mod protocol;
38pub mod storage;
39pub mod transaction;
40pub mod types;
41
42use common::{
43    sgx::{EnclaveIdentity, MrSigner},
44    version::{Version, PROTOCOL_VERSION},
45};
46
47// Validate features.
48#[cfg(all(target_env = "sgx", feature = "debug-mock-sgx"))]
49compile_error!("the debug-mock-sgx feature can only be enabled on non-sgx targets");
50
51#[cfg(all(target_env = "sgx", feature = "tdx"))]
52compile_error!("the tdx feature can only be enabled on non-sgx targets");
53
54#[cfg(all(feature = "tdx", feature = "debug-mock-sgx"))]
55compile_error!("the tdx feature can't be enabled together with debug-mock-sgx");
56
57lazy_static! {
58    pub static ref BUILD_INFO: BuildInfo = {
59        // Determine TEE type.
60        let tee_type = if cfg!(any(target_env = "sgx", feature = "debug-mock-sgx")) {
61            TeeType::Sgx
62        } else if cfg!(feature = "tdx") {
63            TeeType::Tdx
64        } else {
65            TeeType::None
66        };
67
68        // Determine build security.
69        #[allow(clippy::let_and_return)]
70        let is_secure = match tee_type {
71            TeeType::Sgx => {
72                // SGX build security depends on how it was built.
73                //
74                // Optimistically start out as "it could be secure", and any single insecure build time
75                // option will propagate failure.
76                let maybe_secure = true;
77
78                // Quote signature verification MUST be enabled.
79                let maybe_secure = maybe_secure && option_env!("OASIS_UNSAFE_SKIP_AVR_VERIFY").is_none();
80
81                // Disallow debug enclaves MUST be enabled.
82                let maybe_secure = maybe_secure && option_env!("OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES").is_none();
83
84                // Attestation `OutOfDate` and `ConfigurationNeeded` responses MUST count as attestation
85                // failure.
86                //
87                // Rationale: This is how remote attestation signifies that the host environment is
88                // insecure (eg: SMT is enabled when it should not be).
89                let maybe_secure = maybe_secure && option_env!("OASIS_UNSAFE_LAX_AVR_VERIFY").is_none();
90
91                // The enclave MUST NOT be a debug one.
92                #[cfg(target_env = "sgx")]
93                let maybe_secure = maybe_secure && !Report::for_self().attributes.flags.contains(AttributesFlags::DEBUG);
94
95                // The enclave MUST NOT be signed by a test key,
96                let enclave_identity = EnclaveIdentity::current().unwrap();
97                let fortanix_mrsigner = MrSigner::from("9affcfae47b848ec2caf1c49b4b283531e1cc425f93582b36806e52a43d78d1a");
98                let maybe_secure = maybe_secure && (enclave_identity.mr_signer != fortanix_mrsigner);
99
100                maybe_secure
101            }
102            TeeType::Tdx => {
103                // TDX build security depends on how it was built.
104                //
105                // Optimistically start out as "it could be secure", and any single insecure build time
106                // option will propagate failure.
107                let maybe_secure = true;
108
109                // Quote signature verification MUST be enabled.
110                let maybe_secure = maybe_secure && option_env!("OASIS_UNSAFE_SKIP_AVR_VERIFY").is_none();
111
112                // Disallow debug enclaves MUST be enabled.
113                let maybe_secure = maybe_secure && option_env!("OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES").is_none();
114
115                // Attestation `OutOfDate` and `ConfigurationNeeded` responses MUST count as attestation
116                // failure.
117                //
118                // Rationale: This is how remote attestation signifies that the host environment is
119                // insecure (eg: SMT is enabled when it should not be).
120                let maybe_secure = maybe_secure && option_env!("OASIS_UNSAFE_LAX_AVR_VERIFY").is_none();
121
122                // TODO: Debug TD attributes.
123
124                maybe_secure
125            }
126            TeeType::None => {
127                // Non-TEE builds are insecure by definition.
128                false
129            }
130        };
131
132        BuildInfo {
133            tee_type,
134            protocol_version: PROTOCOL_VERSION,
135            is_secure,
136        }
137    };
138}
139
140/// TEE type this build is for.
141#[derive(Debug, Default, PartialEq, Eq)]
142pub enum TeeType {
143    #[default]
144    None,
145    Sgx,
146    Tdx,
147}
148
149/// Runtime build information.
150#[derive(Debug)]
151pub struct BuildInfo {
152    /// TEE type this build is for.
153    pub tee_type: TeeType,
154    /// Supported runtime protocol version.
155    pub protocol_version: Version,
156    /// True iff the build can provide integrity and confidentiality.
157    pub is_secure: bool,
158}
159
160// Re-exports.
161pub use self::{
162    enclave_rpc::{demux::Demux as RpcDemux, dispatcher::Dispatcher as RpcDispatcher},
163    init::start_runtime,
164    protocol::Protocol,
165    transaction::dispatcher::Dispatcher as TxnDispatcher,
166};
167
168// Re-export the cbor crate.
169pub use cbor;