Commits on Sep 13, 2024

1. feat(verify-era-proof-attestation): continuous mode with attestation … …

   …policies
   
   This PR introduces TEE Prover continuous mode with attestation policies.
   
   Attestation policies are a set of criteria that determine whether an SGX
   attestation should be considered valid or invalid. In practice, this
   means checking against a specified set of mrsigners, mrenclaves, and TCB
   levels. If the attestation’s mrenclave/mrsigner/TCB levels matches those
   in the provided --sgx-mrenclaves/--sgx-mrsigners/--sgx-allowed-tcb-levels,
   we treat the attestation as successfully verified. Otherwise, the
   attestation is considered invalid.
   
   The --continuous mode for the TEE Prover allows it to run continuously,
   verifying new batches exposed by the node's RPC API in real-time.
   
   To try it out, run the following commands:
   
       $ nix build -L .#container-verify-era-proof-attestation-sgx
       $ export IMAGE_TAG=$(docker load -i result | grep -Po 'Loaded image.*: \K.*')
       $ docker run  -i --init --rm $IMAGE_TAG --continuous 11505 --rpc https://sepolia.era.zksync.dev --sgx-allowed-tcb-levels Ok,SwHardeningNeeded --log-level debug
       $ docker run  -i --init --rm $IMAGE_TAG --batch 11509 --rpc https://sepolia.era.zksync.dev --sgx-allowed-tcb-levels Ok,SwHardeningNeeded --log-level debug

   

   pbeza committed Sep 13, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for 4fcaaa7
   • Browse repository at this point

   Copy the full SHA

   4fcaaa7 View commit details

   Browse the repository at this point in the history