feat(l2): signature-based TDX (#2677)

**Motivation**

Verifying TDX attestations on-chain is expensive (~5M gas), so it would
be better to avoid them if possible

**Description**

By generating a private key inside the TDX VM (where the host can't read
it), attesting it's validity and then using it to sign updates it's
possible to massively decrease gas usage.

Author: iovoid

Cargo.lock

@@ -18,6 +18,7 @@ members = [
   "crates/l2/prover/bench",
   "crates/l2/sdk",
   "crates/l2/storage",
+  "crates/l2/tee/quote-pusher",
   "crates/networking/p2p",
   "crates/networking/rpc",
   "crates/storage",

Cargo.toml

@@ -2227,7 +2227,7 @@ mod serde_impl {
                 to: value.to,
                 gas: Some(value.gas_limit),
                 value: value.value,
-                input: value.data,
+                input: value.data.clone(),
                 gas_price: value.max_fee_per_gas,
                 max_priority_fee_per_gas: Some(value.max_priority_fee_per_gas),
                 max_fee_per_gas: Some(value.max_fee_per_gas),
@@ -2254,7 +2254,7 @@ mod serde_impl {
                 to: TxKind::Call(value.to),
                 gas: Some(value.gas),
                 value: value.value,
-                input: value.data,
+                input: value.data.clone(),
                 gas_price: value.max_fee_per_gas,
                 max_priority_fee_per_gas: Some(value.max_priority_fee_per_gas),
                 max_fee_per_gas: Some(value.max_fee_per_gas),
@@ -2281,7 +2281,7 @@ mod serde_impl {
                 to: TxKind::Call(value.to),
                 gas: Some(value.gas_limit),
                 value: value.value,
-                input: value.data,
+                input: value.data.clone(),
                 gas_price: value.max_fee_per_gas,
                 max_priority_fee_per_gas: Some(value.max_priority_fee_per_gas),
                 max_fee_per_gas: Some(value.max_fee_per_gas),
@@ -2314,7 +2314,7 @@ mod serde_impl {
                 to: value.to,
                 gas: Some(value.gas_limit),
                 value: value.value,
-                input: value.data,
+                input: value.data.clone(),
                 gas_price: value.max_fee_per_gas,
                 max_priority_fee_per_gas: Some(value.max_priority_fee_per_gas),
                 max_fee_per_gas: Some(value.max_fee_per_gas),

crates/common/types/transaction.rs

@@ -0,0 +1,6 @@
+image
+image.*
+mkosi.crt
+mkosi.key
+mkosi.tools.manifest
+mkosi.tools

crates/l2/tee/.gitignore

@@ -0,0 +1,78 @@
+# TDX execution module
+
+## Usage
+
+On a machine with TDX support [with the required setup](https://github.com/canonical/tdx) run
+```
+mkosi build
+mkosi vm
+```
+
+## What is TDX?
+
+TDX is an Intel technology implementing a Trusted Execution Environment.
+Such an environment allows verifying certain code was executed without being tampered with or observed.
+
+These verifications (attestations) are known as "quotes" and contain signatures verifying the attestation was generated by a genuine processor, the measurements at the time, and a user-provided piece of data binding the proof.
+
+The measurements happen into four Run Time Measurement Registers (RTMR), with each RTMR respresenting a boot stage.
+This is analogous to [how PCRs work](https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/).
+
+## Usage considerations
+
+Do not hardcode quote verification parameters as [they might change](https://cc-enabling.trustedservices.intel.com/intel-tdx-enabling-guide/02/infrastructure_setup/#tcb-recovery-tcb-r).
+
+It's easy to silently overlook non-verified areas such as accidentally leaving login enabled, not verifying the integrity of the state.
+
+## Boot sequence
+
+- Firmware (OVMF here) is loaded (and hashed into RTMR[0])
+- [UKI](https://uapi-group.org/specifications/specs/unified_kernel_image/) is loaded (and hashed into a RTMR)
+- kernel and initrd are extracted from the UKI and executed
+- root partition is verified using the `roothash=` value provided on the kernel cmdline and the `hash` partition with the dm-verity merkle tree
+- root partition is mounted read-only
+- (WIP) systemd executes the payload
+
+## Image build components
+
+To build images we use [mkosi](https://github.com/systemd/mkosi)
+
+### Tooling image
+
+`mkosi.tools.conf` defines the tool configuration, and `mkosi.tools.skeleton` imports the kobuk-team PPA (used by [canonical/tdx](https://github.com/canonical/tdx)) with the modified qemu build
+
+This allows the build process to not depend on the host's tooling
+
+### Image preparation
+
+Runs `mkosi.prepare.chroot`, which has network access, to download crate dependencies.
+
+### Image building
+
+Runs `mkosi.build.chroot` to produce the output
+
+## Debug suggestions
+
+- Adding `bash` to mkosi scripts to drop an interactive shell that lets you explore the build process
+- Adding a root password in `mkosi.conf` to allow logging in to the container
+
+
+## Quote pusher
+
+Set RPC_URL and PRIVATE_KEY to the corresponding values.
+
+You must have [rex](https://github.com/lambdaclass/rex) installed.
+
+```
+# NOTE: initialize&update submodules on all repos
+(ethrex) make dev # start L1
+(ethrex crates/l2/tee/contracts) make deploy-deps
+(ethrex crates/l2/tee/contracts) make deploy
+(ethrex crates/l2/tee/contracts) make mkenv
+(ethrex crates/l2/tee/contracts) source .env.out
+(ethrex crates/l2/tee/quote-pusher) make run
+```
+
+You can run integration tests by replacing the last step with `make test`.
+
+Alternatively, running `make integration-test` will deploy the contracts for you and then run the tests.

crates/l2/tee/DOCS.md

@@ -0,0 +1,9 @@
+# Libraries
+lib/
+
+# Dotenv file
+.env
+.env.out
+
+# Deploy dependencies
+deploydeps/

crates/l2/tee/contracts/.gitignore

@@ -0,0 +1,62 @@
+DETERMINISTIC_DEPLOYER = 0x4e59b44847b379578588920cA78FbF26c0B4956C
+DEPLOYMENT_PATH := deploydeps/automata-dcap-attestation/evm/deployment
+
+deploy-p256:
+	rex send $(DETERMINISTIC_DEPLOYER) 0 $(PRIVATE_KEY) --calldata $(shell cat assets/p256.hex)
+
+deploydeps:
+	mkdir -p deploydeps
+	cd deploydeps; git clone https://github.com/lambdaclass/automata-on-chain-pccs.git
+	cd deploydeps; git clone https://github.com/lambdaclass/automata-dcap-attestation.git
+
+deploy-pccs: deploydeps deploy-p256
+	cd deploydeps/automata-on-chain-pccs; make deploy
+
+deploy-dcap: deploydeps deploy-pccs
+	mkdir -p $(DEPLOYMENT_PATH)
+	cp deploydeps/automata-on-chain-pccs/deployment/* $(DEPLOYMENT_PATH)
+	cd deploydeps/automata-dcap-attestation/evm; make deploy
+
+ROOT_CRL_URI = https://certificates.trustedservices.intel.com/IntelSGXRootCA.der
+deploydeps/root_crl.hex:
+	# SGX and TDX roots are the same
+	curl $(ROOT_CRL_URI) | xxd -ps -c0 > deploydeps/root_crl.hex
+
+ROOT_CA_URI = https://certificates.trustedservices.intel.com/Intel_SGX_Provisioning_Certification_RootCA.cer
+deploydeps/root_ca.hex:
+	# SGX and TDX roots are the same
+	curl $(ROOT_CA_URI) | xxd -ps -c0 > deploydeps/root_ca.hex
+
+setup-pccs-ca: deploy-pccs deploydeps/root_ca.hex deploydeps/root_crl.hex
+	$(eval PCSDAO_ADDRESS := $(shell cat ${DEPLOYMENT_PATH}/AutomataPcsDao))
+	rex send $(PCSDAO_ADDRESS) 0 $(PRIVATE_KEY) -- "upsertPcsCertificates(uint8,bytes)" 0 $(shell cat deploydeps/root_ca.hex)
+	rex send $(PCSDAO_ADDRESS) 0 $(PRIVATE_KEY) -- "upsertRootCACrl(bytes)" $(shell cat deploydeps/root_crl.hex)
+	rex send $(PCSDAO_ADDRESS) 0 $(PRIVATE_KEY) -- "upsertPcsCertificates(uint8,bytes)" 2 $(shell cat assets/platform_ca.hex)
+
+lib/openzeppelin-contracts:
+	mkdir -p lib
+	cd lib; git clone https://github.com/OpenZeppelin/openzeppelin-contracts
+
+solc_out/Counter.bin: src/Counter.sol lib/openzeppelin-contracts
+	mkdir -p solc_out
+	solc src/Counter.sol --bin --allow-paths lib/ -o solc_out/ --overwrite
+
+deploy: solc_out/Counter.bin
+	$(eval CONTRACT_BIN := $(shell cat solc_out/Counter.bin))
+	$(eval DCAP_ADDRESS := $(shell cat ${DEPLOYMENT_PATH}/AutomataDcapAttestationFee))
+	rex deploy --print-address $(CONTRACT_BIN) 0 $(PRIVATE_KEY) -- \
+		"constructor(address)" $(DCAP_ADDRESS) > ${DEPLOYMENT_PATH}/Counter
+
+mkenv:
+	echo CONTRACT_ADDRESS=$(shell cat ${DEPLOYMENT_PATH}/Counter) > .env.out
+	echo ENCLAVE_ID_DAO=$(shell cat ${DEPLOYMENT_PATH}/AutomataEnclaveIdentityDao)  >> .env.out
+	echo FMSPC_TCB_DAO=$(shell cat ${DEPLOYMENT_PATH}/AutomataFmspcTcbDao)  >> .env.out
+	echo PCK_DAO=$(shell cat ${DEPLOYMENT_PATH}/AutomataPckDao)  >> .env.out
+	echo PCS_DAO=$(shell cat ${DEPLOYMENT_PATH}/AutomataPcsDao)  >> .env.out
+
+deploy-deps: deploy-dcap setup-pccs-ca
+
+clean:
+	rm -rf deploydeps cache out deployment/*
+
+.PHONY: deploy-all deploy deploy-pccs deploy-dcap clean

crates/l2/tee/contracts/Makefile

@@ -0,0 +1,7 @@
+# Deployment
+
+You can use `make deploy-deps` to deploy the dependencies and `make deploy` to deploy the main contract.
+
+# Dependencies
+
+A compiled version ([for reproducibility](https://github.com/daimo-eth/p256-verifier/issues/46)) of [p256-verifier](https://github.com/daimo-eth/p256-verifier) is included as assets/p256.hex

crates/l2/tee/contracts/README.md

@@ -0,0 +1 @@
+00000000000000000000000000000000000000000000000000000000000000006080806040523461001657610dd1908161001c8239f35b600080fdfe60e06040523461001a57610012366100c7565b602081519101f35b600080fd5b6040810190811067ffffffffffffffff82111761003b57604052565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052604160045260246000fd5b60e0810190811067ffffffffffffffff82111761003b57604052565b90601f7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0910116810190811067ffffffffffffffff82111761003b57604052565b60a08103610193578060201161001a57600060409180831161018f578060601161018f578060801161018f5760a01161018c57815182810181811067ffffffffffffffff82111761015f579061013291845260603581526080356020820152833560203584356101ab565b15610156575060ff6001915b5191166020820152602081526101538161001f565b90565b60ff909161013e565b6024837f4e487b710000000000000000000000000000000000000000000000000000000081526041600452fd5b80fd5b5080fd5b5060405160006020820152602081526101538161001f565b909283158015610393575b801561038b575b8015610361575b6103585780519060206101dc818301938451906103bd565b1561034d57604051948186019082825282604088015282606088015260808701527fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254f60a08701527fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551958660c082015260c081526102588161006a565b600080928192519060055afa903d15610345573d9167ffffffffffffffff831161031857604051926102b1857fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0601f8401160185610086565b83523d828585013e5b156102eb57828280518101031261018c5750015190516102e693929185908181890994099151906104eb565b061490565b807f4e487b7100000000000000000000000000000000000000000000000000000000602492526001600452fd5b6024827f4e487b710000000000000000000000000000000000000000000000000000000081526041600452fd5b6060916102ba565b505050505050600090565b50505050600090565b507fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325518310156101c4565b5082156101bd565b507fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325518410156101b6565b7fffffffff00000001000000000000000000000000ffffffffffffffffffffffff90818110801590610466575b8015610455575b61044d577f5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b8282818080957fffffffff00000001000000000000000000000000fffffffffffffffffffffffc0991818180090908089180091490565b505050600090565b50801580156103f1575082156103f1565b50818310156103ea565b7f800000000000000000000000000000000000000000000000000000000000000081146104bc577fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0190565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b909192608052600091600160a05260a05193600092811580610718575b61034d57610516838261073d565b95909460ff60c05260005b600060c05112156106ef575b60a05181036106a1575050507f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5957f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2969594939291965b600060c05112156105c7575050505050507fffffffff00000001000000000000000000000000ffffffffffffffffffffffff91506105c260a051610ca2565b900990565b956105d9929394959660a05191610a98565b9097929181928960a0528192819a6105f66080518960c051610722565b61060160c051610470565b60c0528061061b5750505050505b96959493929196610583565b969b5061067b96939550919350916001810361068857507f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5937f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c29693610952565b979297919060a05261060f565b6002036106985786938a93610952565b88938893610952565b600281036106ba57505050829581959493929196610583565b9197917ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd0161060f575095508495849661060f565b506106ff6080518560c051610722565b8061070b60c051610470565b60c052156105215761052d565b5060805115610508565b91906002600192841c831b16921c1681018091116104bc5790565b8015806107ab575b6107635761075f91610756916107b3565b92919091610c42565b9091565b50507f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296907f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f590565b508115610745565b919082158061094a575b1561080f57507f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c29691507f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5906001908190565b7fb01cbd1c01e58065711814b583f061e9d431cca994cea1313449bf97c840ae0a917fffffffff00000001000000000000000000000000ffffffffffffffffffffffff808481600186090894817f94e82e0c1ed3bdb90743191a9c5bbf0d88fc827fd214cc5f0b5ec6ba27673d6981600184090893841561091b575050808084800993840994818460010994828088600109957f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c29609918784038481116104bc5784908180867fffffffff00000001000000000000000000000000fffffffffffffffffffffffd0991818580090808978885038581116104bc578580949281930994080908935b93929190565b9350935050921560001461093b5761093291610b6d565b91939092610915565b50506000806000926000610915565b5080156107bd565b91949592939095811580610a90575b15610991575050831580610989575b61097a5793929190565b50600093508392508291508190565b508215610970565b85919294951580610a88575b610a78577fffffffff00000001000000000000000000000000ffffffffffffffffffffffff968703918783116104bc5787838189850908938689038981116104bc5789908184840908928315610a5d575050818880959493928180848196099b8c9485099b8c920999099609918784038481116104bc5784908180867fffffffff00000001000000000000000000000000fffffffffffffffffffffffd0991818580090808978885038581116104bc578580949281930994080908929190565b965096505050509093501560001461093b5761093291610b6d565b9550509150915091906001908190565b50851561099d565b508015610961565b939092821580610b65575b61097a577fffffffff00000001000000000000000000000000ffffffffffffffffffffffff908185600209948280878009809709948380888a0998818080808680097fffffffff00000001000000000000000000000000fffffffffffffffffffffffc099280096003090884808a7fffffffff00000001000000000000000000000000fffffffffffffffffffffffd09818380090898898603918683116104bc57888703908782116104bc578780969481809681950994089009089609930990565b508015610aa3565b919091801580610c3a575b610c2d577fffffffff00000001000000000000000000000000ffffffffffffffffffffffff90818460020991808084800980940991817fffffffff00000001000000000000000000000000fffffffffffffffffffffffc81808088860994800960030908958280837fffffffff00000001000000000000000000000000fffffffffffffffffffffffd09818980090896878403918483116104bc57858503928584116104bc5785809492819309940890090892565b5060009150819081908190565b508215610b78565b909392821580610c9a575b610c8d57610c5a90610ca2565b9182917fffffffff00000001000000000000000000000000ffffffffffffffffffffffff80809581940980099009930990565b5050509050600090600090565b508015610c4d565b604051906020918281019183835283604083015283606083015260808201527fffffffff00000001000000000000000000000000fffffffffffffffffffffffd60a08201527fffffffff00000001000000000000000000000000ffffffffffffffffffffffff60c082015260c08152610d1a8161006a565b600080928192519060055afa903d15610d93573d9167ffffffffffffffff83116103185760405192610d73857fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0601f8401160185610086565b83523d828585013e5b156102eb57828280518101031261018c5750015190565b606091610d7c56fea2646970667358221220fa55558b04ced380e93d0a46be01bb895ff30f015c50c516e898c341cd0a230264736f6c63430008150033

crates/l2/tee/contracts/assets/p256.hex

@@ -0,0 +1 @@
+308202963082023da003020102021500956f5dcdbd1be1e94049c9d4f433ce01570bde54300a06082a8648ce3d0403023068311a301806035504030c11496e74656c2053475820526f6f74204341311a3018060355040a0c11496e74656c20436f72706f726174696f6e3114301206035504070c0b53616e746120436c617261310b300906035504080c024341310b3009060355040613025553301e170d3138303532313130353031305a170d3333303532313130353031305a30703122302006035504030c19496e74656c205347582050434b20506c6174666f726d204341311a3018060355040a0c11496e74656c20436f72706f726174696f6e3114301206035504070c0b53616e746120436c617261310b300906035504080c024341310b30090603550406130255533059301306072a8648ce3d020106082a8648ce3d0301070342000435207feeddb595748ed82bb3a71c3be1e241ef61320c6816e6b5c2b71dad5532eaea12a4eb3f948916429ea47ba6c3af82a15e4b19664e52657939a2d96633dea381bb3081b8301f0603551d2304183016801422650cd65a9d3489f383b49552bf501b392706ac30520603551d1f044b30493047a045a043864168747470733a2f2f6365727469666963617465732e7472757374656473657276696365732e696e74656c2e636f6d2f496e74656c534758526f6f7443412e646572301d0603551d0e04160414956f5dcdbd1be1e94049c9d4f433ce01570bde54300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020100300a06082a8648ce3d040302034700304402205ec5648b4c3e8ba558196dd417fdb6b9a5ded182438f551e9c0f938c3d5a8b970220261bd520260f9c647d3569be8e14a32892631ac358b994478088f4d2b27cf37e