-
Notifications
You must be signed in to change notification settings - Fork 86
feat(l2): signature-based TDX #2677
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
82 commits
Select commit
Hold shift + click to select a range
eb5918f
initial tdx impl
iovoid 2cf8063
also compile quote-gen
iovoid 18365b5
fix unchanged name
iovoid 3aa614e
fetch tee deps on prepare time instead of build
iovoid 2d9639f
use non-hardened kernel
iovoid 85280b3
tdx qemu support for tooltree
iovoid 1dd6182
also ignore image itself
iovoid 60959f1
use correct qemu package
iovoid 2085c61
fix quote generation and roothash
iovoid 9b84f83
minimize partitions, add back cc
iovoid f8516d6
fix esp partition
iovoid ab0983f
fix tmp creation
iovoid 73ecd10
add resolv.conf
iovoid 69f7fb1
use extra trees instead of base
iovoid 4b457f1
use cf/google dns
iovoid 2b2825e
Merge branch 'main' into feat/tdx
iovoid f924970
add systemd service
iovoid aa27c82
add systemd service wantedby
iovoid b731332
enable systmd unit
iovoid 0a21db0
improve demo
iovoid 15df5b6
fix service
iovoid d1ce4b4
clean up
iovoid a069ce4
Merge branch 'main' into feat/tdx
iovoid 3ebb50b
add part of sample contract
iovoid 5925d81
update contracts
iovoid 2c55563
also check tcb_status
iovoid 8144e72
add signature-based quote generator
iovoid 6358670
add additional verifications
iovoid 3ef38f5
clean up cmdline args
iovoid 4a6e782
add deployment script
iovoid d49cdd4
separate deploy and deploy-all
iovoid dfef655
stop using forge
iovoid 0310c52
use http for quote-gen
iovoid 4f346ca
update vm definitions
iovoid 70cd6ab
add quote pusher
iovoid cebd586
quickfix for duplicate field error
iovoid 49ec8ec
fix Counter deploy
iovoid ba2da1a
fix schema and get
iovoid 4a34e6e
fix type error
iovoid e1c2ab1
fmt
iovoid 5f31bce
first update certificates if needed
iovoid 632448a
add example .env
iovoid 0ff873c
fix tool usage
iovoid a830d3a
refer to path explicitly
iovoid 3fb9544
include instead of excluding, since excluding does not work well
iovoid 44291be
init cloned repo's submodules
iovoid afa9726
hack dependency into being a workspace instead of including transitively
iovoid 902a239
use clone, the submodule is configured to use ssh
iovoid ec428ff
delete cargo.toml of dep
iovoid 85aa709
update tool path
iovoid 5a0e32b
update .env
iovoid fee7843
update RTMR values
iovoid 38cad62
fix json parsing and workspacing
iovoid e5e98f1
fix response param names
iovoid 321ccbe
fix signature
iovoid 1f78468
construct u256 by value, not bytes
iovoid d697835
add tests
iovoid 283a5e9
fix tests
iovoid fe32e7f
remove empty .gitmodules
iovoid 11013d0
add integration-test recipe
iovoid 5cca63c
split away tests due to large test vectors
iovoid daca048
add some contract docs
iovoid 11ceb2f
switch from cast to rex
iovoid 25d0584
remove forge from dependencies
iovoid df77a2c
fmt
iovoid 94079a0
fmt
iovoid 80295fc
fix unused import
iovoid 00521fb
fix unused import
iovoid c8de57c
disallow login to tdx guest
iovoid d55e67d
remove misc files from image
iovoid db551bf
update TDX measurements
iovoid 08ee2d2
update test vector
iovoid 0ba558e
update measurements
iovoid e2d7698
fmt&clippy
iovoid eba7b7f
Update docs
iovoid 727d94b
Document the testing command
iovoid 2bc368e
skip integration test outside correct environment
iovoid 486ff88
Merge branch 'main' into feat/tdx-signature
iovoid 0792fdd
Merge branch 'main' into feat/tdx-signature
iovoid 73b89c8
undo workaround
iovoid 15a8a9b
undo workaround
iovoid 3c7bd64
remove useless file
iovoid File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| image | ||
| image.* | ||
| mkosi.crt | ||
| mkosi.key | ||
| mkosi.tools.manifest | ||
| mkosi.tools |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| # TDX execution module | ||
|
|
||
| ## Usage | ||
|
|
||
| On a machine with TDX support [with the required setup](https://github.com/canonical/tdx) run | ||
| ``` | ||
| mkosi build | ||
| mkosi vm | ||
| ``` | ||
|
|
||
| ## What is TDX? | ||
|
|
||
| TDX is an Intel technology implementing a Trusted Execution Environment. | ||
| Such an environment allows verifying certain code was executed without being tampered with or observed. | ||
|
|
||
| These verifications (attestations) are known as "quotes" and contain signatures verifying the attestation was generated by a genuine processor, the measurements at the time, and a user-provided piece of data binding the proof. | ||
|
|
||
| The measurements happen into four Run Time Measurement Registers (RTMR), with each RTMR respresenting a boot stage. | ||
| This is analogous to [how PCRs work](https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/). | ||
|
|
||
| ## Usage considerations | ||
|
|
||
| Do not hardcode quote verification parameters as [they might change](https://cc-enabling.trustedservices.intel.com/intel-tdx-enabling-guide/02/infrastructure_setup/#tcb-recovery-tcb-r). | ||
|
|
||
| It's easy to silently overlook non-verified areas such as accidentally leaving login enabled, not verifying the integrity of the state. | ||
|
|
||
| ## Boot sequence | ||
|
|
||
| - Firmware (OVMF here) is loaded (and hashed into RTMR[0]) | ||
| - [UKI](https://uapi-group.org/specifications/specs/unified_kernel_image/) is loaded (and hashed into a RTMR) | ||
| - kernel and initrd are extracted from the UKI and executed | ||
| - root partition is verified using the `roothash=` value provided on the kernel cmdline and the `hash` partition with the dm-verity merkle tree | ||
| - root partition is mounted read-only | ||
| - (WIP) systemd executes the payload | ||
|
|
||
| ## Image build components | ||
|
|
||
| To build images we use [mkosi](https://github.com/systemd/mkosi) | ||
|
|
||
| ### Tooling image | ||
|
|
||
| `mkosi.tools.conf` defines the tool configuration, and `mkosi.tools.skeleton` imports the kobuk-team PPA (used by [canonical/tdx](https://github.com/canonical/tdx)) with the modified qemu build | ||
|
|
||
| This allows the build process to not depend on the host's tooling | ||
|
|
||
| ### Image preparation | ||
|
|
||
| Runs `mkosi.prepare.chroot`, which has network access, to download crate dependencies. | ||
|
|
||
| ### Image building | ||
|
|
||
| Runs `mkosi.build.chroot` to produce the output | ||
|
|
||
| ## Debug suggestions | ||
|
|
||
| - Adding `bash` to mkosi scripts to drop an interactive shell that lets you explore the build process | ||
| - Adding a root password in `mkosi.conf` to allow logging in to the container | ||
|
|
||
|
|
||
| ## Quote pusher | ||
|
|
||
| Set RPC_URL and PRIVATE_KEY to the corresponding values. | ||
|
|
||
| You must have [rex](https://github.com/lambdaclass/rex) installed. | ||
|
|
||
| ``` | ||
| # NOTE: initialize&update submodules on all repos | ||
| (ethrex) make dev # start L1 | ||
| (ethrex crates/l2/tee/contracts) make deploy-deps | ||
| (ethrex crates/l2/tee/contracts) make deploy | ||
| (ethrex crates/l2/tee/contracts) make mkenv | ||
| (ethrex crates/l2/tee/contracts) source .env.out | ||
| (ethrex crates/l2/tee/quote-pusher) make run | ||
| ``` | ||
|
|
||
| You can run integration tests by replacing the last step with `make test`. | ||
|
|
||
| Alternatively, running `make integration-test` will deploy the contracts for you and then run the tests. | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| # Libraries | ||
| lib/ | ||
|
|
||
| # Dotenv file | ||
| .env | ||
| .env.out | ||
|
|
||
| # Deploy dependencies | ||
| deploydeps/ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,62 @@ | ||
| DETERMINISTIC_DEPLOYER = 0x4e59b44847b379578588920cA78FbF26c0B4956C | ||
| DEPLOYMENT_PATH := deploydeps/automata-dcap-attestation/evm/deployment | ||
|
|
||
| deploy-p256: | ||
| rex send $(DETERMINISTIC_DEPLOYER) 0 $(PRIVATE_KEY) --calldata $(shell cat assets/p256.hex) | ||
|
|
||
| deploydeps: | ||
| mkdir -p deploydeps | ||
| cd deploydeps; git clone https://github.com/lambdaclass/automata-on-chain-pccs.git | ||
| cd deploydeps; git clone https://github.com/lambdaclass/automata-dcap-attestation.git | ||
|
|
||
| deploy-pccs: deploydeps deploy-p256 | ||
| cd deploydeps/automata-on-chain-pccs; make deploy | ||
|
|
||
| deploy-dcap: deploydeps deploy-pccs | ||
| mkdir -p $(DEPLOYMENT_PATH) | ||
| cp deploydeps/automata-on-chain-pccs/deployment/* $(DEPLOYMENT_PATH) | ||
| cd deploydeps/automata-dcap-attestation/evm; make deploy | ||
|
|
||
| ROOT_CRL_URI = https://certificates.trustedservices.intel.com/IntelSGXRootCA.der | ||
| deploydeps/root_crl.hex: | ||
| # SGX and TDX roots are the same | ||
| curl $(ROOT_CRL_URI) | xxd -ps -c0 > deploydeps/root_crl.hex | ||
|
|
||
| ROOT_CA_URI = https://certificates.trustedservices.intel.com/Intel_SGX_Provisioning_Certification_RootCA.cer | ||
| deploydeps/root_ca.hex: | ||
| # SGX and TDX roots are the same | ||
| curl $(ROOT_CA_URI) | xxd -ps -c0 > deploydeps/root_ca.hex | ||
|
|
||
| setup-pccs-ca: deploy-pccs deploydeps/root_ca.hex deploydeps/root_crl.hex | ||
| $(eval PCSDAO_ADDRESS := $(shell cat ${DEPLOYMENT_PATH}/AutomataPcsDao)) | ||
| rex send $(PCSDAO_ADDRESS) 0 $(PRIVATE_KEY) -- "upsertPcsCertificates(uint8,bytes)" 0 $(shell cat deploydeps/root_ca.hex) | ||
| rex send $(PCSDAO_ADDRESS) 0 $(PRIVATE_KEY) -- "upsertRootCACrl(bytes)" $(shell cat deploydeps/root_crl.hex) | ||
| rex send $(PCSDAO_ADDRESS) 0 $(PRIVATE_KEY) -- "upsertPcsCertificates(uint8,bytes)" 2 $(shell cat assets/platform_ca.hex) | ||
|
|
||
| lib/openzeppelin-contracts: | ||
| mkdir -p lib | ||
| cd lib; git clone https://github.com/OpenZeppelin/openzeppelin-contracts | ||
|
|
||
| solc_out/Counter.bin: src/Counter.sol lib/openzeppelin-contracts | ||
| mkdir -p solc_out | ||
| solc src/Counter.sol --bin --allow-paths lib/ -o solc_out/ --overwrite | ||
|
|
||
| deploy: solc_out/Counter.bin | ||
| $(eval CONTRACT_BIN := $(shell cat solc_out/Counter.bin)) | ||
| $(eval DCAP_ADDRESS := $(shell cat ${DEPLOYMENT_PATH}/AutomataDcapAttestationFee)) | ||
| rex deploy --print-address $(CONTRACT_BIN) 0 $(PRIVATE_KEY) -- \ | ||
| "constructor(address)" $(DCAP_ADDRESS) > ${DEPLOYMENT_PATH}/Counter | ||
|
|
||
| mkenv: | ||
| echo CONTRACT_ADDRESS=$(shell cat ${DEPLOYMENT_PATH}/Counter) > .env.out | ||
| echo ENCLAVE_ID_DAO=$(shell cat ${DEPLOYMENT_PATH}/AutomataEnclaveIdentityDao) >> .env.out | ||
| echo FMSPC_TCB_DAO=$(shell cat ${DEPLOYMENT_PATH}/AutomataFmspcTcbDao) >> .env.out | ||
| echo PCK_DAO=$(shell cat ${DEPLOYMENT_PATH}/AutomataPckDao) >> .env.out | ||
| echo PCS_DAO=$(shell cat ${DEPLOYMENT_PATH}/AutomataPcsDao) >> .env.out | ||
|
|
||
| deploy-deps: deploy-dcap setup-pccs-ca | ||
|
|
||
| clean: | ||
| rm -rf deploydeps cache out deployment/* | ||
|
|
||
| .PHONY: deploy-all deploy deploy-pccs deploy-dcap clean |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| # Deployment | ||
|
|
||
| You can use `make deploy-deps` to deploy the dependencies and `make deploy` to deploy the main contract. | ||
|
|
||
| # Dependencies | ||
|
|
||
| A compiled version ([for reproducibility](https://github.com/daimo-eth/p256-verifier/issues/46)) of [p256-verifier](https://github.com/daimo-eth/p256-verifier) is included as assets/p256.hex |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| 00000000000000000000000000000000000000000000000000000000000000006080806040523461001657610dd1908161001c8239f35b600080fdfe60e06040523461001a57610012366100c7565b602081519101f35b600080fd5b6040810190811067ffffffffffffffff82111761003b57604052565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052604160045260246000fd5b60e0810190811067ffffffffffffffff82111761003b57604052565b90601f7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0910116810190811067ffffffffffffffff82111761003b57604052565b60a08103610193578060201161001a57600060409180831161018f578060601161018f578060801161018f5760a01161018c57815182810181811067ffffffffffffffff82111761015f579061013291845260603581526080356020820152833560203584356101ab565b15610156575060ff6001915b5191166020820152602081526101538161001f565b90565b60ff909161013e565b6024837f4e487b710000000000000000000000000000000000000000000000000000000081526041600452fd5b80fd5b5080fd5b5060405160006020820152602081526101538161001f565b909283158015610393575b801561038b575b8015610361575b6103585780519060206101dc818301938451906103bd565b1561034d57604051948186019082825282604088015282606088015260808701527fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254f60a08701527fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551958660c082015260c081526102588161006a565b600080928192519060055afa903d15610345573d9167ffffffffffffffff831161031857604051926102b1857fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0601f8401160185610086565b83523d828585013e5b156102eb57828280518101031261018c5750015190516102e693929185908181890994099151906104eb565b061490565b807f4e487b7100000000000000000000000000000000000000000000000000000000602492526001600452fd5b6024827f4e487b710000000000000000000000000000000000000000000000000000000081526041600452fd5b6060916102ba565b505050505050600090565b50505050600090565b507fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325518310156101c4565b5082156101bd565b507fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325518410156101b6565b7fffffffff00000001000000000000000000000000ffffffffffffffffffffffff90818110801590610466575b8015610455575b61044d577f5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b8282818080957fffffffff00000001000000000000000000000000fffffffffffffffffffffffc0991818180090908089180091490565b505050600090565b50801580156103f1575082156103f1565b50818310156103ea565b7f800000000000000000000000000000000000000000000000000000000000000081146104bc577fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0190565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b909192608052600091600160a05260a05193600092811580610718575b61034d57610516838261073d565b95909460ff60c05260005b600060c05112156106ef575b60a05181036106a1575050507f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5957f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2969594939291965b600060c05112156105c7575050505050507fffffffff00000001000000000000000000000000ffffffffffffffffffffffff91506105c260a051610ca2565b900990565b956105d9929394959660a05191610a98565b9097929181928960a0528192819a6105f66080518960c051610722565b61060160c051610470565b60c0528061061b5750505050505b96959493929196610583565b969b5061067b96939550919350916001810361068857507f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5937f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c29693610952565b979297919060a05261060f565b6002036106985786938a93610952565b88938893610952565b600281036106ba57505050829581959493929196610583565b9197917ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd0161060f575095508495849661060f565b506106ff6080518560c051610722565b8061070b60c051610470565b60c052156105215761052d565b5060805115610508565b91906002600192841c831b16921c1681018091116104bc5790565b8015806107ab575b6107635761075f91610756916107b3565b92919091610c42565b9091565b50507f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296907f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f590565b508115610745565b919082158061094a575b1561080f57507f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c29691507f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5906001908190565b7fb01cbd1c01e58065711814b583f061e9d431cca994cea1313449bf97c840ae0a917fffffffff00000001000000000000000000000000ffffffffffffffffffffffff808481600186090894817f94e82e0c1ed3bdb90743191a9c5bbf0d88fc827fd214cc5f0b5ec6ba27673d6981600184090893841561091b575050808084800993840994818460010994828088600109957f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c29609918784038481116104bc5784908180867fffffffff00000001000000000000000000000000fffffffffffffffffffffffd0991818580090808978885038581116104bc578580949281930994080908935b93929190565b9350935050921560001461093b5761093291610b6d565b91939092610915565b50506000806000926000610915565b5080156107bd565b91949592939095811580610a90575b15610991575050831580610989575b61097a5793929190565b50600093508392508291508190565b508215610970565b85919294951580610a88575b610a78577fffffffff00000001000000000000000000000000ffffffffffffffffffffffff968703918783116104bc5787838189850908938689038981116104bc5789908184840908928315610a5d575050818880959493928180848196099b8c9485099b8c920999099609918784038481116104bc5784908180867fffffffff00000001000000000000000000000000fffffffffffffffffffffffd0991818580090808978885038581116104bc578580949281930994080908929190565b965096505050509093501560001461093b5761093291610b6d565b9550509150915091906001908190565b50851561099d565b508015610961565b939092821580610b65575b61097a577fffffffff00000001000000000000000000000000ffffffffffffffffffffffff908185600209948280878009809709948380888a0998818080808680097fffffffff00000001000000000000000000000000fffffffffffffffffffffffc099280096003090884808a7fffffffff00000001000000000000000000000000fffffffffffffffffffffffd09818380090898898603918683116104bc57888703908782116104bc578780969481809681950994089009089609930990565b508015610aa3565b919091801580610c3a575b610c2d577fffffffff00000001000000000000000000000000ffffffffffffffffffffffff90818460020991808084800980940991817fffffffff00000001000000000000000000000000fffffffffffffffffffffffc81808088860994800960030908958280837fffffffff00000001000000000000000000000000fffffffffffffffffffffffd09818980090896878403918483116104bc57858503928584116104bc5785809492819309940890090892565b5060009150819081908190565b508215610b78565b909392821580610c9a575b610c8d57610c5a90610ca2565b9182917fffffffff00000001000000000000000000000000ffffffffffffffffffffffff80809581940980099009930990565b5050509050600090600090565b508015610c4d565b604051906020918281019183835283604083015283606083015260808201527fffffffff00000001000000000000000000000000fffffffffffffffffffffffd60a08201527fffffffff00000001000000000000000000000000ffffffffffffffffffffffff60c082015260c08152610d1a8161006a565b600080928192519060055afa903d15610d93573d9167ffffffffffffffff83116103185760405192610d73857fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0601f8401160185610086565b83523d828585013e5b156102eb57828280518101031261018c5750015190565b606091610d7c56fea2646970667358221220fa55558b04ced380e93d0a46be01bb895ff30f015c50c516e898c341cd0a230264736f6c63430008150033 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| 308202963082023da003020102021500956f5dcdbd1be1e94049c9d4f433ce01570bde54300a06082a8648ce3d0403023068311a301806035504030c11496e74656c2053475820526f6f74204341311a3018060355040a0c11496e74656c20436f72706f726174696f6e3114301206035504070c0b53616e746120436c617261310b300906035504080c024341310b3009060355040613025553301e170d3138303532313130353031305a170d3333303532313130353031305a30703122302006035504030c19496e74656c205347582050434b20506c6174666f726d204341311a3018060355040a0c11496e74656c20436f72706f726174696f6e3114301206035504070c0b53616e746120436c617261310b300906035504080c024341310b30090603550406130255533059301306072a8648ce3d020106082a8648ce3d0301070342000435207feeddb595748ed82bb3a71c3be1e241ef61320c6816e6b5c2b71dad5532eaea12a4eb3f948916429ea47ba6c3af82a15e4b19664e52657939a2d96633dea381bb3081b8301f0603551d2304183016801422650cd65a9d3489f383b49552bf501b392706ac30520603551d1f044b30493047a045a043864168747470733a2f2f6365727469666963617465732e7472757374656473657276696365732e696e74656c2e636f6d2f496e74656c534758526f6f7443412e646572301d0603551d0e04160414956f5dcdbd1be1e94049c9d4f433ce01570bde54300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020100300a06082a8648ce3d040302034700304402205ec5648b4c3e8ba558196dd417fdb6b9a5ded182438f551e9c0f938c3d5a8b970220261bd520260f9c647d3569be8e14a32892631ac358b994478088f4d2b27cf37e |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This requires setting up a
PRIVATE_KEYenvironment variable for the account that's going to do the deployment, let's add that to the docsThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done, also made it more specifically about quote-pusher.