Skip to content

Commit 0ac78c4

Browse files
committed
go/runtime/host: Introduce QuotePolicyProvider interface
This enables us to get rid of the consensus dependency.
1 parent 03f1533 commit 0ac78c4

5 files changed

Lines changed: 54 additions & 46 deletions

File tree

go/runtime/host/provisioner/provisioner.go

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ import (
2020
hostProtocol "github.com/oasisprotocol/oasis-core/go/runtime/host/protocol"
2121
hostSandbox "github.com/oasisprotocol/oasis-core/go/runtime/host/sandbox"
2222
hostSgx "github.com/oasisprotocol/oasis-core/go/runtime/host/sgx"
23+
sgxCommon "github.com/oasisprotocol/oasis-core/go/runtime/host/sgx/common"
2324
hostTdx "github.com/oasisprotocol/oasis-core/go/runtime/host/tdx"
2425
)
2526

@@ -47,8 +48,10 @@ func New(
4748
return nil, err
4849
}
4950

51+
policyProvider := sgxCommon.NewQuotePolicyProvider(consensus)
52+
5053
// Create runtime provisioner.
51-
return createProvisioner(dataDir, commonStore, identity, consensus, hostInfo, qs)
54+
return createProvisioner(dataDir, commonStore, identity, hostInfo, qs, policyProvider)
5255
}
5356

5457
func createHostInfo(genesisDoc *genesisAPI.Document) (*hostProtocol.HostInfo, error) {
@@ -76,9 +79,9 @@ func createProvisioner(
7679
dataDir string,
7780
commonStore *persistent.CommonStore,
7881
identity *identity.Identity,
79-
consensus consensus.Service,
8082
hostInfo *hostProtocol.HostInfo,
8183
qs pcs.QuoteService,
84+
policyProvider sgxCommon.QuotePolicyProvider,
8285
) (runtimeHost.Provisioner, error) {
8386
var err error
8487
var insecureNoSandbox bool
@@ -144,7 +147,7 @@ func createProvisioner(
144147
CommonStore: commonStore,
145148
LoaderPath: sgxLoader,
146149
PCS: qs,
147-
Consensus: consensus,
150+
QuotePolicy: policyProvider,
148151
Identity: identity,
149152
SandboxBinaryPath: sandboxBinary,
150153
InsecureNoSandbox: insecureNoSandbox,
@@ -173,7 +176,7 @@ func createProvisioner(
173176
HostInfo: hostInfo,
174177
CommonStore: commonStore,
175178
PCS: qs,
176-
Consensus: consensus,
179+
QuotePolicy: policyProvider,
177180
Identity: identity,
178181
CidPool: cidPool,
179182
RuntimeAttestInterval: attestInterval,

go/runtime/host/sgx/common/common.go

Lines changed: 17 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -24,16 +24,23 @@ import (
2424
"github.com/oasisprotocol/oasis-core/go/runtime/host/sandbox"
2525
)
2626

27-
// GetQuotePolicy fetches the quote policy for the specified RONL deployment.
28-
//
29-
// Returns nil if the policy is not available.
30-
func GetQuotePolicy(
31-
ctx context.Context,
32-
runtimeID common.Namespace,
33-
version version.Version,
34-
cs consensus.Service,
35-
) (*sgxQuote.Policy, error) {
36-
rt, err := cs.Registry().GetRuntime(ctx, &registry.GetRuntimeQuery{
27+
// QuotePolicyProvider provides quote policies.
28+
type QuotePolicyProvider interface {
29+
// Get fetches the quote policy for the specified RONL deployment.
30+
Get(ctx context.Context, runtimeID common.Namespace, version version.Version) (*sgxQuote.Policy, error)
31+
}
32+
33+
type quotePolicyProvider struct {
34+
cs consensus.Service
35+
}
36+
37+
// NewQuotePolicyProvider returns a QuotePolicyProvider backed by the consensus.
38+
func NewQuotePolicyProvider(cs consensus.Service) QuotePolicyProvider {
39+
return &quotePolicyProvider{cs: cs}
40+
}
41+
42+
func (p *quotePolicyProvider) Get(ctx context.Context, runtimeID common.Namespace, version version.Version) (*sgxQuote.Policy, error) {
43+
rt, err := p.cs.Registry().GetRuntime(ctx, &registry.GetRuntimeQuery{
3744
Height: consensus.HeightLatest,
3845
ID: runtimeID,
3946
IncludeSuspended: true,

go/runtime/host/sgx/ecdsa.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ func (ec *teeStateECDSA) Update(ctx context.Context, sp *sgxProvisioner, conn pr
5757
var pcsQuotePolicy *pcs.QuotePolicy
5858
switch ec.cfg.Component.Kind {
5959
case component.RONL:
60-
quotePolicy, err := sgxCommon.GetQuotePolicy(ctx, ec.cfg.ID, ec.cfg.Component.Version, sp.consensus)
60+
quotePolicy, err := sp.policyProvider.Get(ctx, ec.cfg.ID, ec.cfg.Component.Version)
6161
if err != nil {
6262
return nil, fmt.Errorf("failed to fetch RONL quote policy: %w", err)
6363
}

go/runtime/host/sgx/provisioner.go

Lines changed: 15 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,6 @@ import (
1919
"github.com/oasisprotocol/oasis-core/go/common/sgx/aesm"
2020
"github.com/oasisprotocol/oasis-core/go/common/sgx/pcs"
2121
"github.com/oasisprotocol/oasis-core/go/common/sgx/sigstruct"
22-
consensus "github.com/oasisprotocol/oasis-core/go/consensus/api"
2322
cmdFlags "github.com/oasisprotocol/oasis-core/go/oasis-node/cmd/common/flags"
2423
"github.com/oasisprotocol/oasis-core/go/runtime/bundle"
2524
"github.com/oasisprotocol/oasis-core/go/runtime/host"
@@ -59,8 +58,8 @@ type Config struct {
5958

6059
// PCS is the Intel Provisioning Certification Service quote service.
6160
PCS pcs.QuoteService
62-
// Consensus is the consensus layer backend.
63-
Consensus consensus.Service
61+
// QuotePolicy provides the quote policy for RONL deployments.
62+
QuotePolicy sgxCommon.QuotePolicyProvider
6463
// Identity is the node identity.
6564
Identity *identity.Identity
6665

@@ -86,12 +85,12 @@ type sgxProvisioner struct {
8685

8786
cfg Config
8887

89-
sandbox host.Provisioner
90-
pcs pcs.QuoteService
91-
aesm *aesm.Client
92-
consensus consensus.Service
93-
identity *identity.Identity
94-
store *persistent.CommonStore
88+
sandbox host.Provisioner
89+
pcs pcs.QuoteService
90+
aesm *aesm.Client
91+
policyProvider sgxCommon.QuotePolicyProvider
92+
identity *identity.Identity
93+
store *persistent.CommonStore
9594

9695
logger *logging.Logger
9796
}
@@ -106,13 +105,13 @@ func NewProvisioner(cfg Config) (host.Provisioner, error) {
106105
sgxCommon.InitMetrics()
107106

108107
p := &sgxProvisioner{
109-
cfg: cfg,
110-
pcs: cfg.PCS,
111-
aesm: aesm.NewClient(aesmdSocketPath),
112-
consensus: cfg.Consensus,
113-
identity: cfg.Identity,
114-
store: cfg.CommonStore,
115-
logger: logging.GetLogger("runtime/host/sgx"),
108+
cfg: cfg,
109+
pcs: cfg.PCS,
110+
aesm: aesm.NewClient(aesmdSocketPath),
111+
policyProvider: cfg.QuotePolicy,
112+
identity: cfg.Identity,
113+
store: cfg.CommonStore,
114+
logger: logging.GetLogger("runtime/host/sgx"),
116115
}
117116
sp, err := sandbox.NewProvisioner(sandbox.Config{
118117
GetSandboxConfig: p.getSandboxConfig,

go/runtime/host/tdx/qemu.go

Lines changed: 14 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,6 @@ import (
2020
"github.com/oasisprotocol/oasis-core/go/common/sgx/pcs"
2121
sgxQuote "github.com/oasisprotocol/oasis-core/go/common/sgx/quote"
2222
"github.com/oasisprotocol/oasis-core/go/config"
23-
consensus "github.com/oasisprotocol/oasis-core/go/consensus/api"
2423
"github.com/oasisprotocol/oasis-core/go/runtime/bundle/component"
2524
"github.com/oasisprotocol/oasis-core/go/runtime/host"
2625
"github.com/oasisprotocol/oasis-core/go/runtime/host/protocol"
@@ -56,8 +55,8 @@ type QemuConfig struct {
5655

5756
// PCS is the Intel Provisioning Certification Service quote service.
5857
PCS pcs.QuoteService
59-
// Consensus is the consensus layer backend.
60-
Consensus consensus.Service
58+
// QuotePolicy provides the quote policy for RONL deployments.
59+
QuotePolicy sgxCommon.QuotePolicyProvider
6160
// Identity is the node identity.
6261
Identity *identity.Identity
6362

@@ -78,11 +77,11 @@ type QemuExtraConfig struct {
7877
type qemuProvisioner struct {
7978
cfg QemuConfig
8079

81-
sandbox host.Provisioner
82-
pcs pcs.QuoteService
83-
consensus consensus.Service
84-
identity *identity.Identity
85-
cidPool *CidPool
80+
sandbox host.Provisioner
81+
pcs pcs.QuoteService
82+
quotePolicy sgxCommon.QuotePolicyProvider
83+
identity *identity.Identity
84+
cidPool *CidPool
8685

8786
logger *logging.Logger
8887
}
@@ -97,12 +96,12 @@ func NewQemuProvisioner(cfg QemuConfig) (host.Provisioner, error) {
9796
sgxCommon.InitMetrics()
9897

9998
p := &qemuProvisioner{
100-
cfg: cfg,
101-
pcs: cfg.PCS,
102-
consensus: cfg.Consensus,
103-
identity: cfg.Identity,
104-
cidPool: cfg.CidPool,
105-
logger: logging.GetLogger("runtime/host/tdx/qemu"),
99+
cfg: cfg,
100+
pcs: cfg.PCS,
101+
quotePolicy: cfg.QuotePolicy,
102+
identity: cfg.Identity,
103+
cidPool: cfg.CidPool,
104+
logger: logging.GetLogger("runtime/host/tdx/qemu"),
106105
}
107106
sp, err := sandbox.NewProvisioner(sandbox.Config{
108107
Connector: newVsockConnector,
@@ -437,7 +436,7 @@ func (p *qemuProvisioner) updateCapabilityTEE(ctx context.Context, hp *sandbox.H
437436
var quotePolicy *sgxQuote.Policy
438437
switch hp.Config.Component.Kind {
439438
case component.RONL:
440-
quotePolicy, err = sgxCommon.GetQuotePolicy(ctx, hp.Config.ID, hp.Config.Component.Version, p.consensus)
439+
quotePolicy, err = p.quotePolicy.Get(ctx, hp.Config.ID, hp.Config.Component.Version)
441440
if err != nil {
442441
return nil, fmt.Errorf("failed to fetch RONL quote policy: %w", err)
443442
}

0 commit comments

Comments
 (0)