|
1 | 1 | package provisioner |
2 | 2 |
|
3 | 3 | import ( |
| 4 | + "context" |
4 | 5 | "fmt" |
5 | 6 |
|
| 7 | + "github.com/oasisprotocol/oasis-core/go/common" |
| 8 | + "github.com/oasisprotocol/oasis-core/go/common/cbor" |
6 | 9 | "github.com/oasisprotocol/oasis-core/go/common/identity" |
| 10 | + "github.com/oasisprotocol/oasis-core/go/common/node" |
7 | 11 | "github.com/oasisprotocol/oasis-core/go/common/persistent" |
8 | 12 | "github.com/oasisprotocol/oasis-core/go/common/sgx/pcs" |
| 13 | + sgxQuote "github.com/oasisprotocol/oasis-core/go/common/sgx/quote" |
9 | 14 | "github.com/oasisprotocol/oasis-core/go/common/version" |
10 | 15 | "github.com/oasisprotocol/oasis-core/go/config" |
11 | 16 | consensus "github.com/oasisprotocol/oasis-core/go/consensus/api" |
12 | 17 | genesisAPI "github.com/oasisprotocol/oasis-core/go/genesis/api" |
13 | 18 | cmdFlags "github.com/oasisprotocol/oasis-core/go/oasis-node/cmd/common/flags" |
| 19 | + registry "github.com/oasisprotocol/oasis-core/go/registry/api" |
14 | 20 | "github.com/oasisprotocol/oasis-core/go/runtime/bundle/component" |
15 | 21 | rtConfig "github.com/oasisprotocol/oasis-core/go/runtime/config" |
16 | 22 | runtimeHost "github.com/oasisprotocol/oasis-core/go/runtime/host" |
@@ -48,7 +54,7 @@ func New( |
48 | 54 | return nil, err |
49 | 55 | } |
50 | 56 |
|
51 | | - policyProvider := sgxCommon.NewQuotePolicyProvider(consensus) |
| 57 | + policyProvider := "ePolicyProvider{consensus} |
52 | 58 |
|
53 | 59 | // Create runtime provisioner. |
54 | 60 | return createProvisioner(dataDir, commonStore, identity, hostInfo, qs, policyProvider) |
@@ -196,3 +202,26 @@ func createProvisioner( |
196 | 202 |
|
197 | 203 | return provisioner, nil |
198 | 204 | } |
| 205 | + |
| 206 | +type quotePolicyProvider struct { |
| 207 | + cs consensus.Service |
| 208 | +} |
| 209 | + |
| 210 | +func (p *quotePolicyProvider) Get(ctx context.Context, runtimeID common.Namespace, version version.Version) (*sgxQuote.Policy, error) { |
| 211 | + rt, err := p.cs.Registry().GetRuntime(ctx, ®istry.GetRuntimeQuery{ |
| 212 | + Height: consensus.HeightLatest, |
| 213 | + ID: runtimeID, |
| 214 | + IncludeSuspended: true, |
| 215 | + }) |
| 216 | + if err != nil { |
| 217 | + return nil, fmt.Errorf("failed to query runtime descriptor: %w", err) |
| 218 | + } |
| 219 | + if d := rt.DeploymentForVersion(version); d != nil { |
| 220 | + var sc node.SGXConstraints |
| 221 | + if err = cbor.Unmarshal(d.TEE, &sc); err != nil { |
| 222 | + return nil, fmt.Errorf("malformed runtime SGX constraints: %w", err) |
| 223 | + } |
| 224 | + return sc.Policy, nil |
| 225 | + } |
| 226 | + return nil, nil |
| 227 | +} |
0 commit comments