Add support for compute runtime quote policy

[martintomazic]

Replaces #6471 closes #6387.

[netlify]

✅ Deploy Preview for oasisprotocol-oasis-core canceled.

Name	Link
🔨 Latest commit	c4fb335
🔍 Latest deploy log	https://app.netlify.com/projects/oasisprotocol-oasis-core/deploys/69ca35c64786c8000890123b

[martintomazic]

e2e test with mocked TEE was instrumental to realizing that without compute_policy on the rust side of the protocol, RHP would fail due to the missing field.

To test that compute policy is applied e2e you can disable pcs in the quote policy (fixture) and run:

export OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES=1
export OASIS_UNSAFE_MOCK_TEE=1
export OASIS_TEE_HARDWARE=intel-sgx

make
.buildkite/scripts/test_e2e.sh --scenario e2e/runtime/compute-policy

The test would gets stuck (as expected).

Full SGX test would be desired here (easy). It would be also nice to add another one, where we e.g. set MinTCBEvaluationDataNumber and verify via the control status that the registration failed... Still not optimal as technically we would catch node local attestation to halt early and not consensus rejecting byzantine compute.

Testing that rofl nodes pass on the lower TCB but compute node is rejected would be even harder as we would need two different SGX environments to make it work.

What do you think?

[kostko]

Yes, it would be great if we can test it in real SGX.

For the two different environments, let's open a separate issue to test that E2E.

[martintomazic]

Previously I was passing runtime roles (see). Now we only need bool flag.

No matter what name I choose here, passing the variable through workers, feels like abstraction leak.

I could avoid all this and use the config.GlobalConfig directly in the common.GetQuotePolicy. I hate global state though, but here might be acceptable with a TODO issue given this shows abstractions are not best in the first place?

[kostko]

Yes, this seems awkward. For example the common worker constructor is already doing config lookups so it seems fine to have them there.

Removing the use of global config and explicitly passing it instead is a different issue.

[martintomazic]

This field is ignored for now and only here to pass e2e test.

In practice we probably need new RHP method (similar to node identity), to signal whether compute policy should be respected or not. Technically not breaking?

The runtime should sign with its RAK whether the intention of this enclave is to be used as the one registering on the consensus (having access to keymanager) or is the intention to be used in the less constrained environments (default policy only). Similar solution to what is done for the node_id, i.e. make it part of the hash structure and sign with RAK and validate signature on the consensus side.
Do we really need this / what are possible attack vectors without it?

[kostko]

I would avoid this extra verification for now as I don't see what attack this would prevent. It is other runtimes and the consensus layer that are enforcing this policy.

[codecov]

Codecov Report

❌ Patch coverage is 88.98305% with 13 lines in your changes missing coverage. Please review.
✅ Project coverage is 64.43%. Comparing base (76002fa) to head (b795a2e).
⚠️ Report is 11 commits behind head on master.

Files with missing lines	Patch %	Lines
go/common/node/node.go	78.57%	0 Missing and 3 partials ⚠️
go/common/node/sgx.go	91.66%	1 Missing and 1 partial ⚠️
go/common/sgx/pcs/pcs.go	0.00%	2 Missing ⚠️
go/oasis-node/cmd/node/node.go	75.00%	1 Missing and 1 partial ⚠️
go/worker/common/committee/node.go	92.30%	0 Missing and 2 partials ⚠️
go/consensus/cometbft/apps/scheduler/scheduler.go	88.88%	0 Missing and 1 partial ⚠️
go/worker/keymanager/worker.go	50.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #6474      +/-   ##
==========================================
- Coverage   64.79%   64.43%   -0.36%     
==========================================
  Files         699      699              
  Lines       68206    68264      +58     
==========================================
- Hits        44193    43988     -205     
- Misses      18999    19205     +206     
- Partials     5014     5071      +57     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[kostko]

Yes, this seems awkward. For example the common worker constructor is already doing config lookups so it seems fine to have them there.

Removing the use of global config and explicitly passing it instead is a different issue.

[kostko]

I would avoid this extra verification for now as I don't see what attack this would prevent. It is other runtimes and the consensus layer that are enforcing this policy.