Merge branch 'main' into ui-qa-checklist

taikoxyz · May 13, 2024 · 6c7d7c8 · 6c7d7c8
2 parents fa782f9 + bc27c7f
commit 6c7d7c8
Show file tree

Hide file tree

Showing 4 changed files with 147 additions and 25 deletions.
diff --git a/packages/protocol/script/SetDcapParams.s.sol b/packages/protocol/script/SetDcapParams.s.sol
@@ -11,43 +11,50 @@ contract SetDcapParams is Script, AttestationBase {
     address public dcapAttestationAddress = vm.envAddress("ATTESTATION_ADDRESS");
     address public sgxVerifier = vm.envAddress("SGX_VERIFIER_ADDRESS");
     address public pemCertChainLibAddr = vm.envAddress("PEM_CERTCHAIN_ADDRESS");
-    // TASK_FLAG: [setMrEnclave,setMrSigner,configQE,configTCB,registerSgxInstanceWithQuote]
-    bool[] internal defaultTaskFlags = [true, true, true, true, true];
-    bool[] public taskFlags = vm.envOr("TASK_ENABLE", ",", defaultTaskFlags);
+    // TASK_FLAG:
+    // [setMrEnclave,setMrSigner,configQE,configTCB,enableMrCheck,registerSgxInstanceWithQuote]
+    uint256[] internal defaultTaskFlags = [1, 1, 1, 1, 1, 1];
+    uint256[] public taskFlags = vm.envOr("TASK_ENABLE", ",", defaultTaskFlags);
 
     function run() external {
         require(ownerPrivateKey != 0, "PRIVATE_KEY not set");
         require(dcapAttestationAddress != address(0), "ATTESTATION_ADDRESS not set");
 
         vm.startBroadcast(ownerPrivateKey);
-        if (taskFlags[0]) {
-            _setMrEnclave();
+        if (taskFlags[0] != 0) {
+            bool enable = (taskFlags[0] == 1);
+            _setMrEnclave(enable);
         }
-        if (taskFlags[1]) {
-            _setMrSigner();
+        if (taskFlags[1] != 0) {
+            bool enable = (taskFlags[1] == 1);
+            _setMrSigner(enable);
         }
-        if (taskFlags[2]) {
+        if (taskFlags[2] != 0) {
             _configureQeIdentityJson();
         }
-        if (taskFlags[3]) {
+        if (taskFlags[3] != 0) {
             _configureTcbInfoJson();
         }
-        if (taskFlags[4]) {
+        if (taskFlags[4] != 0) {
+            toggleCheckQuoteValidity(dcapAttestationAddress);
+        }
+        if (taskFlags[5] != 0) {
             _registerSgxInstanceWithQuoteBytes();
         }
 
         vm.stopBroadcast();
     }
 
-    function _setMrEnclave() internal {
+    function _setMrEnclave(bool enable) internal {
         mrEnclave = vm.envBytes32("MR_ENCLAVE");
-        setMrEnclave(dcapAttestationAddress, mrEnclave);
+        console2.log("_setMrEnclave set: ", uint256(mrEnclave));
+        setMrEnclave(dcapAttestationAddress, mrEnclave, enable);
         console2.log("MR_ENCLAVE set: ", uint256(mrEnclave));
     }
 
-    function _setMrSigner() internal {
+    function _setMrSigner(bool enable) internal {
         mrSigner = vm.envBytes32("MR_SIGNER");
-        setMrSigner(dcapAttestationAddress, mrSigner);
+        setMrSigner(dcapAttestationAddress, mrSigner, enable);
         console2.log("MR_SIGNER set: ", uint256(mrSigner));
     }
 

diff --git a/packages/protocol/script/config_dcap_sgx_verifier.sh b/packages/protocol/script/config_dcap_sgx_verifier.sh
@@ -7,6 +7,9 @@ usage() {
     --eq file_path: config qe
     --mrenclave hex_string: config mrenclave
     --mrsigner hex_string: config mrsigner
+    --toggle-mr-check: toggle mrenclave/mrsigner check
+    --unset-mrenclave hex_string: disable mrenclave
+    --unset-mrsigner hex_string: disable mrsigner
     --quote string: register sgx instance with quote"
 to configure the dcap verifier contract.
 
@@ -49,6 +52,7 @@ config_qe=0
 set_mrenclave=0
 set_mrsigner=0
 verify_quote=0
+toggle_check=0
 
 # helper function for trimming the file path to vm root
 vm_file_path() {
@@ -76,6 +80,26 @@ while [[ $# -gt 0 ]]; do
             shift
             shift
             ;;
+        --unset-mrenclave)
+            MR_ENCLAVE="$2"
+            echo "Unset MR_ENCLAVE: $MR_ENCLAVE"
+            set_mrenclave=2
+            shift
+            shift
+            ;;
+        --unset-mrsigner)
+            MR_SIGNER="$2"
+            echo "Unset MR_SIGNER: $MR_SIGNER"
+            set_mrsigner=2
+            shift
+            shift
+            ;;
+        --toggle-mr-check)
+            echo "toggle mr check"
+            toggle_check=1
+            shift
+            shift
+            ;;
         --qeid)
             QEID_PATH=$(vm_file_path "$2")
             echo "Config QE file: $QEID_PATH"
@@ -109,7 +133,7 @@ if [ -z $FORK_URL ]; then
 fi
 
 # TASK_FLAG: [setMrEnclave,setMrSigner,configQE,configTCB,registerSgxInstanceWithQuote]
-TASK_ENABLE_MASK="$set_mrenclave,$set_mrsigner,$config_qe,$config_tcb,$verify_quote"
+TASK_ENABLE_MASK=$set_mrenclave,$set_mrsigner,$config_qe,$config_tcb,$toggle_check,$verify_quote
 
 # config the contract
 TASK_ENABLE=$TASK_ENABLE_MASK \