go/runtime/config: Support selection of TEE kind

oasisprotocol · Jan 8, 2025 · 8cd3f6f · 8cd3f6f
1 parent e510075
commit 8cd3f6f
Show file tree

Hide file tree

Showing 7 changed files with 105 additions and 4 deletions.
diff --git a/.changelog/5975.cfg.md b/.changelog/5975.cfg.md
@@ -0,0 +1,14 @@
+go/runtime/config: Support selection of TEE kind
+
+The node operator can now specify the kind of Trusted Execution Environment
+in which the runtime component should run.
+
+The following configuration option has been deprecated:
+
+- `runtime.environment`
+
+The following configuration options have been added:
+
+- `runtime.debug_mock_tee` to enable TEE mocking for testing,
+
+- `runtime.runtimes.components.tee` to specify the TEE for a component.
diff --git a/go/runtime/bundle/component.go b/go/runtime/bundle/component.go
@@ -14,6 +14,10 @@ import (
 type ExplodedComponent struct {
 	*Component
 
+	// TEEKind specifies the kind of Trusted Execution Environment (TEE)
+	// in which the component should run.
+	TEEKind component.TEEKind
+
 	// Detached is true iff the bundle containing the component does not
 	// include a RONL component.
 	Detached bool

diff --git a/go/runtime/bundle/registry.go b/go/runtime/bundle/registry.go
@@ -17,6 +17,7 @@ import (
 	"github.com/oasisprotocol/oasis-core/go/config"
 	cmdFlags "github.com/oasisprotocol/oasis-core/go/oasis-node/cmd/common/flags"
 	"github.com/oasisprotocol/oasis-core/go/runtime/bundle/component"
+	rtConfig "github.com/oasisprotocol/oasis-core/go/runtime/config"
 )
 
 // CfgDebugMockIDs configures mock runtime IDs for the purpose of testing.
@@ -153,6 +154,19 @@ func (r *registry) AddBundle(path string, manifestHash hash.Hash) error {
 
 	// Add components to the registry.
 	for compID, comp := range components {
+		teeKind := comp.TEEKind()
+		if compCfg, ok := config.GlobalConfig.Runtime.GetComponent(bnd.Manifest.ID, compID); ok {
+			if kind, ok := compCfg.TEEKind(); ok {
+				teeKind = kind
+			}
+		}
+		// Support legacy configuration where the runtime environment determines
+		// whether the client node should run the runtime in an SGX environment.
+		isEnvSGX := config.GlobalConfig.Runtime.Environment == rtConfig.RuntimeEnvironmentSGX
+		if comp.ID().IsRONL() && config.GlobalConfig.Mode.IsClientOnly() && !isEnvSGX {
+			teeKind = component.TEEKindNone
+		}
+
 		runtimeComponents, ok := r.components[bnd.Manifest.ID]
 		if !ok {
 			runtimeComponents = make(map[component.ID]map[version.Version]*ExplodedComponent)
@@ -169,6 +183,7 @@ func (r *registry) AddBundle(path string, manifestHash hash.Hash) error {
 			Component:       comp,
 			Detached:        detached,
 			ExplodedDataDir: explodedDataDir,
+			TEEKind:         teeKind,
 		}
 	}
 

diff --git a/go/runtime/config/config.go b/go/runtime/config/config.go
@@ -65,6 +65,23 @@ const (
 	RuntimeEnvironmentAuto RuntimeEnvironment = "auto"
 )
 
+// TEESelectMode is the selection mode for the Trusted Execution Environment (TEE).
+type TEESelectMode string
+
+const (
+	// TEESelectModeAuto specifies that the runtime should run in the most appropriate TEE.
+	TEESelectModeAuto TEESelectMode = ""
+
+	// TEESelectModeNone specifies that the runtime should run without using any TEE.
+	TEESelectModeNone TEESelectMode = "none"
+
+	// TEESelectModeSGX specifies that the runtime should run in an SGX environment.
+	TEESelectModeSGX TEESelectMode = "sgx"
+
+	// TEESelectModeTDX specifies that the runtime should run in a TDX environment.
+	TEESelectModeTDX TEESelectMode = "tdx"
+)
+
 // Config is the runtime registry configuration structure.
 type Config struct {
 	// Runtimes is the list of runtimes to configure.
@@ -171,16 +188,61 @@ type RuntimeConfig struct {
 	Repositories []string `yaml:"repositories,omitempty"`
 }
 
+// Validate validates the runtime configuration.
+func (c *RuntimeConfig) Validate() error {
+	for _, comp := range c.Components {
+		if err := comp.Validate(); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 // ComponentConfig is the component configuration.
 type ComponentConfig struct {
 	// ID is the component identifier.
 	ID component.ID `yaml:"id"`
 
+	// TEE specifies the kind of Trusted Execution Environment (TEE)
+	// in which the component should run (none, sgx, tdx).
+	//
+	// If not provided, the TEE kind is selected automatically.
+	TEE TEESelectMode `yaml:"tee,omitempty"`
+
 	// Disabled specifies whether the component is disabled. If a component is specified and not
 	// disabled, it is enabled.
 	Disabled bool `yaml:"disabled,omitempty"`
 }
 
+// Validate validates the component configuration.
+func (c *ComponentConfig) Validate() error {
+	switch c.TEE {
+	case TEESelectModeAuto:
+	case TEESelectModeNone:
+	case TEESelectModeSGX:
+	case TEESelectModeTDX:
+	default:
+		return fmt.Errorf("unknown TEE select mode: %s", c.TEE)
+	}
+
+	return nil
+}
+
+// TEEKind returns the kind of Trusted Execution Environment (TEE)
+// in which the component should run, if it is specified.
+func (c *ComponentConfig) TEEKind() (component.TEEKind, bool) {
+	switch c.TEE {
+	case TEESelectModeNone:
+		return component.TEEKindNone, true
+	case TEESelectModeSGX:
+		return component.TEEKindSGX, true
+	case TEESelectModeTDX:
+		return component.TEEKindTDX, true
+	default:
+		return 0, false
+	}
+}
+
 // UnmarshalYAML implements yaml.Unmarshaler.
 func (c *ComponentConfig) UnmarshalYAML(value *yaml.Node) error {
 	switch value.ShortTag() {
@@ -240,6 +302,12 @@ func (c *Config) Validate() error {
 		return fmt.Errorf("cannot specify more than 128 instances for load balancing")
 	}
 
+	for _, rt := range c.Runtimes {
+		if err := rt.Validate(); err != nil {
+			return err
+		}
+	}
+
 	return nil
 }
 

diff --git a/go/runtime/host/composite/composite.go b/go/runtime/host/composite/composite.go
@@ -203,9 +203,9 @@ func (p *provisioner) NewRuntime(cfg host.Config) (host.Runtime, error) {
 	if comp == nil {
 		return nil, fmt.Errorf("host/composite: component not available")
 	}
-	provisioner, ok := p.kinds[comp.TEEKind()]
+	provisioner, ok := p.kinds[comp.TEEKind]
 	if !ok {
-		return nil, fmt.Errorf("host/composite: provisioner for kind '%s' is not available", comp.TEEKind())
+		return nil, fmt.Errorf("host/composite: provisioner for kind '%s' is not available", comp.TEEKind)
 	}
 	return provisioner.NewRuntime(cfg)
 }

diff --git a/go/runtime/host/sgx/sgx.go b/go/runtime/host/sgx/sgx.go
@@ -284,7 +284,7 @@ func (s *sgxProvisioner) getSandboxConfig(rtCfg host.Config, conn sandbox.Connec
 		return cfg, nil
 	}
 
-	if comp.TEEKind() != component.TEEKindSGX {
+	if comp.SGX == nil {
 		return process.Config{}, fmt.Errorf("component '%s' is not an SGX component", comp.ID())
 	}
 

diff --git a/go/runtime/host/tdx/qemu.go b/go/runtime/host/tdx/qemu.go
@@ -109,7 +109,7 @@ func (q *qemuProvisioner) getSandboxConfig(rtCfg host.Config, _ sandbox.Connecto
 	if err != nil {
 		return process.Config{}, err
 	}
-	if comp.TEEKind() != component.TEEKindTDX {
+	if comp.TDX == nil {
 		return process.Config{}, fmt.Errorf("component '%s' is not a TDX component", comp.ID())
 	}