This repo consists of Solidity implementation for an on-chain PCCS (Provisioning Certificate Caching Service) used in Intel DCAP (Data Center Attestation Primitives).
On-chain PCCS provides an open and permissionless service where users can freely contribute and be given easy access to collaterals for quote verification.
ℹ️ Note:
The deployment addresses shown here are currently based on the latest changes made.
To view deployments on the previous version (will be deprecated soon), you may refer to this branch.
There are two sets of contracts, i.e. the Helper and Base.
The Helper contracts provide APIs for parsing collaterals and converting into Solidity structs, i.e. QEIdentity.json, TCBInfo.json, basic DER-decoder for PCK X509 leaf certificate and extensions and X509 CRLs.
| Network | Address | |
|---|---|---|
EnclaveIdentityHelper.sol |
Automata Testnet | 0xae27D762EED6958bc34b358bd7C78c7211fe77F8 |
FmspcTcbHelper.sol |
Automata Testnet | 0x71056B540b4E60D0E8eFb55FAd487C486B09FFF5 |
PCKHelper.sol |
Automata Testnet | 0x4Aca9C0EB063401C9F5c2Fc4487DBC5ccF1C9E2B |
X509CRLHelper.sol |
Automata Testnet | 0x6e204fEAe40F668a06E78a83b66185FFC8892DDA |
The base contracts are libraries that provide the Data Access Object (DAO) APIs with similar designs inspired from the Design Guide for Intel SGX PCCS.
Base contracts are dependent on Helper contracts to parse collaterals, and contains implementation of basic collateral authenticity check functions for upserts. Smart contract developers are encouraged to extend the base contracts to build their own custom implementation of on-chain PCCS.
Our DAO implementation can be found in the automata_pccs directory.
| Network | Address | |
|---|---|---|
AutomataEnclaveIdentityDao.sol |
Automata Testnet | 0x413272890ab9F155a47A5F90a404Fb51aa259087 |
AutomataFmspcTcbDao.sol |
Automata Testnet | 0x9c54C72867b07caF2e6255CE32983c28aFE40F26 |
AutomataPckDao.sol |
Automata Testnet | 0x722525B96b62e182F8A095af0a79d4EA2037795C |
AutomataPcsDao.sol |
Automata Testnet | 0xcf171ACd6c0a776f9d3E1F6Cac8067c982Ac6Ce1 |
-
Install Foundry
-
Create
.envfile with the provided example.
cp env/.{network}.env.example .env- Compile the contracts
forge build- Run tests
forge testTo view gas report, pass the --gas-report flag.
- Deploy the Helper contracts
./script/helper/deploy.shIf you are having issues running the script, try changing the permission settings.
chmod +x ./script/helper/deploy.shMake sure to update .env file with the appropriate addresses, then run source .env.
- Deploy
automata-pccs
forge script DeployAutomataDao --rpc-url $RPC_URL -vvvv --broadcast --sig "deployAll(bool)" trueMake sure to update .env file with the appropriate addresses, then run source .env.
Once you have deployed all Automata DAOs, you must grant them write access to AutomataDaoStorage by running:
forge script ConfigureAutomataDao -rpc-url $RPC_URL -vvvv --broadcast --sig "updateStorageDao()"