Teerex¶

Calls¶

register_quoting_enclave¶

See [Pallet::register_quoting_enclave].

Attributes¶

Name	Type
enclave_identity	`Vec<u8>`
signature	`Vec<u8>`
certificate_chain	`Vec<u8>`

Python¶

call = substrate.compose_call(
    'Teerex', 'register_quoting_enclave', {
    'certificate_chain': 'Bytes',
    'enclave_identity': 'Bytes',
    'signature': 'Bytes',
}
)

register_sgx_enclave¶

See [Pallet::register_sgx_enclave].

Attributes¶

Name	Type
proof	`Vec<u8>`
worker_url	`Option<Vec<u8>>`
attestation_method	`SgxAttestationMethod`

Python¶

call = substrate.compose_call(
    'Teerex', 'register_sgx_enclave', {
    'attestation_method': {
        'Dcap': {'proxied': 'bool'},
        'Ias': None,
        'Skip': {'proxied': 'bool'},
    },
    'proof': 'Bytes',
    'worker_url': (None, 'Bytes'),
}
)

register_tcb_info¶

See [Pallet::register_tcb_info].

Attributes¶

Name	Type
tcb_info	`Vec<u8>`
signature	`Vec<u8>`
certificate_chain	`Vec<u8>`

Python¶

call = substrate.compose_call(
    'Teerex', 'register_tcb_info', {
    'certificate_chain': 'Bytes',
    'signature': 'Bytes',
    'tcb_info': 'Bytes',
}
)

set_security_flags¶

See [Pallet::set_security_flags].

Attributes¶

Name	Type
allow_skipping_attestation	`bool`
sgx_allow_debug_mode	`bool`

Python¶

call = substrate.compose_call(
    'Teerex', 'set_security_flags', {
    'allow_skipping_attestation': 'bool',
    'sgx_allow_debug_mode': 'bool',
}
)

unregister_proxied_enclave¶

See [Pallet::unregister_proxied_enclave].

Attributes¶

Name	Type
address	`EnclaveInstanceAddress<T::AccountId>`

Python¶

call = substrate.compose_call(
    'Teerex', 'unregister_proxied_enclave', {
    'address': {
        'fingerprint': 'scale_info::12',
        'registrar': 'AccountId',
        'signer': {
            'Known': {
                'Ecdsa': '[u8; 33]',
                'Ed25519': '[u8; 32]',
                'Sr25519': '[u8; 32]',
            },
            'Opaque': 'Bytes',
        },
    },
}
)

unregister_sovereign_enclave¶

See [Pallet::unregister_sovereign_enclave].

Attributes¶

Name	Type
enclave_signer	`T::AccountId`

Python¶

call = substrate.compose_call(
    'Teerex', 'unregister_sovereign_enclave', {'enclave_signer': 'AccountId'}
)

Events¶

AddedSgxEnclave¶

An Intel SGX enclave has been added to the enclave registry

Attributes¶

Name	Type	Composition
registered_by	`T::AccountId`	`AccountId`
worker_url	`Option<Vec<u8>>`	`(None, 'Bytes')`
tcb_status	`Option<SgxStatus>`	`(None, ('Invalid', 'Ok', 'GroupOutOfDate', 'GroupRevoked', 'ConfigurationNeeded'))`
attestation_method	`SgxAttestationMethod`	`{'Skip': {'proxied': 'bool'}, 'Ias': None, 'Dcap': {'proxied': 'bool'}}`

RemovedProxiedEnclave¶

a proxied enclave has been removed from the enclave registry

Attributes¶

Name	Type	Composition
None	`EnclaveInstanceAddress<T::AccountId>`	`{'fingerprint': 'scale_info::12', 'registrar': 'AccountId', 'signer': {'Opaque': 'Bytes', 'Known': {'Ed25519': '[u8; 32]', 'Sr25519': '[u8; 32]', 'Ecdsa': '[u8; 33]'}}}`

RemovedSovereignEnclave¶

a sovereign enclave has been removed from the enclave registry

Attributes¶

Name	Type	Composition
None	`T::AccountId`	`AccountId`

SgxQuotingEnclaveRegistered¶

An Intel SGX quoting enclave has been registered

Attributes¶

Name	Type	Composition
quoting_enclave	`SgxQuotingEnclave`	`{'issue_date': 'u64', 'next_update': 'u64', 'miscselect': '[u8; 4]', 'miscselect_mask': '[u8; 4]', 'attributes': '[u8; 16]', 'attributes_mask': '[u8; 16]', 'mrsigner': '[u8; 32]', 'isvprodid': 'u16', 'tcb': [{'isvsvn': 'u16'}]}`

SgxTcbInfoRegistered¶

Intel SGX TCB info has been registered

Attributes¶

Name	Type	Composition
fmspc	`Fmspc`	`[u8; 6]`
on_chain_info	`SgxTcbInfoOnChain`	`{'issue_date': 'u64', 'next_update': 'u64', 'tcb_levels': [{'cpusvn': '[u8; 16]', 'pcesvn': 'u16', 'tcb_status': ('Unknown', 'UpToDate', 'SWHardeningNeeded', 'ConfigurationAndSWHardeningNeeded', 'OutOfDate', 'OutOfDateConfigurationNeeded', 'Revoked')}]}`

UpdatedSecurityFlags¶

the enclave registry security flags have been updated

Attributes¶

Name	Type	Composition
allow_skipping_attestation	`bool`	`bool`
sgx_allow_debug_mode	`bool`	`bool`

Storage functions¶

AllowSkippingAttestation¶

Python¶

result = substrate.query(
    'Teerex', 'AllowSkippingAttestation', []
)

Return value¶

'bool'

ProxiedEnclaves¶

Python¶

result = substrate.query(
    'Teerex', 'ProxiedEnclaves', [
    {
        'fingerprint': 'scale_info::12',
        'registrar': 'AccountId',
        'signer': {
            'Known': {
                'Ecdsa': '[u8; 33]',
                'Ed25519': '[u8; 32]',
                'Sr25519': '[u8; 32]',
            },
            'Opaque': 'Bytes',
        },
    },
]
)

Return value¶

{
    'Sgx': {
        'attestation_method': {
            'Dcap': {'proxied': 'bool'},
            'Ias': None,
            'Skip': {'proxied': 'bool'},
        },
        'build_mode': ('Debug', 'Production'),
        'mr_enclave': '[u8; 32]',
        'mr_signer': '[u8; 32]',
        'report_data': {'d': '[u8; 64]'},
        'status': (
            'Invalid',
            'Ok',
            'GroupOutOfDate',
            'GroupRevoked',
            'ConfigurationNeeded',
        ),
        'timestamp': 'u64',
        'url': (None, 'Bytes'),
    },
}

SgxAllowDebugMode¶

Python¶

result = substrate.query(
    'Teerex', 'SgxAllowDebugMode', []
)

Return value¶

'bool'

SgxQuotingEnclaveRegistry¶

Python¶

result = substrate.query(
    'Teerex', 'SgxQuotingEnclaveRegistry', []
)

Return value¶

{
    'attributes': '[u8; 16]',
    'attributes_mask': '[u8; 16]',
    'issue_date': 'u64',
    'isvprodid': 'u16',
    'miscselect': '[u8; 4]',
    'miscselect_mask': '[u8; 4]',
    'mrsigner': '[u8; 32]',
    'next_update': 'u64',
    'tcb': [{'isvsvn': 'u16'}],
}

SgxTcbInfo¶

Python¶

result = substrate.query(
    'Teerex', 'SgxTcbInfo', ['[u8; 6]']
)

Return value¶

{
    'issue_date': 'u64',
    'next_update': 'u64',
    'tcb_levels': [
        {
            'cpusvn': '[u8; 16]',
            'pcesvn': 'u16',
            'tcb_status': (
                'Unknown',
                'UpToDate',
                'SWHardeningNeeded',
                'ConfigurationAndSWHardeningNeeded',
                'OutOfDate',
                'OutOfDateConfigurationNeeded',
                'Revoked',
            ),
        },
    ],
}

SovereignEnclaves¶

Python¶

result = substrate.query(
    'Teerex', 'SovereignEnclaves', ['AccountId']
)

Return value¶

{
    'Sgx': {
        'attestation_method': {
            'Dcap': {'proxied': 'bool'},
            'Ias': None,
            'Skip': {'proxied': 'bool'},
        },
        'build_mode': ('Debug', 'Production'),
        'mr_enclave': '[u8; 32]',
        'mr_signer': '[u8; 32]',
        'report_data': {'d': '[u8; 64]'},
        'status': (
            'Invalid',
            'Ok',
            'GroupOutOfDate',
            'GroupRevoked',
            'ConfigurationNeeded',
        ),
        'timestamp': 'u64',
        'url': (None, 'Bytes'),
    },
}

Constants¶

MaxAttestationRenewalPeriod¶

If a worker does not re-register within MaxAttestationRenewalPeriod, it can be unregistered by anyone.

Value¶

172800000

Python¶

constant = substrate.get_constant('Teerex', 'MaxAttestationRenewalPeriod')

MomentsPerDay¶

Value¶

86400000

Python¶

constant = substrate.get_constant('Teerex', 'MomentsPerDay')

Errors¶

CaVerificationFailed¶

CertificateChainIsInvalid¶

CertificateChainIsTooShort¶

CollateralIsInvalid¶

The provided collateral data is invalid

CpuSvnDecodingError¶

CpuSvnLengthMismatch¶

CpuSvnOidIsMissing¶

DcapKeyTypeMismatch¶

DcapQuoteDecodingError¶

DcapQuoteIsTooLong¶

DcapQuoteVersionMismatch¶

DerEncodingError¶

EmptyEnclaveRegistry¶

No enclave is registered.

EnclaveIdentityDecodingError¶

EnclaveIdentitySignatureIsInvalid¶

EnclaveIsNotRegistered¶

The enclave is not registered.

EnclaveSignerDecodeError¶

Failed to decode enclave signer.

EnclaveUrlIsTooLong¶

The worker url is too long.

FmspcDecodingError¶

FmspcLengthMismatch¶

FmspcOidIsMissing¶

IntelExtensionAmbiguity¶

IntelExtensionCertificateDecodingError¶

IsvEnclaveReportSignatureIsInvalid¶

KeyLengthIsInvalid¶

LeafCertificateParsingError¶

MissingTcbInfoForFmspc¶

No TCB info could be found onchain for the examinee's fmspc

NetscapeDecodingError¶

NetscapeDerError¶

OtherSgxVerifyError¶

An error originating in the sgx_verify crate

PceSvnDecodingError¶

PceSvnLengthMismatch¶

PceSvnOidIsMissing¶

PckCertFormatMismatch¶

PublicKeyIsInvalid¶

QeHasRejectedEnclave¶

QeReportHashMismatch¶

QuoteBodyDecodingError¶

QuoteBodyIsInvalid¶

QuoteBodyMissing¶

QuoteStatusMissing¶

RaProofIsTooLong¶

The Remote Attestation proof is too long.

RemoteAttestationIsTooOld¶

IAS remote attestation is too old

RemoteAttestationVerificationFailed¶

Verifying RA report failed.

RsaSignatureIsInvalid¶

SenderIsNotAttestedEnclave¶

Sender does not match attested enclave in report.

SgxModeIsNotAllowed¶

The enclave cannot attest, because its building mode is not allowed.

SgxReportParsingError¶

SkippingAttestationIsNotAllowed¶

skipping attestation not allowed by configuration

TcbInfoIsInvalid¶

TcbInfoIsOutdated¶

Either the enclave TCB has outdated status or the onchain TCB collateral is outdated

TimestampIsInvalid¶

TimestampIsMissing¶

UnregisterActiveEnclaveIsNotAllowed¶

It is not allowed to unregister enclaves with recent activity