register sgx id automatically (#114)

* register sgx id automatically

Signed-off-by: smtmfft <[email protected]>

* add a setup binary to init the k8s

Signed-off-by: smtmfft <[email protected]>

* fix ci test

* remove useless code

Signed-off-by: smtmfft <[email protected]>

* update config

Signed-off-by: smtmfft <[email protected]>

* Update Dockerfile.pccs to install curl package

* Refactor setup_bootstrap function to improve initialization process

---------

Signed-off-by: smtmfft <[email protected]>
Co-authored-by: john xu <[email protected]>

.dockerignore

@@ -13,3 +13,4 @@
 !/rust-toolchain
 !/taiko.toml
 !/tests
+!/setup

.vscode/settings.json

@@ -8,17 +8,6 @@
     "editor.rulers": [
         100
     ],
-    "rust-analyzer.check.overrideCommand": [
-        "cargo",
-        "clippy",
-        "--workspace",
-        "--message-format=json",
-        "--all-features",
-        "--all-targets",
-        "--",
-        "-A",
-        "incomplete-features"
-    ],
     "rust-analyzer.linkedProjects": [
         "Cargo.toml",
     ]

Cargo.toml

@@ -8,6 +8,7 @@ members = [
     "provers/risc0",
     "provers/sgx/prover",
     "provers/sgx/guest",
+    "setup",
 ]
 
 # Always optimize; building and running the guest takes much longer without optimization.
@@ -59,9 +60,12 @@ alloy-rpc-types = { git = "https://github.com/brechtpd/alloy", branch = "175" }
 alloy-rpc-client = { git = "https://github.com/brechtpd/alloy", branch = "175" }
 alloy-consensus = { git = "https://github.com/brechtpd/alloy", branch = "175", features = ["serde"] }
 alloy-network = { git = "https://github.com/brechtpd/alloy", branch = "175", features = ["k256"] }
+alloy-contract = { git = "https://github.com/brechtpd/alloy", branch = "175" }
 alloy-eips = { git = "https://github.com/brechtpd/alloy", branch = "175", features = ["serde"]  }
 alloy-provider = { git = "https://github.com/brechtpd/alloy", branch = "175" }
 alloy-transport-http = { git = "https://github.com/brechtpd/alloy", branch = "175" }
+alloy-signer = { git = "https://github.com/brechtpd/alloy", branch = "175" }
+alloy-signer-wallet = { git = "https://github.com/brechtpd/alloy", branch = "175" }
 
 # ethers (TODO: remove)
 ethers-contract = { git = "https://github.com/smtmfft/ethers-rs", branch = "ethers-core-2.0.10" }

Dockerfile

@@ -47,9 +47,11 @@ RUN mkdir -p \
 
 COPY --from=builder /opt/raiko/docker/entrypoint.sh ./bin/
 COPY --from=builder /opt/raiko/provers/sgx/config/sgx-guest.docker.manifest.template ./provers/sgx/config/sgx-guest.local.manifest.template
+# copy to /etc/raiko, but if self register mode, the mounted one will overwrite it.
 COPY --from=builder /opt/raiko/host/config/config.sgx.json /etc/raiko/
 COPY --from=builder /opt/raiko/target/release/sgx-guest ./bin/
 COPY --from=builder /opt/raiko/target/release/raiko-host ./bin/
+COPY --from=builder /opt/raiko/target/release/raiko-setup ./bin/
 
 ARG EDMM=0
 ENV EDMM=${EDMM}

Dockerfile.pccs

@@ -51,6 +51,12 @@ FROM ubuntu:23.04
 # Create user and group before copying files
 ARG USER=pccs
 RUN useradd -M -U -r ${USER} -s /bin/false
+RUN DEBIAN_FRONTEND=noninteractive \
+    apt-get update -yq \
+    && apt-get install -yq --no-install-recommends \
+    curl \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
 
 # Copy only necessary files from builder stage
 COPY --from=builder /usr/bin/node /usr/bin/node

docker/docker-compose.yml

@@ -19,6 +19,31 @@ services:
       #- PCCS_HOST=host.docker.internal:8081
     depends_on:
       - pccs
+  init-self-register:
+    build:
+      context: ..
+      args:
+        ENABLE_SELF_REGISTER: "true"
+      dockerfile: Dockerfile
+    image: gcr.io/evmchain/raiko-self-register:latest
+    container_name: raiko-init-self-register
+    command: --init-self-register
+    devices:
+      - "/dev/sgx_enclave:/dev/sgx_enclave"
+      - "/dev/sgx_provision:/dev/sgx_provision"
+    volumes:
+      - /var/log/raiko:/var/log/raiko
+      - ${HOME}/.config/gramine:/root/.config/gramine
+      - ${HOME}/.config/raiko:/root/.config/raiko
+      - ${HOME}/.config/raiko/config/config.sgx.json:/etc/raiko/config.sgx.json
+    environment:
+      - SENDER_PRIV_KEY=${SENDER_PRIV_KEY}
+      - L1_RPC=${L1_RPC}
+      - L1_CHAIN_ID=${L1_CHAIN_ID}
+      - SGX_VERIFIER_ADDRESS=${SGX_VERIFIER_ADDRESS}
+      #- PCCS_HOST=host.docker.internal:8081
+    depends_on:
+      - pccs
   raiko:
     build:
       context: ..
@@ -46,6 +71,31 @@ services:
     #  - "host.docker.internal:host-gateway"
     depends_on:
       - pccs
+  raiko-self-register:
+    build:
+      context: ..
+      dockerfile: Dockerfile
+    image: gcr.io/evmchain/raiko-self-register:latest
+    container_name: raiko-self-register
+    command: --config-path=/etc/raiko/config.sgx.json
+    devices:
+      - "/dev/sgx_enclave:/dev/sgx_enclave"
+      - "/dev/sgx_provision:/dev/sgx_provision"
+    volumes:
+      - /var/log/raiko:/var/log/raiko
+      - ${HOME}/.config/gramine:/root/.config/gramine
+      - ${HOME}/.config/raiko:/root/.config/raiko
+      - ${HOME}/.config/raiko/config/config.sgx.json:/etc/raiko/config.sgx.json
+    ports:
+      - "8080:8080"
+    # environment:
+      # you can use your own PCCS host
+      #- PCCS_HOST=host.docker.internal:8081
+    # use the host's network to connect to the PCCS
+    #extra_hosts:
+    #  - "host.docker.internal:host-gateway"
+    depends_on:
+      - pccs
   pccs:
     build:
       context: ..

docker/entrypoint.sh

@@ -9,6 +9,7 @@ RAIKO_DOCKER_VOLUME_SECRETS_PATH="$RAIKO_DOCKER_VOLUME_PATH/secrets"
 RAIKO_DOCKER_VOLUME_PRIV_KEY_PATH="$RAIKO_DOCKER_VOLUME_SECRETS_PATH/priv.key"
 RAIKO_APP_DIR="/opt/raiko/bin"
 RAIKO_GUEST_APP_FILENAME="sgx-guest"
+RAIKO_GUEST_SETUP_FILENAME="raiko-setup"
 RAIKO_INPUT_MANIFEST_FILENAME="$RAIKO_GUEST_APP_FILENAME.docker.manifest.template"
 RAIKO_OUTPUT_MANIFEST_FILENAME="$RAIKO_GUEST_APP_FILENAME.manifest.sgx"
 RAIKO_SIGNED_MANIFEST_FILENAME="$RAIKO_GUEST_APP_FILENAME.sig"
@@ -28,20 +29,30 @@ function bootstrap() {
     cd -
 }
 
+function bootstrap_with_self_register() {
+    mkdir -p "$RAIKO_DOCKER_VOLUME_SECRETS_PATH"
+    cd "$RAIKO_APP_DIR"
+    echo "./$RAIKO_GUEST_SETUP_FILENAME bootstrap --l1-rpc $L1_RPC --l1-chain-id $L1_CHAIN_ID --sgx-verifier-address $SGX_VERIFIER_ADDRESS"
+    ./$RAIKO_GUEST_SETUP_FILENAME bootstrap --l1-rpc $L1_RPC --l1-chain-id $L1_CHAIN_ID --sgx-verifier-address $SGX_VERIFIER_ADDRESS
+    cd -
+}
+
 if [[ -z "${PCCS_HOST}" ]]; then
     MY_PCCS_HOST=pccs:8081
 else
     MY_PCCS_HOST=${PCCS_HOST}
 fi
 
 sed -i "s/https:\/\/localhost:8081/https:\/\/${MY_PCCS_HOST}/g" /etc/sgx_default_qcnl.conf
-sed -i "s/123456/${SGX_INSTANCE_ID}/" /etc/raiko/config.sgx.json
 /restart_aesm.sh
 
 echo $#
 if [[ $# -eq 1 && $1 == "--init" ]]; then
     echo "start bootstrap"
     bootstrap
+elif [[ $# -eq 1 && $1 == "--init-self-register" ]]; then
+    echo "start bootstrap with self register"
+    bootstrap_with_self_register
 else
     echo "start proving"
     if [[ ! -f "$RAIKO_DOCKER_VOLUME_PRIV_KEY_PATH" ]]; then
@@ -50,5 +61,10 @@ else
         exit 1
     fi
 
+    if [[ ! -z $SGX_INSTANCE_ID ]]; then
+        echo "sed -i "s/123456/${SGX_INSTANCE_ID}/" /etc/raiko/config.sgx.json"
+        sed -i "s/123456/${SGX_INSTANCE_ID}/" /etc/raiko/config.sgx.json
+    fi
+
     /opt/raiko/bin/raiko-host "$@"
 fi

host/config/config.json

@@ -1,5 +1,6 @@
 {
     "network": "taiko_a7",
+    "l1_network": "holesky",
     "prover": "0x70997970C51812dc3A010C7d01b50e0d17dc79C8",
     "graffiti": "8008500000000000000000000000000000000000000000000000000000000000",
     "proof_type": "sgx",

host/config/config.sgx.json

@@ -1,5 +1,6 @@
 {
     "network": "taiko_a7",
+    "l1_network": "holesky",
     "sgx": {
         "instance_id": 123456
     }

host/src/request.rs

@@ -41,6 +41,8 @@ pub struct ProofRequest {
     pub beacon_rpc: String,
     /// network selection
     pub network: String,
+    /// l1 network selection
+    pub l1_network: String,
     // graffiti
     pub graffiti: B256,
     /// the protocol instance data

provers/sgx/guest/src/app_args.rs

@@ -21,6 +21,8 @@ pub enum Command {
     /// initial public-private key pair and stores it on the disk in an encrypted
     /// format using SGX encryption primitives.
     Bootstrap,
+    /// Check if bootstrap is readable
+    Check,
 }
 
 #[derive(Debug, Args)]