eliza icon indicating copy to clipboard operation
eliza copied to clipboard

Published 20 hours ago verified publisher icon elizaOS

feat: support TEE logging and support running eliza in Intel SGX

Open ShuochengWang opened this issue 2 months ago • 15 comments

Relates to:

Keywords: TEE, Intel SGX, Logging, Attestation, Verification, Gramine.

Risks

Low

Background

What does this PR do?

This PR introduces support for TEE (Trusted Execution Environment) logging and enables the Eliza application to run within Intel SGX (Software Guard Extensions).

As Eliza is a fully autonomous AI agent capable of running within a TEE, we need to demonstrate to the outside world that we are indeed operating within a TEE. This allows external parties to verify that our actions are protected by the TEE and that they are entirely executed by Eliza, without any third-party interference. Therefore, it is necessary to leverage TEE's remote attestation and establish a TEE logging mechanism to prove that these operations are entirely and autonomously performed by Eliza within the TEE.

Meanwhile, the existing plugin-tee only supports running Eliza in dstack TDX CVM. However, although TDX is more convenient to use, Intel SGX remains a highly popular TEE in production environments. With the help of Gramine LibOS, it is possible to support running Eliza in SGX, thereby enabling the deployment of Eliza in a broader range of TEE scenarios.

What kind of change is this?

Features

  1. Support running Eliza in SGX
  2. Add plugin-sgx to support SGX attestation
  3. Add plugin-tee-log to support TEE logging (Gramine SGX and Dstack TDX)
  4. Add REST API in client-direct to support retrieve TEE logs

Details

TEE Logging Mechanism:

  1. Key Pair Generation and Attestation:

    • During startup, each agent generates a key pair and creates a remote attestation for the public key. The private key is securely stored in the TEE's encrypted memory. The agent's relevant information, along with the public key and attestation, is recorded in a local database. A new key pair is generated each time the agent is updated or restarted to ensure key security.

  2. Log Recording:

    • For each log entry, basic information is recorded, including agentId, roomId, userId, type, content, and timestamp. This information is concatenated and signed using the agent's corresponding private key to ensure verifiability. The verification process follows this trust chain:
      • Verify the attestation.
      • Trust the public key contained in the attestation.
      • Use the public key to verify the signature.
      • Trust the complete log record.

  3. Data Storage:

    • All log data must be stored in the TEE's encrypted file system in production environments. Storing data in plaintext is prohibited to prevent tampering.

  4. Log Extraction for Verification:

    • Third parties can extract TEE logs for verification purposes. Two types of information can be extracted:
      • Agent Information: This includes the agent's metadata, public key, and attestation, which can be used to verify the agent's public key.
      • Log Information: Required logs can be extracted, with the agent's attestation and public key used to verify the signature, ensuring that each record remains untampered.

  5. Integrity Protection:

    • When users extract TEE logs via the REST API, the results are hashed, and an attestation is generated. After extraction, users can verify the attestation by comparing the hash value contained within it to the extracted results, thereby ensuring the integrity of the data.

Documentation changes needed?

Need to add new documentation about TEE logging and how to run Eliza in SGX

Testing

Where should a reviewer start?

  1. SGX Gramine support
  2. plugin-sgx
  3. plugin-tee-log
  4. other parts

Detailed testing steps

Test SGX support

First, you need to prepare the SGX environment and install the Gramine dependencies according to https://gramine.readthedocs.io/en/stable/index.html

Then, start eliza in SGX:

pnpm i
pnpm build

# Start default character
SGX=1 make start
# Start specific character
SGX=1 make start -- --character "character/trump.character.json"

Test TEE logging

To get started, prepare the TEE environment. Both dstack TDX and Gramine SGX are supported.

Next, enable TEE logging by configuring the .env file:

ENABLE_TEE_LOG=true

The logging isn't integrated for actions by default, you need to integrate the logging for the actions you want to log. For example, if you want to log the Continue action of plugin-bootstrap, you can do the following:

First, add plugin-tee-log to the dependencies of plugin-bootstrap:

"@elizaos/plugin-tee-log": "workspace:*",

Then, add the following code to the Continue action:

import {
    ServiceType,
    ITeeLogService,
} from "@elizaos/core";


// In the handler of the action
    handler: async (
        runtime: IAgentRuntime,
        message: Memory,
        state: State,
        options: any,
        callback: HandlerCallback
    ) => {
        // Continue the action

        // Log the action
        const teeLogService = runtime
            .getService<ITeeLogService>(ServiceType.TEE_LOG)
            .getInstance();
        if (teeLogService.log(
                runtime.agentId,
                message.roomId,
                message.userId,
                "The type of the log, for example, Action:CONTINUE",
                "The content that you want to log"
            )
        ) {
            console.log("Logged TEE log successfully");
        }

        // Continue the action
    }

ShuochengWang avatar Dec 26 '24 15:12 ShuochengWang