CCF
CCF copied to clipboard
Published
20 hours ago •
microsoft
microsoft
Support SEV-SNP attestation in CCF
Contributes to https://github.com/microsoft/CCF/issues/4068
Key Decisions:
- We perform a runtime check in virtual builds in PAL to see if we support SEV-SNP
- We strictly don't allow any kind of mixed networks for now
- We make a breaking change to the code_ids table, to state the platform the id came from, this is to distinguish potentially identical ids generated by different attestations (either by very remote chance or more likely by an attack on a compromised platform)
Todo:
- [x] Refactor attestation generation/verification into the PAL layer (covered by https://github.com/microsoft/CCF/pull/4083)
- [x] Generate and store the raw quote
- [x] Parse the quote to extract the code id and report data
- [x] Extract and verify the quote endorsements
- [ ] Authenticate when getting endorsements
- [ ] Allow user to specify where to get endorsements from
- [x] Get the endorsements in PAL
sev-snp@48853 aka 20220819.16 vs main ewma over 20 builds from 48562 to 48846
Click to see table
main
| build_id | build_number | tpcc_sgx_cft^ | tpcc_sgx_cft_mem | ls_sgx_cft^ | ls_sgx_cft_mem | ls_jwt_sgx_cft^ | ls_jwt_sgx_cft_mem | ls_js_sgx_cft^ | ls_js_sgx_cft_mem | ls_v8_sgx_cft^ | ls_v8_sgx_cft_mem | ls_full_js_sgx_cft^ | ls_full_js_sgx_cft_mem | ls_full_v8_sgx_cft^ | ls_full_v8_sgx_cft_mem | ls_js_jwt_sgx_cft^ | ls_js_jwt_sgx_cft_mem | hist_sgx_cft^ | RB put (/s)^ | CHAMP put (/s)^ | RB get (/s)^ | CHAMP get (/s)^ | tpcc_virtual_cft^ | tpcc_virtual_cft_mem | ls_virtual_cft^ | ls_virtual_cft_mem | ls_jwt_virtual_cft^ | ls_jwt_virtual_cft_mem | ls_js_virtual_cft^ | ls_js_virtual_cft_mem | ls_v8_virtual_cft^ | ls_v8_virtual_cft_mem | ls_full_js_virtual_cft^ | ls_full_js_virtual_cft_mem | ls_full_v8_virtual_cft^ | ls_full_v8_virtual_cft_mem | ls_js_jwt_virtual_cft^ | ls_js_jwt_virtual_cft_mem |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 48562 | 20220815.2 | 6242.99 | 8.42835e+07 | 19715.5 | 1.63882e+07 | 5635.6 | 1.53396e+07 | 2482.55 | 1.32424e+07 | 1574.14 | 1.66597e+08 | 2066.59 | 9.04813e+06 | 1406.98 | 9.81771e+07 | 1916.87 | 9.04813e+06 | 19707.5 | 909447 | 1.35619e+06 | 9.20028e+06 | 3.56168e+07 | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan |
| 48572 | 20220815.8 | 6341.7 | 8.48077e+07 | 19763.8 | 1.66503e+07 | 5496.3 | 1.53396e+07 | 2501.6 | 9.83456e+06 | 1570.93 | 1.66597e+08 | 2107.98 | 9.31027e+06 | 1423.48 | 9.87014e+07 | 1919.72 | 8.78598e+06 | 17907.1 | 901165 | 1.3418e+06 | 9.10214e+06 | 3.59292e+07 | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan |
| 48583 | 20220815.13 | 6332.98 | 8.40213e+07 | 19911.4 | 1.66503e+07 | 5538.12 | 1.53396e+07 | 2546.68 | 9.83456e+06 | 1586.74 | 1.645e+08 | 2108.78 | 9.04813e+06 | 1406.45 | 9.81771e+07 | 1926.97 | 9.04813e+06 | 19969.9 | 871522 | 1.37035e+06 | 9.28794e+06 | 3.56174e+07 | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan |
| 48592 | 20220815.17 | 6485.44 | 8.48077e+07 | 20376.3 | 1.66503e+07 | 5673.41 | 1.53396e+07 | 2594.85 | 1.00967e+07 | 1618.96 | 1.66597e+08 | 2112.77 | 9.04813e+06 | 1425.72 | 9.81771e+07 | 1855.64 | 1.14074e+07 | 18035.6 | 905909 | 1.37467e+06 | 9.32596e+06 | 3.57411e+07 | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan |
| 48597 | 20220815.19 | 6322.75 | 8.37592e+07 | 20129 | 1.56017e+07 | 5646.1 | 1.56017e+07 | 2604.46 | 9.83456e+06 | 1581.47 | 1.66597e+08 | 2119.41 | 9.04813e+06 | 1407.74 | 9.79149e+07 | 1919.54 | 9.04813e+06 | 21175.9 | 908606 | 1.38631e+06 | 9.27116e+06 | 3.59298e+07 | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan |
| 48608 | 20220815.24 | 6185.84 | 8.3497e+07 | 19745.5 | 1.63882e+07 | 5630.7 | 1.53396e+07 | 2495.22 | 1.00967e+07 | 1581.38 | 1.66597e+08 | 2126.35 | 9.31027e+06 | 1400.49 | 9.73907e+07 | 1911.7 | 9.04813e+06 | 19982.3 | 890280 | 1.39008e+06 | 9.35587e+06 | 3.59298e+07 | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan |
| 48635 | 20220816.3 | 6284.39 | 8.37592e+07 | 20503.9 | 1.69124e+07 | 5613.67 | 1.53396e+07 | 2536.88 | 1.00967e+07 | 1600.05 | 1.66859e+08 | 2114.81 | 9.04813e+06 | 1408.05 | 9.81771e+07 | 1923.09 | 8.78598e+06 | 20592.2 | 908239 | 1.36952e+06 | 9.21273e+06 | 3.58663e+07 | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan |
| 48642 | 20220816.7 | 6260.86 | 8.45456e+07 | 19653.2 | 1.63882e+07 | 5677.32 | 1.53396e+07 | 2524.16 | 1.00967e+07 | 1612.89 | 1.67121e+08 | 2117.49 | 9.31027e+06 | 1401.11 | 9.84392e+07 | 1922.37 | 9.04813e+06 | 18369.1 | 872322 | 1.38343e+06 | 9.3475e+06 | 3.5618e+07 | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan |
| 48672 | 20220816.16 | 6333.22 | 8.45456e+07 | 20111.1 | 1.74367e+07 | 5631.29 | 1.56017e+07 | 2536.69 | 1.00967e+07 | 1577.62 | 1.66597e+08 | 2075.38 | 9.31027e+06 | 1397.24 | 9.81771e+07 | 1931.89 | 9.04813e+06 | 22381.3 | 906591 | 1.36989e+06 | 9.40304e+06 | 3.65714e+07 | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan |
| 48683 | 20220816.20 | 6239.71 | 8.3497e+07 | 20020.9 | 1.6126e+07 | 5592.7 | 1.56017e+07 | 2541.69 | 1.03588e+07 | 1551.19 | 1.66597e+08 | 2157.57 | 9.31027e+06 | 1404.89 | 9.79149e+07 | 1927.48 | 8.78598e+06 | 18144.3 | 912041 | 1.3478e+06 | 9.29215e+06 | 3.55556e+07 | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan | nan |
| 48698 | 20220816.25 | 6140.94 | 8.42835e+07 | 19716.8 | 1.63882e+07 | 5626.93 | 1.53396e+07 | 2427.11 | 1.00967e+07 | 1566.11 | 1.66597e+08 | 2118.77 | 9.31027e+06 | 1386.8 | 9.79149e+07 | 1933.12 | 9.04813e+06 | 25043.1 | 876971 | 1.37875e+06 | 9.24601e+06 | 3.58669e+07 | 11079.7 | 0 | 41713 | 0 | 10360 | 0 | 4469.21 | 0 | 2766.55 | 0 | 3534.85 | 0 | 2531.53 | 0 | 3341.36 | 0 |
| 48723 | 20220817.3 | 6214.19 | 8.32349e+07 | 19633.1 | 1.74367e+07 | 5619.72 | 1.50774e+07 | 2489.91 | 1.00967e+07 | 1563.46 | 1.66859e+08 | 2111.37 | 9.31027e+06 | 1394.59 | 9.84392e+07 | 1926.84 | 9.04813e+06 | 26239.4 | 901443 | 1.34347e+06 | 9.09814e+06 | 3.54325e+07 | 11359.3 | 0 | 43757.8 | 0 | 10712.3 | 0 | 4405.46 | 0 | 2799.92 | 0 | 3551.2 | 0 | 2479.12 | 0 | 3393.52 | 0 |
| 48748 | 20220817.12 | 6287.18 | 8.45456e+07 | 19721.8 | 1.58639e+07 | 5636.57 | 1.53396e+07 | 2491.98 | 1.00967e+07 | 1564.43 | 1.66597e+08 | 2117.22 | 9.31027e+06 | 1416.06 | 9.81771e+07 | 1938.53 | 9.04813e+06 | 22437.1 | 906752 | 1.37403e+06 | 9.22103e+06 | 3.56794e+07 | 11343.3 | 0 | 43725.9 | 0 | 10106.5 | 0 | 4650.08 | 0 | 2757.07 | 0 | 3522.44 | 0 | 2426.54 | 0 | 3683.47 | 0 |
| 48761 | 20220817.17 | 6290.62 | 8.37592e+07 | 20050.9 | 1.66503e+07 | 5594.8 | 1.53396e+07 | 2537.25 | 1.00967e+07 | 1639.5 | 1.66859e+08 | 2079.59 | 9.31027e+06 | 1406.1 | 9.84392e+07 | 2010.14 | 8.78598e+06 | 23455.3 | 900740 | 1.36498e+06 | 9.16745e+06 | 3.55562e+07 | 11489 | 0 | 43054.4 | 0 | 10217.9 | 0 | 4757.92 | 0 | 2796.04 | 0 | 3674.13 | 0 | 2502.54 | 0 | 3579.84 | 0 |
| 48766 | 20220817.19 | 6329.39 | 8.40213e+07 | 19961.8 | 1.56017e+07 | 5596.01 | 1.53396e+07 | 2532.15 | 1.03588e+07 | 1584.56 | 1.66859e+08 | 2077.65 | 1.19317e+07 | 1394.38 | 9.76528e+07 | 1923.62 | 9.04813e+06 | 33258.3 | 874202 | 1.37658e+06 | 9.2256e+06 | 3.5743e+07 | 11870.6 | 0 | 42592.7 | 0 | 10689.6 | 0 | 4755.35 | 0 | 2880.03 | 0 | 3649.55 | 0 | 2482.02 | 0 | 3384.04 | 0 |
| 48771 | 20220818.2 | 6210.86 | 8.32349e+07 | 20026.3 | 1.58639e+07 | 5625 | 1.53396e+07 | 2533.51 | 1.00967e+07 | 1588.24 | 1.66335e+08 | 2117.02 | 9.04813e+06 | 1390.73 | 9.81771e+07 | 1935.9 | 9.04813e+06 | 23062.1 | 905627 | 1.40158e+06 | 9.21269e+06 | 3.59292e+07 | 11264.6 | 0 | 44076.9 | 0 | 10231.5 | 0 | 4682.16 | 0 | 2814.45 | 0 | 3826.75 | 0 | 2486.52 | 0 | 3498.83 | 0 |
| 48788 | 20220818.10 | 6336.81 | 8.32349e+07 | 19612.8 | 1.63882e+07 | 5575.63 | 1.56017e+07 | 2526.12 | 1.00967e+07 | 1587.78 | 1.66597e+08 | 2011.97 | 1.27181e+07 | 1404.76 | 9.81771e+07 | 1921.49 | 8.78598e+06 | 24152.1 | 904070 | 1.37265e+06 | 9.44645e+06 | 3.58669e+07 | 10840.1 | 0 | 42945.2 | 0 | 10200.6 | 0 | 4634.51 | 0 | 2774.03 | 0 | 3575.62 | 0 | 2469.15 | 0 | 3327.6 | 0 |
| 48822 | 20220819.2 | 6253.74 | 8.40213e+07 | 20068.5 | 1.58639e+07 | 5596.11 | 1.53396e+07 | 2490.71 | 1.00967e+07 | 1574.59 | 1.66597e+08 | 2111.96 | 9.31027e+06 | 1385.61 | 9.79149e+07 | 1935.25 | 9.04813e+06 | 25389.4 | 921024 | 1.34231e+06 | 9.21676e+06 | 3.58036e+07 | 11524.6 | 0 | 42495 | 0 | 10234.7 | 0 | 4682.58 | 0 | 2925.03 | 0 | 3526.85 | 0 | 2484.94 | 0 | 3402.4 | 0 |
| 48838 | 20220819.10 | 6244.91 | 8.37592e+07 | 20147.9 | 1.56017e+07 | 5583.05 | 1.53396e+07 | 2349.73 | 1.03588e+07 | 1576.84 | 1.66597e+08 | 2084.43 | 9.04813e+06 | 1397.52 | 9.84392e+07 | 1922.59 | 8.78598e+06 | 24113.9 | 899901 | 1.38979e+06 | 9.20032e+06 | 3.58669e+07 | 11789.5 | 0 | 42837.3 | 0 | 10354.3 | 0 | 4750.08 | 0 | 2792.27 | 0 | 3740.15 | 0 | 2500.2 | 0 | 3390.03 | 0 |
| 48846 | 20220819.13 | 6332.7 | 8.3497e+07 | 19685.5 | 1.6126e+07 | 5558.51 | 1.56017e+07 | 2543.73 | 1.00967e+07 | 1583.04 | 1.66597e+08 | 2104.13 | 9.31027e+06 | 1387.03 | 9.76528e+07 | 1876.09 | 9.04813e+06 | 28765.6 | 900689 | 1.38424e+06 | 9.19615e+06 | 3.59292e+07 | 11120.7 | 0 | 40447.3 | 0 | 9998.92 | 0 | 4542.63 | 0 | 2778.38 | 0 | 3532.06 | 0 | 2503.31 | 0 | 3486.38 | 0 |
sev-snp
| build_id | build_number | tpcc_virtual_cft^ | tpcc_virtual_cft_mem | tpcc_sgx_cft^ | tpcc_sgx_cft_mem | ls_virtual_cft^ | ls_virtual_cft_mem | ls_jwt_virtual_cft^ | ls_jwt_virtual_cft_mem | ls_js_virtual_cft^ | ls_js_virtual_cft_mem | ls_sgx_cft^ | ls_sgx_cft_mem | ls_jwt_sgx_cft^ | ls_jwt_sgx_cft_mem | ls_v8_virtual_cft^ | ls_v8_virtual_cft_mem | ls_js_sgx_cft^ | ls_js_sgx_cft_mem | ls_full_js_virtual_cft^ | ls_full_js_virtual_cft_mem | ls_full_v8_virtual_cft^ | ls_full_v8_virtual_cft_mem | ls_v8_sgx_cft^ | ls_v8_sgx_cft_mem | ls_js_jwt_virtual_cft^ | ls_js_jwt_virtual_cft_mem | ls_full_js_sgx_cft^ | ls_full_js_sgx_cft_mem | hist_sgx_cft^ | ls_full_v8_sgx_cft^ | ls_full_v8_sgx_cft_mem | ls_js_jwt_sgx_cft^ | ls_js_jwt_sgx_cft_mem | RB put (/s)^ | CHAMP put (/s)^ | RB get (/s)^ | CHAMP get (/s)^ |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 48802 | 20220818.16 | 11171.1 | 0 | 6262.2 | 8.3497e+07 | 40179.6 | 0 | 9884.96 | 0 | 4775.03 | 0 | 19644.6 | 1.63882e+07 | 5643.46 | 1.50774e+07 | 2831.02 | 0 | 2584.9 | 1.00967e+07 | 3601.67 | 0 | 2482.61 | 0 | 1594.41 | 1.66597e+08 | 3333.27 | 0 | 2149.35 | 9.04813e+06 | 28949.3 | 1394.67 | 9.81771e+07 | 1925.17 | 9.04813e+06 | 903913 | 1.37468e+06 | 9.26274e+06 | 3.57411e+07 |
| 48827 | 20220819.4 | 11512.6 | 0 | 6422.86 | 8.40213e+07 | 44737.1 | 0 | 10908.7 | 0 | 4548.05 | 0 | 19880.8 | 1.58639e+07 | 5662.01 | 1.56017e+07 | 2867.83 | 0 | 2482.08 | 1.00967e+07 | 3630.06 | 0 | 2503.08 | 0 | 1615.43 | 1.67121e+08 | 3498.36 | 0 | 2071.38 | 9.31027e+06 | 25507.3 | 1424.14 | 9.84392e+07 | 1933.03 | 9.04813e+06 | 908681 | 1.37624e+06 | 9.26688e+06 | 3.58663e+07 |
| 48829 | 20220819.5 | 10960.6 | 0 | 6394.34 | 8.45456e+07 | 40898.9 | 0 | 10228.9 | 0 | 4740.13 | 0 | 19764.3 | 1.6126e+07 | 5593.47 | 1.53396e+07 | 2801.86 | 0 | 2537.83 | 1.00967e+07 | 3842.77 | 0 | 2513.37 | 0 | 1618.94 | 1.66859e+08 | 3660.05 | 0 | 2108.64 | 9.31027e+06 | 25356.2 | 1418.26 | 9.76528e+07 | 2010.91 | 8.78598e+06 | 906910 | 1.35691e+06 | 9.30055e+06 | 3.56168e+07 |
| 48831 | 20220819.6 | 11357.2 | 0 | 6261.25 | 8.42835e+07 | 43414.8 | 0 | 10079 | 0 | 4360.93 | 0 | 19813 | 1.6126e+07 | 5606.75 | 1.50774e+07 | 2886.96 | 0 | 2483.36 | 1.03588e+07 | 3800.44 | 0 | 2556.06 | 0 | 1587.21 | 1.67121e+08 | 3345.38 | 0 | 2152.75 | 9.04813e+06 | 26927.8 | 1407.36 | 9.63421e+07 | 1930.65 | 9.04813e+06 | 890931 | 1.36943e+06 | 9.21688e+06 | 3.56168e+07 |
| 48853 | 20220819.16 | 11445.9 | 0 | 6267.67 | 8.42835e+07 | 42969.1 | 0 | 10324.6 | 0 | 4716.93 | 0 | 20020.3 | 1.74367e+07 | 5569.27 | 1.53396e+07 | 2872.81 | 0 | 2456.92 | 1.00967e+07 | 3587.07 | 0 | 2509.54 | 0 | 1602.42 | 1.66597e+08 | 3403.85 | 0 | 2079.96 | 1.19317e+07 | 28277.4 | 1409.98 | 9.81771e+07 | 1963.12 | 9.04813e+06 | 910580 | 1.37949e+06 | 9.36006e+06 | 3.58042e+07 |
