Automata Enclave Identity DAO

Summary

The EnclaveIdentityDao contract manages onchain storage and retrieval of Intel SGX Enclave Identity data (Identity.json). It handles identity information for QE (Quoting Enclave), QVE (Quote Verification Enclave), and TD_QE (Trust Domain Quoting Enclave), providing methods to upsert and query enclave identity collateral with signature verification against Intel's TCB Signing Certificate.

Methods

TCB_EVALUATION_NUMBER

function TCB_EVALUATION_NUMBER() external view returns (uint32)

Returns:

  • TCB_EVALUATION_NUMBER (uint32) - The TCB Evaluation Data Number that the specific contract is assigned for retrieval.

getEnclaveIdentity

function getEnclaveIdentity(uint256 id, uint256 version)
    external
    view
    returns (EnclaveIdentityJsonObj memory enclaveIdObj)

Gets the enclave identity for a specified enclave type and version.

Parameters:

  • id (uint256): The enclave ID - 0: QE; 1: QVE; 2: TD_QE

  • version (uint256): The input version parameter (v3 or v4)

Returns:

  • enclaveIdObj (EnclaveIdentityJsonObj): Consisting of the Identity JSON string and the signature

upsertEnclaveIdentity

function upsertEnclaveIdentity(uint256 id, uint256 version, EnclaveIdentityJsonObj calldata enclaveIdentityObj)
    external
    returns (bytes32 attestationId)

Upserts (inserts or updates) enclave identity data on-chain with signature verification and rollback protection.

Parameters:

  • id (uint256): The enclave ID - 0: QE; 1: QVE; 2: TD_QE

  • version (uint256): The input version parameter (v3 or v4)

  • enclaveIdentityObj (EnclaveIdentityJsonObj): Consisting of the Identity JSON string and the signature

Returns:

  • attestationId (bytes32): The attestation ID returned by the resolver

getEnclaveIdentityIssuerChain

function getEnclaveIdentityIssuerChain() external view returns (bytes memory signingCert, bytes memory rootCert)

Fetches the certificate chain used to sign enclave identity data.

Returns:

  • signingCert (bytes): DER encoded Intel TCB Signing Certificate

  • rootCert (bytes): DER encoded Intel SGX Root CA

Reverts

Error
Selector
Notes

Enclave_Id_Mismatch()

289fa0cb

The provided id does not match with actual ID

Incorrect_Enclave_Id_Version()

4e0f5696

Invalid version for TD_QE (must be v4 or v5)

Missing_TCB_Cert()

841a0280

Intel TCB Signing Certificate not found

TCB_Cert_Expired()

ea8cd522

Intel TCB Signing Certificate has expired

TCB_Cert_Revoked(uint256 serialNum)

7fb57a7a

Intel TCB Signing Certificate has been revoked

Invalid_TCB_Cert_Signature()

8de7233f

Identity signature verification failed

Enclave_Id_Expired()

9ac04499

Enclave identity has expired

Enclave_Id_Out_Of_Date()

7a204327

Attempting to upsert older enclave identity data

PreviousContract AddressesNextContract Addresses

Last updated

Was this helpful?