Automata Enclave Identity DAO

Summary

The EnclaveIdentityDao contract manages onchain storage and retrieval of Intel SGX Enclave Identity data (Identity.json). It handles identity information for QE (Quoting Enclave), QVE (Quote Verification Enclave), and TD_QE (Trust Domain Quoting Enclave), providing methods to upsert and query enclave identity collateral with signature verification against Intel's TCB Signing Certificate.

Methods

TCB_EVALUATION_NUMBER

function TCB_EVALUATION_NUMBER() external view returns (uint32)

Returns:

• TCB_EVALUATION_NUMBER (uint32) - The TCB Evaluation Data Number that the specific contract is assigned for retrieval.

getEnclaveIdentity

function getEnclaveIdentity(uint256 id, uint256 version)
    external
    view
    returns (EnclaveIdentityJsonObj memory enclaveIdObj)

Gets the enclave identity for a specified enclave type and version.

Parameters:

• id (uint256): The enclave ID - 0: QE; 1: QVE; 2: TD_QE

• version (uint256): The input version parameter (v3 or v4)

Returns:

• enclaveIdObj (EnclaveIdentityJsonObj): Consisting of the Identity JSON string and the signature

upsertEnclaveIdentity

Upserts (inserts or updates) enclave identity data on-chain with signature verification and rollback protection.

Parameters:

• id (uint256): The enclave ID - 0: QE; 1: QVE; 2: TD_QE

• version (uint256): The input version parameter (v3 or v4)

• enclaveIdentityObj (EnclaveIdentityJsonObj): Consisting of the Identity JSON string and the signature

Returns:

• attestationId (bytes32): The attestation ID returned by the resolver

getEnclaveIdentityIssuerChain

Fetches the certificate chain used to sign enclave identity data.

Returns:

• signingCert (bytes): DER encoded Intel TCB Signing Certificate

• rootCert (bytes): DER encoded Intel SGX Root CA

Reverts