From bcc4b559d88901e49e7b00b2e718fa1beb9ff9b2 Mon Sep 17 00:00:00 2001 From: Szilard Parrag Date: Wed, 22 Mar 2023 12:10:56 +0100 Subject: [PATCH 01/11] docker: remove --skip-ra flags --- docker/demo-teeracle-generic.yml | 2 +- docker/demo-teeracle.yml | 2 +- docker/docker-compose.yml | 28 +++++++++++----------------- 3 files changed, 13 insertions(+), 19 deletions(-) diff --git a/docker/demo-teeracle-generic.yml b/docker/demo-teeracle-generic.yml index 43a65d8411..288d33bf1d 100644 --- a/docker/demo-teeracle-generic.yml +++ b/docker/demo-teeracle-generic.yml @@ -30,7 +30,7 @@ services: entrypoint: "/usr/local/bin/integritee-service --clean-reset --ws-external -M integritee-teeracle-worker -T wss://integritee-teeracle-worker -u ws://integritee-node -U ws://integritee-teeracle-worker -P 2011 -w 2101 -p 9912 -h 4645 - run --dev --skip-ra --teeracle-interval ${TEERACLE_INTERVAL_SECONDS}s" + run --dev --teeracle-interval ${TEERACLE_INTERVAL_SECONDS}s" restart: always demo-teeracle-generic: image: integritee-cli:${VERSION:-dev} diff --git a/docker/demo-teeracle.yml b/docker/demo-teeracle.yml index 580281c483..ed7b66169b 100644 --- a/docker/demo-teeracle.yml +++ b/docker/demo-teeracle.yml @@ -33,7 +33,7 @@ services: entrypoint: "/usr/local/bin/integritee-service --clean-reset --ws-external -M integritee-teeracle-worker -T wss://integritee-teeracle-worker -u ws://integritee-node -U ws://integritee-teeracle-worker -P 2011 -w 2101 -p 9912 -h 4645 - run --dev --skip-ra --teeracle-interval ${TEERACLE_INTERVAL_SECONDS}s" + run --dev --teeracle-interval ${TEERACLE_INTERVAL_SECONDS}s" restart: always demo-teeracle: image: integritee-cli:${VERSION:-dev} diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 01e9d59aa7..13a084fe7b 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -1,5 +1,5 @@ services: - integritee-node-${VERSION}: + "integritee-node-${VERSION}": image: "${INTEGRITEE_NODE:-integritee/integritee-node-dev:1.0.33}" hostname: integritee-node devices: @@ -10,14 +10,14 @@ services: networks: - integritee-test-network healthcheck: - test: ["CMD", "nc", "-z", "integritee-node", "9912"] + test: [ "CMD", "nc", "-z", "integritee-node", "9912" ] interval: 10s timeout: 10s retries: 6 command: --dev --rpc-methods unsafe --ws-external --rpc-external --ws-port 9912 #logging: - #driver: local - integritee-worker-1-${VERSION}: + #driver: local + "integritee-worker-1-${VERSION}": image: integritee-worker:${VERSION:-dev} hostname: integritee-worker-1 build: @@ -25,7 +25,7 @@ services: dockerfile: build.Dockerfile target: deployed-worker depends_on: - integritee-node-${VERSION}: + "integritee-node-${VERSION}": condition: service_healthy devices: - "${SGX_PROVISION:-/dev/null}:/dev/sgx/provision" @@ -41,12 +41,9 @@ services: interval: 10s timeout: 10s retries: 25 - entrypoint: - "/usr/local/bin/integritee-service --clean-reset --ws-external -M integritee-worker-1 -T wss://integritee-worker-1 - -u ws://integritee-node -U ws://integritee-worker-1 -P 2011 -w 2101 -p 9912 -h 4645 - run --dev --skip-ra" + entrypoint: "/usr/local/bin/integritee-service --clean-reset --ws-external -M integritee-worker-1 -T wss://integritee-worker-1 -u ws://integritee-node -U ws://integritee-worker-1 -P 2011 -w 2101 -p 9912 -h 4645 run --dev" restart: "no" - integritee-worker-2-${VERSION}: + "integritee-worker-2-${VERSION}": image: integritee-worker:${VERSION:-dev} hostname: integritee-worker-2 build: @@ -54,9 +51,9 @@ services: dockerfile: build.Dockerfile target: deployed-worker depends_on: - integritee-node-${VERSION}: + "integritee-node-${VERSION}": condition: service_healthy - integritee-worker-1-${VERSION}: + "integritee-worker-1-${VERSION}": condition: service_healthy devices: - "${SGX_PROVISION:-/dev/null}:/dev/sgx/provision" @@ -72,11 +69,8 @@ services: interval: 10s timeout: 10s retries: 25 - entrypoint: - "/usr/local/bin/integritee-service --clean-reset --ws-external -M integritee-worker-2 -T wss://integritee-worker-2 - -u ws://integritee-node -U ws://integritee-worker-2 -P 2012 -w 2102 -p 9912 -h 4646 - run --dev --skip-ra --request-state" + entrypoint: "/usr/local/bin/integritee-service --clean-reset --ws-external -M integritee-worker-2 -T wss://integritee-worker-2 -u ws://integritee-node -U ws://integritee-worker-2 -P 2012 -w 2102 -p 9912 -h 4646 run --dev --request-state" restart: "no" networks: integritee-test-network: - driver: bridge \ No newline at end of file + driver: bridge From 7871abbd5c5a377e13c9e5a8ae6a24a9a241ee55 Mon Sep 17 00:00:00 2001 From: Szilard Parrag Date: Wed, 22 Mar 2023 13:28:45 +0100 Subject: [PATCH 02/11] attestation-handler: load SPID from env var if set --- .../attestation-handler/src/attestation_handler.rs | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/core-primitives/attestation-handler/src/attestation_handler.rs b/core-primitives/attestation-handler/src/attestation_handler.rs index eed94ec250..8bb7cffd26 100644 --- a/core-primitives/attestation-handler/src/attestation_handler.rs +++ b/core-primitives/attestation-handler/src/attestation_handler.rs @@ -54,7 +54,7 @@ use sgx_types::{ use sp_core::Pair; use std::{ borrow::ToOwned, - format, + env, format, io::{Read, Write}, net::TcpStream, prelude::v1::*, @@ -629,8 +629,9 @@ where } fn load_spid(filename: &str) -> SgxResult { - match io::read_to_string(filename).map(|contents| decode_spid(&contents)) { - Ok(r) => r, + // Check if set as enviromental variable + match env::var("IAS_EPID_SPID").or_else(|_| io::read_to_string(filename)) { + Ok(spid) => decode_spid(&spid), Err(e) => { error!("Failed to load SPID: {:?}", e); Err(sgx_status_t::SGX_ERROR_UNEXPECTED) From bf7d9ccb8c71ec2d2aa76c565fdd7539e2397fd6 Mon Sep 17 00:00:00 2001 From: Szilard Parrag Date: Wed, 22 Mar 2023 13:25:38 +0100 Subject: [PATCH 03/11] attestation-handler: use IAS API key from env if set --- .../attestation-handler/src/attestation_handler.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/core-primitives/attestation-handler/src/attestation_handler.rs b/core-primitives/attestation-handler/src/attestation_handler.rs index 8bb7cffd26..5ebe7aab31 100644 --- a/core-primitives/attestation-handler/src/attestation_handler.rs +++ b/core-primitives/attestation-handler/src/attestation_handler.rs @@ -640,7 +640,9 @@ where } fn get_ias_api_key() -> EnclaveResult { - io::read_to_string(RA_API_KEY_FILE) + // Check if set as enviromental variable + env::var("IAS_EPID_KEY") + .or_else(|_| io::read_to_string(RA_API_KEY_FILE)) .map(|key| key.trim_end().to_owned()) .map_err(|e| EnclaveError::Other(e.into())) } From 50efa9fefc241acbc54fb5760da97908135949c3 Mon Sep 17 00:00:00 2001 From: Szilard Parrag Date: Wed, 22 Mar 2023 13:29:06 +0100 Subject: [PATCH 04/11] gha: use secrets for EPID remote attestation --- .github/workflows/build_and_test.yml | 2 ++ docker/docker-compose.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml index 14f856713c..a04cd9f832 100644 --- a/.github/workflows/build_and_test.yml +++ b/.github/workflows/build_and_test.yml @@ -179,6 +179,8 @@ jobs: WORKER_IMAGE_TAG: integritee-worker:dev CLIENT_IMAGE_TAG: integritee-cli:dev COINMARKETCAP_KEY: ${{ secrets.COINMARKETCAP_KEY }} + IAS_EPID_SPID: ${{ secrets.IAS_SPID }} + IAS_EPID_KEY: ${{ secrets.IAS_PRIMARY_KEY }} TEERACLE_INTERVAL_SECONDS: 10 strategy: diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 13a084fe7b..7d5a61b2a7 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -34,6 +34,8 @@ services: - "${AESMD:-/dev/null}:/var/run/aesmd" environment: - RUST_LOG=warn,ws=warn,sp_io=warn,substrate_api_client=warn,jsonrpsee_ws_client=warn,jsonrpsee_ws_server=warn,enclave_runtime=warn,integritee_service=warn,ita_stf=warn + - IAS_EPID_SPID + - IAS_EPID_KEY networks: - integritee-test-network healthcheck: From bb294b9027e6fa3622097867c4cdd4d159fe3e6e Mon Sep 17 00:00:00 2001 From: Szilard Parrag Date: Mon, 3 Apr 2023 15:57:42 +0200 Subject: [PATCH 05/11] docker: allow runtime flags to be added from the outside --- docker/demo-teeracle-generic.yml | 6 ++++-- docker/demo-teeracle.yml | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/docker/demo-teeracle-generic.yml b/docker/demo-teeracle-generic.yml index 288d33bf1d..bb642eeabb 100644 --- a/docker/demo-teeracle-generic.yml +++ b/docker/demo-teeracle-generic.yml @@ -2,6 +2,8 @@ # # The demo is parameterized with the interval that the teeracle uses to query its sources. # Set the `TEERACLE_INTERVAL_SECONDS` variable when invoking, e.g. `TEERACLE_INTERVAL_SECONDS=4 docker compose -f docker-compose.yml -f demo-teeracle-generic.yml up --exit-code-from demo-teeracle-generic` +# Set the `ADDITIONAL_RUNTIME_FLAGS` variable to for additional flags. +# To skip remote attestation: `export ADDITIONAL_RUNTIME_FLAG="--skip-ra"` services: integritee-teeracle-worker-${VERSION}: image: integritee-worker:${VERSION:-dev} @@ -30,7 +32,7 @@ services: entrypoint: "/usr/local/bin/integritee-service --clean-reset --ws-external -M integritee-teeracle-worker -T wss://integritee-teeracle-worker -u ws://integritee-node -U ws://integritee-teeracle-worker -P 2011 -w 2101 -p 9912 -h 4645 - run --dev --teeracle-interval ${TEERACLE_INTERVAL_SECONDS}s" + run --dev ${ADDITIONAL_RUNTIME_FLAGS} --teeracle-interval ${TEERACLE_INTERVAL_SECONDS}s" restart: always demo-teeracle-generic: image: integritee-cli:${VERSION:-dev} @@ -61,4 +63,4 @@ services: restart: "no" networks: integritee-test-network: - driver: bridge \ No newline at end of file + driver: bridge diff --git a/docker/demo-teeracle.yml b/docker/demo-teeracle.yml index ed7b66169b..787493daa3 100644 --- a/docker/demo-teeracle.yml +++ b/docker/demo-teeracle.yml @@ -4,6 +4,8 @@ # Set the `TEERACLE_INTERVAL_SECONDS` variable when invoking, e.g. `TEERACLE_INTERVAL_SECONDS=4 docker compose -f docker-compose.yml -f demo-teeracle.yml up --exit-code-from demo-teeracle` # This setup requires an API key for CoinMarketCap # Add the API key to the environment variable `COINMARKETCAP_KEY`, with `export COINMARKETCAP_KEY=` +# Set the `ADDITIONAL_RUNTIME_FLAGS` variable to for additional flags. +# To skip remote attestation: `export ADDITIONAL_RUNTIME_FLAG="--skip-ra"` services: integritee-teeracle-worker-${VERSION}: image: integritee-worker:${VERSION:-dev} @@ -33,7 +35,7 @@ services: entrypoint: "/usr/local/bin/integritee-service --clean-reset --ws-external -M integritee-teeracle-worker -T wss://integritee-teeracle-worker -u ws://integritee-node -U ws://integritee-teeracle-worker -P 2011 -w 2101 -p 9912 -h 4645 - run --dev --teeracle-interval ${TEERACLE_INTERVAL_SECONDS}s" + run --dev ${ADDITIONAL_RUNTIME_FLAGS} --teeracle-interval ${TEERACLE_INTERVAL_SECONDS}s" restart: always demo-teeracle: image: integritee-cli:${VERSION:-dev} @@ -64,4 +66,4 @@ services: restart: "no" networks: integritee-test-network: - driver: bridge \ No newline at end of file + driver: bridge From d2e27779f742f8392736ddaa90a1ca97a2adba3f Mon Sep 17 00:00:00 2001 From: Szilard Parrag Date: Fri, 21 Apr 2023 08:21:07 +0200 Subject: [PATCH 06/11] docker: move EPID RA environment variables to their proper place --- docker/demo-teeracle-generic.yml | 2 ++ docker/demo-teeracle.yml | 2 ++ docker/docker-compose.yml | 2 ++ 3 files changed, 6 insertions(+) diff --git a/docker/demo-teeracle-generic.yml b/docker/demo-teeracle-generic.yml index bb642eeabb..58b3b88492 100644 --- a/docker/demo-teeracle-generic.yml +++ b/docker/demo-teeracle-generic.yml @@ -22,6 +22,8 @@ services: condition: service_healthy environment: - RUST_LOG=warn,ws=warn,sp_io=warn,substrate_api_client=warn,jsonrpsee_ws_client=warn,jsonrpsee_ws_server=warn,enclave_runtime=warn,integritee_service=info,integritee_service::teeracle=debug,ita_stf=warn,ita_oracle=debug + - IAS_EPID_SPID + - IAS_EPID_KEY networks: - integritee-test-network healthcheck: diff --git a/docker/demo-teeracle.yml b/docker/demo-teeracle.yml index 787493daa3..be003c61a0 100644 --- a/docker/demo-teeracle.yml +++ b/docker/demo-teeracle.yml @@ -25,6 +25,8 @@ services: environment: - RUST_LOG=warn,ws=warn,sp_io=warn,substrate_api_client=warn,jsonrpsee_ws_client=warn,jsonrpsee_ws_server=warn,enclave_runtime=warn,integritee_service=info,integritee_service::teeracle=debug,ita_stf=warn,ita_exchange_oracle=debug - COINMARKETCAP_KEY + - IAS_EPID_SPID + - IAS_EPID_KEY networks: - integritee-test-network healthcheck: diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 7d5a61b2a7..5a69d77c8b 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -64,6 +64,8 @@ services: - "${AESMD:-/dev/null}:/var/run/aesmd" environment: - RUST_LOG=warn,ws=warn,sp_io=warn,substrate_api_client=warn,jsonrpsee_ws_client=warn,jsonrpsee_ws_server=warn,enclave_runtime=warn,integritee_service=warn,ita_stf=warn + - IAS_EPID_SPID + - IAS_EPID_KEY networks: - integritee-test-network healthcheck: From 421f8962c43b3c4d08759d5cd6dfc1b10167c187 Mon Sep 17 00:00:00 2001 From: Szilard Parrag Date: Mon, 24 Apr 2023 13:13:46 +0200 Subject: [PATCH 07/11] docker: switch to integritee-node built with IAS checking --- .github/workflows/build_and_test.yml | 6 +++--- docker/docker-compose.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml index a04cd9f832..2c1df250d4 100644 --- a/.github/workflows/build_and_test.yml +++ b/.github/workflows/build_and_test.yml @@ -238,7 +238,7 @@ jobs: echo "PROJECT=${{ matrix.flavor_id }}-${{ matrix.demo_name }}" >> $GITHUB_ENV echo "VERSION=dev.$version" >> $GITHUB_ENV echo "WORKER_IMAGE_TAG=integritee-worker:dev.$version" >> $GITHUB_ENV - echo "INTEGRITEE_NODE=integritee-node-dev:1.0.33.$version" >> $GITHUB_ENV + echo "INTEGRITEE_NODE=integritee-node-dev:v1.0.33-noias.$version" >> $GITHUB_ENV echo "CLIENT_IMAGE_TAG=integritee-cli:dev.$version" >> $GITHUB_ENV if [[ ${{ matrix.sgx_mode }} == 'HW' ]]; then echo "SGX_PROVISION=/dev/sgx/provision" >> $GITHUB_ENV @@ -282,8 +282,8 @@ jobs: fi docker tag integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} ${{ env.WORKER_IMAGE_TAG }} docker tag integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }} ${{ env.CLIENT_IMAGE_TAG }} - docker pull integritee/integritee-node-dev:1.0.33 - docker tag integritee/integritee-node-dev:1.0.33 ${{ env.INTEGRITEE_NODE }} + docker pull integritee/integritee-node-dev:v1.0.33-noias + docker tag integritee/integritee-node-dev:v1.0.33-noias ${{ env.INTEGRITEE_NODE }} docker images --all ## diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 5a69d77c8b..45e91b695d 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -1,6 +1,6 @@ services: "integritee-node-${VERSION}": - image: "${INTEGRITEE_NODE:-integritee/integritee-node-dev:1.0.33}" + image: "${INTEGRITEE_NODE:-integritee/integritee-node-dev:v1.0.33-noias}" hostname: integritee-node devices: - "${SGX_PROVISION:-/dev/null}:/dev/sgx/provision" From 2e4ee3ae550329069188a56ac3594ebb0b697f3c Mon Sep 17 00:00:00 2001 From: Szilard Parrag Date: Mon, 24 Apr 2023 17:06:44 +0200 Subject: [PATCH 08/11] docker: switch to integritee-node-dev-ias image for enabled attestation --- .github/workflows/build_and_test.yml | 6 +++--- docker/docker-compose.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml index 2c1df250d4..5d6c7b3343 100644 --- a/.github/workflows/build_and_test.yml +++ b/.github/workflows/build_and_test.yml @@ -238,7 +238,7 @@ jobs: echo "PROJECT=${{ matrix.flavor_id }}-${{ matrix.demo_name }}" >> $GITHUB_ENV echo "VERSION=dev.$version" >> $GITHUB_ENV echo "WORKER_IMAGE_TAG=integritee-worker:dev.$version" >> $GITHUB_ENV - echo "INTEGRITEE_NODE=integritee-node-dev:v1.0.33-noias.$version" >> $GITHUB_ENV + echo "INTEGRITEE_NODE=integritee-node-dev-ias:1.0.34.$version" >> $GITHUB_ENV echo "CLIENT_IMAGE_TAG=integritee-cli:dev.$version" >> $GITHUB_ENV if [[ ${{ matrix.sgx_mode }} == 'HW' ]]; then echo "SGX_PROVISION=/dev/sgx/provision" >> $GITHUB_ENV @@ -282,8 +282,8 @@ jobs: fi docker tag integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} ${{ env.WORKER_IMAGE_TAG }} docker tag integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }} ${{ env.CLIENT_IMAGE_TAG }} - docker pull integritee/integritee-node-dev:v1.0.33-noias - docker tag integritee/integritee-node-dev:v1.0.33-noias ${{ env.INTEGRITEE_NODE }} + docker pull integritee/integritee-node-dev-ias:1.0.34 + docker tag integritee/integritee-node-dev-ias:1.0.34 ${{ env.INTEGRITEE_NODE }} docker images --all ## diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 45e91b695d..7575732055 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -1,6 +1,6 @@ services: "integritee-node-${VERSION}": - image: "${INTEGRITEE_NODE:-integritee/integritee-node-dev:v1.0.33-noias}" + image: "${INTEGRITEE_NODE:-integritee/integritee-node-dev-ias:1.0.34}" hostname: integritee-node devices: - "${SGX_PROVISION:-/dev/null}:/dev/sgx/provision" From da727c1e178759c5e1e2da82fe03523d007e3ea1 Mon Sep 17 00:00:00 2001 From: Szilard Parrag Date: Tue, 25 Apr 2023 16:51:01 +0200 Subject: [PATCH 09/11] attestation-handler: accept SW_HARDENING_NEEDED SGX status as well --- core-primitives/attestation-handler/src/cert.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/core-primitives/attestation-handler/src/cert.rs b/core-primitives/attestation-handler/src/cert.rs index 204c5686d6..e331d9e23a 100644 --- a/core-primitives/attestation-handler/src/cert.rs +++ b/core-primitives/attestation-handler/src/cert.rs @@ -366,6 +366,7 @@ where debug!("isvEnclaveQuoteStatus = {}", quote_status); match quote_status.as_ref() { "OK" => (), + "SW_HARDENING_NEEDED" => info!("Status in attestation report is SW_HARDENING_NEEDED, which is considered acceptable."), "GROUP_OUT_OF_DATE" | "GROUP_REVOKED" | "CONFIGURATION_NEEDED" => { // Verify platformInfoBlob for further info if status not OK if let Value::String(pib) = &attn_report["platformInfoBlob"] { From 84de8787d2132bd2385379d9e8d5a773d3807835 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Szil=C3=A1rd=20Parrag?= Date: Tue, 9 May 2023 10:23:45 +0200 Subject: [PATCH 10/11] Update core-primitives/attestation-handler/src/attestation_handler.rs Co-authored-by: Andrew --- core-primitives/attestation-handler/src/attestation_handler.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core-primitives/attestation-handler/src/attestation_handler.rs b/core-primitives/attestation-handler/src/attestation_handler.rs index 5ebe7aab31..03f8cf2219 100644 --- a/core-primitives/attestation-handler/src/attestation_handler.rs +++ b/core-primitives/attestation-handler/src/attestation_handler.rs @@ -629,7 +629,7 @@ where } fn load_spid(filename: &str) -> SgxResult { - // Check if set as enviromental variable + // Check if set as an environment variable match env::var("IAS_EPID_SPID").or_else(|_| io::read_to_string(filename)) { Ok(spid) => decode_spid(&spid), Err(e) => { From dfd4ed082b6043b076004075ca2ce33200cf0ef6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Szil=C3=A1rd=20Parrag?= Date: Tue, 9 May 2023 10:23:55 +0200 Subject: [PATCH 11/11] Update core-primitives/attestation-handler/src/attestation_handler.rs Co-authored-by: Andrew --- core-primitives/attestation-handler/src/attestation_handler.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core-primitives/attestation-handler/src/attestation_handler.rs b/core-primitives/attestation-handler/src/attestation_handler.rs index 03f8cf2219..9e5cde04d3 100644 --- a/core-primitives/attestation-handler/src/attestation_handler.rs +++ b/core-primitives/attestation-handler/src/attestation_handler.rs @@ -640,7 +640,7 @@ where } fn get_ias_api_key() -> EnclaveResult { - // Check if set as enviromental variable + // Check if set as an environment variable env::var("IAS_EPID_KEY") .or_else(|_| io::read_to_string(RA_API_KEY_FILE)) .map(|key| key.trim_end().to_owned())