From a361dbdfb1cb761664cdab32a268f9ff5876137f Mon Sep 17 00:00:00 2001
From: smtmfft <smtm@taiko.xyz>
Date: Fri, 19 Apr 2024 12:46:14 +0800
Subject: [PATCH 1/2] Show proof in bootstrap command and make loading bootsrap
 testable.

---
 provers/sgx/guest/src/one_shot.rs | 31 +++++++++++++++++++++----------
 provers/sgx/prover/src/lib.rs     | 20 +++++++++++---------
 2 files changed, 32 insertions(+), 19 deletions(-)

diff --git a/provers/sgx/guest/src/one_shot.rs b/provers/sgx/guest/src/one_shot.rs
index 88a0be28..06963be2 100644
--- a/provers/sgx/guest/src/one_shot.rs
+++ b/provers/sgx/guest/src/one_shot.rs
@@ -12,7 +12,7 @@ use raiko_lib::{
     protocol_instance::{assemble_protocol_instance, EvidenceType},
 };
 use raiko_primitives::Address;
-use secp256k1::KeyPair;
+use secp256k1::{KeyPair, SecretKey};
 use serde::Serialize;
 base64_serde_type!(Base64Standard, base64::engine::general_purpose::STANDARD);
 
@@ -67,6 +67,8 @@ fn save_bootstrap_details(
         new_instance,
         quote: hex::encode(quote),
     };
+
+    println!("{}", serde_json::json!(&bootstrap_details));
     let json = serde_json::to_string_pretty(&bootstrap_details)?;
     fs::write(bootstrap_details_file_path, json).context(format!(
         "Saving bootstrap data file {} failed",
@@ -101,16 +103,12 @@ pub fn bootstrap(global_opts: GlobalOpts) -> Result<()> {
 
 pub async fn one_shot(global_opts: GlobalOpts, args: OneShotArgs) -> Result<()> {
     // Make sure this SGX instance was bootstrapped
-    if !is_bootstrapped(&global_opts.secrets_dir) {
-        bail!("Application was not bootstrapped. Bootstrap it first.");
-    }
+    let prev_privkey = load_bootstrap(&global_opts.secrets_dir)
+        .or_else(|_| bail!("Application was not bootstrapped. Bootstrap it first."))
+        .unwrap();
 
     println!("Global options: {global_opts:?}, OneShot options: {args:?}");
 
-    // Load the signing data
-    let privkey_path = global_opts.secrets_dir.join(PRIV_KEY_FILENAME);
-    let prev_privkey = load_private_key(privkey_path)?;
-    // let (new_privkey, new_pubkey) = generate_new_keypair()?;
     let new_pubkey = public_key(&prev_privkey);
     let new_instance = public_key_to_address(&new_pubkey);
 
@@ -156,9 +154,22 @@ pub async fn one_shot(global_opts: GlobalOpts, args: OneShotArgs) -> Result<()>
     print_sgx_info()
 }
 
-fn is_bootstrapped(secrets_dir: &Path) -> bool {
+fn load_bootstrap(secrets_dir: &Path) -> Result<SecretKey, Error> {
     let privkey_path = secrets_dir.join(PRIV_KEY_FILENAME);
-    privkey_path.is_file() && !privkey_path.metadata().unwrap().permissions().readonly()
+    if privkey_path.is_file() && !privkey_path.metadata().unwrap().permissions().readonly() {
+        load_private_key(&privkey_path).map_err(|e| {
+            anyhow!(
+                "Failed to load private key from {}: {}",
+                privkey_path.display(),
+                e
+            )
+        })
+    } else {
+        Err(anyhow!(
+            "No readable private key found in {}",
+            privkey_path.display()
+        ))
+    }
 }
 
 fn save_attestation_user_report_data(pubkey: Address) -> Result<()> {
diff --git a/provers/sgx/prover/src/lib.rs b/provers/sgx/prover/src/lib.rs
index 0cb62f31..d9bc8a6c 100644
--- a/provers/sgx/prover/src/lib.rs
+++ b/provers/sgx/prover/src/lib.rs
@@ -109,12 +109,11 @@ impl Prover for SgxProver {
             setup(&cur_dir, direct_mode).await?;
         }
 
-        if config.bootstrap {
-            bootstrap(cur_dir.clone(), gramine_cmd()).await?;
-        }
-
-        // Prove: run for each block
-        let sgx_proof = if config.prove {
+        let sgx_proof = if config.bootstrap {
+            bootstrap(cur_dir.clone(), gramine_cmd()).await
+        } else if config.prove {
+            // now prove can not go with bootstrap as we need manually register sgx id.
+            // TODO: auto register sgx id
             prove(gramine_cmd(), input.clone(), config.instance_id).await
         } else {
             // Dummy proof: it's ok when only setup/bootstrap was requested
@@ -202,7 +201,10 @@ async fn setup(cur_dir: &PathBuf, direct_mode: bool) -> ProverResult<(), String>
     Ok(())
 }
 
-async fn bootstrap(dir: PathBuf, mut gramine_cmd: StdCommand) -> ProverResult<(), String> {
+async fn bootstrap(
+    dir: PathBuf,
+    mut gramine_cmd: StdCommand,
+) -> ProverResult<SgxResponse, ProverError> {
     tokio::task::spawn_blocking(move || {
         // Bootstrap with new private key for signing proofs
         // First delete the private key if it already exists
@@ -218,10 +220,10 @@ async fn bootstrap(dir: PathBuf, mut gramine_cmd: StdCommand) -> ProverResult<()
             .map_err(|e| handle_gramine_error("Could not run SGX guest bootstrap", e))?;
         handle_output(&output, "SGX bootstrap")?;
 
-        Ok(())
+        Ok(parse_sgx_result(output.stdout)?)
     })
     .await
-    .map_err(|e| e.to_string())?
+    .map_err(|e| ProverError::GuestError(e.to_string()))?
 }
 
 async fn prove(

From 278dfd634ce9da0135cdc3cc6e1669b9fce3d767 Mon Sep 17 00:00:00 2001
From: smtmfft <smtm@taiko.xyz>
Date: Sat, 20 Apr 2024 08:40:50 +0800
Subject: [PATCH 2/2] fix review comments

---
 provers/sgx/guest/src/one_shot.rs |  2 +-
 provers/sgx/prover/src/lib.rs     | 11 ++++++-----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/provers/sgx/guest/src/one_shot.rs b/provers/sgx/guest/src/one_shot.rs
index 06963be2..9f195a4d 100644
--- a/provers/sgx/guest/src/one_shot.rs
+++ b/provers/sgx/guest/src/one_shot.rs
@@ -104,7 +104,7 @@ pub fn bootstrap(global_opts: GlobalOpts) -> Result<()> {
 pub async fn one_shot(global_opts: GlobalOpts, args: OneShotArgs) -> Result<()> {
     // Make sure this SGX instance was bootstrapped
     let prev_privkey = load_bootstrap(&global_opts.secrets_dir)
-        .or_else(|_| bail!("Application was not bootstrapped. Bootstrap it first."))
+        .or_else(|_| bail!("Application was not bootstrapped or has a deprecated bootstrap."))
         .unwrap();
 
     println!("Global options: {global_opts:?}, OneShot options: {args:?}");
diff --git a/provers/sgx/prover/src/lib.rs b/provers/sgx/prover/src/lib.rs
index d9bc8a6c..4926c70e 100644
--- a/provers/sgx/prover/src/lib.rs
+++ b/provers/sgx/prover/src/lib.rs
@@ -109,17 +109,18 @@ impl Prover for SgxProver {
             setup(&cur_dir, direct_mode).await?;
         }
 
-        let sgx_proof = if config.bootstrap {
+        let mut sgx_proof = if config.bootstrap {
             bootstrap(cur_dir.clone(), gramine_cmd()).await
-        } else if config.prove {
-            // now prove can not go with bootstrap as we need manually register sgx id.
-            // TODO: auto register sgx id
-            prove(gramine_cmd(), input.clone(), config.instance_id).await
         } else {
             // Dummy proof: it's ok when only setup/bootstrap was requested
             Ok(SgxResponse::default())
         };
 
+        if config.prove {
+            // overwirte sgx_proof as the bootstrap quote stays the same in bootstrap & prove.
+            sgx_proof = prove(gramine_cmd(), input.clone(), config.instance_id).await
+        }
+
         to_proof(sgx_proof)
     }