Merge branch 'taiko/unstable' into holesky

# Conflicts: # provers/sgx/prover/src/lib.rs
taikoxyz · Apr 10, 2024 · 93bc7d8 · 93bc7d8
2 parents 668e244 + 7a15091
commit 93bc7d8
Show file tree

Hide file tree

Showing 11 changed files with 98 additions and 107 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -33,12 +33,12 @@ RUN curl -o setup.sh -sL https://deb.nodesource.com/setup_18.x && \
     ./setup.sh && \
     apt-get update && \
     apt-get install -y \
-        cracklib-runtime \
-        libsgx-dcap-default-qpl \
-        libsgx-dcap-ql \
-        libsgx-urts \
-        sgx-pck-id-retrieval-tool \
-        sudo && \
+    cracklib-runtime \
+    libsgx-dcap-default-qpl \
+    libsgx-dcap-ql \
+    libsgx-urts \
+    sgx-pck-id-retrieval-tool \
+    sudo && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
@@ -49,7 +49,6 @@ RUN sed -i 's/https:\/\/localhost:8081/https:\/\/pccs:8081/g' /etc/sgx_default_q
 RUN mkdir -p \
     ./bin \
     ./provers/sgx \
-    /tmp/sgx \
     /var/log/raiko
 
 COPY --from=builder /opt/raiko/docker/entrypoint.sh ./bin/

diff --git a/README_SGX.md b/README_SGX.md
@@ -118,7 +118,7 @@ To run `raiko-guest` in _one-shot_ mode with SGX using Gramine:
    Next public key: 0x021d90eee5c402692fa3a3d3edd43a052367efbd6e4d26b9ca14099516525b9d09
    Entry: /root/.config/raiko/secrets/priv.key
    ```
-1. Run `raiko-guest` with the input file of your choice:
+1. ~~Run `raiko-guest` with the input file of your choice:~~
 
    ```
    ubuntu@ubuntu:~/zeth/target/debug$ gramine-sgx ./raiko-guest one-shot --blocks-data-file /tmp/ethereum/173.json.gz

diff --git a/docker/docker-compose-pos.yml b/docker/docker-compose-pos.yml
@@ -8,7 +8,6 @@ services:
       - "/dev/sgx_enclave:/dev/sgx_enclave"
       - "/dev/sgx_provision:/dev/sgx_provision"
     volumes:
-      - /tmp/sgx:/tmp/sgx
       - /var/log/raiko:/var/log/raiko
       - ${HOME}/.config/gramine:/root/.config/gramine
       # make sure you have ${HOME}/.config/raiko directory

diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -11,7 +11,6 @@ services:
       - "/dev/sgx_enclave:/dev/sgx_enclave"
       - "/dev/sgx_provision:/dev/sgx_provision"
     volumes:
-      - /tmp/sgx:/tmp/sgx
       - /var/log/raiko:/var/log/raiko
       - ${HOME}/.config/gramine:/root/.config/gramine
       - ${HOME}/.config/raiko:/root/.config/raiko

diff --git a/host/src/preflight.rs b/host/src/preflight.rs
@@ -304,7 +304,7 @@ fn get_blob_data(beacon_rpc_url: &str, block_id: u64) -> Result<GetBlobsResponse
 // CommitmentInclusionProof []string
 // `json:"kzg_commitment_inclusion_proof"` }
 #[derive(Clone, Debug, Deserialize, Serialize)]
-pub struct GetBlobData {
+struct GetBlobData {
     pub index: String,
     pub blob: String,
     // pub signed_block_header: SignedBeaconBlockHeader, // ignore for now
@@ -314,7 +314,7 @@ pub struct GetBlobData {
 }
 
 #[derive(Clone, Debug, Deserialize, Serialize)]
-pub struct GetBlobsResponse {
+struct GetBlobsResponse {
     pub data: Vec<GetBlobData>,
 }
 
@@ -331,7 +331,21 @@ pub fn get_block(provider: &ReqwestProvider, block_number: u64, full: bool) -> R
     }
 }
 
-pub fn get_block_proposed_event(
+pub fn batch_get_history_headers(
+    provider: &ReqwestProvider,
+    handle: &tokio::runtime::Handle,
+    block_number: u64,
+) -> Result<Vec<AlloyBlock>> {
+    let response = handle.block_on(async {
+        provider
+            .client()
+            .request("taiko_getL2ParentHeaders", (block_number,))
+            .await
+    })?;
+    Ok(response)
+}
+
+fn get_block_proposed_event(
     provider: &ReqwestProvider,
     network: Network,
     block_hash: B256,

diff --git a/host/src/provider_db.rs b/host/src/provider_db.rs
@@ -27,7 +27,7 @@ use revm::{
 };
 use tokio::runtime::Handle;
 
-use crate::preflight::get_block;
+use crate::preflight::{batch_get_history_headers, get_block};
 
 pub struct ProviderDb {
     pub provider: ReqwestProvider,
@@ -225,22 +225,16 @@ impl Database for ProviderDb {
             return Ok(block_hash);
         }
 
-        // Get the block hash from the provider.
+        // Get the 256 history block hashes from the provider at first time for anchor
+        // transaction.
         let block_number = u64::try_from(number).unwrap();
-        let block_hash = self.async_executor.block_on(async {
-            self.provider
-                .get_block_by_number(block_number.into(), false)
-                .await
-                .unwrap()
-                .unwrap()
-                .header
-                .hash
-                .unwrap()
-                .0
-                .into()
-        });
-        self.initial_db.insert_block_hash(block_number, block_hash);
-        Ok(block_hash)
+        for block in batch_get_history_headers(&self.provider, &self.async_executor, block_number)?
+        {
+            let block_number = block.header.number.unwrap().try_into().unwrap();
+            let block_hash = block.header.hash.unwrap();
+            self.initial_db.insert_block_hash(block_number, block_hash);
+        }
+        self.block_hash(number)
     }
 
     fn code_by_hash(&mut self, _code_hash: B256) -> Result<Bytecode, Self::Error> {

diff --git a/provers/sgx/config/raiko-guest.manifest.template b/provers/sgx/config/raiko-guest.manifest.template
@@ -13,9 +13,7 @@ fs.mounts = [
   { path = "/sgx-guest", uri = "file:sgx-guest" },
   { path = "{{ arch_libdir }}", uri = "file:{{ arch_libdir }}" },
   { path = "/usr/lib/ssl/certs/", uri = "file:/usr/lib/ssl/certs/" },
-  { path = "/tmp", uri = "file:/tmp" },
   { path = "/root/.config/raiko/config", uri = "file:config" },
-  { path = "/tmp/inputs", uri = "file:/tmp/inputs" },
 
   # encrypted files give an IO error in direct mode so just make it a normal file
   { path = "/root/.config/raiko/secrets", uri = "file:secrets" {{ ", type = 'encrypted', key_name = '_sgx_mrsigner'" if direct_mode != '1' else "" }} },
@@ -52,6 +50,5 @@ sgx.remote_attestation = "dcap"
 
 sgx.allowed_files = [
   "file:config",
-  "file:/tmp/inputs",
   {{ " 'file:secrets', " if direct_mode == '1' else ""}}
 ]
diff --git a/provers/sgx/guest/src/app_args.rs b/provers/sgx/guest/src/app_args.rs
@@ -23,8 +23,6 @@ pub enum Command {
 
 #[derive(Debug, Args)]
 pub struct OneShotArgs {
-    #[clap(long, required = true)]
-    pub blocks_data_file: PathBuf,
     #[clap(long)]
     pub sgx_instance_id: u32,
 }

diff --git a/provers/sgx/guest/src/one_shot.rs b/provers/sgx/guest/src/one_shot.rs
@@ -114,10 +114,7 @@ pub async fn one_shot(global_opts: GlobalOpts, args: OneShotArgs) -> Result<()>
     let new_pubkey = public_key(&prev_privkey);
     let new_instance = public_key_to_address(&new_pubkey);
 
-    // Get the block input
-    let input_path = args.blocks_data_file.to_string_lossy().to_string();
-    let file = File::open(input_path).expect("unable to open file");
-    let input = bincode::deserialize_from(file).expect("unable to deserialize input");
+    let input = bincode::deserialize_from(std::io::stdin()).expect("unable to deserialize input");
 
     // Process the block
     let (header, _mpt_node) =

diff --git a/provers/sgx/prover/Cargo.toml b/provers/sgx/prover/Cargo.toml
@@ -6,14 +6,14 @@ edition = "2021"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-raiko-lib = { workspace = true, optional = true}
-raiko-primitives = { workspace = true, optional = true}
+raiko-lib = { workspace = true, optional = true }
+raiko-primitives = { workspace = true, optional = true }
 
-serde = { workspace = true, optional = true}
-serde_json = { workspace = true, optional = true}
-serde_with = { workspace = true, optional = true}
-tokio = { workspace = true, optional = true}
-bincode = { workspace = true, optional = true}
+serde = { workspace = true, optional = true }
+serde_json = { workspace = true, optional = true }
+serde_with = { workspace = true, optional = true }
+tokio = { workspace = true, optional = true }
+bincode = { workspace = true, optional = true }
 once_cell = { workspace = true }
 alloy-sol-types = { workspace = true }
 
@@ -27,4 +27,4 @@ enable = [
     "serde_with",
     "bincode",
     "tokio",
-]
+]
diff --git a/provers/sgx/prover/src/lib.rs b/provers/sgx/prover/src/lib.rs
@@ -1,16 +1,16 @@
 #![cfg(feature = "enable")]
 use std::{
     env,
-    fs::{self, copy, create_dir_all, remove_file, File},
+    fs::{copy, create_dir_all, remove_file},
     path::PathBuf,
-    process::Output,
+    process::{Command as StdCommand, Output, Stdio},
     str,
 };
 
 use alloy_sol_types::SolValue;
 use once_cell::sync::Lazy;
 use raiko_lib::{
-    input::{get_input_path, GuestInput, GuestOutput},
+    input::{GuestInput, GuestOutput},
     protocol_instance::ProtocolInstance,
     prover::{to_proof, Proof, Prover, ProverConfig, ProverError, ProverResult},
 };
@@ -40,6 +40,7 @@ pub struct SgxResponse {
 pub const ELF_NAME: &str = "sgx-guest";
 pub const INPUT_FILE_NAME: &str = "input.bin";
 pub const CONFIG: &str = "../../provers/sgx/config";
+pub const SGX_INPUT_PATH: &str = "/tmp/inputs";
 
 static GRAMINE_MANIFEST_TEMPLATE: Lazy<OnceCell<PathBuf>> = Lazy::new(OnceCell::new);
 static PRIVATE_KEY: Lazy<OnceCell<PathBuf>> = Lazy::new(OnceCell::new);
@@ -80,11 +81,11 @@ impl Prover for SgxProver {
             .await;
 
         // The gramine command (gramine or gramine-direct for testing in non-SGX environment)
-        let gramine_cmd = || -> Command {
+        let gramine_cmd = || -> StdCommand {
             let mut cmd = if direct_mode {
-                Command::new("gramine-direct")
+                StdCommand::new("gramine-direct")
             } else {
-                let mut cmd = Command::new("sudo");
+                let mut cmd = StdCommand::new("sudo");
                 cmd.arg("gramine-sgx");
                 cmd
             };
@@ -99,12 +100,12 @@ impl Prover for SgxProver {
 
         // Boostrap: run this each time a new keypair for proving needs to be generated
         if config.bootstrap {
-            bootstrap(&mut gramine_cmd()).await?;
+            bootstrap(gramine_cmd()).await?;
         }
 
         // Prove: run for each block
         let sgx_proof = if config.prove {
-            prove(&mut gramine_cmd(), input.clone(), config.instance_id).await
+            prove(gramine_cmd(), input.clone(), config.instance_id).await
         } else {
             // Dummy proof: it's ok when only setup/bootstrap was requested
             Ok(SgxResponse::default())
@@ -128,12 +129,13 @@ impl Prover for SgxProver {
     }
 }
 
-async fn setup(cur_dir: &PathBuf, direct_mode: bool) -> ProverResult<SgxResponse, String> {
+async fn setup(cur_dir: &PathBuf, direct_mode: bool) -> ProverResult<(), String> {
     // Create required directories
     let directories = ["secrets", "config"];
     for dir in directories {
         create_dir_all(cur_dir.join(dir)).unwrap();
     }
+    create_dir_all(SGX_INPUT_PATH).unwrap();
     if direct_mode {
         // Copy dummy files in direct mode
         let files = ["attestation_type", "quote", "user_report_data"];
@@ -185,68 +187,60 @@ async fn setup(cur_dir: &PathBuf, direct_mode: bool) -> ProverResult<SgxResponse
             .map_err(|e| handle_gramine_error("Could not sign manfifest", e))?;
     }
 
-    Ok(SgxResponse::default())
+    Ok(())
 }
 
-async fn bootstrap(gramine_cmd: &mut Command) -> ProverResult<SgxResponse, String> {
-    // Bootstrap with new private key for signing proofs
-    // First delete the private key if it already exists
-    if PRIVATE_KEY.get().unwrap().exists() {
-        if let Err(e) = remove_file(PRIVATE_KEY.get().unwrap()) {
-            println!("Error deleting file: {}", e);
+async fn bootstrap(mut gramine_cmd: StdCommand) -> ProverResult<(), String> {
+    tokio::task::spawn_blocking(move || {
+        // Bootstrap with new private key for signing proofs
+        // First delete the private key if it already exists
+        if PRIVATE_KEY.get().unwrap().exists() {
+            if let Err(e) = remove_file(PRIVATE_KEY.get().unwrap()) {
+                println!("Error deleting file: {}", e);
+            }
         }
-    }
-    let output = gramine_cmd
-        .arg("bootstrap")
-        .output()
-        .await
-        .map_err(|e| handle_gramine_error("Could not run SGX guest boostrap", e))?;
-    print_output(&output, "Sgx bootstrap");
-
-    Ok(SgxResponse::default())
-}
+        let output = gramine_cmd
+            .arg("bootstrap")
+            .output()
+            .map_err(|e| handle_gramine_error("Could not run SGX guest boostrap", e))?;
+        print_output(&output, "Sgx bootstrap");
 
-fn get_sgx_input_path(block_number: u64, network: &str) -> PathBuf {
-    // Format the input path
-    let input_dir = PathBuf::from("/tmp/inputs");
-    if !input_dir.exists() {
-        fs::create_dir_all(&input_dir)
-            .unwrap_or_else(|_| panic!("Failed to create cache directory {:?}", input_dir));
-    }
-    get_input_path(&input_dir, block_number, network)
+        Ok(())
+    })
+    .await
+    .map_err(|e| e.to_string())?
 }
 
 async fn prove(
-    gramine_cmd: &mut Command,
+    mut gramine_cmd: StdCommand,
     input: GuestInput,
     instance_id: u64,
 ) -> ProverResult<SgxResponse, ProverError> {
-    // Write the input to a file that will be read by the SGX instance
-    let input_path = get_sgx_input_path(input.block_number, &input.network.to_string());
-    let file = File::create(&input_path).expect("Unable to open input file");
-    println!("writing SGX input to {:?}", input_path);
-    bincode::serialize_into(file, &input).expect("Unable to serialize input");
-
-    // Prove
-    let output = gramine_cmd
-        .arg("one-shot")
-        .arg("--sgx-instance-id")
-        .arg(instance_id.to_string())
-        .arg("--blocks-data-file")
-        .arg(&input_path)
-        .output()
-        .await
-        .map_err(|e| handle_gramine_error("Could not run SGX guest prover", e))?;
-    print_output(&output, "Sgx execution");
-    if !output.status.success() {
-        return ProverResult::Err(ProverError::GuestError(output.status.to_string()));
-    }
-
-    // Delete the input file
-    std::fs::remove_file(input_path)
-        .map_err(|e| format!("Could not clean up input file: {}", e))?;
-
-    Ok(parse_sgx_result(output.stdout)?)
+    tokio::task::spawn_blocking(move || {
+        // Prove
+        let mut child = gramine_cmd
+            .arg("one-shot")
+            .arg("--sgx-instance-id")
+            .arg(instance_id.to_string())
+            .stdin(Stdio::piped())
+            .stdout(Stdio::piped())
+            .stderr(Stdio::piped())
+            .spawn()
+            .map_err(|e| format!("Could not spawn gramine cmd: {}", e))?;
+        let stdin = child.stdin.as_mut().expect("Failed to open stdin");
+        bincode::serialize_into(stdin, &input).expect("Unable to serialize input");
+
+        let output = child
+            .wait_with_output()
+            .map_err(|e| handle_gramine_error("Could not run SGX guest prover", e))?;
+        print_output(&output, "Sgx execution");
+        if !output.status.success() {
+            return ProverResult::Err(ProverError::GuestError(output.status.to_string()));
+        }
+        Ok(parse_sgx_result(output.stdout)?)
+    })
+    .await
+    .map_err(|e| ProverError::GuestError(e.to_string()))?
 }
 
 fn parse_sgx_result(output: Vec<u8>) -> ProverResult<SgxResponse, String> {