ameba23
commented
1 month ago @HCastano now that https://github.com/entropyxyz/entropy-core/pull/1063 is finished, i am a little bit unsure how to go ahead with this.
The function parse_pck_cert_chain which i have exposed here in the attestation pallet needs to be called by the staking pallet's validate function.
But it seems we can't have the attestation pallet be a dependency of the staking pallet.
Easiest thing to do would be to move this code to the staking pallet. But logically it kinda belongs here because its kinda related to attestation.
So dunno if i should make a crate for this, or think up another place to put it, or just not worry and stick it in the staking pallet (in its own module).
HCastano
This is a followup to https://github.com/entropyxyz/entropy-core/pull/1051 in that it adds a way of parsing and validating the PCK certificates, as well as intermediary 'provider' certificates which sign the PCK cert and are in turn signed by intel's root certificate authority public key, which is hard coded. If all goes well the PCK public key is extracted from the certificate to be used in the
ServerInfostruct.This parsing / validating needs to happen when a validator initially joins, or when they change their endpoint (IP address).
@junkicide from poetic has also provided us with a function to validate a certificate chain of arbitrary length - im not sure whether in practice we can expect that there will be more than one intermediary provider beween the PCK cert and the root CA.
Related issue: https://github.com/entropyxyz/entropy-core/issues/982