Updating CCF PDO/TP Documentation with details about recent API changes

used to set PDO contract enclave attestation policy. The API changes are part of PR 467 (https://github.com/hyperledger-labs/private-data-objects/pull/467/files#) This PR updates the subsection `CCF TP TEE attestation verification policy` contained within ledgers/ccf/README.md to reflect the new APIs introduced in PR 467. Signed-off-by: Prakash Narayana Moorthy <[email protected]>
hyperledger-labs · Mar 4, 2024 · 40ef5f2 · 40ef5f2
1 parent 955e2b7
commit 40ef5f2
Showing 1 changed file with 6 additions and 10 deletions.
diff --git a/ledgers/ccf/README.md b/ledgers/ccf/README.md
@@ -216,13 +216,9 @@ cd ${PDO_SOURCE_ROOT}/build
 make test
 ```
 
-## CCF TP TEE attestation policy
-We briefly describe the attestation verification policy implemented by CCF TP.
-- CCF Governance consortium  registers attestation policy after TP is deployed.
-- Currently, TP supports two policies:
-    - No attestation verification: This policy is used while using PDO enclaves in SGX SIM mode.
-    - Check EPID attestation verification reports generated by IAS: This policy is used while using PDO enclaves in SGX HW mode.
-- One of the two policies must necessarily have been registered by the CCF consortium before any PDO enclave can be registered. There is no default policy.
-CCF TP provides a member-rpc that can be used for registering one of the above two policies. For the second policy above, the consortium
-gets to specify expected MREnclave, basename and IAS public key via the member-rpc.
-- The policy (including expected value of MREnclave) can be changed anytime by the CCF Governance consortium, subject to voting rules of the consortium.
+## CCF TP TEE attestation verification policy
+CCF TP provides two APIs to be used by the CCF Governance consortium to register attestation verification policy that must be satisfied by PDO contract enclaves.
+
+1. The first API `set_attestation_check_flag` is invoked as part of the TP start up scripts to specify whether PDO runs in SGX `HW` mode or SGX `SIM` mode. The flag can be set only once. There is no default value for the flag, and hence must be set explicitly before the TP can accept any `register_encalve` transactions.
+
+2. The second API `set_expected_sgx_measurements` is used whenever the `set_attestation_check_flag` specifies that PDO runs in SGX `HW` mode. In this case, the second API is used to the specify expected `MREnclave` value, and additionally `basename` and the `ias_public_key`. Note that PDO currently supports SGX `HW mode` with EPID attestation. The expected SGX measurements can be updated via the second API, subject to voting rules of the consortium.