remote attestation for openfl participants

Author: Ubuntu

openfl-docker/gramine_app/fx.manifest.template

@@ -71,4 +71,5 @@ sgx.allowed_files = [
   "file:{{ workspace_root }}/plan/cols.yaml",
   "file:{{ workspace_root }}/plan/data.yaml",
   "file:{{ workspace_root }}/plan/plan.yaml",
+  "file:{{ workspace_root }}/attestation",
 ]

openfl-workspace/workspace/plan/defaults/network.yaml

@@ -4,6 +4,7 @@ settings:
     agg_port                   : auto
     hash_salt                  : auto
     use_tls                    : True
+    enable_remote_attestation  : False
     client_reconnect_interval  : 5
     require_client_auth        : True
     cert_folder                : cert

openfl/interface/aggregator.py

@@ -34,6 +34,7 @@
 from openfl.utilities import click_types
 from openfl.utilities.path_check import is_directory_traversal
 from openfl.utilities.utils import getfqdn_env
+from openfl.utilities.attestation import  attestation_utils as attestation_utils
 
 logger = getLogger(__name__)
 
@@ -90,6 +91,21 @@ def start_(plan, authorized_cols, task_group):
             parsed_plan.config["assigner"]["settings"] = {}
         parsed_plan.config["assigner"]["settings"]["selected_task_group"] = task_group
         logger.info(f"Setting aggregator to assign: {task_group} task_group")
+    
+    # Check if remote attestation is enabled in the plan configuration
+    if parsed_plan.config["network"]["settings"].get("enable_remote_attestation", False):
+        # Fetch remote attestation environment variables
+        attestation_env = attestation_utils.fetch_attestation_env_vars()
+        if attestation_env is not None:
+            attestation_mr = attestation_utils.AttestationManager("aggregator", attestation_env["ATTESTATION_REPORT_PATH"], attestation_env["ITA_API_KEY"], attestation_env["AVS_URL"])
+            # Generate and store the attestation report
+            attestation_mr.get_attested_identity()
+            logger.info("Remote attestation report fetched successfully.")
+        else:
+            logger.error("Failed to fetch remote attestation environment variables.")
+    else:
+        logger.info("Remote attestation is not enabled. Skipping attestation report generation.")
+
 
     logger.info("🧿 Starting the Aggregator Service.")
 

openfl/interface/collaborator.py

@@ -25,7 +25,7 @@
 from openfl.interface.cli_helper import CERT_DIR
 from openfl.utilities.path_check import is_directory_traversal
 from openfl.utilities.utils import rmtree
-
+from openfl.utilities.attestation import attestation_utils as attestation_utils
 logger = getLogger(__name__)
 
 
@@ -78,6 +78,20 @@ def start_(plan, collaborator_name, data_config):
 
     # TODO: Need to restructure data loader config file loader
 
+    # Check if remote attestation is enabled in the plan configuration
+    if plan.config["network"]["settings"].get("enable_remote_attestation", False):
+        # Fetch remote attestation environment variables
+        attestation_env = attestation_utils.fetch_attestation_env_vars()
+        if attestation_env is not None:
+            attestation_mr = attestation_utils.AttestationManager(collaborator_name, attestation_env["ATTESTATION_REPORT_PATH"], attestation_env["ITA_API_KEY"], attestation_env["AVS_URL"])
+            # Generate and store the attestation report
+            attestation_mr.get_attested_identity()
+            logger.info("Remote attestation report stored successfully.")
+        else:
+            logger.error("Remote attestation environment variables not set.")
+    else:
+        logger.info("Remote attestation is not enabled in the plan configuration.")
+
     echo(f"Data = {plan.cols_data_paths}")
     logger.info("🧿 Starting a Collaborator Service.")