remote attestation for openfl participants

Signed-off-by: Ubuntu <azureuser@ofl-dev-vm-ad-anshumi1.qnxiewjiflyubbpcwut13wv1wh.cx.internal.cloudapp.net>

Author: Ubuntu

openfl-docker/gramine_app/fx.manifest.template

@@ -71,4 +71,5 @@ sgx.allowed_files = [
   "file:{{ workspace_root }}/plan/cols.yaml",
   "file:{{ workspace_root }}/plan/data.yaml",
   "file:{{ workspace_root }}/plan/plan.yaml",
+  "file:{{ workspace_root }}/attestation",
 ]

openfl-workspace/workspace/plan/defaults/network.yaml

@@ -4,6 +4,7 @@ settings:
     agg_port                   : auto
     hash_salt                  : auto
     use_tls                    : True
+    enable_remote_attestation  : False
     client_reconnect_interval  : 5
     require_client_auth        : True
     cert_folder                : cert

openfl/interface/aggregator.py

@@ -32,6 +32,7 @@
 from openfl.federated import Plan
 from openfl.interface.cli_helper import CERT_DIR
 from openfl.utilities import click_types
+from openfl.utilities.attestation import attestation_utils as attestation_utils
 from openfl.utilities.path_check import is_directory_traversal
 from openfl.utilities.utils import getfqdn_env
 
@@ -91,6 +92,25 @@ def start_(plan, authorized_cols, task_group):
         parsed_plan.config["assigner"]["settings"]["selected_task_group"] = task_group
         logger.info(f"Setting aggregator to assign: {task_group} task_group")
 
+    # Check if remote attestation is enabled in the plan configuration
+    if parsed_plan.config["network"]["settings"].get("enable_remote_attestation", False):
+        # Fetch remote attestation environment variables
+        attestation_env = attestation_utils.fetch_attestation_env_vars()
+        if attestation_env is not None:
+            attestation_mr = attestation_utils.AttestationManager(
+                "aggregator",
+                attestation_env["ATTESTATION_REPORT_PATH"],
+                attestation_env["ITA_API_KEY"],
+                attestation_env["AVS_URL"],
+            )
+            # Generate and store the attestation report
+            attestation_mr.get_attested_identity()
+            logger.info("Remote attestation report fetched successfully.")
+        else:
+            logger.error("Failed to fetch remote attestation environment variables.")
+    else:
+        logger.info("Remote attestation is not enabled. Skipping attestation report generation.")
+
     logger.info("🧿 Starting the Aggregator Service.")
 
     parsed_plan.get_server().serve()

openfl/interface/collaborator.py

@@ -23,6 +23,7 @@
 from openfl.cryptography.participant import generate_csr
 from openfl.federated import Plan
 from openfl.interface.cli_helper import CERT_DIR
+from openfl.utilities.attestation import attestation_utils as attestation_utils
 from openfl.utilities.path_check import is_directory_traversal
 from openfl.utilities.utils import rmtree
 
@@ -78,6 +79,25 @@ def start_(plan, collaborator_name, data_config):
 
     # TODO: Need to restructure data loader config file loader
 
+    # Check if remote attestation is enabled in the plan configuration
+    if plan.config["network"]["settings"].get("enable_remote_attestation", False):
+        # Fetch remote attestation environment variables
+        attestation_env = attestation_utils.fetch_attestation_env_vars()
+        if attestation_env is not None:
+            attestation_mr = attestation_utils.AttestationManager(
+                collaborator_name,
+                attestation_env["ATTESTATION_REPORT_PATH"],
+                attestation_env["ITA_API_KEY"],
+                attestation_env["AVS_URL"],
+            )
+            # Generate and store the attestation report
+            attestation_mr.get_attested_identity()
+            logger.info("Remote attestation report stored successfully.")
+        else:
+            logger.error("Remote attestation environment variables not set.")
+    else:
+        logger.info("Remote attestation is not enabled in the plan configuration.")
+
     echo(f"Data = {plan.cols_data_paths}")
     logger.info("🧿 Starting a Collaborator Service.")