mirror of
https://github.com/ultravioletrs/cocos.git
synced 2026-06-22 20:00:18 +00:00
Sammy Kerata Oina
c1cbcec851
CI / lint (push) Has been cancelled
CI / test (agent) (push) Has been cancelled
CI / test (cli) (push) Has been cancelled
CI / test (cmd) (push) Has been cancelled
CI / test (internal) (push) Has been cancelled
CI / test (manager, true) (push) Has been cancelled
CI / test (pkg) (push) Has been cancelled
CI / upload-coverage (push) Has been cancelled
* feat: Introduce Go-based CoRIM generation and deprecate Rust attestation policy scripts. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: Update dependencies and refactor attestation policy handling Signed-off-by: Sammy Oina <sammyoina@gmail.com> * refactor: Migrate attestation verification to use CoRIM and remove deprecated policy handling and EAT verification tests. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * Removed the `tdx` and `sev-snp` attestation policy scripts and their build configurations, along with related build and installation steps from the main Makefile. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * chore: Remove Rust CI workflow and Cargo Dependabot configuration, and enhance Go test setup for attestation policy paths. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * refactor: Use WriteString instead of Write([]byte) for writing policy file content in test. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: Refactor `ca-bundle` command to fetch bundles by product string using a configurable HTTP getter with improved error handling, and simplify `attestation_policy` command usage. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * fix: ignore return value of cmd.Help() Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: Implement CoRIM generation for Azure and GCP attestation policies and add a CLI command to download and verify GCP OVMF files. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: Upgrade Python virtual environment setup to include setuptools and wheel, append computation ID to Docker container names, and improve test robustness with error assertions and conditional skips for runtime tests. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * test: Enhance attestation verification tests, including CoRIM integration and specific platform types like Azure SNP, vTPM, TDX, and IGVM. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: Add comprehensive test cases for `VerifyWithCoRIM` including success and measurement mismatch, and refine reference value validation. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: Add Azure and TDX attestation verification tests and abstract external service dependencies for improved testability. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: Add new test cases for Azure measurement extraction, EAT platform types, IGVM measurement stopping, vTPM CoRIM verification, and GCP OVMF download CLI. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * test: enhance CLI CoRIM generation and ATLS certificate verification tests, and refactor the Azure MAA client to use an interface. Signed-off-by: Sammy Oina <sammyoina@gmail.com> --------- Signed-off-by: Sammy Oina <sammyoina@gmail.com>
Cocos AI 🥥
Confidential Computing System for AI
Made with ❤️ by Ultraviolet
Guide | Contributing | Website
Introduction 🚀
Cocos AI is a cutting-edge platform designed to enable secure multiparty computation (SMPC) using Confidential Computing and Trusted Execution Environments (TEEs).
It empowers organizations to collaboratively process sensitive data for AI/ML workloads while ensuring:
- 🔒 Data Privacy: Your data stays encrypted and secure throughout the computation.
- 🛡️ Trust and Integrity: Protected by hardware enclaves with robust remote attestation protocols.
- 🤝 Seamless Collaboration: Multiple organizations can work together without exposing sensitive information.
Features 🛠️
Cocos AI provides essential features for secure and efficient collaborative AI/ML:
- 🖥️ TEE Enablement and Monitoring: Secure VM management for deploying and monitoring workloads.
- 🛡️ Hardware Abstraction Layer (HAL): Built on a hardened Linux kernel, secure bootloader, and minimal root filesystem (minimal TCB).
- 🕵️ In-Enclave Agent and Networking Controller: Essential system software for managing secure workloads.
- 🔒 Encrypted Data Transfer: Asynchronous data transfer and secure result delivery.
- 🛠️ API for Platform Manipulation: Programmatic control for managing workloads.
- ✅ Attestation and Verification Tools: Hardware- and software-supported attestation for integrity assurance.
- 🖱️ Command-Line Interface (CLI): A user-friendly CLI for system interaction.
🚀 Quick Start
Clone the Repository and Build Binaries
git clone git@github.com:ultravioletrs/cocos.git
make
This will generate three binaries:
ls build/
# cocos-agent cocos-cli cocos-manager
Deployment Overview:
- Manager: Deploy on the AMD SEV-SNP host to orchestrate workloads.
- Agent: Build into the EOS-based HAL for secure enclave management.
- CLI: Interact with remote agents to control operations.
📚 Documentation
Comprehensive documentation is available at the official documentation page.
For CLI usage details, visit the CLI Documentation.
Documentation is automatically generated from the docs repository. Contributions to documentation are welcome!
🛡️ License
Cocos AI is published under the permissive open-source Apache-2.0 license. Contributions are encouraged and appreciated!
🌐 Links and Resources
- Cocos AI Website
- Official Releases
- Confidential Computing Overview
- Trusted Execution Environments (TEEs)
This work has been partially supported by the ELASTIC and CONFIDENTIAL6G, which received funding from the Smart Networks and Services Joint Undertaking (SNS JU) under the European Union’s Horizon Europe research and innovation programme under Grant Agreement No. 101139067 and Grant Agreement No. 101096435. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union. Neither the European Union nor the granting authority can be held responsible for them.