Sammy Kerata Oina
de50b6d2d4
* feat: Implement EAT (Evidence Attestation Token) generation and verification for attestation responses, replacing raw quotes with EAT tokens in the attestation service and protobuf. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * style: standardize comment formatting and fix a debug log format specifier. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * fix pkg test Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: Introduce named constants for OEM IDs and use them in attestation claim extraction. Signed-off-by: SammyOina <sammyoina@gmail.com> * feat: Implement and test minimum length validation for EAT nonce in `NewEATClaims`. Signed-off-by: SammyOina <sammyoina@gmail.com> * feat: Add EATClaims.Sanitize method and integrate it into the validator to enforce claim dependencies. Signed-off-by: SammyOina <sammyoina@gmail.com> * feat: Add Signature field to SNPExtensions and TDXExtensions for enhanced claim validation Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: Update dependencies and improve code structure in attestation package Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: Introduce comprehensive test suites for EAT, ATLS, TDX, Azure SNP, and vTPM attestation, and improve EAT decoder robustness. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: Add encryption and admin keys, an encrypted algorithm file, and update go.mod to use go-jose/v4. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: add new encryption and KBS admin keys while improving TDX attestation test error handling. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: Add new KBS admin and encryption keys, an encrypted linear regression algorithm, and refactor TDX test error message checks. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: Implement Azure SNP attestation policy, update certificate verification, and add key management. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * refactor: replace hardcoded string literals with variables in Azure SNP attestation tests. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: Refactor TDX EAT claims to use individual RTMR fields with `tdx_` prefixes and add an `IntUse` field. Signed-off-by: Sammy Oina <sammyoina@gmail.com> --------- Signed-off-by: Sammy Oina <sammyoina@gmail.com> Signed-off-by: SammyOina <sammyoina@gmail.com>
Cocos AI 🥥
Confidential Computing System for AI
Made with ❤️ by Ultraviolet
Guide | Contributing | Website
Introduction 🚀
Cocos AI is a cutting-edge platform designed to enable secure multiparty computation (SMPC) using Confidential Computing and Trusted Execution Environments (TEEs).
It empowers organizations to collaboratively process sensitive data for AI/ML workloads while ensuring:
- 🔒 Data Privacy: Your data stays encrypted and secure throughout the computation.
- 🛡️ Trust and Integrity: Protected by hardware enclaves with robust remote attestation protocols.
- 🤝 Seamless Collaboration: Multiple organizations can work together without exposing sensitive information.
Features 🛠️
Cocos AI provides essential features for secure and efficient collaborative AI/ML:
- 🖥️ TEE Enablement and Monitoring: Secure VM management for deploying and monitoring workloads.
- 🛡️ Hardware Abstraction Layer (HAL): Built on a hardened Linux kernel, secure bootloader, and minimal root filesystem (minimal TCB).
- 🕵️ In-Enclave Agent and Networking Controller: Essential system software for managing secure workloads.
- 🔒 Encrypted Data Transfer: Asynchronous data transfer and secure result delivery.
- 🛠️ API for Platform Manipulation: Programmatic control for managing workloads.
- ✅ Attestation and Verification Tools: Hardware- and software-supported attestation for integrity assurance.
- 🖱️ Command-Line Interface (CLI): A user-friendly CLI for system interaction.
🚀 Quick Start
Clone the Repository and Build Binaries
git clone git@github.com:ultravioletrs/cocos.git
make
This will generate three binaries:
ls build/
# cocos-agent cocos-cli cocos-manager
Deployment Overview:
- Manager: Deploy on the AMD SEV-SNP host to orchestrate workloads.
- Agent: Build into the EOS-based HAL for secure enclave management.
- CLI: Interact with remote agents to control operations.
📚 Documentation
Comprehensive documentation is available at the official documentation page.
For CLI usage details, visit the CLI Documentation.
Documentation is automatically generated from the docs repository. Contributions to documentation are welcome!
🛡️ License
Cocos AI is published under the permissive open-source Apache-2.0 license. Contributions are encouraged and appreciated!
🌐 Links and Resources
- Cocos AI Website
- Official Releases
- Confidential Computing Overview
- Trusted Execution Environments (TEEs)
This work has been partially supported by the ELASTIC and CONFIDENTIAL6G, which received funding from the Smart Networks and Services Joint Undertaking (SNS JU) under the European Union’s Horizon Europe research and innovation programme under Grant Agreement No. 101139067 and Grant Agreement No. 101096435. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union. Neither the European Union nor the granting authority can be held responsible for them.