Bump tendermint, cosmos sdk & rust & sgx-sdk to latest versions (#1497)

* Bump tendermint, cosmos sdk & rust & sgx-sdk to latest versions

* Add attestation fixes from 1.9.4

---------

Co-authored-by: Assaf Morami <[email protected]>

.github/workflows/ci.yaml

@@ -14,8 +14,8 @@ jobs:
         run: |
           mkdir -p "$HOME/.sgxsdk"
           cd "$HOME/.sgxsdk"
-          SDK_BIN=sgx_linux_x64_sdk_2.17.101.1.bin
-          wget https://download.01.org/intel-sgx/sgx-linux/2.17.1/distro/ubuntu20.04-server/"$SDK_BIN"
+          SDK_BIN=sgx_linux_x64_sdk_2.20.100.4.bin
+          wget https://download.01.org/intel-sgx/sgx-linux/2.20/distro/ubuntu20.04-server/"$SDK_BIN"
           chmod +x "$SDK_BIN"
           echo yes | ./"$SDK_BIN"
       - name: Cache cargo registry
@@ -43,27 +43,17 @@ jobs:
           rustc --version  
           cargo +stable install xargo --version 0.3.25
           xargo --version
-      - name: Download sccache
-        run: |
-          wget https://github.com/mozilla/sccache/releases/download/0.2.13/sccache-0.2.13-x86_64-unknown-linux-musl.tar.gz
-          tar xf ./sccache-*.tar.gz
-          mv ./sccache*/sccache "$HOME/sccache"
       - name: Test enclave
         run: |
           source "$HOME/.sgxsdk/sgxsdk/environment"
           export SGX_MODE=SW
-          RUSTC_WRAPPER="$HOME/sccache" make enclave-tests
+          make enclave-tests
           make clean-enclave
 
   Build-Contracts:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v3
-      - name: Download sccache
-        run: |
-          wget https://github.com/mozilla/sccache/releases/download/0.2.13/sccache-0.2.13-x86_64-unknown-linux-musl.tar.gz
-          tar xf ./sccache-*.tar.gz
-          mv ./sccache*/sccache "$HOME/sccache"
       - name: Install Requirements
         run: |
           rustup target add wasm32-unknown-unknown
@@ -120,8 +110,8 @@ jobs:
         run: |
           mkdir -p "$HOME/.sgxsdk"
           cd "$HOME/.sgxsdk"
-          SDK_BIN=sgx_linux_x64_sdk_2.17.101.1.bin
-          wget https://download.01.org/intel-sgx/sgx-linux/2.17.1/distro/ubuntu20.04-server/"$SDK_BIN"
+          SDK_BIN=sgx_linux_x64_sdk_2.20.100.4.bin
+          wget https://download.01.org/intel-sgx/sgx-linux/2.20/distro/ubuntu20.04-server/"$SDK_BIN"
           chmod +x "$SDK_BIN"
           echo yes | ./"$SDK_BIN"
       - name: Download LocalSecret
@@ -140,9 +130,11 @@ jobs:
       - uses: actions/download-artifact@v3
         with:
           name: contract.wasm
+          path: ./x/compute/internal/keeper/testdata/
       - uses: actions/download-artifact@v3
         with:
           name: contract-v2.wasm
+          path: ./x/compute/internal/keeper/testdata/
       - uses: actions/download-artifact@v3
         with:
           name: v1-contract.wasm
@@ -154,24 +146,20 @@ jobs:
       - uses: actions/download-artifact@v3
         with:
           name: contract_with_floats.wasm
+          path: ./x/compute/internal/keeper/testdata/
       - uses: actions/download-artifact@v3
         with:
           name: too-high-initial-memory.wasm
+          path: ./x/compute/internal/keeper/testdata/
       - uses: actions/download-artifact@v3
         with:
           name: static-too-high-initial-memory.wasm
+          path: ./x/compute/internal/keeper/testdata/
       - name: Setup Files
         run: |
           find "$(pwd)" -name \*.wasm
           cp libgo_cosmwasm.so ./go-cosmwasm/api/libgo_cosmwasm.so
           cp librust_cosmwasm_enclave.signed.so ./go-cosmwasm/librust_cosmwasm_enclave.signed.so
-          # cp /opt/mount/librandom_api.so /usr/lib/librandom_api.so
-          # cp /opt/mount/tendermint_enclave.signed.so /usr/lib/tendermint_enclave.signed.so
-          cp contract.wasm ./x/compute/internal/keeper/testdata/contract.wasm
-          cp contract-v2.wasm ./x/compute/internal/keeper/testdata/contract-v2.wasm
-          cp too-high-initial-memory.wasm ./x/compute/internal/keeper/testdata/too-high-initial-memory.wasm
-          cp contract_with_floats.wasm ./x/compute/internal/keeper/testdata/contract_with_floats.wasm
-          cp static-too-high-initial-memory.wasm ./x/compute/internal/keeper/testdata/static-too-high-initial-memory.wasm
           find "$(pwd)" -name \*.wasm
       - name: Test x/registration
         run: |
@@ -232,11 +220,6 @@ jobs:
           rustc --version  
           cargo +stable install xargo --version 0.3.25
           xargo --version
-      - name: Download sccache
-        run: |
-          wget https://github.com/mozilla/sccache/releases/download/0.2.13/sccache-0.2.13-x86_64-unknown-linux-musl.tar.gz
-          tar xf ./sccache-*.tar.gz
-          mv ./sccache*/sccache "$HOME/sccache"
       - name: Clippy
         run: |
           source "$HOME/.sgxsdk/sgxsdk/environment"

.github/workflows/go-lint.yml

@@ -5,7 +5,6 @@ on:
       - "*"
     branches:
       - "*"
-  pull_request:
 permissions:
   contents: read
   # Optional: allow read access to pull request. Use with `only-new-issues` option.

.gitmodules

@@ -1,4 +1,4 @@
 [submodule "third_party/incubator-teaclave-sgx-sdk"]
 	path = third_party/incubator-teaclave-sgx-sdk
 	url = https://github.com/scrtlabs/incubator-teaclave-sgx-sdk
-	branch = secret-new-1.1.5
+	branch = secret-1.x

check-hw/build.rs

@@ -1,7 +1,7 @@
 use std::env;
 
 fn main() {
-    let sdk_dir = env::var("SGX_SDK").unwrap_or_else(|_| "/opt/intel/sgxsdk".to_string());
+    let sdk_dir = env::var("SGX_SDK").unwrap_or_else(|_| "/opt/sgxsdk".to_string());
 
     println!("cargo:rustc-link-search=native=../go-cosmwasm/lib");
     println!("cargo:rustc-link-lib=static=Enclave_u");

cosmwasm/contracts/v010/compute-tests/test-compute-contract/rust-toolchain

@@ -1 +1 @@
-1.71
+1.71

cosmwasm/contracts/v010/compute-tests/test-compute-contract/src/contract.rs

@@ -13,7 +13,8 @@ use secp256k1::Secp256k1;
 use core::time;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
-use std::thread;
+use std::ptr::null;
+use std::{mem, thread};
 
 //// consts
 
@@ -1704,9 +1705,11 @@ fn pass_null_pointer_to_imports_should_throw<S: Storage, A: Api, Q: Querier>(
     let null_ptr: *const CanonicalAddr = std::ptr::null();
     let null_canon_addr: &CanonicalAddr = unsafe { &*null_ptr };
 
+    use std::ptr;
+
     match &pass_type[..] {
         "read_db_key" => {
-            deps.storage.get(null_ptr_slice);
+            unsafe { deps.storage.get(null_ptr_slice) };
         }
         "write_db_key" => {
             deps.storage.set(null_ptr_slice, b"write value");

cosmwasm/enclaves/Xargo.toml

@@ -15,7 +15,7 @@ panic_unwind = { path = "../../third_party/incubator-teaclave-sgx-sdk/sgx_panic_
 sgx_tdh = { path = "../../third_party/incubator-teaclave-sgx-sdk/sgx_tdh", stage = 4 }
 sgx_tseal = { path = "../../third_party/incubator-teaclave-sgx-sdk/sgx_tseal", stage = 4 }
 sgx_tprotected_fs = { path = "../../third_party/incubator-teaclave-sgx-sdk/sgx_tprotected_fs", stage = 4 }
-std = { git = "https://github.com/apache/teaclave-sgx-sdk.git", rev = "c70a82f708fd20e9fd0377990dde097d14024f7a", stage = 5, features = [
+std = { path = "../../third_party/incubator-teaclave-sgx-sdk/xargo/sgx_tstd", stage = 5, features = [
     "net",
     "backtrace",
     "untrusted_fs",

cosmwasm/enclaves/execute/Cargo.toml

@@ -10,7 +10,7 @@ name = "secret_enclave"
 crate-type = ["staticlib"]
 
 [features]
-default = ["SGX_MODE_SW", "random"]
+default = ["SGX_MODE_SW", "random", "epid_whitelist_disabled"]
 SGX_MODE_SW = []
 SGX_MODE_HW = []
 production = [

cosmwasm/enclaves/execute/Enclave.config.prod.xml

@@ -1,7 +1,7 @@
 <!-- Please refer to User's Guide for the explanation of each field -->
 <EnclaveConfiguration>
   <ProdID>0</ProdID>
-  <ISVSVN>2</ISVSVN>
+  <ISVSVN>3</ISVSVN>
   <StackMaxSize>0x800000</StackMaxSize>
   <HeapMaxSize>0x80000000</HeapMaxSize>
   <TCSNum>8</TCSNum>

cosmwasm/enclaves/execute/Makefile

@@ -1,7 +1,7 @@
 ######## SGX SDK Settings ########
 
 FEATURES ?=
-SGX_SDK ?= $(HOME)/.sgxsdk/sgxsdk
+SGX_SDK ?= /opt/sgxsdk
 SGX_MODE ?= HW
 SGX_ARCH ?= x64
 BUILD_PROFILE ?= release
@@ -21,9 +21,13 @@ endif
 ifeq ($(SGX_ARCH), x86)
 	SGX_COMMON_CFLAGS := -m32
 	SGX_LIBRARY_PATH := $(SGX_SDK)/lib
+	SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
+	SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
 else
 	SGX_COMMON_CFLAGS := -m64
 	SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
+	SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
+	SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
 endif
 
 ifeq ($(SGX_DEBUG), 1)
@@ -119,7 +123,7 @@ build-protobuf:
 	cd ../shared/cosmos-proto && cargo check --features='build-protobuf'
 
 librust_cosmwasm_enclave.signed.so: librust_cosmwasm_enclave.so $(ENCLAVE_CONFIG)
-	sgx_sign sign -key Enclave_private.pem -enclave $< -out $@ -config $(ENCLAVE_CONFIG)
+	@$(SGX_ENCLAVE_SIGNER) sign -key Enclave_private.pem -enclave $< -out $@ -config $(ENCLAVE_CONFIG)
 
 librust_cosmwasm_enclave.so: $(CUSTOM_LIBRARY_PATH)/libenclave.a Enclave_t.o
 	$(CXX) Enclave_t.o -o $@ $(RustEnclave_Link_Flags)
@@ -135,7 +139,7 @@ Enclave_t.o: $(Enclave_EDL_Products)
 	$(CC) $(RustEnclave_Compile_Flags) -c Enclave_t.c -o $@
 
 $(Enclave_EDL_Products): Enclave.edl
-	sgx_edger8r --trusted $^ --search-path $(SGX_SDK)/include --search-path $(CUSTOM_EDL_PATH) --trusted-dir ./
+	$(SGX_EDGER8R) --trusted $^ --search-path $(SGX_SDK)/include --search-path $(CUSTOM_EDL_PATH) --trusted-dir ./
 
 check:
 	RUST_TARGET_PATH=$(Rust_Target_Path) RUSTFLAGS=$(Rust_Flags) xargo check --features "$(FEATURES),light-client-validation" --target x86_64-unknown-linux-sgx