diff --git a/core/capabilities/confidentialrelay/handler.go b/core/capabilities/confidentialrelay/handler.go index d1da4282963..d3d25ac00cb 100644 --- a/core/capabilities/confidentialrelay/handler.go +++ b/core/capabilities/confidentialrelay/handler.go @@ -87,8 +87,30 @@ func newMetrics() (*handlerMetrics, error) { }, nil } -// attestationValidatorFunc validates a TEE attestation document. -type attestationValidatorFunc func(attestation []byte, expectedUserData []byte, trustedMeasurements []byte) error +// AttestationValidator validates TEE attestation documents, with or without a +// custom CA root. Both the production Nitro validator and the insecure +// passthrough validator implement it, so the handler validates the same way +// regardless of which is configured. +type AttestationValidator interface { + ValidateAttestation(attestation, expectedUserData, trustedMeasurements []byte) error + ValidateAttestationWithRoots(attestation, expectedUserData, trustedMeasurements []byte, caRootsPEM string) error +} + +// nitroValidator is the production validator backed by AWS Nitro. +type nitroValidator struct{} + +func (nitroValidator) ValidateAttestation(attestation, expectedUserData, trustedMeasurements []byte) error { + return nitro.ValidateAttestation(attestation, expectedUserData, trustedMeasurements) +} + +func (nitroValidator) ValidateAttestationWithRoots(attestation, expectedUserData, trustedMeasurements []byte, caRootsPEM string) error { + return nitro.ValidateAttestationWithRoots(attestation, expectedUserData, trustedMeasurements, caRootsPEM) +} + +// NewAttestationValidator returns the production validator backed by AWS Nitro. +func NewAttestationValidator() AttestationValidator { + return nitroValidator{} +} // Handler processes enclave relay requests from the gateway. // It validates attestations and proxies requests to VaultDON or capability DONs. @@ -103,13 +125,16 @@ type Handler struct { lggr logger.Logger metrics *handlerMetrics - // validateAttestation validates TEE attestation documents. - // Defaults to the Nitro validator; overridden in tests. - validateAttestation attestationValidatorFunc - limitsFactory limits.Factory + // validator validates TEE attestation documents. + validator AttestationValidator + // requireBFTQuorum selects the required signature quorum: when true the relay + // demands a Byzantine quorum of 2*F+1 unique signers, otherwise a crash-fault + // quorum of F+1. + requireBFTQuorum bool + limitsFactory limits.Factory } -func NewHandler(capRegistry core.CapabilitiesRegistry, executionHandlers *ExecutionHandlers, conn core.GatewayConnector, responseSigner relayResponseSigner, lggr logger.Logger, lf limits.Factory) (*Handler, error) { +func NewHandler(capRegistry core.CapabilitiesRegistry, executionHandlers *ExecutionHandlers, conn core.GatewayConnector, responseSigner relayResponseSigner, lggr logger.Logger, lf limits.Factory, validator AttestationValidator, requireBFTQuorum bool) (*Handler, error) { if responseSigner == nil { return nil, errors.New("response signer is required") } @@ -119,14 +144,15 @@ func NewHandler(capRegistry core.CapabilitiesRegistry, executionHandlers *Execut } h := &Handler{ - capRegistry: capRegistry, - executionHandlers: executionHandlers, - gatewayConnector: conn, - responseSigner: responseSigner, - lggr: logger.Named(lggr, HandlerName), - metrics: m, - validateAttestation: nitro.ValidateAttestation, - limitsFactory: lf, + capRegistry: capRegistry, + executionHandlers: executionHandlers, + gatewayConnector: conn, + responseSigner: responseSigner, + lggr: logger.Named(lggr, HandlerName), + metrics: m, + validator: validator, + requireBFTQuorum: requireBFTQuorum, + limitsFactory: lf, } h.Service, h.eng = services.Config{ Name: HandlerName, @@ -540,9 +566,9 @@ func (h *Handler) verifyAttestationHash(ctx context.Context, attestationB64 stri for _, m := range measurements { var err error if caRootsPEM != "" { - err = nitro.ValidateAttestationWithRoots(attestationBytes, hash, m, caRootsPEM) + err = h.validator.ValidateAttestationWithRoots(attestationBytes, hash, m, caRootsPEM) } else { - err = h.validateAttestation(attestationBytes, hash, m) + err = h.validator.ValidateAttestation(attestationBytes, hash, m) } if err == nil { return nil @@ -571,9 +597,13 @@ func (h *Handler) verifyWorkflowAuthorization(don capabilities.DON, params confi return errors.New("missing signed compute requests") } - // Match the enclave's own quorum: server.go requires config.F+1 unique signers where the - // config-tracker sets config.F = 2*don.F, i.e. 2*F+1. - threshold := 2*int(don.F) + 1 + // Match the enclave's own quorum. With requireBFTQuorum the relay demands a + // Byzantine quorum of 2*F+1 unique signers; otherwise a crash-fault quorum of + // F+1 suffices. + threshold := int(don.F) + 1 + if h.requireBFTQuorum { + threshold = 2*int(don.F) + 1 + } // The forwarded requests differ only in their signature; they all sign one shared // ComputeRequest hash. Reconstruct that hash once and verify each signature over it. diff --git a/core/capabilities/confidentialrelay/handler_test.go b/core/capabilities/confidentialrelay/handler_test.go index 1bfec67c1f6..a4567b0fa18 100644 --- a/core/capabilities/confidentialrelay/handler_test.go +++ b/core/capabilities/confidentialrelay/handler_test.go @@ -24,6 +24,7 @@ import ( jsonrpc "github.com/smartcontractkit/chainlink-common/pkg/jsonrpc2" "github.com/smartcontractkit/chainlink-common/pkg/logger" "github.com/smartcontractkit/chainlink-common/pkg/settings/limits" + "github.com/smartcontractkit/chainlink-common/pkg/teeattestation/passthrough" "github.com/smartcontractkit/chainlink-common/pkg/types/core" "github.com/smartcontractkit/chainlink-common/pkg/workflows/host" sdkpb "github.com/smartcontractkit/chainlink-protos/cre/go/sdk" @@ -56,8 +57,6 @@ func makeCapabilityPayload(t *testing.T, inputs map[string]any) string { const testAttestationB64 = "ZHVtbXktYXR0ZXN0YXRpb24=" // base64("dummy-attestation") -func noopValidator(_ []byte, _, _ []byte) error { return nil } - type mockGatewayConnector struct { core.UnimplementedGatewayConnector lastResp *jsonrpc.Response[json.RawMessage] @@ -133,9 +132,10 @@ func newTestHandler(t *testing.T, registry core.CapabilitiesRegistry, gwConn cor require.NoError(t, err) key, err := p2pkey.NewV2() require.NoError(t, err) - h, err := NewHandler(registry, &ExecutionHandlers{}, gwConn, newRelayResponseSigner(key), lggr, limits.Factory{Logger: lggr}) + validator, err := passthrough.New() + require.NoError(t, err) + h, err := NewHandler(registry, &ExecutionHandlers{}, gwConn, newRelayResponseSigner(key), lggr, limits.Factory{Logger: lggr}, validator, true) require.NoError(t, err) - h.validateAttestation = noopValidator return h } diff --git a/core/capabilities/confidentialrelay/service.go b/core/capabilities/confidentialrelay/service.go index fea20dfb3ee..e3ca3eaf1ae 100644 --- a/core/capabilities/confidentialrelay/service.go +++ b/core/capabilities/confidentialrelay/service.go @@ -32,6 +32,8 @@ type Service struct { peerID p2pkey.PeerID lggr logger.Logger limitsFactory limits.Factory + validator AttestationValidator + requireBFTQuorum bool handler *Handler } @@ -44,6 +46,8 @@ func NewService( peerID p2pkey.PeerID, lggr logger.Logger, limitsFactory limits.Factory, + validator AttestationValidator, + requireBFTQuorum bool, ) *Service { s := &Service{ wrapper: wrapper, @@ -53,6 +57,8 @@ func NewService( peerID: peerID, lggr: lggr, limitsFactory: limitsFactory, + validator: validator, + requireBFTQuorum: requireBFTQuorum, } s.Service, s.eng = services.Config{ Name: "ConfidentialRelayService", @@ -71,7 +77,7 @@ func (s *Service) start(ctx context.Context) error { if err != nil { return fmt.Errorf("failed to get p2p key for confidential relay signing: %w", err) } - h, err := NewHandler(s.capRegistry, s.executionHandlers, conn, newRelayResponseSigner(key), s.lggr, s.limitsFactory) + h, err := NewHandler(s.capRegistry, s.executionHandlers, conn, newRelayResponseSigner(key), s.lggr, s.limitsFactory, s.validator, s.requireBFTQuorum) if err != nil { return err } diff --git a/core/config/cre_config.go b/core/config/cre_config.go index 15a77f4a86e..878a930b1d5 100644 --- a/core/config/cre_config.go +++ b/core/config/cre_config.go @@ -25,6 +25,11 @@ type WorkflowFetcher interface { // CREConfidentialRelay defines configuration for the confidential relay handler. type CREConfidentialRelay interface { Enabled() bool + // TrustEnclaves reports whether the relay should trust fake (non-Nitro) + // enclaves by relaxing TEE attestation validation. INSECURE; test-only. + TrustEnclaves() bool + // RequireBFTQuorum selects the required signature quorum + RequireBFTQuorum() bool } // CRELinking defines configuration for connecting to the CRE linking service diff --git a/core/config/docs/core.toml b/core/config/docs/core.toml index 67f235bf8b1..1acbe16836c 100644 --- a/core/config/docs/core.toml +++ b/core/config/docs/core.toml @@ -977,6 +977,10 @@ DebugMode = false # Default [CRE.ConfidentialRelay] # Enabled controls whether the confidential relay gateway handler should be configured. Enabled = false # Default +# TrustEnclaves relaxes TEE attestation validation so the relay trusts fake (non-Nitro) enclaves. intended only for tests. +TrustEnclaves = false # Default +# RequireBFTQuorum selects the relay's signature quorum. +RequireBFTQuorum = false # Default # Sharding holds settings for node sharding configuration. [Sharding] diff --git a/core/config/toml/types.go b/core/config/toml/types.go index 80b8338de4d..d656b6eab3c 100644 --- a/core/config/toml/types.go +++ b/core/config/toml/types.go @@ -2048,6 +2048,12 @@ type WorkflowFetcherConfig struct { // validating enclave attestations and proxying capability requests. type ConfidentialRelayConfig struct { Enabled *bool `toml:",omitempty"` + // TrustEnclaves relaxes TEE attestation validation so the relay trusts + // fake (non-Nitro) enclaves. INSECURE; intended only for tests/E2E that run + // against the fake enclave environment. + TrustEnclaves *bool `toml:",omitempty"` + // RequireBFTQuorum selects the required signature quorum. + RequireBFTQuorum *bool `toml:",omitempty"` } // LinkingConfig holds the configuration for connecting to the CRE linking service @@ -2111,6 +2117,12 @@ func (c *CreConfig) setFrom(f *CreConfig) { if v := f.ConfidentialRelay.Enabled; v != nil { c.ConfidentialRelay.Enabled = v } + if v := f.ConfidentialRelay.TrustEnclaves; v != nil { + c.ConfidentialRelay.TrustEnclaves = v + } + if v := f.ConfidentialRelay.RequireBFTQuorum; v != nil { + c.ConfidentialRelay.RequireBFTQuorum = v + } } } diff --git a/core/scripts/go.mod b/core/scripts/go.mod index 2c5eaf8b5f9..144980ef2e4 100644 --- a/core/scripts/go.mod +++ b/core/scripts/go.mod @@ -47,7 +47,7 @@ require ( github.com/smartcontractkit/chain-selectors v1.0.104 github.com/smartcontractkit/chainlink-automation v0.8.1 github.com/smartcontractkit/chainlink-ccip/chains/evm v0.0.0-20260618155522-3600f66e26cd - github.com/smartcontractkit/chainlink-common v0.11.2-0.20260625162847-bdf9e82b2f75 + github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf github.com/smartcontractkit/chainlink-common/keystore v1.2.0 github.com/smartcontractkit/chainlink-data-streams v0.1.15-0.20260522094612-5f9f748bd87a github.com/smartcontractkit/chainlink-deployments-framework v0.111.1-0.20260612191326-e31c0ae4cd54 diff --git a/core/scripts/go.sum b/core/scripts/go.sum index 18bed531a80..8850cd9dfb2 100644 --- a/core/scripts/go.sum +++ b/core/scripts/go.sum @@ -1580,8 +1580,8 @@ github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260 github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260511195239-0f6e1b177fc7/go.mod h1:67YbnoglYD61Pz/jTVCgav9wFq7S35OU8UyQSvPllRw= github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033 h1:WjZwKtUA/0TPvzgCt8bcdq+BHMIL65S0oU79mxgZn/Y= github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033/go.mod h1:15M0qBycFN5jkNjaYFkutYkGAmhuT401IfaJvz32lcg= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260625162847-bdf9e82b2f75 h1:+wn8Kfs9ImNEWlonkTmtjDQOdEaDzwdpedab+wAzCKI= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260625162847-bdf9e82b2f75/go.mod h1:wUK7w5xRrFPD2qQfdt1fLXzQzWSb4PaZaxa4nsqCWVs= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf h1:yz9tXcZ/c5DGFt5Y+yByOEbad+X5QY5YylE2GRwNV10= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf/go.mod h1:wUK7w5xRrFPD2qQfdt1fLXzQzWSb4PaZaxa4nsqCWVs= github.com/smartcontractkit/chainlink-common/keystore v1.2.0 h1:1BH/b14CkGjArfzznlioQpIJiynECWVT48JUP9E277U= github.com/smartcontractkit/chainlink-common/keystore v1.2.0/go.mod h1:9R/74vN+bJ5PbkOyM/pUy/AeAZaRwYb/k4XPeXcbDio= github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.11-0.20260601211238-9f526774fef0 h1:NExKM/D0HneOq/N5LGTbkV4VOa0UHCvfTNEb4GqYpto= diff --git a/core/services/chainlink/config_cre.go b/core/services/chainlink/config_cre.go index ff58345c9a6..884dcb98693 100644 --- a/core/services/chainlink/config_cre.go +++ b/core/services/chainlink/config_cre.go @@ -106,10 +106,14 @@ func (c *creConfig) Linking() config.CRELinking { } type confidentialRelayConfig struct { - enabled bool + enabled bool + trustEnclaves bool + requireBFTQuorum bool } -func (cr *confidentialRelayConfig) Enabled() bool { return cr.enabled } +func (cr *confidentialRelayConfig) Enabled() bool { return cr.enabled } +func (cr *confidentialRelayConfig) TrustEnclaves() bool { return cr.trustEnclaves } +func (cr *confidentialRelayConfig) RequireBFTQuorum() bool { return cr.requireBFTQuorum } func (c *creConfig) ConfidentialRelay() config.CREConfidentialRelay { if c.c.ConfidentialRelay == nil { @@ -119,7 +123,15 @@ func (c *creConfig) ConfidentialRelay() config.CREConfidentialRelay { if c.c.ConfidentialRelay.Enabled != nil { enabled = *c.c.ConfidentialRelay.Enabled } - return &confidentialRelayConfig{enabled: enabled} + trustEnclaves := false + if c.c.ConfidentialRelay.TrustEnclaves != nil { + trustEnclaves = *c.c.ConfidentialRelay.TrustEnclaves + } + requireBFTQuorum := false + if c.c.ConfidentialRelay.RequireBFTQuorum != nil { + requireBFTQuorum = *c.c.ConfidentialRelay.RequireBFTQuorum + } + return &confidentialRelayConfig{enabled: enabled, trustEnclaves: trustEnclaves, requireBFTQuorum: requireBFTQuorum} } func (c *creConfig) LocalSecretOverrides() map[string]map[string]string { diff --git a/core/services/chainlink/config_test.go b/core/services/chainlink/config_test.go index 127261bc388..fc02e298787 100644 --- a/core/services/chainlink/config_test.go +++ b/core/services/chainlink/config_test.go @@ -593,7 +593,9 @@ func TestConfig_Marshal(t *testing.T) { TLSEnabled: ptr(true), }, ConfidentialRelay: &toml.ConfidentialRelayConfig{ - Enabled: ptr(false), + Enabled: new(bool), + TrustEnclaves: new(bool), + RequireBFTQuorum: new(bool), }, } full.Billing = toml.Billing{ diff --git a/core/services/chainlink/testdata/config-empty-effective.toml b/core/services/chainlink/testdata/config-empty-effective.toml index f6eb5121505..c51363d5a11 100644 --- a/core/services/chainlink/testdata/config-empty-effective.toml +++ b/core/services/chainlink/testdata/config-empty-effective.toml @@ -386,6 +386,8 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/core/services/chainlink/testdata/config-full.toml b/core/services/chainlink/testdata/config-full.toml index 782db0949d7..f2a81af02b9 100644 --- a/core/services/chainlink/testdata/config-full.toml +++ b/core/services/chainlink/testdata/config-full.toml @@ -425,6 +425,8 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/core/services/chainlink/testdata/config-multi-chain-effective.toml b/core/services/chainlink/testdata/config-multi-chain-effective.toml index 86121aaa1b8..c796e83626b 100644 --- a/core/services/chainlink/testdata/config-multi-chain-effective.toml +++ b/core/services/chainlink/testdata/config-multi-chain-effective.toml @@ -386,6 +386,8 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/core/services/cre/cre.go b/core/services/cre/cre.go index 139ca844ff2..aa9fb539e28 100644 --- a/core/services/cre/cre.go +++ b/core/services/cre/cre.go @@ -29,6 +29,7 @@ import ( "github.com/smartcontractkit/chainlink-common/pkg/settings/limits" "github.com/smartcontractkit/chainlink-common/pkg/sqlutil" "github.com/smartcontractkit/chainlink-common/pkg/storage" + "github.com/smartcontractkit/chainlink-common/pkg/teeattestation/passthrough" commontypes "github.com/smartcontractkit/chainlink-common/pkg/types" "github.com/smartcontractkit/chainlink-common/pkg/workflows/dontime" "github.com/smartcontractkit/chainlink-evm/pkg/keys" @@ -211,6 +212,15 @@ func (s *Services) newSubservices( srvs = append(srvs, gatewayConnectorWrapper) if cfg.CRE().ConfidentialRelay().Enabled() { + var attestationValidator confidentialrelay.AttestationValidator + if cfg.CRE().ConfidentialRelay().TrustEnclaves() { + attestationValidator, ierr = passthrough.New() + if ierr != nil { + return nil, fmt.Errorf("could not create passthrough attestation validator: %w", ierr) + } + } else { + attestationValidator = confidentialrelay.NewAttestationValidator() + } relayService := confidentialrelay.NewService( gatewayConnectorWrapper, opts.CapabilitiesRegistry, @@ -219,6 +229,8 @@ func (s *Services) newSubservices( confidentialRelayPeerID(cfg, capCfg), lggr, opts.LimitsFactory, + attestationValidator, + cfg.CRE().ConfidentialRelay().RequireBFTQuorum(), ) srvs = append(srvs, relayService) } diff --git a/core/web/resolver/testdata/config-empty-effective.toml b/core/web/resolver/testdata/config-empty-effective.toml index f6eb5121505..c51363d5a11 100644 --- a/core/web/resolver/testdata/config-empty-effective.toml +++ b/core/web/resolver/testdata/config-empty-effective.toml @@ -386,6 +386,8 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/core/web/resolver/testdata/config-full.toml b/core/web/resolver/testdata/config-full.toml index dd7fb035052..95109d1a30d 100644 --- a/core/web/resolver/testdata/config-full.toml +++ b/core/web/resolver/testdata/config-full.toml @@ -404,6 +404,8 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/core/web/resolver/testdata/config-multi-chain-effective.toml b/core/web/resolver/testdata/config-multi-chain-effective.toml index 68a0130ae84..29286f7ba83 100644 --- a/core/web/resolver/testdata/config-multi-chain-effective.toml +++ b/core/web/resolver/testdata/config-multi-chain-effective.toml @@ -386,6 +386,8 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/deployment/go.mod b/deployment/go.mod index b27a729e52f..72edd881998 100644 --- a/deployment/go.mod +++ b/deployment/go.mod @@ -46,7 +46,7 @@ require ( github.com/smartcontractkit/chainlink-ccip/chains/solana v0.0.0-20260415165642-49f23e4d76cc github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260511195239-0f6e1b177fc7 github.com/smartcontractkit/chainlink-ccip/deployment v0.0.0-20260618155522-3600f66e26cd - github.com/smartcontractkit/chainlink-common v0.11.2-0.20260625162847-bdf9e82b2f75 + github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf github.com/smartcontractkit/chainlink-common/keystore v1.2.0 github.com/smartcontractkit/chainlink-data-streams v0.1.15-0.20260522094612-5f9f748bd87a github.com/smartcontractkit/chainlink-deployments-framework v0.111.1-0.20260612191326-e31c0ae4cd54 diff --git a/deployment/go.sum b/deployment/go.sum index ea1f44fa88e..6f5c32648c7 100644 --- a/deployment/go.sum +++ b/deployment/go.sum @@ -1383,8 +1383,8 @@ github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033 h github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033/go.mod h1:15M0qBycFN5jkNjaYFkutYkGAmhuT401IfaJvz32lcg= github.com/smartcontractkit/chainlink-ccv/deployment v0.0.2-0.20260616151800-9a3a31c4e194 h1:QxZkbKtQyPtVLYP4eMwc+VbXY7M5ve1deSiLZ2pOA+Y= github.com/smartcontractkit/chainlink-ccv/deployment v0.0.2-0.20260616151800-9a3a31c4e194/go.mod h1:bNMFRxwWdgVFdSsFZRmsUUPoBUncU3RM765K99svIKM= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260625162847-bdf9e82b2f75 h1:+wn8Kfs9ImNEWlonkTmtjDQOdEaDzwdpedab+wAzCKI= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260625162847-bdf9e82b2f75/go.mod h1:wUK7w5xRrFPD2qQfdt1fLXzQzWSb4PaZaxa4nsqCWVs= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf h1:yz9tXcZ/c5DGFt5Y+yByOEbad+X5QY5YylE2GRwNV10= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf/go.mod h1:wUK7w5xRrFPD2qQfdt1fLXzQzWSb4PaZaxa4nsqCWVs= github.com/smartcontractkit/chainlink-common/keystore v1.2.0 h1:1BH/b14CkGjArfzznlioQpIJiynECWVT48JUP9E277U= github.com/smartcontractkit/chainlink-common/keystore v1.2.0/go.mod h1:9R/74vN+bJ5PbkOyM/pUy/AeAZaRwYb/k4XPeXcbDio= github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.11-0.20260601211238-9f526774fef0 h1:NExKM/D0HneOq/N5LGTbkV4VOa0UHCvfTNEb4GqYpto= diff --git a/docs/CONFIG.md b/docs/CONFIG.md index db2207dee18..a41f9b1b1e1 100644 --- a/docs/CONFIG.md +++ b/docs/CONFIG.md @@ -2732,6 +2732,8 @@ DebugMode enables additional tracing and logging for workflow engines. ```toml [CRE.ConfidentialRelay] Enabled = false # Default +TrustEnclaves = false # Default +RequireBFTQuorum = false # Default ``` @@ -2741,6 +2743,18 @@ Enabled = false # Default ``` Enabled controls whether the confidential relay gateway handler should be configured. +### TrustEnclaves +```toml +TrustEnclaves = false # Default +``` +TrustEnclaves relaxes TEE attestation validation so the relay trusts fake (non-Nitro) enclaves. intended only for tests. + +### RequireBFTQuorum +```toml +RequireBFTQuorum = false # Default +``` +RequireBFTQuorum selects the relay's signature quorum. + ## Sharding ```toml [Sharding] diff --git a/go.mod b/go.mod index 9f99c8b05a4..88d06df15a4 100644 --- a/go.mod +++ b/go.mod @@ -85,7 +85,7 @@ require ( github.com/smartcontractkit/chainlink-ccip/chains/solana v0.0.0-20260415165642-49f23e4d76cc github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260415165642-49f23e4d76cc github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033 - github.com/smartcontractkit/chainlink-common v0.11.2-0.20260625162847-bdf9e82b2f75 + github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf github.com/smartcontractkit/chainlink-common/keystore v1.2.0 github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.11-0.20260601211238-9f526774fef0 github.com/smartcontractkit/chainlink-data-streams v0.1.15-0.20260522094612-5f9f748bd87a diff --git a/go.sum b/go.sum index 24ed43e4254..4958dbeba10 100644 --- a/go.sum +++ b/go.sum @@ -1162,8 +1162,8 @@ github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260 github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260415165642-49f23e4d76cc/go.mod h1:67YbnoglYD61Pz/jTVCgav9wFq7S35OU8UyQSvPllRw= github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033 h1:WjZwKtUA/0TPvzgCt8bcdq+BHMIL65S0oU79mxgZn/Y= github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033/go.mod h1:15M0qBycFN5jkNjaYFkutYkGAmhuT401IfaJvz32lcg= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260625162847-bdf9e82b2f75 h1:+wn8Kfs9ImNEWlonkTmtjDQOdEaDzwdpedab+wAzCKI= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260625162847-bdf9e82b2f75/go.mod h1:wUK7w5xRrFPD2qQfdt1fLXzQzWSb4PaZaxa4nsqCWVs= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf h1:yz9tXcZ/c5DGFt5Y+yByOEbad+X5QY5YylE2GRwNV10= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf/go.mod h1:wUK7w5xRrFPD2qQfdt1fLXzQzWSb4PaZaxa4nsqCWVs= github.com/smartcontractkit/chainlink-common/keystore v1.2.0 h1:1BH/b14CkGjArfzznlioQpIJiynECWVT48JUP9E277U= github.com/smartcontractkit/chainlink-common/keystore v1.2.0/go.mod h1:9R/74vN+bJ5PbkOyM/pUy/AeAZaRwYb/k4XPeXcbDio= github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.11-0.20260601211238-9f526774fef0 h1:NExKM/D0HneOq/N5LGTbkV4VOa0UHCvfTNEb4GqYpto= diff --git a/integration-tests/go.mod b/integration-tests/go.mod index ef43e7e96c2..15c11ccdd62 100644 --- a/integration-tests/go.mod +++ b/integration-tests/go.mod @@ -33,7 +33,7 @@ require ( github.com/smartcontractkit/chainlink-ccip/chains/evm v0.0.0-20260618155522-3600f66e26cd github.com/smartcontractkit/chainlink-ccip/chains/solana v0.0.0-20260506144252-c100eabfda74 github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260511195239-0f6e1b177fc7 - github.com/smartcontractkit/chainlink-common v0.11.2-0.20260625162847-bdf9e82b2f75 + github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf github.com/smartcontractkit/chainlink-common/keystore v1.2.0 github.com/smartcontractkit/chainlink-deployments-framework v0.111.1-0.20260612191326-e31c0ae4cd54 github.com/smartcontractkit/chainlink-evm v0.3.4-0.20260623170329-4577ef4ba0ae diff --git a/integration-tests/go.sum b/integration-tests/go.sum index 17d3da04064..7b05fbda303 100644 --- a/integration-tests/go.sum +++ b/integration-tests/go.sum @@ -1370,8 +1370,8 @@ github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033 h github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033/go.mod h1:15M0qBycFN5jkNjaYFkutYkGAmhuT401IfaJvz32lcg= github.com/smartcontractkit/chainlink-ccv/deployment v0.0.2-0.20260616151800-9a3a31c4e194 h1:QxZkbKtQyPtVLYP4eMwc+VbXY7M5ve1deSiLZ2pOA+Y= github.com/smartcontractkit/chainlink-ccv/deployment v0.0.2-0.20260616151800-9a3a31c4e194/go.mod h1:bNMFRxwWdgVFdSsFZRmsUUPoBUncU3RM765K99svIKM= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260625162847-bdf9e82b2f75 h1:+wn8Kfs9ImNEWlonkTmtjDQOdEaDzwdpedab+wAzCKI= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260625162847-bdf9e82b2f75/go.mod h1:wUK7w5xRrFPD2qQfdt1fLXzQzWSb4PaZaxa4nsqCWVs= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf h1:yz9tXcZ/c5DGFt5Y+yByOEbad+X5QY5YylE2GRwNV10= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf/go.mod h1:wUK7w5xRrFPD2qQfdt1fLXzQzWSb4PaZaxa4nsqCWVs= github.com/smartcontractkit/chainlink-common/keystore v1.2.0 h1:1BH/b14CkGjArfzznlioQpIJiynECWVT48JUP9E277U= github.com/smartcontractkit/chainlink-common/keystore v1.2.0/go.mod h1:9R/74vN+bJ5PbkOyM/pUy/AeAZaRwYb/k4XPeXcbDio= github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.11-0.20260601211238-9f526774fef0 h1:NExKM/D0HneOq/N5LGTbkV4VOa0UHCvfTNEb4GqYpto= diff --git a/integration-tests/load/go.mod b/integration-tests/load/go.mod index f93ffa85a68..4aee7caa7cc 100644 --- a/integration-tests/load/go.mod +++ b/integration-tests/load/go.mod @@ -24,7 +24,7 @@ require ( github.com/smartcontractkit/chainlink-ccip/chains/evm v0.0.0-20260618155522-3600f66e26cd github.com/smartcontractkit/chainlink-ccip/chains/solana v0.0.0-20260506144252-c100eabfda74 github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260511195239-0f6e1b177fc7 - github.com/smartcontractkit/chainlink-common v0.11.2-0.20260625162847-bdf9e82b2f75 + github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf github.com/smartcontractkit/chainlink-deployments-framework v0.111.1-0.20260612191326-e31c0ae4cd54 github.com/smartcontractkit/chainlink-evm v0.3.4-0.20260623170329-4577ef4ba0ae github.com/smartcontractkit/chainlink-testing-framework/framework v0.16.5 diff --git a/integration-tests/load/go.sum b/integration-tests/load/go.sum index a352950feed..4b301f9d117 100644 --- a/integration-tests/load/go.sum +++ b/integration-tests/load/go.sum @@ -1632,8 +1632,8 @@ github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033 h github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033/go.mod h1:15M0qBycFN5jkNjaYFkutYkGAmhuT401IfaJvz32lcg= github.com/smartcontractkit/chainlink-ccv/deployment v0.0.2-0.20260616151800-9a3a31c4e194 h1:QxZkbKtQyPtVLYP4eMwc+VbXY7M5ve1deSiLZ2pOA+Y= github.com/smartcontractkit/chainlink-ccv/deployment v0.0.2-0.20260616151800-9a3a31c4e194/go.mod h1:bNMFRxwWdgVFdSsFZRmsUUPoBUncU3RM765K99svIKM= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260625162847-bdf9e82b2f75 h1:+wn8Kfs9ImNEWlonkTmtjDQOdEaDzwdpedab+wAzCKI= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260625162847-bdf9e82b2f75/go.mod h1:wUK7w5xRrFPD2qQfdt1fLXzQzWSb4PaZaxa4nsqCWVs= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf h1:yz9tXcZ/c5DGFt5Y+yByOEbad+X5QY5YylE2GRwNV10= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf/go.mod h1:wUK7w5xRrFPD2qQfdt1fLXzQzWSb4PaZaxa4nsqCWVs= github.com/smartcontractkit/chainlink-common/keystore v1.2.0 h1:1BH/b14CkGjArfzznlioQpIJiynECWVT48JUP9E277U= github.com/smartcontractkit/chainlink-common/keystore v1.2.0/go.mod h1:9R/74vN+bJ5PbkOyM/pUy/AeAZaRwYb/k4XPeXcbDio= github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.11-0.20260601211238-9f526774fef0 h1:NExKM/D0HneOq/N5LGTbkV4VOa0UHCvfTNEb4GqYpto= diff --git a/system-tests/lib/cre/features/confidentialrelay/confidentialrelay.go b/system-tests/lib/cre/features/confidentialrelay/confidentialrelay.go index 9065dfdb55f..8d50f800552 100644 --- a/system-tests/lib/cre/features/confidentialrelay/confidentialrelay.go +++ b/system-tests/lib/cre/features/confidentialrelay/confidentialrelay.go @@ -17,7 +17,13 @@ import ( const flag = cre.ConfidentialRelayCapability -type ConfidentialRelay struct{} +type ConfidentialRelay struct { + // TrustEnclaves makes the relay trust fake (non-Nitro) enclaves by + // relaxing TEE attestation validation. INSECURE; test/E2E use only. + TrustEnclaves bool + // RequireBFTQuorum determines the required signature quorum for the relay. + RequireBFTQuorum bool +} func (o *ConfidentialRelay) Flag() cre.CapabilityFlag { return flag @@ -60,7 +66,13 @@ func (o *ConfidentialRelay) PreEnvStartup( } enabled := true - typedConfig.CRE.ConfidentialRelay = &coretoml.ConfidentialRelayConfig{Enabled: &enabled} + trustEnclaves := o.TrustEnclaves + requireBFTQuorum := o.RequireBFTQuorum + typedConfig.CRE.ConfidentialRelay = &coretoml.ConfidentialRelayConfig{ + Enabled: &enabled, + TrustEnclaves: &trustEnclaves, + RequireBFTQuorum: &requireBFTQuorum, + } out, err := tomlser.Marshal(typedConfig) if err != nil { diff --git a/system-tests/lib/go.mod b/system-tests/lib/go.mod index 51b7e516fd1..d4645e0afc7 100644 --- a/system-tests/lib/go.mod +++ b/system-tests/lib/go.mod @@ -37,7 +37,7 @@ require ( github.com/smartcontractkit/chain-selectors v1.0.104 github.com/smartcontractkit/chainlink-aptos v0.0.0-20260609211101-71d38bd6a0a9 github.com/smartcontractkit/chainlink-ccip/chains/solana v0.0.0-20260415165642-49f23e4d76cc - github.com/smartcontractkit/chainlink-common v0.11.2-0.20260625162847-bdf9e82b2f75 + github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf github.com/smartcontractkit/chainlink-common/keystore v1.2.0 github.com/smartcontractkit/chainlink-deployments-framework v0.111.1-0.20260612191326-e31c0ae4cd54 github.com/smartcontractkit/chainlink-evm v0.3.4-0.20260623170329-4577ef4ba0ae diff --git a/system-tests/lib/go.sum b/system-tests/lib/go.sum index 97d9db59357..40734717b2e 100644 --- a/system-tests/lib/go.sum +++ b/system-tests/lib/go.sum @@ -1545,8 +1545,8 @@ github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260 github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260511195239-0f6e1b177fc7/go.mod h1:67YbnoglYD61Pz/jTVCgav9wFq7S35OU8UyQSvPllRw= github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033 h1:WjZwKtUA/0TPvzgCt8bcdq+BHMIL65S0oU79mxgZn/Y= github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033/go.mod h1:15M0qBycFN5jkNjaYFkutYkGAmhuT401IfaJvz32lcg= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260625162847-bdf9e82b2f75 h1:+wn8Kfs9ImNEWlonkTmtjDQOdEaDzwdpedab+wAzCKI= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260625162847-bdf9e82b2f75/go.mod h1:wUK7w5xRrFPD2qQfdt1fLXzQzWSb4PaZaxa4nsqCWVs= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf h1:yz9tXcZ/c5DGFt5Y+yByOEbad+X5QY5YylE2GRwNV10= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf/go.mod h1:wUK7w5xRrFPD2qQfdt1fLXzQzWSb4PaZaxa4nsqCWVs= github.com/smartcontractkit/chainlink-common/keystore v1.2.0 h1:1BH/b14CkGjArfzznlioQpIJiynECWVT48JUP9E277U= github.com/smartcontractkit/chainlink-common/keystore v1.2.0/go.mod h1:9R/74vN+bJ5PbkOyM/pUy/AeAZaRwYb/k4XPeXcbDio= github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.11-0.20260601211238-9f526774fef0 h1:NExKM/D0HneOq/N5LGTbkV4VOa0UHCvfTNEb4GqYpto= diff --git a/system-tests/tests/go.mod b/system-tests/tests/go.mod index b66d84e6a3f..018e403a740 100644 --- a/system-tests/tests/go.mod +++ b/system-tests/tests/go.mod @@ -62,7 +62,7 @@ require ( github.com/rs/zerolog v1.35.1 github.com/smartcontractkit/chain-selectors v1.0.104 github.com/smartcontractkit/chainlink-ccip/chains/solana v0.0.0-20260415165642-49f23e4d76cc - github.com/smartcontractkit/chainlink-common v0.11.2-0.20260625162847-bdf9e82b2f75 + github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf github.com/smartcontractkit/chainlink-common/keystore v1.2.0 github.com/smartcontractkit/chainlink-deployments-framework v0.111.1-0.20260612191326-e31c0ae4cd54 github.com/smartcontractkit/chainlink-evm/contracts/cre/gobindings v0.0.0-20260403151002-2c91155b5501 diff --git a/system-tests/tests/go.sum b/system-tests/tests/go.sum index 6d580f1538e..5570c3d829a 100644 --- a/system-tests/tests/go.sum +++ b/system-tests/tests/go.sum @@ -1559,8 +1559,8 @@ github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260 github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260511195239-0f6e1b177fc7/go.mod h1:67YbnoglYD61Pz/jTVCgav9wFq7S35OU8UyQSvPllRw= github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033 h1:WjZwKtUA/0TPvzgCt8bcdq+BHMIL65S0oU79mxgZn/Y= github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033/go.mod h1:15M0qBycFN5jkNjaYFkutYkGAmhuT401IfaJvz32lcg= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260625162847-bdf9e82b2f75 h1:+wn8Kfs9ImNEWlonkTmtjDQOdEaDzwdpedab+wAzCKI= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260625162847-bdf9e82b2f75/go.mod h1:wUK7w5xRrFPD2qQfdt1fLXzQzWSb4PaZaxa4nsqCWVs= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf h1:yz9tXcZ/c5DGFt5Y+yByOEbad+X5QY5YylE2GRwNV10= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf/go.mod h1:wUK7w5xRrFPD2qQfdt1fLXzQzWSb4PaZaxa4nsqCWVs= github.com/smartcontractkit/chainlink-common/keystore v1.2.0 h1:1BH/b14CkGjArfzznlioQpIJiynECWVT48JUP9E277U= github.com/smartcontractkit/chainlink-common/keystore v1.2.0/go.mod h1:9R/74vN+bJ5PbkOyM/pUy/AeAZaRwYb/k4XPeXcbDio= github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.11-0.20260601211238-9f526774fef0 h1:NExKM/D0HneOq/N5LGTbkV4VOa0UHCvfTNEb4GqYpto= diff --git a/testdata/scripts/config/merge_raw_configs.txtar b/testdata/scripts/config/merge_raw_configs.txtar index 06ac519d21d..9c461e9c21d 100644 --- a/testdata/scripts/config/merge_raw_configs.txtar +++ b/testdata/scripts/config/merge_raw_configs.txtar @@ -533,6 +533,8 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/default.txtar b/testdata/scripts/node/validate/default.txtar index 87476ac18f8..2570cd97141 100644 --- a/testdata/scripts/node/validate/default.txtar +++ b/testdata/scripts/node/validate/default.txtar @@ -398,6 +398,8 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/defaults-override.txtar b/testdata/scripts/node/validate/defaults-override.txtar index a0bd0f22ca8..1e1a7b7160b 100644 --- a/testdata/scripts/node/validate/defaults-override.txtar +++ b/testdata/scripts/node/validate/defaults-override.txtar @@ -459,6 +459,8 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/disk-based-logging-disabled.txtar b/testdata/scripts/node/validate/disk-based-logging-disabled.txtar index b514320e81e..056b6d598d7 100644 --- a/testdata/scripts/node/validate/disk-based-logging-disabled.txtar +++ b/testdata/scripts/node/validate/disk-based-logging-disabled.txtar @@ -442,6 +442,8 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/disk-based-logging-no-dir.txtar b/testdata/scripts/node/validate/disk-based-logging-no-dir.txtar index 09d630f0410..cd97450596d 100644 --- a/testdata/scripts/node/validate/disk-based-logging-no-dir.txtar +++ b/testdata/scripts/node/validate/disk-based-logging-no-dir.txtar @@ -442,6 +442,8 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/disk-based-logging.txtar b/testdata/scripts/node/validate/disk-based-logging.txtar index efa55d6c4a3..5107c8b5087 100644 --- a/testdata/scripts/node/validate/disk-based-logging.txtar +++ b/testdata/scripts/node/validate/disk-based-logging.txtar @@ -442,6 +442,8 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/fallback-override.txtar b/testdata/scripts/node/validate/fallback-override.txtar index 4f5406cf44d..d1394eb74f6 100644 --- a/testdata/scripts/node/validate/fallback-override.txtar +++ b/testdata/scripts/node/validate/fallback-override.txtar @@ -544,6 +544,8 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/invalid-ocr-p2p.txtar b/testdata/scripts/node/validate/invalid-ocr-p2p.txtar index 63ac3270c61..d34b796be1e 100644 --- a/testdata/scripts/node/validate/invalid-ocr-p2p.txtar +++ b/testdata/scripts/node/validate/invalid-ocr-p2p.txtar @@ -427,6 +427,8 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/invalid.txtar b/testdata/scripts/node/validate/invalid.txtar index 2ea583aa574..90187b4caab 100644 --- a/testdata/scripts/node/validate/invalid.txtar +++ b/testdata/scripts/node/validate/invalid.txtar @@ -438,6 +438,8 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = '' diff --git a/testdata/scripts/node/validate/valid.txtar b/testdata/scripts/node/validate/valid.txtar index d8a68cdc8a4..8b84a8fbb08 100644 --- a/testdata/scripts/node/validate/valid.txtar +++ b/testdata/scripts/node/validate/valid.txtar @@ -439,6 +439,8 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/warnings.txtar b/testdata/scripts/node/validate/warnings.txtar index cc7c437f38a..9c5e73f3181 100644 --- a/testdata/scripts/node/validate/warnings.txtar +++ b/testdata/scripts/node/validate/warnings.txtar @@ -421,6 +421,8 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319'