go/common/sgx/pcs/policy: Add FMSP whitelist to quote policy

[peternose]

No description provided.

[netlify]

✅ Deploy Preview for oasisprotocol-oasis-core ready!

Name	Link
🔨 Latest commit	8ca2ad2
🔍 Latest deploy log	https://app.netlify.com/projects/oasisprotocol-oasis-core/deploys/6932c75a8041fa0008999a28
😎 Deploy Preview	https://deploy-preview-6331--oasisprotocol-oasis-core.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

❌ Patch coverage is 41.25000% with 47 lines in your changes missing coverage. Please review.
✅ Project coverage is 64.27%. Comparing base (ac28fba) to head (1b9286a).
⚠️ Report is 1 commits behind head on master.

Files with missing lines	Patch %	Lines
go/registry/api/api.go	17.85%	20 Missing and 3 partials ⚠️
go/consensus/cometbft/apps/registry/messages.go	17.64%	13 Missing and 1 partial ⚠️
...o/consensus/cometbft/apps/registry/transactions.go	69.23%	2 Missing and 2 partials ⚠️
go/common/sgx/quote/quote.go	50.00%	3 Missing ⚠️
go/registry/api/runtime.go	60.00%	1 Missing and 1 partial ⚠️
go/registry/api/sanity_check.go	66.66%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #6331      +/-   ##
==========================================
- Coverage   64.31%   64.27%   -0.05%     
==========================================
  Files         698      698              
  Lines       67826    67892      +66     
==========================================
+ Hits        43623    43638      +15     
- Misses      19177    19245      +68     
+ Partials     5026     5009      -17     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[kostko]

How will this look when other features are added? Will there be additional version flags like these? Should we instead pass context or somehow make this part of teeCfg?

[peternose]

How will this look when other features are added? Will there be additional version flags like these? Should we instead pass context or somehow make this part of teeCfg?

• If other features are added in the same version, than this remains the same.
• If another feature is added in e.g. 24.3, than we would need to add a new flag isFeatureVersion243, pass context or something else. But the trick is that we don't need to do this as this code should be removed in version 24.3, after we do the upgrade, because state sync will work without these changes, as they are here just to prevent filling the whitelist.

[kostko]

But I guess this can only be removed if there are no transactions posted that would violate this constraint? As otherwise iterative block sync would fail.

[peternose]

But I guess this can only be removed if there are no transactions posted that would violate this constraint? As otherwise iterative block sync would fail.

No, wrong thinking. This is here to forbid posting transactions that would violate this constraint (non-empty whitelist) until we do the feature version bump.

This validation ensures we don't have consensus problems, as once we merge this PR in oasis core version 25.6, a new node running version 25.6 could post a policy with non-empty whitelist while an old node with version 25.5 would reject it. Having this check ensures that new nodes must submit empty whitelists until we do the feature version bump. And once we do the bump, this validation can be removed as it is not needed anymore as all nodes should be running at least 25.6. version.

[kostko]

But what happens if someone posted a transaction with a non-empty whitelist right now and the transaction is included in a block, but fails (because currently it is an unknown field)? Then once this check is removed in a future version, syncing from genesis will cause divergence when processing this transaction (which will now succeed during iterative block sync)? So this works as long as no such transaction is included in a block before the governance vote.

[peternose]

Oh, now I see. Yes, that would be a problem.

I suggest we merge these changes, and after we upgrade, we do state sync to check that there are no such transactions (this means that there could still be a tx with a whitelist but also with another unknown field, and that field would still fail the tx). If there are, we prettify the code, if not, we can remove these changes.

[kostko]

Sounds good to me.

[martintomazic]

I suggest we merge these changes, and after we upgrade, we do state sync to check that there are no such transactions.

Looks safe to me and indeed simpler.

If we find such transactions then probably SGXConstraintsV2 behind feature flag might be cleaner on the long run (unlikely to happen so lets ignore this).

[martintomazic]

Is the plan to release this as part of the 25.9 and bind all 4 breaking changes under feature flag (assuming #6410 will be ready in time as well)?

[peternose]

Is the plan to release this as part of the 25.9 and bind all 4 breaking changes under feature flag (assuming #6410 will be ready in time as well)?

Yes, 25.9 or latter. There are still some breaking changes we would like to merge, before we enable all of them.

[peternose]

Mainnet genesis synced successfully, so merging. Will test latter also testnet.

[peternose]

Mainnet genesis synced successfully, so merging. Will test latter also testnet.

Testnet also synced successfully.