feat: add multiple TEE modules for handling node key rotation events for different CPU ISAs

[bredamatt]

NB! Still a DRAFT.

This shows how to have different modules for verifying different confidential VM implementations.

At the moment:

$ cargo c

error: failed to select a version for `atoma-confidential`.
    ... required by package `atoma-state v0.1.0 (/Users/bredamatt/Repos/Atoma/atoma-proxy/atoma-state)`
    ... which satisfies path dependency `atoma-state` (locked to 0.1.0) of package `atoma-auth v0.1.0 (/Users/bredamatt/Repos/Atoma/atoma-proxy/atoma-auth)`
versions that meet the requirements `*` are: 0.1.0

the package `atoma-state` depends on `atoma-confidential`, with features: `sev-snp` but `atoma-confidential` does not have these features.


failed to select a version for `atoma-confidential` which could resolve this conflict

because it is currently pointing to the main branch which does not have the features in this PR merged: AtomaAI/atoma-node#352

[jorgeantonio21]

It is looking great, if I understand correctly this code only compiles on x86_64 archs ?

[jorgeantonio21]

Can we use a tool to format the toml files ?

[jorgeantonio21]

This means that only proxies running on Linux (which is probably fine if it is deployed through docker) but on x86_64architecture can run this code, right ?

[bredamatt]

Regarding .toml format, we can do something like this:

[dependencies.atoma-confidential]
git = "url_here"
package = "package_here"
...

which is in sync with the conventions defined here: https://doc.rust-lang.org/style-guide/cargo.html.

Regarding the architecture, I think that only x86_64 supports AMD SNP and Intel CPUs, so yes, correct. If ARM TrustZone is added down the line, then this would require a separate target, i.e. arm64.

Furthermore, regarding Linux, yes if the proxy runs in a container which uses a Linux base image which supports the capabilities required by AMD SEV SNP and Intel TDX, then it will work.

[bredamatt]

Also, note that the above implies you are compiling with the confidential feature. It will compile without this feature on any machine for now, but naturally, you won't have the ability to verify attestation reports of confidential compute environments without that feature enabled.