feat: improve TaskDescription with SGX or TDX requirements instead of generic TEE (#151)

jbern0rd · web-flow · commit 5bffaf87cdce · 2025-09-29T14:01:04.000+02:00
diff --git a/src/main/java/com/iexec/commons/poco/task/TaskDescription.java b/src/main/java/com/iexec/commons/poco/task/TaskDescription.java
@@ -69,6 +69,10 @@ public class TaskDescription {
     int botSize;
 
     // TEE from tag
+    /**
+     * @deprecated use more specialized requiresSgx()/requiresTdx() instead
+     */
+    @Deprecated(forRemoval = true)
     boolean isTeeTask;
     TeeFramework teeFramework;
 
@@ -133,15 +137,14 @@ public boolean isBulkRequest() {
      * A task is eligible to the Contribute And Finalize flow
      * if it matches the following conditions:
      * <ul>
-     *     <li>It is a TEE task
-     *     <li>Its trust is 1
-     *     <li>It does not contain a callback - bug in the PoCo, should be fixed
+     * <li>Its trust is 1
+     * <li>It is a TEE task requiring a known SGX or TDX framework
      * </ul>
      *
      * @return {@literal true} if eligible, {@literal false} otherwise.
      */
     public boolean isEligibleToContributeAndFinalize() {
-        return isTeeTask && BigInteger.ONE.equals(trust);
+        return BigInteger.ONE.equals(trust) && (requiresSgx() || requiresTdx());
     }
 
     /**
@@ -153,6 +156,24 @@ public boolean requiresPreCompute() {
         return containsDataset() || containsInputFiles() || isBulkRequest();
     }
 
+    /**
+     * Returns whether the SGX TEE framework is required or not
+     *
+     * @return {@literal true} if SGX is needed, {@literal false} otherwise
+     */
+    public boolean requiresSgx() {
+        return teeFramework == TeeFramework.SCONE || teeFramework == TeeFramework.GRAMINE;
+    }
+
+    /**
+     * Returns whether the TDX TEE framework is required or not
+     *
+     * @return {@literal true} if TDX is needed, {@literal false} otherwise
+     */
+    public boolean requiresTdx() {
+        return teeFramework == TeeFramework.TDX;
+    }
+
     /**
      * Create a {@link TaskDescription} from the provided chain deal. This method
      * if preferred to constructors or the builder method.
diff --git a/src/main/java/com/iexec/commons/poco/tee/TeeUtils.java b/src/main/java/com/iexec/commons/poco/tee/TeeUtils.java
@@ -42,12 +42,16 @@ public class TeeUtils {
 
     /**
      * Check if hexTag asks for a known TEE runtime framework.
+     * <p>
+     * To avoid breaking change, this will only deal with SGX
      *
      * @param hexTag tag of the deal
      * @return true if a known TEE runtime framework is requested
+     * @deprecated for dedicated methods in {@code TaskDescription}
      */
+    @Deprecated(forRemoval = true)
     public static boolean isTeeTag(final String hexTag) {
-        return hasTeeSconeInTag(hexTag) || hasTeeGramineInTag(hexTag) || hasTeeTdxInTag(hexTag);
+        return hasTeeSconeInTag(hexTag) || hasTeeGramineInTag(hexTag);
     }
 
     /**
diff --git a/src/test/java/com/iexec/commons/poco/task/TaskDescriptionTests.java b/src/test/java/com/iexec/commons/poco/task/TaskDescriptionTests.java
@@ -26,7 +26,7 @@
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
 import org.junit.jupiter.params.provider.NullSource;
-import org.junit.jupiter.params.provider.ValueSource;
+import org.web3j.utils.Numeric;
 
 import java.math.BigInteger;
 import java.util.Collections;
@@ -344,38 +344,72 @@ private static Stream<Arguments> provideDealParamsWithoutBulkCid() {
 
     // region isEligibleToContributeAndFinalize
     @ParameterizedTest
-    @ValueSource(strings = {"", CALLBACK})
-    void shouldBeEligibleToContributeAndFinalize(final String callback) {
+    @MethodSource("provideEligibleToContributeAndFinalizeParams")
+    void shouldBeEligibleToContributeAndFinalize(final String tag, final String callback) {
         final TaskDescription taskDescription = TaskDescription.builder()
-                .isTeeTask(true)
                 .trust(BigInteger.ONE)
+                .tag(tag)
                 .callback(callback)
+                .teeFramework(TeeUtils.getTeeFramework(tag))
                 .build();
 
         assertTrue(taskDescription.isEligibleToContributeAndFinalize());
     }
 
-    @Test
-    void shouldNotBeEligibleToContributeAndFinalizeSinceNotTee() {
+    static Stream<Arguments> provideEligibleToContributeAndFinalizeParams() {
+        return Stream.of(
+                Arguments.of(TeeUtils.TEE_SCONE_ONLY_TAG, ""),
+                Arguments.of(TeeUtils.TEE_SCONE_ONLY_TAG, CALLBACK),
+                Arguments.of(TeeUtils.TEE_GRAMINE_ONLY_TAG, ""),
+                Arguments.of(TeeUtils.TEE_GRAMINE_ONLY_TAG, CALLBACK),
+                Arguments.of(TeeUtils.TEE_TDX_ONLY_TAG, ""),
+                Arguments.of(TeeUtils.TEE_TDX_ONLY_TAG, CALLBACK)
+        );
+    }
+
+    @ParameterizedTest
+    @MethodSource("provideNotEligibleToContributeAndFinalizeTags")
+    void shouldNotBeEligibleToContributeAndFinalizeWithInvalidTag(final String tag) {
         final TaskDescription taskDescription = TaskDescription.builder()
-                .isTeeTask(false)
                 .trust(BigInteger.ONE)
+                .tag(tag)
                 .callback("")
+                .teeFramework(TeeUtils.getTeeFramework(tag))
                 .build();
 
         assertFalse(taskDescription.isEligibleToContributeAndFinalize());
     }
 
-    @Test
-    void shouldNotBeEligibleToContributeAndFinalizeSinceWrongTrust() {
+    static Stream<String> provideNotEligibleToContributeAndFinalizeTags() {
+        return Stream.of(
+                Numeric.toHexStringWithPrefixZeroPadded(BigInteger.valueOf(0x0), 32),
+                Numeric.toHexStringWithPrefixZeroPadded(BigInteger.valueOf(0x1), 32),
+                Numeric.toHexStringWithPrefixZeroPadded(BigInteger.valueOf(0x2), 32),
+                Numeric.toHexStringWithPrefixZeroPadded(BigInteger.valueOf(0x4), 32),
+                Numeric.toHexStringWithPrefixZeroPadded(BigInteger.valueOf(0x8), 32)
+        );
+    }
+
+    @ParameterizedTest
+    @MethodSource("provideEligibleToContributeAndFinalizeTags")
+    void shouldNotBeEligibleToContributeAndFinalizeSinceWrongTrust(final String tag) {
         final TaskDescription taskDescription = TaskDescription.builder()
-                .isTeeTask(true)
                 .trust(BigInteger.TEN)
+                .tag(tag)
                 .callback("")
+                .teeFramework(TeeUtils.getTeeFramework(tag))
                 .build();
 
         assertFalse(taskDescription.isEligibleToContributeAndFinalize());
     }
+
+    static Stream<String> provideEligibleToContributeAndFinalizeTags() {
+        return Stream.of(
+                TeeUtils.TEE_SCONE_ONLY_TAG,
+                TeeUtils.TEE_GRAMINE_ONLY_TAG,
+                TeeUtils.TEE_TDX_ONLY_TAG
+        );
+    }
     // endregion
 
     // region requiresPreCompute
diff --git a/src/test/java/com/iexec/commons/poco/tee/TeeUtilsTests.java b/src/test/java/com/iexec/commons/poco/tee/TeeUtilsTests.java
@@ -44,7 +44,7 @@ void areValidFields() {
     }
 
     @ParameterizedTest
-    @ValueSource(ints = {0x3, 0x5, 0x9, 0xf3, 0xf5, 0xf9})
+    @ValueSource(ints = {0x3, 0x5, 0xf3, 0xf5})
     void isTeeTag(int tag) {
         assertThat(TeeUtils.isTeeTag(toByte32HexString(tag))).isTrue();
     }
@@ -53,7 +53,7 @@ void isTeeTag(int tag) {
     @ValueSource(ints = {
             0b0000, 0b0001, 0b0010,
             0b0100, 0b0110, 0b0111,
-            0b1000, 0b1010, 0b1011,
+            0b1000, 0b1001, 0b1010, 0b1011,
             0b1100, 0b1101, 0b1110, 0b1111
     })
     void isNotTeeTag(int tag) {
