@inco/lightning 0.4.0 → 0.5.1

package/src/lightning-parts/TEELifecycle.sol

@@ -1,60 +1,82 @@
-/// SPDX-License-Identifier: No License
 pragma solidity ^0.8.19;
 
-import "./TEELifecycle.types.sol";
-
+import {
+    BootstrapResult,
+    TEEVersion,
+    TEEVersionStatus
+} from "./TEELifecycle.types.sol";
 import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
-import {EIP712} from "@openzeppelin/contracts/utils/cryptography/EIP712.sol";
 import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
-import {IQuoteVerifier} from "automata-dcap-attestation/interfaces/IQuoteVerifier.sol";
-import {BELE} from "automata-dcap-attestation/utils/BELE.sol";
-import {HEADER_LENGTH} from "automata-dcap-attestation/types/Constants.sol";
-import {TD10ReportBody, Header} from "automata-dcap-attestation/types/V4Structs.sol";
+import {IQuoteVerifier} from "../interfaces/automata-interfaces/IQuoteVerifier.sol";
+import {BELE} from "../interfaces/automata-interfaces/BELE.sol";
 import {EIP712Upgradeable} from "@openzeppelin/contracts-upgradeable/utils/cryptography/EIP712Upgradeable.sol";
-import {EnclaveIdentityJsonObj, IdentityObj} from "@automata-network/on-chain-pccs/helpers/EnclaveIdentityHelper.sol";
-import {TcbInfoJsonObj} from "@automata-network/on-chain-pccs/helpers/FmspcTcbHelper.sol";
-import {AutomataFmspcTcbDao} from "@automata-network/on-chain-pccs/automata_pccs/AutomataFmspcTcbDao.sol";
-import {AutomataEnclaveIdentityDao} from "@automata-network/on-chain-pccs/automata_pccs/AutomataEnclaveIdentityDao.sol";
-
-// @todo: Make this contract UUPSUpgradeable: https://github.com/Inco-fhevm/inco-monorepo/issues/875
-contract TEELifecycle is OwnableUpgradeable, EIP712Upgradeable {
+import {ITEELifecycle} from "./interfaces/ITEELifecycle.sol";
+import {
+    TcbInfoJsonObj,
+    EnclaveIdentityJsonObj,
+    IdentityObj,
+    TD10ReportBody,
+    Header,
+    HEADER_LENGTH
+} from "../interfaces/automata-interfaces/Types.sol";
+import {IFmspcTcbDao} from "../interfaces/automata-interfaces/IFmspcTcbDao.sol";
+import {IAutomataEnclaveIdentityDao} from "../interfaces/automata-interfaces/IAutomataEnclaveIdentityDao.sol";
+
+// todo #1031 make TEELifecycle storage upgrade compatible
+abstract contract TEELifecycle is
+    ITEELifecycle,
+    OwnableUpgradeable,
+    EIP712Upgradeable
+{
+    error InvalidQuoteVerifierVersion(uint16 actual, uint16 expected);
+    error EmptyTcbInfo();
+    error EmptyIdentity();
+    error BootstrapNotComplete();
+    error BootstrapAlreadyCompleted();
+    /// @notice TEEVersionHistory must have exactly one version, please call approveNewTEEVersion first
+    error TEEVersionHistoryInconsistent();
+    error TEEVersionHistoryStatusIsNotPending();
+    error InvalidReportMRTD();
+    error InvalidBootstrapDataSignature();
+    /// @notice MRTD must be exactly 48 bytes
+    error MrtdInvalidLength();
+    error EOASignerAlreadyInitialized();
+    error InvalidMrtdReport();
+    error InvalidReportDataSigner();
 
     event QuoteVerifierUpdated(uint16 indexed version);
-
+    event TEEVersionUpdated(TEEVersion teeVersion);
+    event NewCovalidatorAdded(address covalidatorAddress, bytes quote);
     event BootstrapStageComplete(
         address indexed newEOASigner,
         BootstrapResult bootstrapResult
     );
 
-    event TEEVersionUpdated(
-        TEEVersion teeVersion
-    );
-
-    event NewCovalidatorAdded(
-        address covalidatorAddress,
-        bytes quote
-    );
-
-    bytes32 public constant BootstrapResultStructHash = 
-        keccak256(bytes(
-            "BootstrapResult(bytes ecies_pubkey)"
-        ));
+    bytes32 public constant BootstrapResultStructHash =
+        keccak256(bytes("BootstrapResult(bytes ecies_pubkey)"));
 
     uint16 public constant QUOTE_VERIFIER_VERSION = 4;
 
-    IQuoteVerifier quoteVerifier;
-
+    IQuoteVerifier public quoteVerifier;
     BootstrapResult public VerifiedBootstrapResult;
+    bool public BootstrapComplete;
 
     TEEVersion[] public TEEVersionHistory;
     bytes public ECIESPubkey;
     mapping(address => bool) public EOASigners;
 
-    function initialize(address owner, string memory eip712Name, string memory eip712Version, address quoteVerifierAddress) public initializer {
-        __Ownable_init(owner);
-        __EIP712_init(eip712Name, eip712Version);
-        quoteVerifier = IQuoteVerifier(quoteVerifierAddress);
-        require(quoteVerifier.quoteVersion() == QUOTE_VERIFIER_VERSION, "Invalid quote verifier version");
+    function __TEELifecycle_init(
+        IQuoteVerifier _quoteVerifier
+    ) internal onlyInitializing {
+        quoteVerifier = _quoteVerifier;
+        uint16 actualQuoteVerifierVersion = quoteVerifier.quoteVersion();
+        require(
+            actualQuoteVerifierVersion == QUOTE_VERIFIER_VERSION,
+            InvalidQuoteVerifierVersion(
+                actualQuoteVerifierVersion,
+                QUOTE_VERIFIER_VERSION
+            )
+        );
     }
 
     /**
@@ -62,15 +84,28 @@ contract TEELifecycle is OwnableUpgradeable, EIP712Upgradeable {
      * @param tcbInfo - The TCB info to upload
      * @param identity - The identity to upload
      */
-    function uploadCollateral(TcbInfoJsonObj memory tcbInfo, EnclaveIdentityJsonObj memory identity) public onlyOwner {
-        require(bytes(tcbInfo.tcbInfoStr).length != 0, "tcbInfo.tcbInfoStr must not be empty");
-        require(bytes(identity.identityStr).length != 0, "identity.identityStr must not be empty");
-
-        AutomataFmspcTcbDao fmspcTcbDao = AutomataFmspcTcbDao(quoteVerifier.pccsRouter().fmspcTcbDaoAddr());
+    function uploadCollateral(
+        TcbInfoJsonObj memory tcbInfo,
+        EnclaveIdentityJsonObj memory identity
+    ) public onlyOwner {
+        require(bytes(tcbInfo.tcbInfoStr).length != 0, EmptyTcbInfo());
+        require(bytes(identity.identityStr).length != 0, EmptyIdentity());
+
+        IFmspcTcbDao fmspcTcbDao = IFmspcTcbDao(
+            quoteVerifier.pccsRouter().fmspcTcbDaoAddr()
+        );
         fmspcTcbDao.upsertFmspcTcb(tcbInfo);
-        AutomataEnclaveIdentityDao enclaveIdDao = AutomataEnclaveIdentityDao(quoteVerifier.pccsRouter().qeIdDaoAddr());
-        (IdentityObj memory identityObj,) = enclaveIdDao.EnclaveIdentityLib().parseIdentityString(identity.identityStr);
-        enclaveIdDao.upsertEnclaveIdentity(uint256(identityObj.id), 4, identity);
+        IAutomataEnclaveIdentityDao enclaveIdDao = IAutomataEnclaveIdentityDao(
+            quoteVerifier.pccsRouter().qeIdDaoAddr()
+        );
+        (IdentityObj memory identityObj, ) = enclaveIdDao
+            .EnclaveIdentityLib()
+            .parseIdentityString(identity.identityStr);
+        enclaveIdDao.upsertEnclaveIdentity(
+            uint256(identityObj.id),
+            4,
+            identity
+        );
     }
 
     /**
@@ -79,12 +114,19 @@ contract TEELifecycle is OwnableUpgradeable, EIP712Upgradeable {
      * @param quote - The quote to verify against
      * @param signature - The signature to verify against
      */
-    function verifyBootstrapResult(BootstrapResult calldata bootstrapResult, bytes calldata quote, bytes calldata signature) public onlyOwner {
+    function verifyBootstrapResult(
+        BootstrapResult calldata bootstrapResult,
+        bytes calldata quote,
+        bytes calldata signature
+    ) public onlyOwner {
         // Make sure the bootstrap is not already complete, and that the contract owner
         // has already submitted the pending TEE MRTD.
-        require(!isBootstrapComplete(), "Bootstrap already completed");
-        require(TEEVersionHistory.length == 1, "TEEVersionHistory must have exactly one version, please call approveNewTEEVersion first");
-        require(TEEVersionHistory[0].status == TEEVersionStatus.PENDING, "TEEVersionHistory must still be pending");
+        require(!isBootstrapComplete(), BootstrapAlreadyCompleted());
+        require(TEEVersionHistory.length == 1, TEEVersionHistoryInconsistent());
+        require(
+            TEEVersionHistory[0].status == TEEVersionStatus.PENDING,
+            TEEVersionHistoryStatusIsNotPending()
+        );
 
         bytes32 _bootstrapResultDigest = bootstrapResultDigest(bootstrapResult);
         (bool success, bytes memory output) = _verifyAndAttestOnChain(quote);
@@ -93,10 +135,21 @@ contract TEELifecycle is OwnableUpgradeable, EIP712Upgradeable {
         bytes memory v0MRTD = TEEVersionHistory[0].mrtd;
 
         TD10ReportBody memory tdReport = parseTD10ReportBody(quote);
-        (address reportDataSigner, bytes memory reportMRTD) = parseReport(tdReport);
-        require(keccak256(reportMRTD) == keccak256(v0MRTD), "Invalid report MRTD");
-        address recoveredAddress = ECDSA.recover(_bootstrapResultDigest, signature);
-        require(recoveredAddress == reportDataSigner, "Invalid signature for bootstrap data");
+        (address reportDataSigner, bytes memory reportMRTD) = parseReport(
+            tdReport
+        );
+        require(
+            keccak256(reportMRTD) == keccak256(v0MRTD),
+            InvalidReportMRTD()
+        );
+        address recoveredAddress = ECDSA.recover(
+            _bootstrapResultDigest,
+            signature
+        );
+        require(
+            recoveredAddress == reportDataSigner,
+            InvalidBootstrapDataSignature()
+        );
 
         VerifiedBootstrapResult = bootstrapResult;
         TEEVersionHistory[0].status = TEEVersionStatus.ACTIVE;
@@ -112,13 +165,12 @@ contract TEELifecycle is OwnableUpgradeable, EIP712Upgradeable {
      * @dev This function increments the version number automatically based on the current history
      */
     function approveNewTEEVersion(bytes calldata newMRTD) public onlyOwner {
-        require(newMRTD.length == 48, "MRTD must be 48 bytes");
-        
-        TEEVersionHistory.push(TEEVersion({
-            mrtd: newMRTD,
-            status: TEEVersionStatus.PENDING
-        }));
-        
+        require(newMRTD.length == 48, MrtdInvalidLength());
+
+        TEEVersionHistory.push(
+            TEEVersion({mrtd: newMRTD, status: TEEVersionStatus.PENDING})
+        );
+
         emit TEEVersionUpdated(TEEVersionHistory[TEEVersionHistory.length - 1]);
     }
 
@@ -127,16 +179,22 @@ contract TEELifecycle is OwnableUpgradeable, EIP712Upgradeable {
      * @param quote - The quote from the new covalidator that contains the current MRTD and the eoa address of the new party in the report data
      */
     function addNewCovalidator(bytes calldata quote) public onlyOwner {
-        require(isBootstrapComplete(), "Bootstrap not complete");
+        require(isBootstrapComplete(), BootstrapNotComplete());
 
         (bool success, bytes memory output) = _verifyAndAttestOnChain(quote);
         require(success, string(output));
         TD10ReportBody memory tdReport = parseTD10ReportBody(quote);
-        (address reportDataSigner, bytes memory reportMRTD) = parseReport(tdReport);
-        require(!EOASigners[reportDataSigner], "EOA signer already initialized");
-        
-        require(keccak256(reportMRTD) == keccak256(TEEVersionHistory[TEEVersionHistory.length - 1].mrtd), "Invalid report MRTD");
-        require(reportDataSigner != address(0), "Invalid report data signer");
+        (address reportDataSigner, bytes memory reportMRTD) = parseReport(
+            tdReport
+        );
+        require(!EOASigners[reportDataSigner], EOASignerAlreadyInitialized());
+
+        require(
+            keccak256(reportMRTD) ==
+                keccak256(TEEVersionHistory[TEEVersionHistory.length - 1].mrtd),
+            InvalidMrtdReport()
+        );
+        require(reportDataSigner != address(0), InvalidReportDataSigner());
         emit NewCovalidatorAdded(reportDataSigner, quote);
         EOASigners[reportDataSigner] = true;
         //TODO: Add the new covalidator signers to the Signers contract state
@@ -147,7 +205,9 @@ contract TEELifecycle is OwnableUpgradeable, EIP712Upgradeable {
      * @return true if the bootstrap is complete, false otherwise
      */
     function isBootstrapComplete() public view returns (bool) {
-        return TEEVersionHistory.length >= 1 && TEEVersionHistory[0].status == TEEVersionStatus.ACTIVE;
+        return
+            TEEVersionHistory.length >= 1 &&
+            TEEVersionHistory[0].status == TEEVersionStatus.ACTIVE;
     }
 
     /**
@@ -159,12 +219,14 @@ contract TEELifecycle is OwnableUpgradeable, EIP712Upgradeable {
      * For verification failures, the output is simply a UTF-8 encoded string, describing the reason for failure.
      * @dev can directly type-cast the failed output as a string
      */
-    function _verifyAndAttestOnChain(bytes calldata rawQuote) internal view returns (bool success, bytes memory output) {
+    function _verifyAndAttestOnChain(
+        bytes calldata rawQuote
+    ) internal view returns (bool success, bytes memory output) {
         // Parse the header
         Header memory header;
         (success, header) = _parseQuoteHeader(rawQuote);
         if (!success) {
-            return (false, bytes("Could not parse quote header"));
+            return (false, bytes("Could not parse quote header")); // todo #949 switch the two returned strings for bytes4 identifiers
         }
 
         if (QUOTE_VERIFIER_VERSION != header.version) {
@@ -180,7 +242,9 @@ contract TEELifecycle is OwnableUpgradeable, EIP712Upgradeable {
      * @notice From https://github.com/automata-network/automata-dcap-attestation/blob/evm-v1.0.0/evm/contracts/AttestationEntrypointBase.sol#L168
      * @notice Parses the header to get basic information about the quote, such as the version, TEE types etc.
      */
-    function _parseQuoteHeader(bytes calldata rawQuote) private pure returns (bool success, Header memory header) {
+    function _parseQuoteHeader(
+        bytes calldata rawQuote
+    ) private pure returns (bool success, Header memory header) {
         success = rawQuote.length >= HEADER_LENGTH;
         if (success) {
             uint16 version = uint16(BELE.leBytesToBeUint(rawQuote[0:2]));
@@ -209,23 +273,49 @@ contract TEELifecycle is OwnableUpgradeable, EIP712Upgradeable {
      * @param rawQuote - The raw quote bytes
      * @return report - The parsed TD10 report body
      */
-    function parseTD10ReportBody(bytes calldata rawQuote) public pure returns (TD10ReportBody memory report) {
+    function parseTD10ReportBody(
+        bytes calldata rawQuote
+    ) public pure returns (TD10ReportBody memory report) {
         report = TD10ReportBody({
-            teeTcbSvn: bytes16(rawQuote[HEADER_LENGTH:HEADER_LENGTH+16]),
-            mrSeam: bytes(rawQuote[HEADER_LENGTH+16:HEADER_LENGTH+64]),
-            mrsignerSeam: bytes(rawQuote[HEADER_LENGTH+64:HEADER_LENGTH+112]),
-            seamAttributes: bytes8(uint64(BELE.leBytesToBeUint(rawQuote[HEADER_LENGTH+112:HEADER_LENGTH+120]))),
-            tdAttributes: bytes8(uint64(BELE.leBytesToBeUint(rawQuote[HEADER_LENGTH+120:HEADER_LENGTH+128]))),
-            xFAM: bytes8(uint64(BELE.leBytesToBeUint(rawQuote[HEADER_LENGTH+128:HEADER_LENGTH+136]))),
-            mrTd: bytes(rawQuote[HEADER_LENGTH+136:HEADER_LENGTH+184]),
-            mrConfigId: bytes(rawQuote[HEADER_LENGTH+184:HEADER_LENGTH+232]),
-            mrOwner: bytes(rawQuote[HEADER_LENGTH+232:HEADER_LENGTH+280]),
-            mrOwnerConfig: bytes(rawQuote[HEADER_LENGTH+280:HEADER_LENGTH+328]),
-            rtMr0: bytes(rawQuote[HEADER_LENGTH+328:HEADER_LENGTH+376]),
-            rtMr1: bytes(rawQuote[HEADER_LENGTH+376:HEADER_LENGTH+424]),
-            rtMr2: bytes(rawQuote[HEADER_LENGTH+424:HEADER_LENGTH+472]),
-            rtMr3: bytes(rawQuote[HEADER_LENGTH+472:HEADER_LENGTH+520]),
-            reportData: bytes(rawQuote[HEADER_LENGTH+520:HEADER_LENGTH+584])
+            teeTcbSvn: bytes16(rawQuote[HEADER_LENGTH:HEADER_LENGTH + 16]),
+            mrSeam: bytes(rawQuote[HEADER_LENGTH + 16:HEADER_LENGTH + 64]),
+            mrsignerSeam: bytes(
+                rawQuote[HEADER_LENGTH + 64:HEADER_LENGTH + 112]
+            ),
+            seamAttributes: bytes8(
+                uint64(
+                    BELE.leBytesToBeUint(
+                        rawQuote[HEADER_LENGTH + 112:HEADER_LENGTH + 120]
+                    )
+                )
+            ),
+            tdAttributes: bytes8(
+                uint64(
+                    BELE.leBytesToBeUint(
+                        rawQuote[HEADER_LENGTH + 120:HEADER_LENGTH + 128]
+                    )
+                )
+            ),
+            xFAM: bytes8(
+                uint64(
+                    BELE.leBytesToBeUint(
+                        rawQuote[HEADER_LENGTH + 128:HEADER_LENGTH + 136]
+                    )
+                )
+            ),
+            mrTd: bytes(rawQuote[HEADER_LENGTH + 136:HEADER_LENGTH + 184]),
+            mrConfigId: bytes(
+                rawQuote[HEADER_LENGTH + 184:HEADER_LENGTH + 232]
+            ),
+            mrOwner: bytes(rawQuote[HEADER_LENGTH + 232:HEADER_LENGTH + 280]),
+            mrOwnerConfig: bytes(
+                rawQuote[HEADER_LENGTH + 280:HEADER_LENGTH + 328]
+            ),
+            rtMr0: bytes(rawQuote[HEADER_LENGTH + 328:HEADER_LENGTH + 376]),
+            rtMr1: bytes(rawQuote[HEADER_LENGTH + 376:HEADER_LENGTH + 424]),
+            rtMr2: bytes(rawQuote[HEADER_LENGTH + 424:HEADER_LENGTH + 472]),
+            rtMr3: bytes(rawQuote[HEADER_LENGTH + 472:HEADER_LENGTH + 520]),
+            reportData: bytes(rawQuote[HEADER_LENGTH + 520:HEADER_LENGTH + 584])
         });
     }
 
@@ -235,14 +325,16 @@ contract TEELifecycle is OwnableUpgradeable, EIP712Upgradeable {
      * @return reportDataSigner - The signing address of the report data signer
      * @return reportMRTD - The MRTD bytes from the report
      */
-    function parseReport(TD10ReportBody memory tdReport) public pure returns (address, bytes memory) {
+    function parseReport(
+        TD10ReportBody memory tdReport
+    ) public pure returns (address, bytes memory) {
         return (address(bytes20(tdReport.reportData)), tdReport.mrTd);
     }
 
     function bootstrapResultDigest(
         BootstrapResult memory bootstrapResult
     ) public view returns (bytes32) {
-        return 
+        return
             _hashTypedDataV4(
                 keccak256(
                     abi.encode(
@@ -252,4 +344,4 @@ contract TEELifecycle is OwnableUpgradeable, EIP712Upgradeable {
                 )
             );
     }
-}
+}

package/src/lightning-parts/TrivialEncryption.sol

@@ -2,13 +2,13 @@
 pragma solidity ^0.8;
 
 import {EventCounter} from "./primitives/EventCounter.sol";
-import {euint256, ebool, eaddress, EOps, ETypes} from "../Types.sol";
+import {euint256, ebool, eaddress, ETypes} from "../Types.sol";
 import {BaseAccessControlList} from "./AccessControl/BaseAccessControlList.sol";
 import {HandleGeneration} from "./primitives/HandleGeneration.sol";
-import {ITrivialEncryptionGen} from "./TrivialEncryption.gen.sol";
+import {ITrivialEncryption} from "./interfaces/ITrivialEncryption.sol";
 
 abstract contract TrivialEncryption is
-    ITrivialEncryptionGen,
+    ITrivialEncryption,
     BaseAccessControlList,
     EventCounter,
     HandleGeneration
@@ -31,7 +31,10 @@ abstract contract TrivialEncryption is
 
     function asEaddress(address value) external returns (eaddress newEaddress) {
         bytes32 castedValue = bytes32(uint256(uint160(value)));
-        return eaddress.wrap(newTrivialEncrypt(castedValue, ETypes.AddressOrUint160OrBytes20));
+        return
+            eaddress.wrap(
+                newTrivialEncrypt(castedValue, ETypes.AddressOrUint160OrBytes20)
+            );
     }
 
     function newTrivialEncrypt(
@@ -41,12 +44,7 @@ abstract contract TrivialEncryption is
         newHandle = getTrivialEncryptHandle(plainTextBytes, handleType);
         allowTransientInternal(newHandle, msg.sender);
         uint256 id = getNextEventId();
-        emit TrivialEncrypt(
-            newHandle,
-            plainTextBytes,
-            handleType,
-            id
-        );
+        emit TrivialEncrypt(newHandle, plainTextBytes, handleType, id);
         setDigest(abi.encodePacked(newHandle, id));
     }
 }

package/src/lightning-parts/interfaces/IDecryptionAttester.sol

@@ -0,0 +1,9 @@
+// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+import { DecryptionAttestation } from "../DecryptionAttester.types.sol";
+
+interface IDecryptionAttester {
+    function decryptionAttestationDigest(DecryptionAttestation memory decryption) external view returns (bytes32);
+    function isValidDecryptionAttestation(DecryptionAttestation memory decryption, bytes memory signature) external view returns (bool);
+}

package/src/lightning-parts/interfaces/IEncryptedInput.sol

@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+import {euint256, ebool, eaddress} from "../../Types.sol";
+
+interface IEncryptedInput {
+    function newEuint256(
+        bytes memory ciphertext,
+        address user
+    ) external returns (euint256 newValue);
+    function newEbool(
+        bytes memory ciphertext,
+        address user
+    ) external returns (ebool newValue);
+    function newEaddress(
+        bytes memory ciphertext,
+        address user
+    ) external returns (eaddress newValue);
+}

package/src/lightning-parts/interfaces/IEncryptedOperations.sol

@@ -0,0 +1,31 @@
+// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+import {euint256} from "../../Types.sol";
+
+interface IEncryptedOperations {
+    function eAdd(
+        euint256 lhs,
+        euint256 rhs
+    ) external returns (euint256 result);
+    function eSub(
+        euint256 lhs,
+        euint256 rhs
+    ) external returns (euint256 result);
+    function eMul(
+        euint256 lhs,
+        euint256 rhs
+    ) external returns (euint256 result);
+    function eDiv(
+        euint256 lhs,
+        euint256 rhs
+    ) external returns (euint256 result);
+    function eRem(
+        euint256 lhs,
+        euint256 rhs
+    ) external returns (euint256 result);
+    function eBitAnd(
+        bytes32 lhs,
+        bytes32 rhs
+    ) external returns (bytes32 result);
+}

package/src/lightning-parts/interfaces/ITEELifecycle.sol

@@ -0,0 +1,26 @@
+/// SPDX-License-Identifier: No License
+pragma solidity ^0.8.19;
+
+import {BootstrapResult} from "../TEELifecycle.types.sol";
+import {IQuoteVerifier} from "../../interfaces/automata-interfaces/IQuoteVerifier.sol";
+import {TD10ReportBody} from "../../interfaces/automata-interfaces/Types.sol";
+
+interface ITEELifecycle {
+    function verifyBootstrapResult(
+        BootstrapResult calldata bootstrapResult,
+        bytes calldata quote,
+        bytes calldata signature
+    ) external;
+    function approveNewTEEVersion(bytes calldata newMRTD) external;
+    function addNewCovalidator(bytes calldata quote) external;
+    function parseTD10ReportBody(
+        bytes calldata rawQuote
+    ) external pure returns (TD10ReportBody memory report);
+    function parseReport(
+        TD10ReportBody memory tdReport
+    ) external pure returns (address, bytes memory);
+    function bootstrapResultDigest(
+        BootstrapResult memory bootstrapResult
+    ) external view returns (bytes32);
+    function quoteVerifier() external view returns (IQuoteVerifier);
+}

package/src/lightning-parts/interfaces/ITrivialEncryption.sol

@@ -0,0 +1,10 @@
+// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+import {euint256, ebool, eaddress} from "../../Types.sol";
+
+interface ITrivialEncryption {
+    function asEuint256(uint256 value) external returns (euint256 newEuint256);
+    function asEbool(bool value) external returns (ebool newEbool);
+    function asEaddress(address value) external returns (eaddress newEaddress);
+}

package/src/lightning-parts/primitives/EventCounter.sol

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
-import {IEventCounterGen} from "./EventCounter.gen.sol";
+import {IEventCounter} from "./interfaces/IEventCounter.sol";
 
 contract EventCounterStorage {
     struct Storage {
@@ -24,7 +24,7 @@ contract EventCounterStorage {
     }
 }
 
-contract EventCounter is IEventCounterGen, EventCounterStorage {
+contract EventCounter is IEventCounter, EventCounterStorage {
     function getNewEventId() internal returns (uint256 newEventId) {
         newEventId = getEventCounterStorage().eventCounter++;
     }

package/src/lightning-parts/primitives/HandleGeneration.sol

@@ -1,11 +1,16 @@
 // SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
-import {ETypes, EOps, EVM_HOST_CHAIN_PREFIX, HANDLE_INDEX} from "../../Types.sol";
+import {
+    ETypes,
+    EOps,
+    EVM_HOST_CHAIN_PREFIX,
+    HANDLE_INDEX
+} from "../../Types.sol";
 import {HandleMetadata} from "./HandleMetadata.sol";
-import {IHandleGenerationGen} from "./HandleGeneration.gen.sol";
+import {IHandleGeneration} from "./interfaces/IHandleGeneration.sol";
 
-contract HandleGeneration is IHandleGenerationGen, HandleMetadata {
+contract HandleGeneration is IHandleGeneration, HandleMetadata {
     function getTrivialEncryptHandle(
         bytes32 plaintextBytes,
         ETypes handleType

package/src/lightning-parts/primitives/HandleMetadata.sol

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
-import {HANDLE_VERSION, HANDLE_INDEX, ETypes} from "../../Types.sol";
+import { HANDLE_VERSION, HANDLE_INDEX, ETypes } from "../../Types.sol";
 
 contract HandleMetadata {
     function embedIndexTypeVersion(

package/src/lightning-parts/primitives/LightningAddressGetter.sol

@@ -0,0 +1,10 @@
+// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+abstract contract LightningAddressGetter {
+    address internal immutable incoLightningAddress;
+
+    constructor(address _incoLightningAddress) {
+        incoLightningAddress = _incoLightningAddress;
+    }
+}

package/src/lightning-parts/primitives/SignatureVerifier.sol

@@ -3,7 +3,7 @@ pragma solidity ^0.8;
 
 import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
 import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
-import {ISignatureVerifierGen} from "./SignatureVerifier.gen.sol";
+import {ISignatureVerifier} from "./interfaces/ISignatureVerifier.sol";
 import {TEELifecycle} from "../TEELifecycle.sol";
 
 contract SignatureVerifierStorage {
@@ -28,7 +28,7 @@ contract SignatureVerifierStorage {
     }
 }
 
-contract SignatureVerifier is ISignatureVerifierGen, OwnableUpgradeable, SignatureVerifierStorage {
+abstract contract SignatureVerifier is ISignatureVerifier, OwnableUpgradeable, SignatureVerifierStorage {
     using ECDSA for bytes32;
 
     error SignerNotFound(address signerAddress);
@@ -36,13 +36,6 @@ contract SignatureVerifier is ISignatureVerifierGen, OwnableUpgradeable, Signatu
     event AddedSignatureVerifier(address signerAddress);
     event RemovedSignatureVerifier(address signerAddress);
 
-    // Reference to the TEELifecycle contract, to get the list of EOA signers
-    TEELifecycle teeLifecycle;
-
-    function __SignatureVerifier_init(address _teeLifecycleAddress) internal {
-        teeLifecycle = TEELifecycle(_teeLifecycleAddress);
-    }
-
     // @todo: This function should be removed once we have a way to read the signers from the TEELifecycle contract
     function addSigner(address signerAddress) external onlyOwner {
         getSigVerifierStorage().isSigner[signerAddress] = true;

package/src/lightning-parts/primitives/VerifierAddressGetter.sol

@@ -0,0 +1,13 @@
+// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+import {IIncoVerifier} from "../../interfaces/IIncoVerifier.sol";
+import {IVerifierAddressGetter} from "./interfaces/IVerifierAddressGetter.sol";
+
+abstract contract VerifierAddressGetter is IVerifierAddressGetter {
+    IIncoVerifier public immutable incoVerifier;
+
+    constructor(address _incoVerifier) {
+        incoVerifier = IIncoVerifier(_incoVerifier);
+    }
+}

package/src/lightning-parts/primitives/{EventCounter.gen.sol → interfaces/IEventCounter.sol}

@@ -1,8 +1,8 @@
 /// SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
-interface IEventCounterGen {
+interface IEventCounter {
     function getNextEventId() external view returns (uint256);
 
     function getEventCounter() external view returns (uint256);
-}
+}