informalsystems · MSalopek · Oct 7, 2025 · Oct 6, 2025 · Oct 6, 2025 · Oct 6, 2025
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/cli/Cargo.toml b/crates/cli/Cargo.toml
@@ -37,7 +37,7 @@ dirs = "5.0.1"
 serde.workspace = true
 serde_json.workspace = true
 tracing.workspace = true
-tracing-subscriber = { workspace = true, features = ["env-filter"] }
+tracing-subscriber = { workspace = true, features = ["env-filter", "ansi"] }
 hex.workspace = true
 tokio = { workspace = true, features = ["process"] }
 tonic.workspace = true

diff --git a/crates/cli/src/cli.rs b/crates/cli/src/cli.rs
@@ -92,12 +92,12 @@
 }

 #[derive(Debug, Clone, Subcommand, Serialize)]
 pub enum EnclaveCommand {
    /// Build the Quartz app's enclave
    Build(EnclaveBuildArgs),
    /// Run the Quartz app's enclave
    Start(EnclaveStartArgs),
 }

 #[derive(Debug, Parser, Clone, Serialize, Deserialize)]
 pub struct InitArgs {
@@ -273,6 +273,11 @@
     #[arg(long)]
     #[serde(skip_serializing_if = "Option::is_none")]
     pub bin_path: Option<PathBuf>,
+
+    /// Disable backup/restore; do not write sealed backup file
+    #[arg(long, default_value_t = false)]
+    #[serde(skip_serializing_if = "is_false")]
+    pub no_backup: bool,
 }
 
 #[derive(Debug, Parser, Clone, Serialize, Deserialize)]
@@ -306,10 +311,20 @@
     #[serde(skip_serializing_if = "Option::is_none")]
     pub dcap_verifier_contract: Option<AccountId>,
 
+    /// PCCS URL
+    #[arg(long)]
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub pccs_url: Option<Url>,
+
     /// Path to the enclave executable (only used in mock-sgx mode)
     #[arg(long)]
     #[serde(skip_serializing_if = "Option::is_none")]
     pub bin_path: Option<PathBuf>,
+
+    /// Disable backup/restore; do not write sealed backup file
+    #[arg(long, default_value_t = false)]
+    #[serde(skip_serializing_if = "is_false")]
+    pub no_backup: bool,
 }
 
 #[serde_as]

diff --git a/crates/cli/src/handler/dev.rs b/crates/cli/src/handler/dev.rs
@@ -183,9 +183,10 @@ fn spawn_enclave_start(args: &DevRequest, config: &Config) -> Result<bool> {
         unsafe_trust_latest: args.unsafe_trust_latest,
         bin_path: args.bin_path.clone(),
         fmspc: args.fmspc.clone(),
-        pccs_url: None,
+        pccs_url: args.pccs_url.clone(),
         tcbinfo_contract: args.tcbinfo_contract.clone(),
         dcap_verifier_contract: args.dcap_verifier_contract.clone(),
+        no_backup: args.no_backup,
     };
 
     let config_cpy = config.clone();

diff --git a/crates/cli/src/handler/enclave_start.rs b/crates/cli/src/handler/enclave_start.rs
@@ -41,7 +41,7 @@ impl Handler for EnclaveStartRequest {
         write_cache_hash_height(trusted_height, trusted_hash, &config).await?;
 
         if config.mock_sgx {
-            let enclave_args: Vec<String> = vec![
+            let mut enclave_args: Vec<String> = vec![
                 "--chain-id".to_string(),
                 config.chain_id.to_string(),
                 "--trusted-height".to_string(),
@@ -58,6 +58,10 @@ impl Handler for EnclaveStartRequest {
                 config.tx_sender,
             ];
 
+            if self.no_backup {
+                enclave_args.push("--no-backup".to_string());
+            }
+
             // Run quartz enclave and block
             let enclave_child = create_mock_enclave_child(
                 config.app_dir.as_path(),
@@ -113,6 +117,7 @@ impl Handler for EnclaveStartRequest {
                 &config.node_url,
                 &config.ws_url,
                 &config.grpc_url,
+                self.no_backup,
             )
             .await?;
 
@@ -204,6 +209,7 @@ async fn gramine_manifest(
     node_url: &Url,
     ws_url: &Url,
     grpc_url: &Url,
+    no_backup: bool,
 ) -> Result<()> {
     let host = target_lexicon::HOST;
     let arch_libdir = format!(
@@ -235,6 +241,7 @@ async fn gramine_manifest(
             "-Ddcap_verifier_contract={}",
             dcap_verifier_contract
         ))
+        .arg(format!("-Dno_backup={}", no_backup))
         .arg("quartz.manifest.template")
         .arg("quartz.manifest")
         .current_dir(enclave_dir)

diff --git a/crates/cli/src/main.rs b/crates/cli/src/main.rs
@@ -77,6 +77,7 @@ async fn main() -> Result<()> {
     tracing_subscriber::fmt()
         .with_target(false)
         .with_writer(std::io::stderr)
+        .with_ansi(true)
         .with_env_filter(env_filter)
         .finish()
         .init();

diff --git a/crates/cli/src/request.rs b/crates/cli/src/request.rs
@@ -64,8 +64,10 @@ impl TryFrom<Command> for Request {
                     fmspc: args.fmspc,
                     tcbinfo_contract: args.tcbinfo_contract,
                     dcap_verifier_contract: args.dcap_verifier_contract,
+                    pccs_url: args.pccs_url,
                     wasm_bin_path: args.contract_deploy.wasm_bin_path,
                     bin_path: args.bin_path,
+                    no_backup: args.no_backup,
                 }
                 .into())
             }
@@ -129,6 +131,7 @@ impl TryFrom<EnclaveCommand> for Request {
                 pccs_url: args.pccs_url,
                 tcbinfo_contract: args.tcbinfo_contract,
                 dcap_verifier_contract: args.dcap_verifier_contract,
+                no_backup: args.no_backup,
             }
             .into()),
         }

diff --git a/crates/cli/src/request/dev.rs b/crates/cli/src/request/dev.rs
@@ -2,6 +2,7 @@ use std::path::PathBuf;
 
 use cosmrs::AccountId;
 use quartz_common::enclave::types::Fmspc;
+use reqwest::Url;
 
 use crate::request::Request;
 
@@ -18,8 +19,10 @@ pub struct DevRequest {
     pub fmspc: Option<Fmspc>,
     pub tcbinfo_contract: Option<AccountId>,
     pub dcap_verifier_contract: Option<AccountId>,
+    pub pccs_url: Option<Url>,
     pub wasm_bin_path: Option<PathBuf>,
     pub bin_path: Option<PathBuf>,
+    pub no_backup: bool,
 }
 
 impl From<DevRequest> for Request {

diff --git a/crates/cli/src/request/enclave_start.rs b/crates/cli/src/request/enclave_start.rs
@@ -17,6 +17,7 @@ pub struct EnclaveStartRequest {
     pub pccs_url: Option<Url>,
     pub tcbinfo_contract: Option<AccountId>,
     pub dcap_verifier_contract: Option<AccountId>,
+    pub no_backup: bool,
 }
 
 impl From<EnclaveStartRequest> for Request {

diff --git a/crates/enclave/core/src/host.rs b/crates/enclave/core/src/host.rs
@@ -123,7 +123,7 @@ pub struct DefaultHost<R, EV, GF, E, C = DefaultChainClient> {
     enclave: E,
     chain_client: C,
     gas_fn: GF,
-    backup_path: PathBuf,
+    backup_path: Option<PathBuf>,
     notifier_rx: Receiver<Notification>,
     _phantom: PhantomData<(R, EV)>,
 }
@@ -137,7 +137,7 @@ where
         enclave: E,
         chain_client: C,
         gas_fn: GF,
-        backup_path: PathBuf,
+        backup_path: Option<PathBuf>,
         notifier_rx: Receiver<Notification>,
     ) -> Self {
         Self {
@@ -201,23 +201,29 @@ where
                 .await
         });
 
-        // try to restore from last backup
-        if self.enclave.has_backup(self.backup_path.clone()).await {
-            info!("found backup; attempting to restore after 30s...");
-            busy_wait_iters(3_000_000_000);
+        if let Some(ref backup_path) = self.backup_path {
+            // try to restore from last backup
+            if self.enclave.has_backup(backup_path.clone()).await {
+                info!("found backup; attempting to restore after 30s...");
+                busy_wait_iters(3_000_000_000);
 
-            let restore_res = self.enclave.try_restore(self.backup_path.clone()).await;
-            if let Err(e) = restore_res {
-                error!("failed to restore from backup: {e}");
-                // FIXME(hu55a1n1): exit?
+                let restore_res = self.enclave.try_restore(backup_path.clone()).await;
+                if let Err(e) = restore_res {
+                    error!("failed to restore from backup: {e}");
+                    // FIXME(hu55a1n1): exit?
+                }
+            } else {
+                info!("no backup found; waiting for handshake completion...");
             }
         } else {
-            info!("no backup found; waiting for handshake completion...");
+            info!("backup path not specified; skipping backup/restore operations");
         }
 
         // wait for handshake
         if let Some(Notification::HandshakeComplete) = self.notifier_rx.recv().await {
-            self.enclave.backup(self.backup_path.clone()).await?;
+            if let Some(ref backup_path) = self.backup_path {
+                self.enclave.backup(backup_path.clone()).await?;
+            }
         }
 
         // connect to the websocket client

diff --git a/examples/pingpong/enclave/quartz.manifest.template b/examples/pingpong/enclave/quartz.manifest.template
@@ -34,7 +34,8 @@ loader.argv = ["quartz-app-transfers-enclave",
                 "--grpc-url", "{{ grpc_url }}",
                 "--rpc-addr", "0.0.0.0:11090",
                 "--trusted-height", "{{ trusted_height }}",
-                "--trusted-hash", "{{ trusted_hash }}"]
+                "--trusted-hash", "{{ trusted_hash }}",
+                "--no-backup", "{{ no_backup }}"]
 
 fs.mounts = [
   { uri = "file:{{ gramine.runtimedir() }}", path = "/lib" },

diff --git a/examples/pingpong/enclave/src/cli.rs b/examples/pingpong/enclave/src/cli.rs
@@ -83,6 +83,9 @@ pub struct Cli {
 
     #[clap(long, default_value = "sealed/quartz.backup")]
     pub backup_path: PathBuf,
+
+    #[clap(long, default_value_t = false)]
+    pub no_backup: bool,
 }
 
 fn default_rpc_addr() -> SocketAddr {

diff --git a/examples/pingpong/enclave/src/main.rs b/examples/pingpong/enclave/src/main.rs
@@ -40,7 +40,9 @@ use crate::{
 
 #[tokio::main(flavor = "current_thread")]
 async fn main() -> Result<(), Box<dyn std::error::Error>> {
-    env_logger::init();
+    env_logger::Builder::from_env(env_logger::Env::default().default_filter_or("info"))
+        .write_style(env_logger::WriteStyle::Always)
+        .init();
 
     let args = Cli::parse();
 
@@ -99,7 +101,11 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
         enclave,
         chain_client,
         GasSimulator,
-        args.backup_path,
+        if !args.no_backup {
+            Some(args.backup_path)
+        } else {
+            None
+        },
         notifier_rx,
     );
 

diff --git a/examples/transfers/enclave/quartz.manifest.template b/examples/transfers/enclave/quartz.manifest.template
@@ -34,7 +34,8 @@ loader.argv = ["quartz-app-transfers-enclave",
                 "--grpc-url", "{{ grpc_url }}",
                 "--rpc-addr", "0.0.0.0:11090",
                 "--trusted-height", "{{ trusted_height }}",
-                "--trusted-hash", "{{ trusted_hash }}"]
+                "--trusted-hash", "{{ trusted_hash }}",
+                "--no-backup", "{{ no_backup }}"]
 
 fs.mounts = [
   { uri = "file:{{ gramine.runtimedir() }}", path = "/lib" },

diff --git a/examples/transfers/enclave/src/cli.rs b/examples/transfers/enclave/src/cli.rs
@@ -83,6 +83,9 @@ pub struct Cli {
 
     #[clap(long, default_value = "sealed/quartz.backup")]
     pub backup_path: PathBuf,
+
+    #[clap(long, default_value_t = false)]
+    pub no_backup: bool,
 }
 
 fn default_rpc_addr() -> SocketAddr {

diff --git a/examples/transfers/enclave/src/main.rs b/examples/transfers/enclave/src/main.rs
@@ -42,7 +42,9 @@ use crate::{
 
 #[tokio::main(flavor = "current_thread")]
 async fn main() -> Result<(), Box<dyn std::error::Error>> {
-    env_logger::init();
+    env_logger::Builder::from_env(env_logger::Env::default().default_filter_or("info"))
+        .write_style(env_logger::WriteStyle::Always)
+        .init();
 
     let args = Cli::parse();
 
@@ -104,7 +106,11 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
         enclave,
         chain_client,
         GasSimulator,
-        args.backup_path,
+        if !args.no_backup {
+            Some(args.backup_path)
+        } else {
+            None
+        },
         notifier_rx,
     );