Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

src/tdx.rs

audience: ai

TDX attestation helpers. self_quote() asks the guest agent for a quote over the running binary’s MR_TD plus a report_data blob folding the provider’s ed25519 public key, the ComputeManifest pre-hash, and a boot nonce.

ProviderIdentity::from_tdx_sealed_seed derives the provider’s signing keypair from a TDX-sealed seed, so the public key is stable across reboots of the same binary + TDX guest combination. Without TDX sealing, every restart would rotate the key and break the provider’s identity on the Compute module.

//! TDX attestation helpers.
//!
//! The provider's honesty claim is grounded here: the
//! coalition trusts the provider's self-reported
//! capacity because the provider is running a measured
//! binary whose MR_TD matches the one declared in
//! `manifest/compute-manifest.toml`.

use anyhow::Context;
use mosaik::tee::tdx;

/// Self-produced TDX quote: the running binary asks
/// the TDX guest services for a quote over its own
/// MR_TD plus a runtime-supplied `report_data` blob.
///
/// The `report_data` folds:
///
/// - the provider's ed25519 public key (used to sign
///   zipnet envelopes and provider cards),
/// - the ComputeManifest pre-hash this binary was
///   built from,
/// - a boot nonce produced by the TDX guest agent so
///   quotes cannot be replayed across boots.
///
/// The provider card published to the Compute module
/// carries this quote verbatim. Prospective requesters
/// verify:
///
/// 1. The quote is valid (Intel provisioning-cert chain
///    OK).
/// 2. The MR_TD in the quote matches the MR_TD
///    committed to in the Compute module's provider-
///    admission policy.
/// 3. The `report_data` public key is the one the
///    provider signs with.
pub async fn self_quote() -> anyhow::Result<tdx::Quote> {
    // In the real implementation this calls into the TDX
    // guest's `get_quote` MMIO/IOCTL interface via the
    // `mosaik::tee::tdx` wrapper. Prototype stub:
    Err(anyhow::anyhow!(
        "tdx::self_quote is a prototype stub; the \
         mosaik::tee::tdx crate supplies the real impl"
    ))
}

/// Convenience wrapper: the provider's signing keypair.
/// Derived from a TDX-sealed seed so the public key is
/// stable across reboots of the same binary+TDX guest.
pub struct ProviderIdentity {
    pub public: ed25519_dalek::VerifyingKey,
    pub secret: ed25519_dalek::SigningKey,
}

impl ProviderIdentity {
    pub async fn from_tdx_sealed_seed() -> anyhow::Result<Self> {
        // TODO: read the 32-byte seed via mosaik::tee::tdx::seal,
        // derive an ed25519 key, return.
        Err(anyhow::anyhow!(
            "ProviderIdentity::from_tdx_sealed_seed is a prototype stub"
        ))
    }
}

Up: compute-bridge.