[codex] Add AWS NitroTPM attestation platform support#753
Draft
h4x3rotab wants to merge 1 commit into
Draft
Conversation
| salt_public_key: &RsaPublicKey, | ||
| ) -> Result<Self> { | ||
| let mut nonce_caller = [0u8; NONCE_SIZE]; | ||
| let mut salt = [0u8; SALT_SIZE]; |
500705a to
d6fb1cd
Compare
Adds the AWS EC2 NitroTPM platform path for dstack under the account-admin-untrusted threat model, integrated the same way AMD SEV-SNP is rather than with AWS-specific contract/auth/systemd surface. - NitroTPM attestation-document parsing, verification against the AWS Nitro PKI, PCR replay, PCR14 launch measurement and PCR23 runtime measurement, and platform-specific verifier/API output. - Reuses the on-chain authorization contract unchanged: a verified NitroTPM attestation has no TDX/SNP-style TCB surface, so the KMS and verifier normalize it to tcbStatus="UpToDate" (the same way SEV-SNP normalizes its own status) and it passes the standard gate. No AWS-specific on-chain fields. - Optional allowed_attestation_modes kms.toml allowlist for SNP-style per-platform operator control (empty allows every verified mode). - Attested recipient-key handling for app-key release without relying on AWS KMS; freshness/replay policy checks and RA-TLS endpoint identity verification. - auth-simple and auth-eth policy support, production verifier runbook, reproducibility manifests, AMI promotion + EC2 live-smoke helpers, and committed AWS live-smoke evidence. - App trust model matches TDX/SEV-SNP: app code (init_script, pre_launch_script, docker-compose) is measured into the on-chain-whitelisted identity and replayed into non-resettable PCR14, so no compose filter or device sandbox is used. Rebased onto master (squashed); integrates with the tdx-measurement-attestation changes in #742. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
d6fb1cd to
504e342
Compare
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds the AWS EC2 NitroTPM platform path for dstack under the account-admin-untrusted threat model.
This includes:
Final live evidence records an Attestable AMI smoke test:
ami-015b720d2e3e9dd9csnap-022c271b9790aebf3snap-0efa19b7528e14142i-00ad5b777c394914dValidation
cargo test -p dstack-attest aws_nitro_tpmcargo test -p dstack-kms aws_nitro_tpmcargo test -p dstack-verifier awsnpm run test:runandnpm run lintinkms/auth-simpleforge test --ffiand Jest tests forkms/auth-ethbash -nandshellcheckfor AWS helper scriptsjqNotes
The AWS live-smoke path uses NitroTPM as the measurement/attestation provider and local key provider. It does not use AWS KMS.