Skip to content

attestation: redesign V1 as direct CBOR platform/stack schema#629

Merged
kvinwang merged 4 commits intomasterfrom
feat/tdx-quote-payload-variant
Apr 7, 2026
Merged

attestation: redesign V1 as direct CBOR platform/stack schema#629
kvinwang merged 4 commits intomasterfrom
feat/tdx-quote-payload-variant

Conversation

@kvinwang
Copy link
Copy Markdown
Collaborator

@kvinwang kvinwang commented Apr 2, 2026

Summary

  • keep VersionedAttestation::V0 as the wire format
  • carry report_data_payload inside a new TDX AttestationQuote variant
  • update quote helpers/simulators to preserve the payload-aware TDX quote variant

Why

/var/run/dstack.sock in dstack-k8s needs to return a verifier-visible payload preimage for report_data, but this is better modeled as a platform-specific attestation quote variant than as a new top-level versioned envelope.

Validation

  • cargo check -p dstack-attest -p ra-tls -p dstack-guest-agent -p dstack-guest-agent-simulator
  • cargo clippy -p dstack-attest -p ra-tls -p dstack-guest-agent -p dstack-guest-agent-simulator -- -D warnings

@kvinwang kvinwang force-pushed the feat/tdx-quote-payload-variant branch from 317c6dd to ac6a3d0 Compare April 2, 2026 10:28
@kvinwang kvinwang changed the title attestation: carry report_data payload in TDX quote variant attestation: redesign V1 as direct CBOR platform/stack schema Apr 2, 2026
@kvinwang kvinwang force-pushed the feat/tdx-quote-payload-variant branch 6 times, most recently from 68e62dc to 9799aa0 Compare April 2, 2026 15:00
@kvinwang kvinwang force-pushed the feat/tdx-quote-payload-variant branch from 9799aa0 to ae8a935 Compare April 2, 2026 15:08
kvinwang added 3 commits April 7, 2026 00:59
@kvinwang
fix: harden attestation V1 wire format and verification
98f03f8 
- Fix is_cbor_map_prefix to cover full CBOR map range (0xa0..=0xbf)
- Remove SCALE Encode/Decode impls for VersionedAttestation to avoid
  consuming all remaining input on decode
- Remove ambiguous 0x01 prefix fallback in from_bytes
- Change to_bytes to return Result instead of panicking via or_panic
- Add report_data_payload binding validation in verify_with_time
@kvinwang
fix: restore SCALE Encode/Decode with size limit, fix formatting
011ab37 
- Restore Encode/Decode impls for VersionedAttestation (needed by
  CertSigningRequestV2), with a 10 MiB size limit to prevent OOM
  on untrusted input
- Add size check in from_bytes for direct callers
- Document that VersionedAttestation must be the last field in SCALE
  containers due to the consume-all-remaining decode strategy
- Fix prek formatting
@kvinwang
fix: use or_panic instead of expect, fix formatting
dca6a90
@kvinwang kvinwang merged commit dd8d9cd into master Apr 7, 2026
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kvinwang