feat(verifier): report dev/prod OS image and deployment identity in result#727
Open
h4x3rotab wants to merge 2 commits into
Open
feat(verifier): report dev/prod OS image and deployment identity in result#727h4x3rotab wants to merge 2 commits into
h4x3rotab wants to merge 2 commits into
Conversation
h4x3rotab
force-pushed
the
feat/os-image-dev-prod-indicator
branch
2 times, most recently
from
3ef2f6c to
3a85394
Compare
…esult
the verification result never told a relying party whether the attested
CVM runs a dev or prod OS image, nor a few other identity signals it
already had in hand. surface them in `details`:
- `os_image_is_dev`: dev vs prod, read from the image metadata.json
(bound to os_image_hash, so as trustworthy as the os-image-hash check)
- `os_image_version`: dstack OS version, same measurement-bound source
- `tee_platform`: tdx | gcp-tdx | nitro, from the verified quote variant
- `key_provider`: decoded {name, id} from app_info.key_provider_info
(name e.g. "kms" or "local"); raw bytes still available in app_info
also fold the metadata into a single image download in the dstack-tdx
path (was downloading twice) and collapse the two VerificationDetails
struct literals to Default so future fields aren't added in three places.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
cut a new workspace version so the verifier (and other components) can be released with the dev/prod OS image identity fields. verifier-v0.5.11 already exists, so the next verifier release tag is verifier-v0.5.12. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
h4x3rotab
force-pushed
the
feat/os-image-dev-prod-indicator
branch
from
3a85394 to
666a43a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
dstack-verifier's verification result says whether a CVM is trustworthy, but not what it is running. In particular it never told a relying party whether the attested CVM runs a dev or prod OS image — a distinction that matters because dev images are built for local testing and aren't hardened for production. The verifier already reads the image'smetadata.json(to compute expected measurements) and already holds several other identity signals, but dropped them on the floor.What changed
Surface four descriptive fields in
detailsso a relying party can apply its own policy:os_image_is_devbool?metadata.jsonos_image_hashos_image_versionstring?metadata.jsonos_image_hashtee_platformstring?(tdx/gcp-tdx/nitro)key_provider{name,id}?app_info.key_provider_infoWhy these are trustworthy (not cosmetic)
os_image_is_dev/os_image_versionare read frommetadata.json, which is part ofsha256sum.txtand therefore bound to theos_image_hashthat the verifier checks against the quote — so they are as trustworthy as the existing os-image-hash verification. Fields arenullwhen the platform doesn't expose them (GCP TDX / Nitro) or when an image predates the field (such images are always production).A
key_provider.nameoflocal(rather thankms) is itself a useful "not KMS-backed" posture signal alongsideos_image_is_dev.Implementation notes
is_dev+versionadded todstack_types::ImageInfo(both#[serde(default)]) so the canonical metadata struct stops discarding them. No in-repo writers of that struct; meta-dstack already emitsis_dev/versionin the bundle (the VMM's ownImageInfohas readis_devsince Apr 2025).tee_platformset right after quote verification;key_providerdecoded (best-effort) from the JSON blob already present as raw hex inapp_info.VerificationDetailsstruct literals collapsed toDefaultso future fields don't need editing in three places.cargo clippy -D warningsclean. README updated (response example + an "Identifying the deployment" section).Release
Includes a
chore: bump version to 0.5.12commit (workspaceCargo.toml+Cargo.lock) so this is tag-ready on merge —verifier-v0.5.11already exists, so the next verifier release isverifier-v0.5.12. After merge, pushing theverifier-v0.5.12tag triggersverifier-release.yml(Docker build/push + GitHub release).🤖 Generated with Claude Code