From 0d2441e878428325b3ad4230692615fce9ab5f31 Mon Sep 17 00:00:00 2001 From: peg Date: Thu, 27 Nov 2025 08:47:47 +0100 Subject: [PATCH 01/10] Add dummy attestation image for azure --- scripts/build_rust_package.sh | 4 ++-- tdx-dummy-azure.conf | 3 +++ tdx-dummy-azure/dummy-tdx-azure.service | 17 +++++++++++++++++ tdx-dummy-azure/mkosi.build | 18 ++++++++++++++++++ tdx-dummy-azure/mkosi.conf | 12 ++++++++++++ tdx-dummy-azure/mkosi.postinst | 8 ++++++++ 6 files changed, 60 insertions(+), 2 deletions(-) create mode 100644 tdx-dummy-azure.conf create mode 100644 tdx-dummy-azure/dummy-tdx-azure.service create mode 100755 tdx-dummy-azure/mkosi.build create mode 100644 tdx-dummy-azure/mkosi.conf create mode 100755 tdx-dummy-azure/mkosi.postinst diff --git a/scripts/build_rust_package.sh b/scripts/build_rust_package.sh index 58f313fc..008092c1 100755 --- a/scripts/build_rust_package.sh +++ b/scripts/build_rust_package.sh @@ -50,10 +50,10 @@ build_rust_package() { CARGO_TERM_COLOR='never' cd '/build/$package' cargo fetch - cargo build --release --frozen ${extra_features:+--features $extra_features} + cargo build -p $package --release --frozen ${extra_features:+--features $extra_features} " # Cache and install the built binary install -m 755 "$build_dir/target/release/$package" "$cached_binary" install -m 755 "$cached_binary" "$dest_path" -} \ No newline at end of file +} diff --git a/tdx-dummy-azure.conf b/tdx-dummy-azure.conf new file mode 100644 index 00000000..8c950099 --- /dev/null +++ b/tdx-dummy-azure.conf @@ -0,0 +1,3 @@ +[Include] +Include=base/mkosi.conf +Include=tdx-dummy-azure/mkosi.conf diff --git a/tdx-dummy-azure/dummy-tdx-azure.service b/tdx-dummy-azure/dummy-tdx-azure.service new file mode 100644 index 00000000..ca8c1081 --- /dev/null +++ b/tdx-dummy-azure/dummy-tdx-azure.service @@ -0,0 +1,17 @@ +[Unit] +Description=Dummy TDX server for azure attestation +After=network-setup.service +Wants=network-setup.service + +[Service] +Type=exec +User=root +Group=root +ExecStart=/usr/bin/dummy-attestation-server --listen-addr 0.0.0.0:8080 --server-attestation-type azure-tdx +Restart=on-failure +RestartSec=10 +StandardOutput=journal +StandardError=journal + +[Install] +WantedBy=minimal.target diff --git a/tdx-dummy-azure/mkosi.build b/tdx-dummy-azure/mkosi.build new file mode 100755 index 00000000..2dad4362 --- /dev/null +++ b/tdx-dummy-azure/mkosi.build @@ -0,0 +1,18 @@ +#!/bin/bash +set -euxo pipefail + +source scripts/build_rust_package.sh + +# local package="$1" +# local version="$2" +# local git_url="$3" +# local provided_binary="$4" +# local extra_features="${5:-}" +# local extra_rustflags="${6:-}" +build_rust_package \ + "dummy-attestation-server" \ + "main" \ + "https://github.com/flashbots/attested-tls-proxy.git" \ + "" \ + "" \ + "" diff --git a/tdx-dummy-azure/mkosi.conf b/tdx-dummy-azure/mkosi.conf new file mode 100644 index 00000000..5a180a91 --- /dev/null +++ b/tdx-dummy-azure/mkosi.conf @@ -0,0 +1,12 @@ +[Content] +WithNetwork=true +BuildScripts=tdx-dummy-azure/mkosi.build + +Packages=libtss2-esys-3.0.2-0t64 + +BuildPackages=ca-certificates + cargo + git + libtss2-dev + +PostInstallationScripts=tdx-dummy-azure/mkosi.postinst diff --git a/tdx-dummy-azure/mkosi.postinst b/tdx-dummy-azure/mkosi.postinst new file mode 100755 index 00000000..dad181f3 --- /dev/null +++ b/tdx-dummy-azure/mkosi.postinst @@ -0,0 +1,8 @@ +#!/bin/bash +set -euxo pipefail + +# Install systemd service units +SERVICE_DIR="$BUILDROOT/etc/systemd/system" +mkdir -p "$SERVICE_DIR" + +install -m 644 "tdx-dummy-azure/dummy-tdx-azure.service" "$SERVICE_DIR/" From ef023df1004e43b7aab304787b4d55d3e32869a6 Mon Sep 17 00:00:00 2001 From: peg Date: Thu, 27 Nov 2025 08:48:48 +0100 Subject: [PATCH 02/10] Use MAA branch of attested-tls-proxy --- tdx-dummy-azure/mkosi.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tdx-dummy-azure/mkosi.build b/tdx-dummy-azure/mkosi.build index 2dad4362..f1f6f17a 100755 --- a/tdx-dummy-azure/mkosi.build +++ b/tdx-dummy-azure/mkosi.build @@ -11,7 +11,7 @@ source scripts/build_rust_package.sh # local extra_rustflags="${6:-}" build_rust_package \ "dummy-attestation-server" \ - "main" \ + "peg/add-maa" \ "https://github.com/flashbots/attested-tls-proxy.git" \ "" \ "" \ From 6a3edaae06d7b3481a009dc98fb35a3360e39ca4 Mon Sep 17 00:00:00 2001 From: peg Date: Thu, 27 Nov 2025 09:19:15 +0100 Subject: [PATCH 03/10] Add zlib --- tdx-dummy-azure/mkosi.build | 2 +- tdx-dummy-azure/mkosi.conf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/tdx-dummy-azure/mkosi.build b/tdx-dummy-azure/mkosi.build index f1f6f17a..3e30b6e9 100755 --- a/tdx-dummy-azure/mkosi.build +++ b/tdx-dummy-azure/mkosi.build @@ -15,4 +15,4 @@ build_rust_package \ "https://github.com/flashbots/attested-tls-proxy.git" \ "" \ "" \ - "" + "-l z -l zstd" diff --git a/tdx-dummy-azure/mkosi.conf b/tdx-dummy-azure/mkosi.conf index 5a180a91..2f97c379 100644 --- a/tdx-dummy-azure/mkosi.conf +++ b/tdx-dummy-azure/mkosi.conf @@ -8,5 +8,6 @@ BuildPackages=ca-certificates cargo git libtss2-dev + zlib1g-dev PostInstallationScripts=tdx-dummy-azure/mkosi.postinst From bc37433b59d02e89ff2149d439b48f649425dbfd Mon Sep 17 00:00:00 2001 From: peg Date: Thu, 27 Nov 2025 09:31:08 +0100 Subject: [PATCH 04/10] Use tagged version of attested-tls-proxy --- tdx-dummy-azure/mkosi.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tdx-dummy-azure/mkosi.build b/tdx-dummy-azure/mkosi.build index 3e30b6e9..b79b403e 100755 --- a/tdx-dummy-azure/mkosi.build +++ b/tdx-dummy-azure/mkosi.build @@ -11,7 +11,7 @@ source scripts/build_rust_package.sh # local extra_rustflags="${6:-}" build_rust_package \ "dummy-attestation-server" \ - "peg/add-maa" \ + "azure-attest-test01" \ "https://github.com/flashbots/attested-tls-proxy.git" \ "" \ "" \ From b564ec3f51613676f70ee56c30bb254dbeb4ebfc Mon Sep 17 00:00:00 2001 From: peg Date: Thu, 27 Nov 2025 09:52:33 +0100 Subject: [PATCH 05/10] Dont rely on having PROFILES set in debloat script --- base/debloat.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/base/debloat.sh b/base/debloat.sh index 89a3b103..fd4f827f 100755 --- a/base/debloat.sh +++ b/base/debloat.sh @@ -39,7 +39,7 @@ debloat_paths=( "/nix" ) -if [[ ! "$PROFILES" == *"devtools"* ]]; then +if [[ "${PROFILES:-}" != *"devtools"* ]]; then debloat_paths+=( "/usr/share/bash-completion" ) From 6ebdd949c1fa6f1aa8dce138dafb914a48145acd Mon Sep 17 00:00:00 2001 From: peg Date: Thu, 27 Nov 2025 13:44:41 +0100 Subject: [PATCH 06/10] Use azure profile --- tdx-dummy-azure.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tdx-dummy-azure.conf b/tdx-dummy-azure.conf index 8c950099..87c6d859 100644 --- a/tdx-dummy-azure.conf +++ b/tdx-dummy-azure.conf @@ -1,3 +1,6 @@ [Include] Include=base/mkosi.conf Include=tdx-dummy-azure/mkosi.conf + +[Config] +Profiles=azure From 23f412d56acad89e8cb0a68c0bf383ea78d87bc0 Mon Sep 17 00:00:00 2001 From: peg Date: Fri, 28 Nov 2025 12:21:31 +0100 Subject: [PATCH 07/10] Move persistent-mount service from base to bob-common --- .../mkosi.extra}/etc/systemd/system/persistent-mount.service | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {base/mkosi.skeleton => bob-common/mkosi.extra}/etc/systemd/system/persistent-mount.service (100%) diff --git a/base/mkosi.skeleton/etc/systemd/system/persistent-mount.service b/bob-common/mkosi.extra/etc/systemd/system/persistent-mount.service similarity index 100% rename from base/mkosi.skeleton/etc/systemd/system/persistent-mount.service rename to bob-common/mkosi.extra/etc/systemd/system/persistent-mount.service From 0625b735e8c1701caf7c5136ca29148f63957ce4 Mon Sep 17 00:00:00 2001 From: peg Date: Mon, 1 Dec 2025 14:02:42 +0100 Subject: [PATCH 08/10] Fix command in tdx-dummy-azure.service --- tdx-dummy-azure/dummy-tdx-azure.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tdx-dummy-azure/dummy-tdx-azure.service b/tdx-dummy-azure/dummy-tdx-azure.service index ca8c1081..f0f28ba2 100644 --- a/tdx-dummy-azure/dummy-tdx-azure.service +++ b/tdx-dummy-azure/dummy-tdx-azure.service @@ -7,7 +7,7 @@ Wants=network-setup.service Type=exec User=root Group=root -ExecStart=/usr/bin/dummy-attestation-server --listen-addr 0.0.0.0:8080 --server-attestation-type azure-tdx +ExecStart=/usr/bin/dummy-attestation-server server --listen-addr 0.0.0.0:8080 --server-attestation-type azure-tdx Restart=on-failure RestartSec=10 StandardOutput=journal From 0577b19546b7fa81024c8fcbe9277c777fdfa38b Mon Sep 17 00:00:00 2001 From: peg Date: Mon, 1 Dec 2025 16:32:06 +0100 Subject: [PATCH 09/10] Add missing runtime dependency --- tdx-dummy-azure/mkosi.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/tdx-dummy-azure/mkosi.conf b/tdx-dummy-azure/mkosi.conf index 2f97c379..69d0db52 100644 --- a/tdx-dummy-azure/mkosi.conf +++ b/tdx-dummy-azure/mkosi.conf @@ -3,6 +3,7 @@ WithNetwork=true BuildScripts=tdx-dummy-azure/mkosi.build Packages=libtss2-esys-3.0.2-0t64 + libtss2-tctildr0t64 BuildPackages=ca-certificates cargo From 17421ef88b3bba215516f0aeb88995d41705b990 Mon Sep 17 00:00:00 2001 From: peg Date: Tue, 2 Dec 2025 12:02:54 +0100 Subject: [PATCH 10/10] Bump tag to use updated tdx-dummy-azure --- tdx-dummy-azure/mkosi.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tdx-dummy-azure/mkosi.build b/tdx-dummy-azure/mkosi.build index b79b403e..1496a131 100755 --- a/tdx-dummy-azure/mkosi.build +++ b/tdx-dummy-azure/mkosi.build @@ -11,7 +11,7 @@ source scripts/build_rust_package.sh # local extra_rustflags="${6:-}" build_rust_package \ "dummy-attestation-server" \ - "azure-attest-test01" \ + "azure-attest-test02" \ "https://github.com/flashbots/attested-tls-proxy.git" \ "" \ "" \