Skip to content

feat: on-chain TCB policy with dcap-qvl two-phase verification#538

Draft
kvinwang wants to merge 10 commits intomasterfrom
policy
Draft

feat: on-chain TCB policy with dcap-qvl two-phase verification#538
kvinwang wants to merge 10 commits intomasterfrom
policy

Conversation

@kvinwang
Copy link
Collaborator

@kvinwang kvinwang commented Mar 12, 2026

Summary

  • Upgrade dcap-qvl to policy branch with two-phase verification API (QuoteVerificationResult → policy validation → VerifiedReport)
  • Propagate QuoteVerificationResult up through DstackVerifiedReport so KMS/verifier can apply app-specific TCB policies
  • Add IAppTcbPolicy interface: both DstackApp.sol and DstackKms.sol store a versioned JSON TCB policy string on-chain
  • auth-eth middleware reads policy from contract (with try-catch for backward compatibility with old contracts) and attaches it to BootResponse
  • KMS parses the policy JSON ({"version": 1, "intel_qal": [...]}) and validates QVR against RegoPolicySet
  • Fail-close: unknown policy versions are rejected
  • Baseline policy rejects high-risk advisories: INTEL-SA-01397, INTEL-SA-01367, INTEL-SA-01314, INTEL-SA-00837

Changes across layers

Layer Files What
Solidity IAppTcbPolicy.sol, DstackApp.sol, DstackKms.sol On-chain policy storage (ERC-165 detectable)
TypeScript ethereum.ts, server.ts, types.ts Read policy from contract, pass in response
Rust (attest) attestation.rs, host_api.rs, verification.rs QVR propagation, baseline policy, advisory blacklist
Rust (kms) main_service.rs, upgrade_authority.rs Parse on-chain policy, RegoPolicySet validation

Depends on

Test plan

  • cargo check passes (verified)
  • hardhat compile passes (verified)
  • tsc --noEmit passes (verified)
  • Integration test with contract deploying TCB policy and KMS validating against it
  • Backward compatibility: KMS works with old contracts that don't implement IAppTcbPolicy
  • Fail-close: KMS rejects boot when policy version is unknown

@kvinwang
feat: upgrade dcap-qvl to policy branch and add on-chain TCB policy s…
bc5c574 
…upport

- Update dcap-qvl dependency to policy branch (two-phase verification API)
- Propagate QuoteVerificationResult through DstackVerifiedReport for
  flexible policy validation by business layer
- Add baseline TCB policy with high-risk advisory rejection (INTEL-SA-01397,
  INTEL-SA-01367, INTEL-SA-01314, INTEL-SA-00837)
- Add IAppTcbPolicy interface for on-chain TCB policy storage
- Update DstackApp.sol and DstackKms.sol to store versioned TCB policy JSON
- auth-eth reads policy from contracts and passes in BootResponse
- KMS validates QuoteVerificationResult against on-chain RegoPolicySet
- Fail-close on unknown policy version (version != 1 is rejected)
kvinwang
kvinwang commented Mar 12, 2026
View reviewed changes
kvinwang added 2 commits March 12, 2026 10:20
@kvinwang
fix: address PR review - separate policy API, remove tdx_report()
6f22de1 
- Remove tdx_report() method, callers use tdx_qvr()+supplemental() instead
- Fix ppid access: use supplemental().platform.pck.ppid (no QVR clone)
- Split TCB policy into separate API endpoints:
  - GET /policy/app/:appId and GET /policy/kms
  - auth_api.get_app_policy() and auth_api.get_kms_policy() in Rust
- Remove tcbPolicy from BootResponse (separate concern)
- Move policy validation before is_app_allowed check
- Fix cargo fmt issues
@kvinwang
refactor: use upstream ppid() accessor instead of supplemental()
879ba19 
dcap-qvl now provides QuoteVerificationResult::ppid() and report()
accessors, avoiding the heavyweight supplemental() computation or
clone+into_report_unchecked() just to read the PPID.
kvinwang added 6 commits March 12, 2026 10:58
@kvinwang
fix: use explicit match arms instead of wildcard for DstackVerifiedRe…
945b330 
…port
@kvinwang
test: add auth-eth tests for IAppTcbPolicy and policy API endpoints
27c5d55
@kvinwang
test: add KMS unit tests and cross-language serde contract tests
2dab2f8 
- Unit tests for validate_onchain_tcb_policy: empty policy, version
  checks, malformed JSON, invalid Rego, TcbPolicyDoc deserialization
- Serde contract tests with shared JSON fixtures (kms/tests/fixtures/)
  validated by both Rust and TypeScript to catch field naming drift
- TDX quote sample fixtures for building QuoteVerificationResult in tests
- url_join utility test
@kvinwang
ci: extract tests into dedicated workflow and add auth-eth tests
df262e5 
Move Rust tests from rust.yml (now lint-only) into a new tests.yml
workflow. Add auth-eth Jest tests as a parallel CI job.
@kvinwang
test: add KMS E2E integration tests with TCB policy validation
3d35952 
Add end-to-end test suite that exercises the full KMS stack:
Hardhat node → contract deployment → auth-eth server → KMS server.

Tests cover auth-eth boot authorization (KMS/app allowed/denied),
KMS unauthenticated APIs (GetMeta, GetAppEnvEncryptPubKey, GetTempCaCert),
KMS authenticated APIs via RA-TLS (GetAppKey, SignCert), and TCB policy
scenarios including Intel QAL rules for dynamic_platform, cached_keys,
and TCB status validation.
@kvinwang
ci: add KMS E2E tests to CI workflow
c006e36
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 13, 2026
View reviewed changes
@kvinwang @github-advanced-security
Potential fix for code scanning alert no. 24: Workflow does not conta…
c8cfc35 
…in permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kvinwang