Add dstack-verifier

Author: kvinwang

.github/workflows/verifier-release.yml

@@ -0,0 +1,80 @@
+# SPDX-FileCopyrightText: © 2025 Phala Network <[email protected]>
+#
+# SPDX-License-Identifier: Apache-2.0
+
+name: Verifier Release
+
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - 'verifier-v*'
+permissions:
+  attestations: write
+  id-token: write
+  contents: write
+  packages: write
+
+jobs:
+  build-and-release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Parse version from tag
+        run: |
+          VERSION=${GITHUB_REF#refs/tags/verifier-v}
+          echo "VERSION=$VERSION" >> $GITHUB_ENV
+          echo "Parsed version: $VERSION"
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Get Git commit timestamps
+        run: |
+          echo "TIMESTAMP=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
+          echo "GIT_REV=$(git rev-parse HEAD)" >> $GITHUB_ENV
+
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@v5
+        env:
+          SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }}
+        with:
+          context: verifier
+          file: verifier/builder/Dockerfile
+          push: true
+          tags: ${{ vars.DOCKERHUB_USERNAME }}/dstack-verifier:${{ env.VERSION }}
+          platforms: linux/amd64
+          provenance: false
+          build-args: |
+            DSTACK_REV=${{ env.GIT_REV }}
+            DSTACK_SRC_URL=${{ github.server_url }}/${{ github.repository }}.git
+            SOURCE_DATE_EPOCH=${{ env.TIMESTAMP }}
+
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: "docker.io/${{ vars.DOCKERHUB_USERNAME }}/dstack-verifier"
+          subject-digest: ${{ steps.build-and-push.outputs.digest }}
+          push-to-registry: true
+
+      - name: GitHub Release
+        uses: softprops/action-gh-release@v1
+        with:
+          name: "Verifier Release v${{ env.VERSION }}"
+          body: |
+            ## Docker Image Information
+
+            **Image**: `docker.io/${{ vars.DOCKERHUB_USERNAME }}/dstack-verifier:${{ env.VERSION }}`
+
+            **Digest (SHA256)**: `${{ steps.build-and-push.outputs.digest }}`
+
+            **Verification**: [Verify on Sigstore](https://search.sigstore.dev/?hash=${{ steps.build-and-push.outputs.digest }})

Cargo.lock

@@ -49,6 +49,7 @@ members = [
     "serde-duration",
     "dstack-mr",
     "dstack-mr/cli",
+    "verifier",
     "no_std_check",
 ]
 resolver = "2"

Cargo.toml

@@ -162,3 +162,13 @@ SPDX-License-Identifier = "CC0-1.0"
 path = "dstack-util/tests/fixtures/*"
 SPDX-FileCopyrightText = "NONE"
 SPDX-License-Identifier = "CC0-1.0"
+
+[[annotations]]
+path = "verifier/fixtures/*"
+SPDX-FileCopyrightText = "NONE"
+SPDX-License-Identifier = "CC0-1.0"
+
+[[annotations]]
+path = "verifier/builder/shared/*.txt"
+SPDX-FileCopyrightText = "NONE"
+SPDX-License-Identifier = "CC0-1.0"

REUSE.toml

@@ -27,7 +27,7 @@ RUN cd dstack && cargo build --release -p dstack-kms --target x86_64-unknown-lin
 FROM debian:bookworm@sha256:0d8498a0e9e6a60011df39aab78534cfe940785e7c59d19dfae1eb53ea59babe
 COPY ./shared /build
 WORKDIR /build
-ARG QEMU_REV=d98440811192c08eafc07c7af110593c6b3758ff
+ARG QEMU_REV=dbcec07c0854bf873d346a09e87e4c993ccf2633
 RUN ./pin-packages.sh ./qemu-pinned-packages.txt && \
     apt-get update && \
     apt-get install -y --no-install-recommends \
@@ -43,7 +43,7 @@ RUN ./pin-packages.sh ./qemu-pinned-packages.txt && \
     flex \
     bison && \
     rm -rf /var/lib/apt/lists/* /var/log/* /var/cache/ldconfig/aux-cache
-RUN git clone https://github.com/kvinwang/qemu-tdx.git --depth 1 --branch passthrough-dump-acpi --single-branch && \
+RUN git clone https://github.com/kvinwang/qemu-tdx.git --depth 1 --branch dstack-qemu-9.2.1 --single-branch && \
     cd qemu-tdx && git fetch --depth 1 origin ${QEMU_REV} && \
     git checkout ${QEMU_REV} && \
     ../config-qemu.sh ./build /usr/local && \

kms/dstack-app/builder/Dockerfile

@@ -0,0 +1,37 @@
+# SPDX-FileCopyrightText: © 2024-2025 Phala Network <[email protected]>
+#
+# SPDX-License-Identifier: Apache-2.0
+
+[package]
+name = "dstack-verifier"
+version.workspace = true
+authors.workspace = true
+edition.workspace = true
+license.workspace = true
+homepage.workspace = true
+repository.workspace = true
+
+[dependencies]
+anyhow.workspace = true
+clap = { workspace = true, features = ["derive"] }
+figment.workspace = true
+fs-err.workspace = true
+hex.workspace = true
+rocket = { workspace = true, features = ["json"] }
+serde = { workspace = true, features = ["derive"] }
+serde_json.workspace = true
+tokio = { workspace = true, features = ["full"] }
+tracing.workspace = true
+tracing-subscriber.workspace = true
+reqwest.workspace = true
+tempfile.workspace = true
+
+# Internal dependencies
+ra-tls.workspace = true
+dstack-types.workspace = true
+dstack-mr.workspace = true
+
+# Crypto/verification dependencies
+dcap-qvl.workspace = true
+cc-eventlog.workspace = true
+sha2.workspace = true

verifier/Cargo.toml

@@ -0,0 +1,163 @@
+# dstack-verifier
+
+A HTTP server that provides CVM (Confidential Virtual Machine) verification services using the same verification process as the dstack KMS.
+
+## Features
+
+- **TDX Quote Verification**: Uses dcap-qvl to verify TDX quotes
+- **Event Log Verification**: Validates event logs and extracts app information
+- **OS Image Hash Verification**: Uses dstack-mr to ensure OS image hash matches expected measurements
+- **Automatic Image Download**: Downloads and caches OS images automatically when not found locally
+- **RESTful API**: Simple HTTP endpoints for verification requests
+
+## API Endpoints
+
+### POST /verify
+
+Verifies a CVM attestation with the provided quote, event log, and VM configuration.
+
+**Request Body:**
+```json
+{
+  "quote": "hex-encoded-quote",
+  "event_log": "hex-encoded-event-log",
+  "vm_config": "json-vm-config-string",
+  "pccs_url": "optional-pccs-url"
+}
+```
+
+**Response:**
+```json
+{
+  "is_valid": true,
+  "details": {
+    "quote_verified": true,
+    "event_log_verified": true,
+    "os_image_hash_verified": true,
+    "report_data": "hex-encoded-64-byte-report-data",
+    "tcb_status": "OK",
+    "advisory_ids": [],
+    "app_info": {
+      "app_id": "hex-string",
+      "compose_hash": "hex-string",
+      "instance_id": "hex-string",
+      "device_id": "hex-string",
+      "mrtd": "hex-string",
+      "rtmr0": "hex-string",
+      "rtmr1": "hex-string",
+      "rtmr2": "hex-string",
+      "rtmr3": "hex-string",
+      "mr_system": "hex-string",
+      "mr_aggregated": "hex-string",
+      "os_image_hash": "hex-string",
+      "key_provider_info": "hex-string"
+    }
+  },
+  "reason": null
+}
+```
+
+### GET /health
+
+Health check endpoint that returns service status.
+
+**Response:**
+```json
+{
+  "status": "ok",
+  "service": "dstack-verifier"
+}
+```
+
+## Configuration
+
+Configuration can be provided via:
+1. TOML file (default: `dstack-verifier.toml`)
+2. Environment variables with prefix `DSTACK_VERIFIER_`
+3. Command line arguments
+
+### Configuration Options
+
+- `host`: Server bind address (default: "0.0.0.0")
+- `port`: Server port (default: 8080)
+- `image_cache_dir`: Directory for cached OS images (default: "/tmp/dstack-verifier/cache")
+- `image_download_url`: URL template for downloading OS images (default: GitHub releases URL)
+- `image_download_timeout_secs`: Download timeout in seconds (default: 300)
+- `pccs_url`: Optional PCCS URL for quote verification
+
+### Example Configuration File
+
+```toml
+host = "0.0.0.0"
+port = 8080
+image_cache_dir = "/var/cache/dstack-verifier"
+image_download_url = "http://0.0.0.0:8000/mr_{OS_IMAGE_HASH}.tar.gz"
+image_download_timeout_secs = 300
+pccs_url = "https://pccs.example.com"
+```
+
+## Usage
+
+```bash
+# Run with default config
+cargo run --bin dstack-verifier
+
+# Run with custom config file
+cargo run --bin dstack-verifier -- --config /path/to/config.toml
+
+# Set via environment variables
+DSTACK_VERIFIER_PORT=9000 cargo run --bin dstack-verifier
+```
+
+## Testing
+
+Two test scripts are provided for easy testing:
+
+### Full Test (with server management)
+```bash
+./test.sh
+```
+This script will:
+- Build the project
+- Start the server
+- Run the verification test
+- Display detailed results
+- Clean up automatically
+
+### Quick Test (assumes server is running)
+```bash
+./quick-test.sh
+```
+This script assumes the server is already running and just sends a test request.
+
+## Verification Process
+
+The verifier performs three main verification steps:
+
+1. **Quote Verification**: Validates the TDX quote using dcap-qvl, checking the quote signature and TCB status
+2. **Event Log Verification**: Replays event logs to ensure RTMR values match and extracts app information
+3. **OS Image Hash Verification**:
+   - Automatically downloads OS images if not cached locally
+   - Uses dstack-mr to compute expected measurements
+   - Compares against the verified measurements from the quote
+
+All three steps must pass for the verification to be considered valid.
+
+### Automatic Image Download
+
+When an OS image is not found in the local cache, the verifier will:
+
+1. **Download**: Fetch the image tarball from the configured URL
+2. **Extract**: Extract the tarball contents to a temporary directory
+3. **Verify**: Check SHA256 checksums to ensure file integrity
+4. **Validate**: Confirm the OS image hash matches the computed hash
+5. **Cache**: Move the validated files to the cache directory for future use
+
+The download URL template uses `{OS_IMAGE_HASH}` as a placeholder that gets replaced with the actual OS image hash from the verification request.
+
+## Dependencies
+
+- dcap-qvl: TDX quote verification
+- dstack-mr: OS image measurement computation
+- ra-tls: Attestation handling and verification
+- rocket: HTTP server framework