tdx-init

A utility for secure disk encryption and SSH configuration in TDX (Trusted Domain Extensions) VMs. Currently designed specifically for Flashbots BoB VMs.

Functionality

Allows VM operator to provision a VM with a searcher's SSH key
Stores searcher's SSH key directly in LUKS2 header
Automatically sets up persistent encrypted disk once searcher has provided a LUKS2 passphrase

Usage

tdx-init wait-for-key     # Wait for SSH key via HTTP or extract from existing LUKS header
tdx-init set-passphrase   # Set up or mount an encrypted disk with passphrase

tdx-init wait-for-key should be called during the init process (before anything requiring peristant storage is mounted)
tdx-init set-passphrase should be called after the SSH key has been established directly by the searcher through an authenticated channel

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
go.mod		go.mod
keys.go		keys.go
passphrase.go		passphrase.go
tdx-init.go		tdx-init.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

tdx-init

Functionality

Usage

About

Uh oh!

Releases

Packages

Uh oh!

Languages

License

flashbots/tdx-init

Folders and files

Latest commit

History

Repository files navigation

tdx-init

Functionality

Usage

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages