From b3cdce20b3556d1161b266ff89ee999b9fd446f1 Mon Sep 17 00:00:00 2001 From: Hang Yin Date: Thu, 25 Jun 2026 18:56:59 +0000 Subject: [PATCH] tsm-shim: scope README to the fixed-directory pattern it serves The shim serves one fixed inblob/outblob; it doesn't implement the standard configfs-tsm flow where the caller mkdirs a fresh report entry per request. Say so plainly instead of implying go-configfs-tsm/libtdx-attest work. Co-Authored-By: Claude Opus 4.8 (1M context) --- tsm-shim/README.md | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/tsm-shim/README.md b/tsm-shim/README.md index 94d1a95..8f157f1 100644 --- a/tsm-shim/README.md +++ b/tsm-shim/README.md @@ -4,11 +4,12 @@ Some attestation binaries get their TDX quote through the kernel's `configfs-tsm files (`/sys/kernel/config/tsm/report/*` — write `inblob`, read `outblob`) instead of the dstack SDK. dstack doesn't expose those files to containers, so they fail. -This sidecar bridges them: it serves `inblob`/`outblob` from a shared volume and -forwards each request to the guest-agent's `GetQuote`. The quote is the real -hardware quote (`report_data` passed through unchanged), so an unmodified binary -works with only docker-compose changes — no OS change, no FUSE, no privileged -container. CI publishes the image to `ghcr.io/dstack-tee/dstack-tsm-shim`. +This sidecar bridges them: it serves one **fixed** `inblob`/`outblob` directory +from a shared volume and forwards each request to the guest-agent's `GetQuote`. +The quote is the real hardware quote (`report_data` passed through unchanged), so +a binary pointed at that directory works with only docker-compose changes — no OS +change, no FUSE, no privileged container. CI publishes the image to +`ghcr.io/dstack-tee/dstack-tsm-shim`. ## Use it @@ -51,8 +52,10 @@ phala cvms logs -c app # expect PASS and a ~5 KB quote ## Good to know -- Covers the configfs-tsm `inblob`/`outblob` path (go-configfs-tsm, recent - libtdx-attest). It does **not** handle the `/dev/tdx-guest` ioctl, which needs a - raw TDREPORT that dstack doesn't expose. +- Works for binaries pointed at a **fixed** report directory (write `inblob`, read + `outblob`, no `mkdir`). It does **not** implement the standard configfs-tsm flow + where the caller `mkdir`s a fresh `report//` per request (e.g. + `go-configfs-tsm`), nor the `/dev/tdx-guest` ioctl (which needs a raw TDREPORT + dstack doesn't expose). - One request at a time, one shim per app — a shared `inblob`/`outblob` can't tell concurrent callers apart. An empty `outblob` read means the quote failed.