fix: enforce 20-byte app_id length in CVM setup#604
Open
Conversation
Add --uki flag to enable UEFI disk boot measurement path:
OVMF → systemd-boot → UKI → vmlinuz (3 EFI app measurements)
When --uki is set, RTMR calculations use the UEFI disk boot event model
instead of the -kernel direct boot model:
RTMR[0]: Same TD HOB/CFV/EFI vars/ACPI, but BootOrder has 2 entries
and Boot0001 (disk device) is added. Boot variable digests
use SHA384(variable_data_bytes).
RTMR[1]: 8 events — Calling EFI App, separator, GPT event (non-empty
partition entries only), systemd-boot/UKI/vmlinuz Authenticode
hashes, ExitBootServices.
RTMR[2]: 2 events — cmdline as UTF-16LE (Linux EFI stub behavior),
initrd data hash. No "initrd=initrd" append (unlike -kernel).
Verified against TDX hardware: MRTD, RTMR[1], RTMR[2] all match.
RTMR[0] matches except ACPI tables (dstack-acpi-tables QEMU version
difference — needs matching QEMU_ACPI_COMPAT_VER).
Usage:
dstack-mr measure metadata.json -c 2 -m 4G \
--uki dstack-k8s.efi \
--bootloader BOOTX64.EFI \
--disk dstack-k8s.raw
UKI mode uses a minimal device config (single disk + net, no vsock/9p) matching the actual QEMU command for UEFI disk boot. The previous code reused the -kernel mode device list which includes vsock and 9p, causing different ACPI tables and wrong RTMR[0]. All four measurements now match TDX hardware: MRTD: ✓ (OVMF firmware) RTMR0: ✓ (14 events including ACPI tables) RTMR1: ✓ (8 events: EFI apps + boot transitions) RTMR2: ✓ (2 events: cmdline + initrd)
- Add second virtio-blk disk to ACPI table generation (data disk) - BootOrder now has 3 entries [0,1,2] matching OVMF's BDS with 2 disks - Add Boot0002 'UEFI Misc Device 2' at PCI(0x2,0x0) All RTMRs now match TDX hardware measurements exactly: MRTD ✓ RTMR[0] ✓ RTMR[1] ✓ RTMR[2] ✓
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR makes the 20-byte app_id requirement explicit in the CVM setup path.
In other words, configs that were valid before remain valid; the only behavioral change is that misconfigured app_ids that would have failed later now fail earlier with a more explicit error.
Related to #554.