Closed
Conversation
msanft
force-pushed
the
msanft/dev-runtime
branch
from
d4587b9 to
e026aae
Compare
Member
Author
msanft
force-pushed
the
msanft/dev-runtime
branch
3 times, most recently
from
7f4899c to
4249f55
Compare
sespiros
reviewed
Apr 21, 2026
msanft
force-pushed
the
msanft/dev-runtime
branch
4 times, most recently
from
83b5110 to
66bf651
Compare
Member
Author
|
EDIT: Changed this to match the CLI's opt-in behavior. |
msanft
force-pushed
the
msanft/dev-runtime
branch
from
a475695 to
d289cdd
Compare
This adds definitions for the insecure platform variants.
This adds stub reference values for the insecure development platforms to the JSON file with all the reference values.
This adds support for insecure platforms to `contrast generate`. To enable generation for insecure platforms, both the `--INSECURE` flag and the `CONTRAST_ALLOW_INSECURE_RUNTIMES` environment variable need to be set. The `contrast-cc-*` and `contrast-insecure-*` runtimes can be used interchangeably. The bare `contrast-cc` and `contrast-insecure` only resolve if `--reference-values` is set to a CC/insecure platform, respectively.
This adjusts the justfile to include insecure runtimes. Additionally, it makes the `just runtime` target *overwrite* the runtimes instead of appending them. The latter caused issues when the file already had content from a previous run, and I don't see any use for that behaviour.
This adds the node deployment step for the insecure platforms. It uses the same Kata configuration as the CC variants, but strips the CC- enabling values from there.
This adds an insecure attestation issuer / validator implementation. This implementation just forwards the hostdata-provided initdata digest to the validator. The scaffolding necessary for this is optionally making the initdata-processor long-running to expose the initdata digest via an HTTP server, as the configfs-backed hostdata channel is not available on insecure platforms.
This requires the coordinator to be initially configured to allow insecure runtimes by requiring the `CONTRAST_ALLOW_INSECURE` environment variable to be set within the coordinator. This prevents deploying an insecure manifest to a previously-secure runtime, which is a use-case we don't need to support.
This adds the same `--INSECURE` and `CONTRAST_ALLOW_INSECURE_RUNTIMES` toggles to `contrast verify` that are already present in `contrast generate`.
This adds a basic E2E test for the insecure runtimes.
With insecure GPU VMs, we ran into OOM kills on larger VM sizes. The theory is that this is caused by IOMMU page tables which are only allocated when VFIO passthrough is used. In the CC case, these page tables get allocated under the TDX modules' memory. For the non-CC case, they are part of the QEMU process, and thus contribute to the memory usage within the Kubelet's cgroup. To counter this, we add a little bit of extra overhead for insecure GPU VMs.
For verifying an insecure deployment, an SDK user must now instantiate the client `.WithInsecure`, aligning it to the CLI behavior.
msanft
force-pushed
the
msanft/dev-runtime
branch
from
d289cdd to
4b54b0e
Compare
burgerdev
requested changes
Apr 27, 2026
Member
burgerdev
left a comment
burgerdev
left a comment
There was a problem hiding this comment.
Hey @msanft,
Thanks for the PR. I think this could be split up naturally into at least the following intermediate features which don't need to be submitted all at once:
- prefactoring for the
contrast-ccruntime class name matching. - Insecure issuer and verifier, not wired into anything but tested against each other.
- initdata processor
- runtime and nodeinstaller changes
- support for insecure manifests at the Coordinator
- support for insecure manifests at the CLI
- e2e test with insecure
- support for insecure manifests in SDK
That should make review (and iteration) much easier - thanks!
Member
Author
@burgerdev: We'll have to find a good working mode for this. For me, as the PR author, rebasing a stack of N PRs is very tedious. That was my rationale for bundling these changes into a single PR and relying on reviewable commits instead. I'll try to split up into multiple PRs as you suggested. |
This was referenced Apr 27, 2026
Member
Author
|
I split this with the help of AI: --- START AGENT OUTPUT
Each PR is based on the previous one. --- END AGENT OUTPUT |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This adds support for insecure non-CC runtimes. These can be used both for testing in PoC-like settings where Contrast needs to be integrated into a given platform where CC hardware is not yet available, but also eases benchmarking of CC against non-CC performance for Contrast consumers.
This PR only adds the technical implementation for the insecure runtimes, but doesn't yet expose it to the user via release artifacts or documentation.
Despite the PR size, I opted to combine the changes into a single PR with reviewable commits, since -imo- having the full test coverage of all the code makes it easier to reason about the treewide changes. Let me know if you want anything adjusted.
Closes CON-2, CON-3, CON-4