Skip to content

Commit 322227a

Browse files
authored
Merge pull request #168 from flashbots/peg/flashbox-use-attested-tls-proxy
flashbox - switch cvm-reverse-proxy to attested-tls-proxy
2 parents 2e3a88c + 7a17c13 commit 322227a

9 files changed

Lines changed: 64 additions & 48 deletions

File tree

modules/flashbox/common/mkosi.build

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -40,12 +40,13 @@ make_git_package \
4040
'go build -trimpath -ldflags "-s -w -buildid= -X github.com/flashbots/go-template/common.Version=v1.0.0" -o ./build/ssh-pubkey-server cmd/httpserver/main.go' \
4141
"build/ssh-pubkey-server:/usr/bin/ssh-pubkey-server"
4242

43-
make_git_package \
44-
"cvm-reverse-proxy" \
45-
"v0.1.8" \
46-
"https://github.com/flashbots/cvm-reverse-proxy" \
47-
"make build-proxy-server" \
48-
"build/proxy-server:/usr/bin/cvm-reverse-proxy"
43+
44+
# Install attested-tls-proxy
45+
VERSION="v1.1.3"
46+
EXPECTED_SHA256=3d3f43203bd51be399fe90ab5c633716cbecba0cb30beff291052b748610b65b
47+
curl -sSfL https://github.com/flashbots/attested-tls-proxy/releases/download/${VERSION}/attested-tls-proxy_1.${VERSION}_amd64.deb \
48+
-o $PACKAGEDIR/attested-tls-proxy.deb
49+
echo "${EXPECTED_SHA256}" $PACKAGEDIR/attested-tls-proxy.deb | sha256sum --check
4950

5051
# Build input-only-proxy
5152
build_rust_package \

modules/flashbox/common/mkosi.conf

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@ PostInstallationScripts=modules/flashbox/common/unmask-systemd.sh
88
modules/flashbox/common/mkosi.postinst
99
BuildScripts=modules/flashbox/common/mkosi.build
1010

11+
VolatilePackages=attested-tls-proxy
12+
1113
Packages=podman
1214
catatonit
1315
runc

modules/flashbox/common/mkosi.extra/etc/systemd/system/cvm-reverse-proxy.service renamed to modules/flashbox/common/mkosi.extra/etc/systemd/system/attested-tls-proxy.service

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,15 @@
11
[Unit]
2-
Description=SSH Public Key Server
2+
Description=Attested TLS Proxy Server
33
After=ssh-pubkey-server.service
44
Requires=ssh-pubkey-server.service
55

66
[Service]
77
Type=simple
8-
ExecStart=cvm-reverse-proxy --listen-addr=0.0.0.0:8745 \
9-
--target-addr=http://localhost:5001 \
8+
ExecStart=attested-tls-proxy server \
9+
--listen-addr=0.0.0.0:8745 \
1010
--server-attestation-type=auto \
11-
--override-azurev6-tcbinfo
11+
--allowed-remote-attestation-type none \
12+
127.0.0.1:5001
1213
Restart=always
1314
RestartSec=5
1415

modules/flashbox/flashbox-l1/mkosi.extra/etc/bob/firewall-config

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
SSH_CONTROL_PORT=22
66
SSH_DATA_PORT=10022
77
SSH_REGISTER_PORT=8080
8-
CVM_REVERSE_PROXY_PORT=8745
8+
ATTESTED_TLS_PROXY_PORT=8745
99
SEARCHER_INPUT_UDP_PORT=27017
1010
SEARCHER_INPUT_TCP_PORT=27018
1111

@@ -56,10 +56,10 @@ accept_dst_port $CHAIN_ALWAYS_IN tcp $SSH_CONTROL_PORT "SSH control port"
5656
accept_dst_port $CHAIN_ALWAYS_IN udp $SEARCHER_INPUT_UDP_PORT "Searcher UDP input channel"
5757
accept_dst_port $CHAIN_ALWAYS_IN tcp $SEARCHER_INPUT_TCP_PORT "Searcher TCP input channel (input-only-proxy)"
5858

59-
# CVM reverse-proxy serves server attestation
59+
# attested-tls-proxy serves server attestation
6060
# Also forwards request to ssh pubkey server on localhost:5001,
6161
# which serves searcher-container openssh server pubkey
62-
accept_dst_port $CHAIN_ALWAYS_IN tcp $CVM_REVERSE_PROXY_PORT "CVM reverse-proxy"
62+
accept_dst_port $CHAIN_ALWAYS_IN tcp $ATTESTED_TLS_PROXY_PORT "attested-tls-proxy"
6363

6464
# Note: this is CL running on the host
6565
accept_dst_port $CHAIN_ALWAYS_IN tcp $CL_P2P_PORT "CL P2P (TCP)"

modules/flashbox/flashbox-l1/readme.md

Lines changed: 38 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,7 @@ Firewall Rules
7777
| 53 | Output | DNS | DNS | TCP + UDP | DISABLED | ENABLED |
7878
| 80 | Output | HTTP | HTTP | TCP | DISABLED | ENABLED |
7979
| 443 | Output | HTTPS | HTTPS | TCP | DISABLED | ENABLED |
80-
| 8745 | Input | CVM-Reverse-Proxy | Host | TCP | ENABLED | ENABLED |
80+
| 8745 | Input | attested-tls-proxy | Host | TCP | ENABLED | ENABLED |
8181
| 123 | Output | NTP | Host | UDP | ENABLED | ENABLED |
8282

8383
**<u>Searcher Network Namespace iptables</u>**
@@ -280,21 +280,22 @@ Then, copy and paste PCR 4, 9, and 11 into the following format and save as `mea
280280
281281
### 3. audit and run the remote attestation software which requests the measurement from Azure’s vTPM
282282

283-
Flashbots again leverages Edgeless Constellation’s [attested TLS](https://docs.edgeless.systems/constellation/architecture/attestation#attested-tls-atls) and other attestation primitives to interact with Azure’s attestation service. CVM-reverse-proxy fetches Azure's vTPM measurement and compares it with the locally supplied measurement.
283+
Flashbots again leverages Edgeless Constellation’s [attested TLS](https://docs.edgeless.systems/constellation/architecture/attestation#attested-tls-atls) and other attestation primitives to interact with Azure’s attestation service. attested-tls-proxy fetches Azure's vTPM measurement and compares it with the locally supplied measurement.
284284

285285
```bash
286286
# download remote attestation tool
287-
git clone https://github.com/flashbots/cvm-reverse-proxy.git
288-
cd cvm-reverse-proxy
289-
make build-proxy-client
287+
git clone https://github.com/flashbots/attested-tls-proxy.git
288+
cd attested-tls-proxy
290289

291290
# This will run the client proxy that is listening on port 8080
292291
# and use the server reverse proxy on the deployed image as a target,
293292
# marshalling the measurements.json for validation of the attestation.
294-
./cvm-reverse-proxy/build/proxy-client \
295-
--server-measurements ./measurements.json \
296-
--target-addr=https://<VM IP>:8745 \
297-
--log-debug=false
293+
cargo run -- client \
294+
--listen-addr 127.0.0.1:8080 \
295+
--allow-self-signed \
296+
--measurements-file ./measurements.json \
297+
--log-debug \
298+
<VM IP>:8745
298299

299300
# To trigger remote attestation, open a new terminal and run this command:
300301
curl http://127.0.0.1:8080
@@ -309,32 +310,43 @@ curl http://127.0.0.1:8080
309310
git clone https://github.com/flashbots/ssh-pubkey-server
310311

311312
./ssh-pubkey-server/cmd/cli/add_to_known_hosts.sh \
312-
./cvm-reverse-proxy/build/proxy-client \
313+
http://127.0.0.1:8080 \
313314
<MACHINE IP>
314315
```
315316

316317
<details>
317318
<summary>Example Output</summary>
318319

319320
```bash
320-
# successful attestation
321-
ubuntu@schmangeLina-bob-mkosi-builder:~$ ./cvm-reverse-proxy/build/proxy-client \
322-
--server-measurements ./measurements.json \
323-
--target-addr=https://20.57.71.148:8745 \
324-
--log-debug=false
325-
time=2025-07-23T14:00:33.436Z level=INFO msg="Starting proxy client" service=proxy-client version=v0.1.7-1-g4e175a4 listenAddr=127.0.0.1:8080
326-
time=2025-07-23T14:00:41.224Z level=INFO msg="Validating attestation document" service=proxy-client version=v0.1.7-1-g4e175a4
327-
time=2025-07-23T14:00:41.956Z level=INFO msg="Successfully validated attestation document" service=proxy-client version=v0.1.7-1-g4e175a4
328-
time=2025-07-23T14:00:42.051Z level=INFO msg="[proxy-request] proxying complete" service=proxy-client version=v0.1.7-1-g4e175a4 duration=1.275184102s
329-
330-
# fetch the available host pubkey(s) — the dropbear key is served at boot, before `initialize`
331-
ubuntu@schmangeLina-bob-mkosi-builder::~$ curl --insecure https://20.57.71.148:8745/pubkey
332-
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIYZkgqUokLPpIENJPhJAdpNTecgp/1R1RE6XMsIp6Rt
333-
321+
# Start the proxy client
322+
$ cargo run -- client --listen-addr 127.0.0.1:8080 --allow-self-signed --measurements-file ./measurements.json --log-debug 35.255.95.67:8745
323+
Compiling attested-tls-proxy v1.1.1 (/home/pumkin/src/flashbots/attested-tls-proxy)
324+
Finished `dev` profile [unoptimized + debuginfo] target(s) in 1.17s
325+
Running `target/debug/attested-tls-proxy client --listen-addr '127.0.0.1:8080' --allow-self-signed --measurements-file ./measurements.json --log-debug '35.255.95.67:8745'`
326+
2026-06-22T07:07:38.553942Z DEBUG attested_tls_proxy: [proxy-client] Connected to proxy server with measurements: Some(DCAP({MRTD: "feb7486608382c1ff0e15b4648ddc0acea6ca974eb53e3529f4c4bd5ffbaa20bf335cb75965cea65fe473aed9647c162", RTMR0: "e1d0235496f93f9475bf0b26d33da5c15831cfc94104d6bea7ab82db027c5f1e917d47dda6953eefae7dcb20ab6f75c4", RTMR1: "4ea5a990afef023f89e11fc32d99103d0adc91d5734664542eb980cdabc88224e1fd206d1d3b2eda71f713fdf8308a2b", RTMR2: "c42ba4fb83f99e4b90bc2a3aa9a2e81c5ac578e9a439c23b457ff7dd0d0eae958760616eff05d827289e47608e757547", RTMR3: "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"}))
327+
at src/lib.rs:674
328+
329+
2026-06-22T07:07:38.554036Z DEBUG attested_tls_proxy::http_version: [client] Negotiated ALPN Some("flashbots-ratls/1+h2"), chosen protocol Http2
330+
at src/http_version.rs:39
331+
332+
2026-06-22T07:07:44.356260Z DEBUG attested_tls_proxy: proxy-client accepted connection
333+
at src/lib.rs:594
334+
335+
2026-06-22T07:07:44.356578Z DEBUG attested_tls_proxy: [proxy-client] Read incoming request from source client: Request { method: GET, uri: /pubkey, version: HTTP/1.1, headers: {"host": "127.0.0.1:8080", "user-agent": "curl/8.19.0", "accept": "*/*"}, body: Body(Empty) }
336+
at src/lib.rs:494
337+
338+
2026-06-22T07:07:44.639534Z DEBUG attested_tls_proxy: [proxy-client] Read response from proxy-server: Response { status: 200, version: HTTP/2.0, headers: {"date": "Mon, 22 Jun 2026 07:07:44 GMT", "content-length": "80", "content-type": "text/plain; charset=utf-8"}, body: Body(Streaming) }
339+
at src/lib.rs:498
340+
341+
$ curl http://127.0.0.1:8080/pubkey | less
342+
% Total % Received % Xferd Average Speed Time Time Time Current
343+
Dload Upload Total Spent Left Speed
344+
100 80 100 80 0 0 280 0 0
345+
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHqPgQoc6yLlMsRUvEeV+6oUsvCMV1sr+b1uKTLzu4e9
334346
```
335347
</details>
336348

337-
If cvm-reverse-proxy returns `Successfully validated attestation document`, the searcher has now verified that they SSH into a genuine TDX VM, running the exact same image as the one they audited locally. In doing so, the searcher has also verified that no one else has access to the container or host, and they can safely upload your arbitrage bot inside ✨🚀
349+
If attested-tls-proxy client is able to successfully make a connection to the proxy server, the searcher has now verified that they SSH into a genuine TDX VM, running the exact same image as the one they audited locally. In doing so, the searcher has also verified that no one else has access to the container or host, and they can safely upload your arbitrage bot inside ✨🚀
338350

339351
Order Flow APIs
340352
------------------------
@@ -611,7 +623,7 @@ Developer Notes
611623
7. Lighthouse (**name:** `lighthouse.service`) (**after:** `/persistent` is mounted)
612624
8. Start the podman container (**name:** `searcher-container.service`) (**after:** `dropbear.service`, `lighthouse.service`, `searcher-firewall.service`, `/persistent` is mounted)
613625
9. SSH pubkey server (**name:** `ssh-pubkey-server.service`) (**after:** `dropbear.service`) — starts at boot and no longer waits for `searcher-container.service`, so `/pubkey` serves the host (dropbear) key before disk init. The container key is served by `/pubkey` lazily once the container writes it.
614-
10. CVM reverse proxy for SSH pubkey server (**name:** `cvm-reverse-proxy.service`) (**after:** `ssh-pubkey-server.service`) — consequently the attested `:8745` channel is also available at boot, before the searcher's first SSH.
626+
10. Attested TLS proxy for SSH pubkey server (**name:** `attested-tls-proxy.service`) (**after:** `ssh-pubkey-server.service`) — consequently the attested `:8745` channel is also available at boot, before the searcher's first SSH.
615627
616628
### Testing
617629

modules/flashbox/flashbox-l2/mkosi.extra/etc/bob/firewall-config

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
SSH_CONTROL_PORT=22
66
SSH_DATA_PORT=10022
77
SSH_REGISTER_PORT=8080
8-
CVM_REVERSE_PROXY_PORT=8745
8+
ATTESTED_TLS_PROXY_PORT=8745
99
SEARCHER_INPUT_UDP_PORT=27017
1010
SEARCHER_INPUT_TCP_PORT=27018
1111

@@ -36,10 +36,10 @@ accept_dst_port $CHAIN_ALWAYS_IN tcp $SEARCHER_INPUT_TCP_PORT "Searcher TCP inpu
3636
# We assume here that static peers in config are only syn nodes
3737
accept_src_ip_dst_port $CHAIN_ALWAYS_IN tcp "$CONFIG_EL_PEERS_IPS" $ENGINE_API_PORT "Engine API"
3838

39-
# CVM reverse-proxy serves server attestation
39+
# attested-tls-proxy serves server attestation
4040
# Also forwards request to ssh pubkey server on localhost:5001,
4141
# which serves searcher-container openssh server pubkey
42-
accept_dst_port $CHAIN_ALWAYS_IN tcp $CVM_REVERSE_PROXY_PORT "CVM reverse-proxy"
42+
accept_dst_port $CHAIN_ALWAYS_IN tcp $ATTESTED_TLS_PROXY_PORT "attested-tls-proxy"
4343

4444
###########################################################################
4545
# (2) ALWAYS_OUT: Outbound rules that are always applied

modules/flashbox/observability/mkosi.postinst

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
#!/bin/bash
1+
#!/usr/bin/env bash
22
set -euxo pipefail
33

44
# Ensure prometheus owns its data directory

scripts/gcp_measurements_to_dcap.sh

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,12 @@
11
#!/usr/bin/env bash
22
# TEMPORARY: reshape dstack-mr GCP measurements (make measure-gcp ->
3-
# build/gcp_measurements.json) into cvm-reverse-proxy's dcap-tdx
4-
# --server-measurements format. Drop once cvm-reverse-proxy accepts the
3+
# build/gcp_measurements.json) into attested-tls-proxy's dcap-tdx
4+
# --measurements-file format. Drop once attested-tls-proxy accepts the
55
# condensed dstack-mr output directly.
66
#
77
# dstack-mr emits mrtd[] (one per known GCP firmware) and rtmr0[] (equal-size
88
# per-firmware chunks: firmware x machine-type-ACPI x boot variants), while
9-
# cvm-reverse-proxy wants flat measurement sets it ORs over. We pair mrtd[i]
9+
# attested-tls-proxy wants flat measurement sets it ORs over. We pair mrtd[i]
1010
# with its rtmr0 chunk; a genuine quote matches exactly one set.
1111
#
1212
# Usage: scripts/gcp_measurements_to_dcap.sh [gcp_measurements.json] > out.json

scripts/make_git_package.sh

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ make_git_package() {
4343
mkdir -p "$DESTDIR$dest"
4444
cp -r "$cache_dir/$src"/* "$DESTDIR$dest/"
4545
else
46-
cp "$cache_dir/$src" "$DESTDIR$dest"
46+
install -m 755 "$cache_dir/$src" "$DESTDIR$dest"
4747
fi
4848
done
4949
return 0
@@ -66,7 +66,7 @@ make_git_package() {
6666
cp -r "$build_dir/$src"/* "$DESTDIR$dest/"
6767
else
6868
mkdir -p "$(dirname "$DESTDIR$dest")"
69-
cp "$build_dir/$src" "$DESTDIR$dest"
69+
install -m 755 "$build_dir/$src" "$DESTDIR$dest"
7070
fi
7171

7272
# Cache artifact

0 commit comments

Comments
 (0)