You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -280,21 +280,22 @@ Then, copy and paste PCR 4, 9, and 11 into the following format and save as `mea
280
280
281
281
### 3. audit and run the remote attestation software which requests the measurement from Azure’s vTPM
282
282
283
-
Flashbots again leverages Edgeless Constellation’s [attested TLS](https://docs.edgeless.systems/constellation/architecture/attestation#attested-tls-atls) and other attestation primitives to interact with Azure’s attestation service. CVM-reverse-proxy fetches Azure's vTPM measurement and compares it with the locally supplied measurement.
283
+
Flashbots again leverages Edgeless Constellation’s [attested TLS](https://docs.edgeless.systems/constellation/architecture/attestation#attested-tls-atls) and other attestation primitives to interact with Azure’s attestation service. attested-tls-proxy fetches Azure's vTPM measurement and compares it with the locally supplied measurement.
If cvm-reverse-proxy returns `Successfully validated attestation document`, the searcher has now verified that they SSH into a genuine TDX VM, running the exact same image as the one they audited locally. In doing so, the searcher has also verified that no one else has access to the container or host, and they can safely upload your arbitrage bot inside ✨🚀
349
+
If attested-tls-proxy client is able to successfully make a connection to the proxy server, the searcher has now verified that they SSH into a genuine TDX VM, running the exact same image as the one they audited locally. In doing so, the searcher has also verified that no one else has access to the container or host, and they can safely upload your arbitrage bot inside ✨🚀
338
350
339
351
Order Flow APIs
340
352
------------------------
@@ -611,7 +623,7 @@ Developer Notes
611
623
7. Lighthouse (**name:**`lighthouse.service`) (**after:**`/persistent` is mounted)
612
624
8. Start the podman container (**name:**`searcher-container.service`) (**after:**`dropbear.service`, `lighthouse.service`, `searcher-firewall.service`, `/persistent` is mounted)
613
625
9. SSH pubkey server (**name:**`ssh-pubkey-server.service`) (**after:**`dropbear.service`) — starts at boot and no longer waits for`searcher-container.service`, so `/pubkey` serves the host (dropbear) key before disk init. The container key is served by `/pubkey` lazily once the container writes it.
614
-
10. CVM reverse proxy for SSH pubkey server (**name:**`cvm-reverse-proxy.service`) (**after:**`ssh-pubkey-server.service`) — consequently the attested `:8745` channel is also available at boot, before the searcher's first SSH.
626
+
10. Attested TLS proxy for SSH pubkey server (**name:**`attested-tls-proxy.service`) (**after:**`ssh-pubkey-server.service`) — consequently the attested `:8745` channel is also available at boot, before the searcher's first SSH.
0 commit comments