Skip to content

feat: Add GCP TDX support with event log compatibility fix#416

Open
lalalune wants to merge 5 commits intoDstack-TEE:masterfrom
lalalune:feat/gcp-tdx-support
Open

feat: Add GCP TDX support with event log compatibility fix#416
lalalune wants to merge 5 commits intoDstack-TEE:masterfrom
lalalune:feat/gcp-tdx-support

Conversation

@lalalune
Copy link

@lalalune lalalune commented Dec 13, 2025

  • Fix cc-eventlog to handle GCP's 0-based IMR indices using saturating_sub
  • Add Terraform configuration for GCP Confidential VMs (Intel TDX)
  • Add deployment scripts and comprehensive test suite (12 tests)
  • Add Base Sepolia network to hardhat config
  • Full backward compatibility with Phala/standard TDX deployments

Tested on GCP c3-standard-8 with real Intel TDX hardware attestation.

Feel free to just pick out the fixes to the lib.rs since that's the main actual fix

@lalalune
feat: Add GCP TDX support with event log compatibility fix
551d5fa 
- Fix cc-eventlog to handle GCP's 0-based IMR indices using saturating_sub
- Add Terraform configuration for GCP Confidential VMs (Intel TDX)
- Add deployment scripts and comprehensive test suite (12 tests)
- Add Base Sepolia network to hardhat config
- Full backward compatibility with Phala/standard TDX deployments

Tested on GCP c3-standard-8 with real Intel TDX hardware attestation.
@lalalune
remove note
4fc2ef5
@lalalune
chore: Clean up GCP deployment scripts
bbd4476
@lalalune
chore: Add SPDX license headers
e9b5ca4
@lalalune
remove md
bceb06c
@h4x3rotab
Copy link
Contributor

h4x3rotab commented Dec 16, 2025

Very good start point. It pulls the GCP's in-stock Ubuntu image, and install the dstack agent and docker runtime in the VM startup script. It largely works because GCP CC VM also offers standard TDX attestation API.

The missing pieces in this approach:

  • The base image is not reproducible, which is necessary to establish the chain-of-trust of OS code provenance
  • The startup scripts needs a way to be attested
  • dstack-kms needs to understand the attestation produced by GCP. Note that in GCP, there are more components like vTPM included in the TCB. So it's necessary to verify it in full.
  • Integrate with other dstack components like dstack-vmm and dstack-gateway

There's a tracking issue that covers the missing pieces: #125

kvinwang
kvinwang reviewed Dec 23, 2025
View reviewed changes
cc-eventlog/src/lib.rs
// However, some cloud platforms (notably GCP) may include events with IMR index 0
// in their CCEL tables. Rather than failing on these, we pass them through as RTMR 0.
// This maintains compatibility with both standard TCG format and GCP's implementation.
let imr = value.imr_index.saturating_sub(1);
Copy link
Collaborator

@kvinwang kvinwang Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Merging imr 0 and 1 would cause RMTR replay mismatches. We've dropped imr 0 events in an internal dev branch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kvinwang kvinwang kvinwang left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lalalune @h4x3rotab @kvinwang