TDX Security For BOB Searchers

This document is targeted towards educating searchers who are putting highly sensitive and proprietary code inside of a TDX VM deployed by an untrusted third party (Flashbots). For a more holistic view of the system goals, architecture, and tradeoffs of bottom of block extraction in TDX please visit: ‣

What is Intel TDX?

What happens when Intel TDX has a security vulnerability?

What is the privacy & security goal for Flashbots?

Why and how do I verify that Flashbots cannot access, observe, or tamper with my code?

At a high level, searchers will audit the minimal VM image prepared by Flashbots does not introduce malicious code and contains the right SSH configuration. Then they will confirm that exact image is running on the TDX VM Flashbots deployed by “measuring” the image (by hashing its files) and comparing their local measurement to that measured by Azure.

<aside> 🫧 Searcher Flow:

(1) audit the VM image

(2) audit and run the local measurement software which simulates the expected measurement

(3) audit and run the remote attestation software which requests the measurement from Azure’s vTPM

(4) compare local measurement to Azure’s measurement

</aside>

(Begin step 2 as it could take 20 minutes to a couple of hours depending on machine)

(Yocto is quite demanding in regards to hardware, we recommend ssh-ing into a server)

# Flashbots provides a docker build for easy reproducible builds 
# and local measurement. 
git clone [<https://github.com/flashbots/yocto-manifests.git>](<https://github.com/flashbots/yocto-manifests.git>)
cd yocto-manifests
git checkout bob-tdx

# export the searcher ssh key as an env variable
export SSH_KEY="<searcher's SSH pubkey>"

# note: to execute without sudo, add your user to the docker group 
# guide: <https://docs.docker.com/engine/install/linux-postinstall/>
# with sudo: sudo export SSH_KEY="<searcher's SSH pubkey>" make azure-image
make azure-image

1. audit the VM image

The searcher’s goal is to audit the image provided by Flashbots to verify no malicious code was introduced and to verify the dropbear SSH configuration disables password and root logins and writes the searcher’s ssh key to /home/searcher/.ssh/authorized_keys.
To build an auditable image for the searcher, Flashbots uses Poky, a reference distribution of Yocto, an open-source project that helps developers create custom Linux projects. Yocto is used by many embedded systems like BMW, Tesla, Texas Instruments, among many many others.
Poky then uses build tool Bitbake which follows a layer-based architecture where each layer is assigned a priority and can append and override the base Poky image. Higher priority layers override configurations set by lower priority layers.

So, the searcher’s image is made of: