This document is targeted towards educating searchers who are putting highly sensitive and proprietary code inside of a TDX VM deployed by an untrusted third party (Flashbots). For a more holistic view of the system goals, architecture, and tradeoffs of bottom of block extraction in TDX please visit: https://collective.flashbots.net/t/searching-in-tdx/3902
At a high level, searchers will audit the minimal VM image prepared by Flashbots does not introduce malicious code and contains the right SSH configuration. Then they will confirm that exact image is running on the TDX VM Flashbots deployed by “measuring” the image (by hashing its files) and comparing their local measurement to that measured by Azure.
<aside> 🫧 Searcher Flow:
(1) audit the VM image
(2) audit and run the local measurement software which simulates the expected measurement
(3) audit and run the remote attestation software which requests the measurement from Azure’s vTPM
(4) compare local measurement to Azure’s measurement
</aside>
(Begin step 2 as it could take 20 minutes to a couple of hours depending on machine)
(Yocto is quite demanding in regards to hardware, we recommend ssh-ing into a server)
# Flashbots provides a docker build for easy reproducible builds
# and local measurement.
git clone [<https://github.com/flashbots/yocto-manifests.git>](<https://github.com/flashbots/yocto-manifests.git>)
cd yocto-manifests
git checkout bob-tdx
# export the searcher ssh key as an env variable
export SSH_KEY="<searcher's SSH pubkey>"
# note: to execute without sudo, add your user to the docker group
# guide: <https://docs.docker.com/engine/install/linux-postinstall/>
# with sudo: sudo export SSH_KEY="<searcher's SSH pubkey>" make azure-image
make azure-image
/home/searcher/.ssh/authorized_keys
.So, the searcher’s image is made of: