From 2f22972ca28ff68d4570e79583dac80527f2eedc Mon Sep 17 00:00:00 2001 From: Ilya Lukyanov Date: Thu, 13 Nov 2025 15:57:06 +0000 Subject: [PATCH 1/6] bob-common: bump tdx-init version --- bob-common/mkosi.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bob-common/mkosi.build b/bob-common/mkosi.build index 100ac3e..0ed2a53 100755 --- a/bob-common/mkosi.build +++ b/bob-common/mkosi.build @@ -35,7 +35,7 @@ make_git_package \ # Build tdx-init make_git_package \ "tdx-init" \ - "v0.1.1" \ + "v0.3.0" \ "https://github.com/flashbots/tdx-init" \ 'go build -trimpath -ldflags "-s -w -buildid=" -o ./build/tdx-init' \ "build/tdx-init:/usr/bin/tdx-init" From 14fcc2ec343576ecdfca931fde53e8bacf4c9f8a Mon Sep 17 00:00:00 2001 From: Ilya Lukyanov Date: Thu, 13 Nov 2025 15:57:06 +0000 Subject: [PATCH 2/6] bob-l1: include trixie-backports for rust 1.89 lighthouse 8.0.0 needs it --- bob-l1/mkosi.conf | 4 +++- .../etc/apt/sources.list.d/debian-backports.sources | 6 ++++++ 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 bob-l1/mkosi.sandbox/etc/apt/sources.list.d/debian-backports.sources diff --git a/bob-l1/mkosi.conf b/bob-l1/mkosi.conf index 2517779..b05e728 100644 --- a/bob-l1/mkosi.conf +++ b/bob-l1/mkosi.conf @@ -1,4 +1,5 @@ [Build] +SandboxTrees=bob-l1/mkosi.sandbox Environment=LIGHTHOUSE_BINARY KERNEL_CONFIG_SNIPPETS=bob-l1/kernel.config KERNEL_VERSION=6.13.12 WithNetwork=true @@ -12,7 +13,8 @@ Packages=openntpd BuildPackages=build-essential git gcc - cargo + cargo/trixie-backports + rustc/trixie-backports zlib1g-dev libzstd-dev libleveldb-dev diff --git a/bob-l1/mkosi.sandbox/etc/apt/sources.list.d/debian-backports.sources b/bob-l1/mkosi.sandbox/etc/apt/sources.list.d/debian-backports.sources new file mode 100644 index 0000000..c360ea3 --- /dev/null +++ b/bob-l1/mkosi.sandbox/etc/apt/sources.list.d/debian-backports.sources @@ -0,0 +1,6 @@ +Types: deb deb-src +URIs: https://snapshot.debian.org/archive/debian/20251113T083151Z +Suites: trixie-backports +Components: main +Enabled: yes +Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg From b21e753981b6dfc0a037539f624da4f96a3648eb Mon Sep 17 00:00:00 2001 From: Ilya Lukyanov Date: Thu, 13 Nov 2025 16:11:00 +0000 Subject: [PATCH 3/6] bob-l1: bump lighthouse to 8.0.0 --- bob-l1/mkosi.build | 2 +- bob-l1/mkosi.extra/etc/systemd/system/lighthouse.service | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/bob-l1/mkosi.build b/bob-l1/mkosi.build index a5dcef5..06c0874 100755 --- a/bob-l1/mkosi.build +++ b/bob-l1/mkosi.build @@ -24,7 +24,7 @@ LIGHTHOUSE_BUILD_CMD=" " make_git_package \ "lighthouse" \ - "v7.1.0" \ + "v8.0.0" \ "https://github.com/sigp/lighthouse.git" \ "$LIGHTHOUSE_BUILD_CMD" \ "target/release/lighthouse:/usr/bin/lighthouse" diff --git a/bob-l1/mkosi.extra/etc/systemd/system/lighthouse.service b/bob-l1/mkosi.extra/etc/systemd/system/lighthouse.service index 37eb602..e0f7963 100644 --- a/bob-l1/mkosi.extra/etc/systemd/system/lighthouse.service +++ b/bob-l1/mkosi.extra/etc/systemd/system/lighthouse.service @@ -16,7 +16,6 @@ ExecStart=/usr/bin/lighthouse bn \ --execution-endpoint http://localhost:8551 \ --execution-jwt /tmp/jwt.hex \ --checkpoint-sync-url https://mainnet.checkpoint.sigp.io \ - --disable-deposit-contract-sync \ --datadir "/persistent/lighthouse" \ --disable-optimistic-finalized-sync \ --disable-quic \ From a6dd9b593c961040c81160d9cca60bb913d4fbaf Mon Sep 17 00:00:00 2001 From: Ilya Lukyanov Date: Thu, 13 Nov 2025 15:57:06 +0000 Subject: [PATCH 4/6] bob-l1: move readme, clarify image measurements --- {bob-common => bob-l1}/readme.md | 37 ++++++++++++++++---------------- 1 file changed, 19 insertions(+), 18 deletions(-) rename {bob-common => bob-l1}/readme.md (95%) diff --git a/bob-common/readme.md b/bob-l1/readme.md similarity index 95% rename from bob-common/readme.md rename to bob-l1/readme.md index b2226bc..602c7e2 100644 --- a/bob-common/readme.md +++ b/bob-l1/readme.md @@ -147,7 +147,7 @@ git clone https://github.com/flashbots/flashbots-images.git cd flashbots-images # build the BOB (TEE searcher sandbox) image -make build IMAGE=bob +make build IMAGE=bob-l1 ``` ### 2. audit the VM image @@ -216,31 +216,28 @@ Flashbots has adapted Edgeless Constellation’s [measured-boot](https://github. Only [PCR 4, 9, and 11](https://constellation-docs.netlify.app/constellation/2.2/architecture/attestation#runtime-measurements) are meaningful, since the other PCR’s in Azure’s vTPM are not reproducible due to their proprietary closed-source implementations. But, these 3 measurements are enough to ensure Flashbots does not have access to the searcher VM, as any change in the image will generate different PCR 4, 9, and 11 measurements! You can test and verify this claim yourself by changing a line of code, building the new image, and running the measurement software again. ```bash -# clone and build -git clone https://github.com/flashbots/measured-boot -cd measured-boot -go build +cd flashbots-images -# measure -./measured-boot /path/to/flashbots-images/build/tdx-debian-azure.efi output.json --direct-uki +# assuming you've run make build IMAGE=bob-l1 +make measure ```
Expected Output ``` - ubuntu@schmangelina-bob-mkosi-builder:~/measured-boot$ ./measured-boot /home/ubuntu/flashbots-images/build/tdx-debian.efi output.json --direct-uki - EFI Boot Stages: - Stage 1 - Unified Kernel Image (UKI): f04271b7b053dde1741e103c8d64aa0e2c5042cdfb7c08ea25bf64ae005b6381 + ubuntu@builder:~/flashbots-images$ make measure + EFI Boot Stages: + Stage 1 - Unified Kernel Image (UKI): 320af1bf8257b6fd1a47b8fa865bdde7bdfdbf235894804b6b15b676296b1ba4 Stage 2 - Linux : eb1a69b12b47b6b3d4716bad94323d27173cba5f4285b918a2bf59ea5cb3c9ea Linux LOAD_FILE2 protocol: cmdline: "console=tty0 console=ttyS0,115200n8 mitigations=auto,nosmt spec_store_bypass_disable=on nospectre_v2\x00" - initrd (digest aebd8d9d0db231daf59ccc069b2a0cd82f825e849317344d417ff1730ec0779e) + initrd (digest 0cc531c70b473425e513310dfb4cbcfd5161444a07d318b4d5b816f557d589a6) UKI sections: Section 1 - .linux ( 5829632 bytes): 0da293e37ad5511c59be47993769aacb91b243f7d010288e118dc90e95aaef5a, 7439b377dbba898b0db23928be49fb906aa5551cfc01395bc37b8bd50d8f5530 Section 2 - .osrel ( 308 bytes): 3fb9e4e3cc810d4326b5c13cef18aee1f9df8c5f4f7f5b96665724fa3b846e08, 94e5e922dec19c3ab3e3c85b5d30dbb563098a430418a70c11a5b729721fae39 Section 3 - .cmdline ( 101 bytes): 461203a89f23e36c3a4dc817f905b00484d2cf7e7d9376f13df91c41d84abe46, 5b20d03fb990ccafdcfa1ddb37feff37141e728776ed89f335798f3c3899a135 - Section 4 - .initrd ( 163161430 bytes): 15ee37e75f1e8d42080e91fdbbd2560780918c81fe3687ae6d15c472bbdaac75, aebd8d9d0db231daf59ccc069b2a0cd82f825e849317344d417ff1730ec0779e + Section 4 - .initrd ( 166037465 bytes): 15ee37e75f1e8d42080e91fdbbd2560780918c81fe3687ae6d15c472bbdaac75, 0cc531c70b473425e513310dfb4cbcfd5161444a07d318b4d5b816f557d589a6 Section 5 - .uname ( 7 bytes): da7a6d941caa9d28b8a3665c4865c143db8f99400ac88d883370ae3021636c30, 2200d673ad92228af377b9573ed86e7a4e36a87a2a9a08d8c1134aca3ddb021c Section 6 - .sbat ( 309 bytes): ff552fd255be18a3d61c0da88976fc71559d13aad12d1dfe1708cf950cc4b74c, eae67f3a8f5614d71bd75143feeecbb3c12cd202192e2830f0fb1c6df0f4a139 Section 7 - .data : not measured @@ -248,9 +245,9 @@ go build Section 9 - .rodata : not measured Section 10 - .sdmagic: not measured Section 11 - .text : not measured - PCR[ 4]: 52f267b72dc8a06a2aa50281aa49539c3ea08e1fd1e037bc84e00f12abd38071 - PCR[ 9]: a0b3cce18e7e3073ae6332bebb23d4438873f3e73f68f882627bee5c798e03c4 - PCR[11]: 04b26f0af2bffab1d37442f5e73974660578b891a0ef2f3697bc3d06b0317978 + PCR[ 4]: 176543f594059b26292565a3c07b5eaa34122cf2ce7f53b149b6fb85c3046d30 + PCR[ 9]: 817c80c72f0a42bd72d4c7130f0d48c39a6d3ac6def92da085dec16feb822518 + PCR[11]: 46a1b5dd625d967205699242a2de2815e539424c3132306b91f31bcda442693f PCR[12]: 0000000000000000000000000000000000000000000000000000000000000000 PCR[13]: 0000000000000000000000000000000000000000000000000000000000000000 PCR[15]: 0000000000000000000000000000000000000000000000000000000000000000 @@ -267,19 +264,23 @@ Then, copy and paste PCR 4, 9, and 11 into the following format and save as `mea "attestation_type": "azure-tdx", "measurements": { "4": { - "expected": "52f267b72dc8a06a2aa50281aa49539c3ea08e1fd1e037bc84e00f12abd38071" + "expected": "176543f594059b26292565a3c07b5eaa34122cf2ce7f53b149b6fb85c3046d30" }, "9": { - "expected": "a0b3cce18e7e3073ae6332bebb23d4438873f3e73f68f882627bee5c798e03c4" + "expected": "817c80c72f0a42bd72d4c7130f0d48c39a6d3ac6def92da085dec16feb822518" }, "11": { - "expected": "04b26f0af2bffab1d37442f5e73974660578b891a0ef2f3697bc3d06b0317978" + "expected": "46a1b5dd625d967205699242a2de2815e539424c3132306b91f31bcda442693f" } } } ] ``` +> Note: at the time of the writing, those measurements were acquired by building from commit 1b142eb61f34454172f99c02b29e6b0caa4bc863, if you're viewing this from main branch please ensure to build from the same commit to get the same measurements. + +> Note: at the time of the writing, compiling bob-l1 image is not reproducible if building under ARM mac with Rosetta. Please use x86_64 Linux for now. + ### 3. audit and run the remote attestation software which requests the measurement from Azure’s vTPM Flashbots again leverages Edgeless Constellation’s [attested TLS](https://docs.edgeless.systems/constellation/architecture/attestation#attested-tls-atls) and other attestation primitives to interact with Azure’s attestation service. CVM-reverse-proxy fetches Azure's vTPM measurement and compares it with the locally supplied measurement. From ef5dd2727ba4569d530c67822dc96778f54a295a Mon Sep 17 00:00:00 2001 From: alexhulbert Date: Tue, 25 Nov 2025 17:54:45 +0900 Subject: [PATCH 5/6] Drop empty fluentbit filter events --- bob-common/mkosi.extra/etc/fluent-bit/delay.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bob-common/mkosi.extra/etc/fluent-bit/delay.lua b/bob-common/mkosi.extra/etc/fluent-bit/delay.lua index 822880a..580a22b 100644 --- a/bob-common/mkosi.extra/etc/fluent-bit/delay.lua +++ b/bob-common/mkosi.extra/etc/fluent-bit/delay.lua @@ -26,7 +26,7 @@ function log_delay(tag, ts_table, record) -- 2) Check if we've already processed this second if last_processed_second == now_floor then -- Skip the flush; Return no output - return 2, ts_table, {} + return -1, ts_table, {} end -- 3) Otherwise, do the flush logic once for this second @@ -49,7 +49,7 @@ function log_delay(tag, ts_table, record) -- 4) Return any flushed logs if #to_emit == 0 then - return 2, ts_table, {} + return -1, ts_table, {} else local new_ts = { sec = now_sec, nsec = 0 } return 1, new_ts, to_emit From 2cf8e721dbd68c651bf4369302ad40307c19ffaf Mon Sep 17 00:00:00 2001 From: Ilya Lukyanov Date: Tue, 25 Nov 2025 13:55:54 +0000 Subject: [PATCH 6/6] update commit --- bob-l1/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bob-l1/readme.md b/bob-l1/readme.md index 602c7e2..3b608cc 100644 --- a/bob-l1/readme.md +++ b/bob-l1/readme.md @@ -277,7 +277,7 @@ Then, copy and paste PCR 4, 9, and 11 into the following format and save as `mea ] ``` -> Note: at the time of the writing, those measurements were acquired by building from commit 1b142eb61f34454172f99c02b29e6b0caa4bc863, if you're viewing this from main branch please ensure to build from the same commit to get the same measurements. +> Note: at the time of the writing, those measurements were acquired by building from commit ef5dd2727ba4569d530c67822dc96778f54a295a, if you're viewing this from main branch please ensure to build from the same commit to get the same measurements. > Note: at the time of the writing, compiling bob-l1 image is not reproducible if building under ARM mac with Rosetta. Please use x86_64 Linux for now.