Skip to content

Support for Google Cloud and Nitro Enclave #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kvinwang merged 154 commits into from
Jan 19, 2026
Merged

Support for Google Cloud and Nitro Enclave #4

kvinwang merged 154 commits into from
Jan 19, 2026

Conversation

@kvinwang
Copy link
Collaborator

@kvinwang kvinwang commented Jan 19, 2026

No description provided.

@kvinwang
Update serde-human-bytes to 0.1.2
3b27f14
@kvinwang
Update dcap-qvl 0.3.4
e533464
@kvinwang
dstack-util: Refactor remove orphans
b53de04
@kvinwang
cvm: dstack-prepare depends on network-online.target
e3fa46f
@kvinwang
cvm: re-structure the volatile dirs
a1ae983
@kvinwang
dstack-mr: Support for vvfat/vhd shared volume
6334726
@kvinwang
cvm: Support for alternative host share modes
7fff019
@kvinwang
Remove tdx-attest-sys
8aab28f
@kvinwang
tpm: Add tpm crates
4382970
@kvinwang
vmm: Support for config product info
9ef4609
@kvinwang
Add key-provider kind tpm
e9d2a73
@kvinwang
vmm: Support for key-provider tpm (it doesn't work)
ab49844
@kvinwang
vmm: Support for quote_generation_socket
f40384b
@kvinwang
vmm-cli: Support for key provider
4502f62
@kvinwang
eventlog: Refactor cc-eventlog
9f771a1
@kvinwang
eventlog: Add tpm in cc-eventlog
b6deccb
@kvinwang
cvm: Detect data disk by label
c9fad02
@kvinwang
cvm: Skip loading tdx_guest if already exists
85d4539
@kvinwang
cvm: Mount tsm configfs in boot script
609c43c
@kvinwang
cvm: Support for TPM key provider
ce639ea
@kvinwang
kms: Use attestation v2
f47bd9f
@kvinwang
gw: Use attestation v2
d5a5856
@kvinwang
guest-agent: AttestationV2
d308c08
@kvinwang
ratls: Attestation V2
1600846
@kvinwang
sdk: Add GetAttestation
704364c
@kvinwang
verifier: Attestation V2
6f837a7
@kvinwang
dstack-util: Add debug commands
c56c5da
@kvinwang
mod tdx_guest: Compile on kernel 6.17
01f7c5f
@kvinwang
Update Cargo.lock
8a186cd
@kvinwang
dstack-util: add attest subcommand
2bb190e
h4x3rotab and others added 29 commits January 13, 2026 23:42
@h4x3rotab @claude
docs: add 'What You Can Build' section to confidential AI guide
e8a6f86 
Add developer-focused framing that highlights what can be built with
confidential AI without being pitchy. Covers private inference,
training on sensitive data, and trustworthy agents.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@h4x3rotab
Update "trusted by" section
b1b5676
@h4x3rotab @claude
docs: add verification tutorial and reorganize documentation index
729d195 
Add practical verification guide covering:
- Visual verification with proof.t16z.com
- Programmatic verification via guest agent API
- Links to comprehensive docs at docs.phala.network

Reorganize README documentation section by audience:
- For Developers: building apps on dstack
- For Operators: running dstack infrastructure
- Reference: specifications and CLI reference

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@h4x3rotab @claude
docs: add FAQ section with comparison and collapsible content
dd8a480 
Add FAQ section covering:
- Why not use cloud provider TEEs directly (with comparison table)
- Difference from SGX/Gramine
- Performance overhead
- Production readiness
- Hardware support
- Verification process

Consolidate media kit to single line.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@h4x3rotab @claude
docs: add citation section with arXiv reference
119b0c1 
Add BibTeX citation for the dstack paper:
"Dstack: A Zero Trust Framework for Confidential Containers"
(arXiv:2509.11555)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@h4x3rotab @claude
chore: fix reuse lint errors for dependency files
2f8fd79 
- Add precedence override for openzeppelin-foundry-upgrades and forge-std
  to handle invalid SPDX expressions in vendored dependencies
- Add missing annotations for kms/auth-simple config files
- Add override for scripts/add-spdx-attribution.py to prevent false
  positive SPDX detection from script content

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@h4x3rotab @claude
chore: restore ct_monitor to upstream state
8f306f6 
This PR is docs-only; ct_monitor changes were accidentally included.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@h4x3rotab
Merge pull request #423 from Dstack-TEE/readme-revamp
c329c58 
Readme & Docs Revamp
@dependabot
build(deps): bump hono from 4.10.3 to 4.11.4 in /kms/auth-simple
c043e66 
Bumps [hono](https://github.com/honojs/hono) from 4.10.3 to 4.11.4.
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.10.3...v4.11.4)

---
updated-dependencies:
- dependency-name: hono
  dependency-version: 4.11.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@kvinwang
Merge pull request #434 from Dstack-TEE/dependabot/npm_and_yarn/kms/a…
eebaca0 
…uth-simple/hono-4.11.4

build(deps): bump hono from 4.10.3 to 4.11.4 in /kms/auth-simple
@kvinwang
Merge pull request #430 from Dstack-TEE/up-dcap-qvl
562d597 
Update dcap-qvl to 0.3.8
@kvinwang
Fix clippy errors
ed4f9dd
@kvinwang
Merge pull request #435 from Dstack-TEE/fix-clippy
b941fa4 
Fix clippy errors
@dependabot
build(deps): bump tracing-subscriber from 0.3.19 to 0.3.20
f900600 
Bumps [tracing-subscriber](https://github.com/tokio-rs/tracing) from 0.3.19 to 0.3.20.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](tokio-rs/tracing@tracing-subscriber-0.3.19...tracing-subscriber-0.3.20)

---
updated-dependencies:
- dependency-name: tracing-subscriber
  dependency-version: 0.3.20
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@kvinwang
Merge pull request #313 from Dstack-TEE/dependabot/cargo/tracing-subs…
b914214 
…criber-0.3.20

build(deps): bump tracing-subscriber from 0.3.19 to 0.3.20
@kvinwang
Update comment
cec804b
@kvinwang
Update dcap-qvl to 0.3.8
db8356a
@kvinwang
Update docs for agent.Attest
23ccf00
@kvinwang
Add systemd drop-ins for dstack-prepare
d789e35
@kvinwang
refactor attestation for multi-provider support
63f30ce 
Add the dstack-attest crate with versioned attestations, runtime events, and platform-aware modes (dstack, GCP, Nitro).

Migrate RA-TLS, guest-agent, KMS, verifier, and tdx-attest wiring to the new attestation/eventlog flow with cert embedding and legacy fallback.

Introduce Attest RPC and SDK support; update gateway ACME and cert quoting to emit attestations.

Extend types/configs for TPM key provider and host-share disk label; update system setup and docker compose orphan cleanup.
@kvinwang
Merge remote-tracking branch 'ds/master' into refactor-for-cloud-prov…
73b05a5 
…iders
@kvinwang
Fix clippy
736abd8
@kvinwang
Fix unit test
370bd67
@kvinwang
Merge branch 'nitro-dev' into nitro
841ff6e
@kvinwang
Fix unit tests
709339c
@kvinwang
Merge branch 'refactor-for-cloud-providers' into nitro
9df8aa1
@kvinwang
dstack-util: Add --root-ca to get-key
0605259
@kvinwang
kms: Fix the quote display in onboard page
68558a9
@kvinwang
Switch LICENSE to BUSL-1.1
425ae9c
@kvinwang kvinwang merged commit 425ae9c into master Jan 19, 2026
0 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@kvinwang @h4x3rotab @Olexandr88 @barakeinav1 @Leechael