The repo is a Rust workspace providing tools and components for use in confidential guests TEEs (Trusted Execution Environments). Guest Components provide helpers for generating attestation evidence from the TEE hardware and initialiazing a secret retrieval process, that can be provided to confidential workloads. It's part of the Confidential Containers project and consumed by kata-containers or cloud-api-adaptor.
This is a Rust workspace (resolver v2) pinned to toolchain 1.90.0 (see rust-toolchain.toml).
# Build all workspace members (default features)
cargo build
# Build for a specific TEE platform via Makefile (cross-compiles to musl by default)
make build TEE_PLATFORM=none # non-confidential
make build TEE_PLATFORM=az-cvm-vtpm # Azure vTPM based attestation (TDX or SEV-SNP)
make build TEE_PLATFORM=tdx # Intel TDX
make build TEE_PLATFORM=snp # AMD SEV-SNP
make build TEE_PLATFORM=all # all platforms
# Rebuild ttrpc/gRPC protobuf code (requires protoc)
make build-protos# Run all tests for a single crate
cargo test -p attestation-agent
cargo test -p confidential-data-hub
cargo test -p image-rs
cargo test -p ocicrypt-rs
# Run a single test by name
cargo test -p image-rs -- test_name
# Many tests require specific features to compile
cargo test -p image-rs --features kata-cc-rustls-tls
cargo test -p confidential-data-hub --features kbs,aliyun,sev,bin
cargo test -p attestation-agent --features all-attesters,kbs,coco_as
# Integration tests often need serial execution
cargo test --test signature_verification -- --test-threads=1Most integration tests require root privileges, running CDH/KBS services, and pre-installed test fixtures (GPG keys, offline-fs-kbc resources).
cargo fmt --check
cargo clippy -- -D warnings
# Clippy with features (CI validates multiple feature combinations)
cargo clippy -p image-rs --features kata-cc-rustls-tls -- -D warningsPre-commit hooks run gitleaks, shellcheck, trailing-whitespace, and end-of-file-fixer.
| Component | Crate path | Role |
|---|---|---|
| Attestation Agent (AA) | attestation-agent/attestation-agent |
Generates attestation evidence and tokens for TEE platforms |
| Confidential Data Hub (CDH) | confidential-data-hub/hub |
Central broker for secrets, sealed data, KMS, and image resources |
| image-rs | image-rs |
OCI container image pulling, decryption, and signature verification |
| ocicrypt-rs | ocicrypt-rs |
OCI image encryption/decryption library |
| api-server-rest | api-server-rest |
REST HTTP gateway that forwards to AA and CDH via ttrpc |
| protos | protos |
Shared protobuf definitions for ttrpc and gRPC interfaces |
The sum of the above components is called "guest-components", the consuming project takes care of orchestration them in the correct order (AA first, then CDH, then ASR) and providing the necessary configuration.
Components communicate over ttrpc (protobuf over Unix sockets, default) or gRPC (protobuf over HTTP/2, alternative). Each service (AA, CDH) builds as either ttrpc-aa/grpc-aa or ttrpc-cdh/grpc-cdh. The api-server-rest exposes a REST API and forwards to AA+CDH via ttrpc.
Data flow: REST API → ttrpc → AA (attestation) + CDH (secrets/images) → image-rs (decryption with keys from CDH)
Feature flags are heavily used to control platform support, crypto backends, and protocol choices. Key categories:
- TEE attesters (AA):
tdx-attester,snp-attester,sgx-attester,se-attester,cca-attester,az-snp-vtpm-attester,az-tdx-vtpm-attester,all-attesters - Crypto backends:
encryption-ring(default) vsencryption-openssl,rust-cryptovsopenssl - Key wrapping (image-rs/ocicrypt-rs):
keywrap-ttrpc,keywrap-grpc,keywrap-jwe,keywrap-keyprovider-cmd - KMS providers (CDH):
kbs,sev,aliyun,ehsm - TLS:
rustls-tls(default) vsnative-tls; preset features likekata-cc-rustls-tls - RPC protocol:
ttrpc(default),grpc
CI validates many feature combinations — when adding features or changing conditional compilation, test with multiple feature sets.
Remote attestation and secret delivery are security-sensitive operations. Changes to the codebase should be made with due consideration of security implications, and new code should be covered by comprehensive tests that validate security properties. We encourage coding patterns that express invariant conditions in the type system, e.g. using a type state pattern or newtypes to prevent misuse of APIs. Always consider the attack surface of new features and strive to minimize it. This codebase is part of the Trusted Computing Base (TCB) of a confidential workload, so we strive for extra caution and rigor in code quality and security hygiene. In general, we want to avoid adding too much surface area in the TCB and avoid adding features that are not strictly necessary for the core use cases.
The project is packaged and distributed downstream. Guest-Components do not provide machine-enforcable schemas for all its payloads and protocols yet, but we strive to avoid breakage for consumers when iterating. If it's unavoidable, we point it out expclicitly in commit messages, so it can be tracked and aggregated in release notes.
confidential-containers/trustee is a service counterpart to guest-components that is running as a relying party and verifier in the RATS model outside of the TEE. It consumes the hardware evidence and provides attestation tokens and secrets to a confidential guest. The two repositories are developed and released in tandem, but they are decoupled and can be used independently. guest-components's kbs-protocol crate is consumed by Trustee in the kbs-client subproject.
It's unlikely that local development will happen in a TEE that is able to produce genuine attestation evidence. Therefore there are "sample" and a "sample-device" attester/verifier pairs that can be used as dummy stubs for testing end-to-end flow in local development and testing. We should be aware that there is a risk that that these dummy implementations and their evidence are accidentally used in production. We should make sure that in presence of real TEE, we don't default or fallback to sample evidence.
Commit messages have to contain a subsystem, indicated by a prefix plus colon, e.g. "attester: fix hex encoding". This doesn't have to match strictly, but it should still indicate a general area of the codebase that is being affected, e.g. "cdh:", "asr:", "ci:", etc.
Commits should compile individually and contain atomic changes.
PRs names have to contain a subsystem, indicated by a prefix plus colon, similar to commit messages. We refrain from overloading the PR description with too much information, especially excessive use of buzzwords and emojis is discouraged. We want to know why a change is being made, how it is being made, and if applicable potential negative implications and alternative options that have been considered.
- Error handling: Domain-specific error enums via
thiserrorfor public APIs,anyhow::Resultfor internal propagation. Both are used together throughout. - Async runtime: Tokio with
#[tokio::main]. Async trait methods use theasync-traitcrate. - Logging:
tracingcrate (info!,debug!,warn!,error!). No#[instrument]usage. - Serialization: JSON (
serde_json) for configs/APIs, TOML for config files, protobuf for RPC. - Test attributes:
#[tokio::test]for async tests,#[serial_test::serial]to prevent parallel test interference,rstestfor parameterized tests. Many tests are gated behind#[cfg(feature = "...")]. - Workspace dependencies: All shared dependency versions are declared in the root
Cargo.toml[workspace.dependencies]. Crate-levelCargo.tomlfiles reference these withdep.workspace = true.