https://github.com/tkhq/qos
Click here for the Rust code README.
A minimal, immutable, and deterministic Linux unikernel build system targeting various Trusted Execution Environments for use cases that require high security and accountability.
This is intended as a reference repository which could serve as a boilerplate to build your own hardened and immutable operating system images for high security applications.
| Platform | Target | Status | Verified boot Method |
|---|---|---|---|
| Generic/Qemu | generic | working | Safeboot or Heads |
| AWS Nitro Enclaves | aws | building | Nitro attestation API |
| GCP Confidential Compute | gcp | research | vTPM 2.0 attestation |
| Azure Confidential VMs | azure | research | vTPM 2.0 attestation |
- Immutability
- Root filesystem is a CPIO filesystem extracted to a RamFS at boot
- Minimalism
- < 5MB footprint
- Nothing is included but a kernel and your target binary by default
- Sample "hello world" included as a default reference
- Debug builds include busybox init shim and drop to a shell
- Determinism
- Multiple people can build artifacts and get identical hashes
- Allows one to prove distributed artifacts correspond to published sources
- Hardening
- No TCP/IP network support
- Favor using a virtual socket or physical interface to a gateway system
- Most unessesary kernel features are disabled at compile time
- Follow Kernel Self Protection Project recommendations
- No TCP/IP network support
The main branch of this repo, which contains all binaries in the dist directory, should always be signed by multiple people who have confirmed the source code is what they expect, and results in the expected binaries via reproducible builds.
We use git-sig for this.
Please install it in order to follow our signing and verification steps.
This allows you to prove that published binaries correspond with the source code in this repo.
It is recommended to read the "reproduce" target in "src/toolchain/Makefile" to ensure you understand how it functions.
It will preserve hashes of all binaries in tree, remove them all, build from scratch, then verify new hashes match the old ones.
make reproduce
If this target exits 0, then the attestation was successful.
Please review that keys are authentic and from individuals you expect.
| Name | PGP Fingerprint |
|---|---|
| Jack Kearney | CADF 760B CCE7 8999 CEC1 372B 1784 24A6 721E E568 |
| Lance Vick | 6B61 ECD7 6088 748C 7059 0D55 E90A 4013 36C8 AAA9 |
| Zeke Mostov | D96C 422E 04DE 5D2E E0F7 E9E7 DBB0 DCA3 8D40 5491 |
You can import the keys of all signers with:
gpg --import keys/*
Once you have public keys you trust locally pinned, you are able verify that the artifacts and code we publish are validly signed.
We require a minimum of 2 signatures so you can use git-sig as follows:
git sig verify --threshold 2
We use git-sig for signing the repo and dist artifacts after you have completed any code review and reproduced your own set of artifacts.
git sig add
Please make a PR to upload attestation signatures so that this trust can be preserved for other consumers of these binaries that may lack the resources to build for themselves.
Cut a new release to be attested/signed by others.
make VERSION=1.0.0 dist
- 10GB+ free RAM
- Docker 20+
- GNU Make
make TARGET=generic
make run
make toolchain-shell
make toolchain-update
Our mono repo uses the same lfs configuration. For troubleshooting tips consult monos LFS troubleshooting section.
