Skip to content

Better naming for components #142

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kvinwang merged 17 commits into from
Apr 7, 2025
Merged

Better naming for components #142

kvinwang merged 17 commits into from
Apr 7, 2025

Conversation

@kvinwang
Copy link
Collaborator

@kvinwang kvinwang commented Apr 2, 2025
edited
Loading

This PR implements the Dstack part of issue Phala-Network/phala-cloud#25

Terminology Mapping

Current Name Renamed To Description Implemented
Guest agent backend - - -
tappd dstack-guest-agent The guest daemon running in CVM to provide services to the TEE app
/var/run/tappd.sock /var/run/dstack.sock The unix socket file exposing dstack daemon services
URL http://localhost/prpc/Tappd.<Method> http://localhost/<Method> The URL used to access the agent
DeriveK256Key(...) GetKey(...) Get a ECDSA (K256 curve) priviate key associated with a signature chain
DeriveKey(...) GetTlsKey(...) Get a ECDSA (P256 curve) priviate key associated with a x509 certificate chain issued by the key provider
TdxQuote(...) - Removed, Get TDX quote with predefined hash schema of report_data
RawQuote(...) GetQuote(report_data) Get TDX quote
client sdk - - -
* * Changes align to the backend [ ]
TappdClient DstackClient API client name [ ]
Other components - - -
tproxy dstack-gateway The ingress server with automatic attested HTTPS
teepod dstack-vmm The orchestrator to manage the lifecycle of CVMs on the host side
kms dstack-kms The key privision service

Note

The previous tappd API is still available at /var/run/tappd.sock. The renamed APIs serves on /var/run/dstack.sock.

@h4x3rotab
Copy link
Contributor

h4x3rotab commented Apr 2, 2025
edited
Loading

Why does deriveKey(...) become getTlsKey and getP256Key? It's just key materials for any type of keys IMO?

The previous tappd API is still available at /var/run/tappd.sock. The renamed APIs serves on /var/run/dstack.sock.

Another approach would be to symlink stack.sock to tappd.sock, and serve the same API with backward compatibility. Which one do you think is better?

@kvinwang
Copy link
Collaborator Author

kvinwang commented Apr 3, 2025

Why does deriveKey(...) become getTlsKey and getP256Key? It's just key materials for any type of keys IMO?

It isn't just key materials. The two types of key get different pubkeys and the pubkey is included in the cert chain or signature chain which proves the key's origin and owner(app-id).
Under the hood, getEthKey generates the keys locally while getTlsKey fetches the certificate from KMS each time, as KMS cannot issue an intermediate CA certificate for the application due to security constraints.

Another approach would be to symlink stack.sock to tappd.sock, and serve the same API with backward compatibility. Which one do you think is better?

Since all of the APIs have changed, I think a hard separation might be better as it forces the new apps to use the new APIs so that we can drop the old API support earlier. What's your preference?

@kvinwang kvinwang mentioned this pull request Apr 4, 2025
Merged
@kvinwang kvinwang marked this pull request as ready for review April 4, 2025 02:41
@kvinwang kvinwang merged commit 45fe4b4 into master Apr 7, 2025
1 check passed
@kvinwang kvinwang deleted the renaming branch April 7, 2025 05:39
@Leechael Leechael mentioned this pull request Jun 23, 2025
Merged
@h4x3rotab h4x3rotab mentioned this pull request Aug 19, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kvinwang @h4x3rotab