Generate RA Report Inside the Container

The cloud will generate a default RA report for your application when it is bootstrapped. You can view this report on the dashboard under the Attestation tab and verify it by clicking the Check Attestation button.

cert-chain

To generate a new RA report, rather than using the default one, which allows you to prove the execution of your code, you first need to mount the Dstack API socket file to the container by configuring volumes in the Docker Compose file.

services:
  web:
    image: quay.io/jupyter/base-notebook
    volumes:
      - /var/run/tappd.sock:/var/run/tappd.sock

In your application, you can generate the RA report using the Dstack guest SDK, which supports Python, JS, and Go. The user-data field allows you to attach your own data to the RA report. In practice, this is a method to bind the RA report to your application. For example, you can generate a key pair and include the public key. This way, others can verify that the RA report was indeed generated by your program by checking the signature with the public key, after the RA quote itself has been verified.

from dstack_sdk import TappdClient

# Initialize the client
client = TappdClient()

# Get quote for a message
result = client.tdx_quote('user-data')
quote = bytes.fromhex(result.quote)