feat(simulator): make report data patching configurable

kvinwang · kvinwang · commit 4d6854ad841f · 2026-03-20T01:38:50.000Z
diff --git a/guest-agent-simulator/dstack.toml b/guest-agent-simulator/dstack.toml
@@ -18,6 +18,7 @@ data_disks = ["/"]
 
 [default.core.simulator]
 attestation_file = "attestation.bin"
+patch_report_data = true
 
 [internal-v0]
 address = "unix:./tappd.sock"
diff --git a/guest-agent-simulator/src/main.rs b/guest-agent-simulator/src/main.rs
@@ -36,6 +36,8 @@ struct Args {
 #[derive(Debug, Clone, Deserialize)]
 struct SimulatorSettings {
     attestation_file: String,
+    #[serde(default = "default_patch_report_data")]
+    patch_report_data: bool,
 }
 
 #[derive(Debug, Clone, Deserialize)]
@@ -47,14 +49,22 @@ struct SimulatorCoreConfig {
 
 struct SimulatorPlatform {
     attestation: VersionedAttestation,
+    patch_report_data: bool,
 }
 
 impl SimulatorPlatform {
-    fn new(attestation: VersionedAttestation) -> Self {
-        Self { attestation }
+    fn new(attestation: VersionedAttestation, patch_report_data: bool) -> Self {
+        Self {
+            attestation,
+            patch_report_data,
+        }
     }
 }
 
+fn default_patch_report_data() -> bool {
+    true
+}
+
 impl PlatformBackend for SimulatorPlatform {
     fn attestation_for_info(&self) -> Result<Attestation> {
         Ok(simulator::simulated_info_attestation(&self.attestation))
@@ -64,17 +74,24 @@ impl PlatformBackend for SimulatorPlatform {
         Ok(simulator::simulated_certificate_attestation(
             &self.attestation,
             pubkey,
+            self.patch_report_data,
         ))
     }
 
     fn quote_response(&self, report_data: [u8; 64], vm_config: &str) -> Result<GetQuoteResponse> {
-        simulator::simulated_quote_response(&self.attestation, report_data, vm_config)
+        simulator::simulated_quote_response(
+            &self.attestation,
+            report_data,
+            vm_config,
+            self.patch_report_data,
+        )
     }
 
     fn attest_response(&self, report_data: [u8; 64]) -> Result<AttestResponse> {
         Ok(simulator::simulated_attest_response(
             &self.attestation,
             report_data,
+            self.patch_report_data,
         ))
     }
 
@@ -96,12 +113,24 @@ async fn main() -> Result<()> {
         .focus("core")
         .extract()
         .context("Failed to extract simulator core config")?;
-    warn!(attestation_file = %sim_config.simulator.attestation_file, "starting dstack guest-agent simulator");
+    warn!(
+        attestation_file = %sim_config.simulator.attestation_file,
+        patch_report_data = sim_config.simulator.patch_report_data,
+        "starting dstack guest-agent simulator"
+    );
+    if sim_config.simulator.patch_report_data {
+        warn!("simulator will rewrite report_data to match requests; quote verification may fail against the original fixture signature");
+    } else {
+        warn!("simulator will preserve fixture report_data; cert/key binding and requested report_data may not match");
+    }
     let attestation =
         simulator::load_versioned_attestation(&sim_config.simulator.attestation_file)?;
     let state = AppState::new(
         sim_config.core,
-        Arc::new(SimulatorPlatform::new(attestation)),
+        Arc::new(SimulatorPlatform::new(
+            attestation,
+            sim_config.simulator.patch_report_data,
+        )),
     )
     .await
     .context("Failed to create simulator app state")?;
@@ -118,7 +147,7 @@ mod tests {
                 .join("../guest-agent/fixtures/attestation.bin"),
         )
         .expect("fixture attestation should load");
-        SimulatorPlatform::new(fixture)
+        SimulatorPlatform::new(fixture, true)
     }
 
     #[test]
@@ -147,4 +176,21 @@ mod tests {
         let VersionedAttestation::V0 { attestation } = patched;
         assert_eq!(attestation.report_data, report_data);
     }
+
+    #[test]
+    fn simulator_can_preserve_fixture_report_data() {
+        let fixture = simulator::load_versioned_attestation(
+            std::path::Path::new(env!("CARGO_MANIFEST_DIR"))
+                .join("../guest-agent/fixtures/attestation.bin"),
+        )
+        .expect("fixture attestation should load");
+        let original = fixture.clone().into_inner().report_data;
+        let platform = SimulatorPlatform::new(fixture, false);
+        let report_data = [0x5a; 64];
+        let response = platform.attest_response(report_data).unwrap();
+        let patched = VersionedAttestation::from_scale(&response.attestation).unwrap();
+        let VersionedAttestation::V0 { attestation } = patched;
+        assert_eq!(attestation.report_data, original);
+        assert_ne!(attestation.report_data, report_data);
+    }
 }
diff --git a/guest-agent-simulator/src/simulator.rs b/guest-agent-simulator/src/simulator.rs
@@ -9,6 +9,7 @@ use dstack_guest_agent_rpc::{AttestResponse, GetQuoteResponse};
 use ra_rpc::Attestation;
 use ra_tls::attestation::{QuoteContentType, VersionedAttestation, TDX_QUOTE_REPORT_DATA_RANGE};
 use std::fs;
+use tracing::warn;
 
 pub fn load_versioned_attestation(path: impl AsRef<Path>) -> Result<VersionedAttestation> {
     let path = path.as_ref();
@@ -26,8 +27,10 @@ pub fn simulated_quote_response(
     attestation: &VersionedAttestation,
     report_data: [u8; 64],
     vm_config: &str,
+    patch_report_data: bool,
 ) -> Result<GetQuoteResponse> {
-    let VersionedAttestation::V0 { attestation } = patch_report_data(attestation, report_data);
+    let VersionedAttestation::V0 { attestation } =
+        maybe_patch_report_data(attestation, report_data, patch_report_data, "quote");
     let mut attestation = attestation;
     let Some(quote) = attestation.tdx_quote_mut() else {
         return Err(anyhow::anyhow!("Quote not found"));
@@ -45,9 +48,11 @@ pub fn simulated_quote_response(
 pub fn simulated_attest_response(
     attestation: &VersionedAttestation,
     report_data: [u8; 64],
+    patch_report_data: bool,
 ) -> AttestResponse {
     AttestResponse {
-        attestation: patch_report_data(attestation, report_data).to_scale(),
+        attestation: maybe_patch_report_data(attestation, report_data, patch_report_data, "attest")
+            .to_scale(),
     }
 }
 
@@ -58,23 +63,40 @@ pub fn simulated_info_attestation(attestation: &VersionedAttestation) -> Attesta
 pub fn simulated_certificate_attestation(
     attestation: &VersionedAttestation,
     pubkey: &[u8],
+    patch_report_data: bool,
 ) -> VersionedAttestation {
     let report_data = QuoteContentType::RaTlsCert.to_report_data(pubkey);
-    patch_report_data(attestation, report_data)
+    maybe_patch_report_data(
+        attestation,
+        report_data,
+        patch_report_data,
+        "certificate_attestation",
+    )
 }
 
-fn patch_report_data(
+fn maybe_patch_report_data(
     attestation: &VersionedAttestation,
     report_data: [u8; 64],
+    patch_report_data: bool,
+    context: &str,
 ) -> VersionedAttestation {
+    if !patch_report_data {
+        warn!(
+            context = context,
+            requested_report_data = ?report_data,
+            "simulator is preserving fixture report_data; returned attestation may not match the current request"
+        );
+        return attestation.clone();
+    }
+
     let VersionedAttestation::V0 { attestation } = attestation.clone();
     let mut attestation = attestation;
     attestation.report_data = report_data;
     if let Some(tdx_quote) = attestation.tdx_quote_mut() {
         if tdx_quote.quote.len() >= TDX_QUOTE_REPORT_DATA_RANGE.end {
             tdx_quote.quote[TDX_QUOTE_REPORT_DATA_RANGE].copy_from_slice(&report_data);
         } else {
-            tracing::warn!(
+            warn!(
                 "TDX quote too short to patch report_data ({} < {})",
                 tdx_quote.quote.len(),
                 TDX_QUOTE_REPORT_DATA_RANGE.end
diff --git a/sdk/simulator/dstack.toml b/sdk/simulator/dstack.toml
@@ -18,6 +18,7 @@ data_disks = ["/"]
 
 [default.core.simulator]
 attestation_file = "attestation.bin"
+patch_report_data = true
 
 [internal-v0]
 address = "unix:./tappd.sock"
