feat(kms): make self-authorization enforcement configurable

kvinwang · kvinwang · commit 0e325c19a352 · 2026-04-16T02:57:53.000-07:00
Add core.enforce_self_authorization (default true) so trusted RPCs and the onboard bootstrap path can skip the local self-attestation step when KMS is intentionally run outside a TEE — e.g. local dev/testing where there is no /var/run/dstack(.sock) to dial. Default stays strict (true) so production deployments are unchanged. When set to false, both RpcHandler::ensure_self_allowed and the free ensure_self_kms_allowed return early without attempting to attest. Why: the strict-by-default check (introduced in 06d89a2) makes any non-TEE host KMS instance unable to serve a single request because the OnceCell-cached self_boot_info can never initialize. This blocks local CVM testing setups that previously relied on an unauthenticated host KMS process.
diff --git a/kms/kms.toml b/kms/kms.toml
@@ -26,6 +26,11 @@ mandatory = false
 cert_dir = "/etc/kms/certs"
 subject_postfix = ".dstack"
 admin_token_hash = ""
+# Whether trusted RPCs require the KMS to first attest itself to its own
+# auth API. Defaults to true (strict). Set to false ONLY when running KMS
+# outside a TEE (e.g. local dev/testing) where the local guest agent socket
+# is unavailable.
+enforce_self_authorization = true
 
 [core.image]
 verify = true
diff --git a/kms/src/config.rs b/kms/src/config.rs
@@ -40,6 +40,16 @@ pub(crate) struct KmsConfig {
     pub image: ImageConfig,
     #[serde(with = "serde_human_bytes")]
     pub admin_token_hash: Vec<u8>,
+    /// Whether trusted RPCs require the KMS to first attest itself to its
+    /// own auth API. Defaults to `true` (strict). Set `false` only for local
+    /// dev/testing where the KMS runs outside a TEE and cannot reach a guest
+    /// agent socket.
+    #[serde(default = "default_true")]
+    pub enforce_self_authorization: bool,
+}
+
+fn default_true() -> bool {
+    true
 }
 
 impl KmsConfig {
diff --git a/kms/src/main_service.rs b/kms/src/main_service.rs
@@ -102,6 +102,9 @@ struct BootConfig {
 
 impl RpcHandler {
     async fn ensure_self_allowed(&self) -> Result<()> {
+        if !self.state.config.enforce_self_authorization {
+            return Ok(());
+        }
         let boot_info = self
             .state
             .self_boot_info
diff --git a/kms/src/main_service/upgrade_authority.rs b/kms/src/main_service/upgrade_authority.rs
@@ -206,6 +206,9 @@ pub(crate) fn pad64(hash: [u8; 32]) -> Vec<u8> {
 }
 
 pub(crate) async fn ensure_self_kms_allowed(cfg: &KmsConfig) -> Result<()> {
+    if !cfg.enforce_self_authorization {
+        return Ok(());
+    }
     let boot_info = local_kms_boot_info(cfg.pccs_url.as_deref())
         .await
         .context("failed to build local KMS boot info")?;

Original file line number	Diff line number	Diff line change
`@@ -206,6 +206,9 @@ pub(crate) fn pad64(hash: [u8; 32]) -> Vec<u8> {`
`206`	`206`	`}`
`207`	`207`
`208`	`208`	`pub(crate) async fn ensure_self_kms_allowed(cfg: &KmsConfig) -> Result<()> {`
	`209`	`+ if !cfg.enforce_self_authorization {`
	`210`	`+ return Ok(());`
	`211`	`+ }`
`209`	`212`	`let boot_info = local_kms_boot_info(cfg.pccs_url.as_deref())`
`210`	`213`	`.await`
`211`	`214`	`.context("failed to build local KMS boot info")?;`