Skip to content

Platform Signing and Bootstrap Trust v1

As of: March 9, 2026

Purpose

Capture the platform-security lifecycle that now spans: 1. node task signing, 2. node bootstrap trust delivery, 3. Vault/KMS-backed custody for platform secrets.

This is a bridge between: - doc/architecture/PKI_Spec.md - doc/architecture/Node_Agent_Spec.md - doc/architecture/App_Platform_Gap_Tracker_v1.md - doc/architecture/Platform_Vault_Secrets_Baseline_v1.md - doc/architecture/Node_Task_Signing_Lifecycle_v1.md - doc/architecture/Node_Bootstrap_Trust_Delivery_v1.md

Problem Statement

Recent platform_control work proved the platform can run end to end with: 1. HTTPS ingress, 2. asymmetric node task signing, 3. node enrollment and renewal, 4. direct node-agent API endpoint for long-lived stream traffic.

But it also exposed three lifecycle gaps: 1. signer private key custody is still environment-managed, not productized, 2. verifier public-key rollout is still operationally manual/coordinated, 3. bootstrap CA trust delivery still requires manual operator copy on real nodes.

Those are platform foundation concerns, not one-off node-agent bugs.

Current State

1. Task signing

  • Control plane signs typed node tasks with an Ed25519 private key/seed.
  • Node agent verifies tasks using GPUAAS_TASK_SIGNING_PUBKEYS.
  • Current rollout model is operational:
  • private signer material in platform secret/config,
  • public verifier surfaced through onboarding/runtime config,
  • rotation requires coordinated platform + node updates.

2. Control-plane trust

  • Public HTTPS on platform_control is issued by the platform dev CA.
  • Node agent trusts the control-plane endpoint using GPUAAS_CA_BUNDLE_PATH.
  • This trust bundle is distinct from the node-cert lifecycle bundle.

3. Node-cert lifecycle trust

  • Enrollment and renewal return CA material associated with node certificate issuance.
  • Agent stores that at GPUAAS_NODE_CERT_CA_BUNDLE_PATH.
  • This must remain separate from public control-plane HTTPS trust.

Required Lifecycle Model

A. Automated signer key lifecycle

The platform must own: 1. signer generation, 2. signer storage, 3. rotation scheduling, 4. verifier distribution, 5. audit and rollback.

Minimum properties: 1. private key never leaves platform custody, 2. public verifier is versioned, 3. old/new verifier grace period is explicit, 4. nodes do not require ad hoc shell edits for normal rotation.

The dedicated lifecycle contract is: - doc/architecture/Node_Task_Signing_Lifecycle_v1.md

B. Automated bootstrap trust delivery

Node bootstrap must not depend on manual scp of CA files.

Minimum properties: 1. bootstrap bundle identifies the expected control-plane trust root, 2. trust material can be fetched or rendered through a platform-owned path, 3. trust update after CA rotation is explicit and auditable, 4. the public HTTPS trust bundle and node-cert lifecycle bundle remain distinct.

The dedicated delivery contract is: - doc/architecture/Node_Bootstrap_Trust_Delivery_v1.md

C. Vault/KMS-backed signer custody

The signer lifecycle should converge with the app-platform secret model.

Recommended direction: 1. Vault-backed secret custody first, 2. KMS-backed or HSM-backed evolution later where required, 3. same custody model should cover: - registry robot credentials, - node task signing keys, - future app/operator secrets, - other control-plane signing material.

Design Constraints

  1. Do not regress to shared-secret verifier models as the default production direction.
  2. Do not collapse public HTTPS trust and node-cert trust into one storage path.
  3. Do not make node-agent binary rebuild the only rotation mechanism.
  4. Do not require nodes to talk directly to Vault, KMS, or PKI backends.
  5. Keep control-plane authority for signer rotation and bootstrap trust distribution.
  1. Define Vault-backed platform secrets baseline.
  2. Define task-signing key lifecycle and verifier rollout contract.
  3. Define bootstrap CA trust delivery path for real node onboarding.
  4. Only then automate full signer/trust rotation end to end.

Follow-on Tasks

  1. A-VAULT-PLATFORM-SECRETS-001
  2. A-NODE-TASK-SIGNING-LIFECYCLE-001
  3. A-NODE-BOOTSTRAP-TRUST-DELIVERY-001