app-server: add Linux device key provider

Linux needs a hardware-backed path for device keys without treating keyrings or software stores as acceptable substitutes. This provider keeps persistent key material as TPM public/private blobs and delegates key creation, public-key export, and signing to TPM2 tooling at runtime, so the private key remains protected by the TPM boundary.

- Wire the device-key crate default provider to a Linux implementation on Linux.
- Create TPM-backed ECDSA P-256 keys with tpm2_createprimary and tpm2_create.
- Store only TPM public/private blobs under the user data directory using a hash-derived key path.
- Re-load TPM key contexts for public-key export and signing.
- Return SPKI DER public keys from tpm2_readpublic PEM output and DER ECDSA signatures from tpm2_sign.
- Report hardware_tpm, and return hardware-unavailable when TPM2 tooling or TPM access is missing.

- cargo test -p codex-device-key
- just fix -p codex-device-key
- git diff --check
- Attempted cargo check -p codex-device-key --target x86_64-unknown-linux-gnu; local Rust target is not installed.

codex-rs/Cargo.lock

@@ -842,6 +842,12 @@ dependencies = [
  "windows-link",
 ]
 
+[[package]]
+name = "base16ct"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf"
+
 [[package]]
 name = "base64"
 version = "0.21.7"
@@ -2115,6 +2121,21 @@ dependencies = [
  "serde_json",
 ]
 
+[[package]]
+name = "codex-device-key"
+version = "0.0.0"
+dependencies = [
+ "base64 0.22.1",
+ "p256",
+ "pretty_assertions",
+ "rand 0.9.3",
+ "serde",
+ "serde_json",
+ "sha2",
+ "thiserror 2.0.18",
+ "url",
+]
+
 [[package]]
 name = "codex-exec"
 version = "0.0.0"
@@ -3711,6 +3732,18 @@ version = "0.2.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "460fbee9c2c2f33933d720630a6a0bac33ba7053db5344fac858d4b8952d77d5"
 
+[[package]]
+name = "crypto-bigint"
+version = "0.5.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76"
+dependencies = [
+ "generic-array",
+ "rand_core 0.6.4",
+ "subtle",
+ "zeroize",
+]
+
 [[package]]
 name = "crypto-common"
 version = "0.1.7"
@@ -4415,6 +4448,20 @@ version = "1.0.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d0881ea181b1df73ff77ffaaf9c7544ecc11e82fba9b5f27b262a3c73a332555"
 
+[[package]]
+name = "ecdsa"
+version = "0.16.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca"
+dependencies = [
+ "der",
+ "digest",
+ "elliptic-curve",
+ "rfc6979",
+ "signature",
+ "spki",
+]
+
 [[package]]
 name = "ed25519"
 version = "2.2.3"
@@ -4448,6 +4495,26 @@ dependencies = [
  "serde",
 ]
 
+[[package]]
+name = "elliptic-curve"
+version = "0.13.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47"
+dependencies = [
+ "base16ct",
+ "crypto-bigint",
+ "digest",
+ "ff",
+ "generic-array",
+ "group",
+ "pem-rfc7468",
+ "pkcs8",
+ "rand_core 0.6.4",
+ "sec1",
+ "subtle",
+ "zeroize",
+]
+
 [[package]]
 name = "ena"
 version = "0.14.3"
@@ -4701,6 +4768,16 @@ dependencies = [
  "simd-adler32",
 ]
 
+[[package]]
+name = "ff"
+version = "0.13.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393"
+dependencies = [
+ "rand_core 0.6.4",
+ "subtle",
+]
+
 [[package]]
 name = "fiat-crypto"
 version = "0.2.9"
@@ -6095,6 +6172,17 @@ dependencies = [
  "system-deps",
 ]
 
+[[package]]
+name = "group"
+version = "0.13.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63"
+dependencies = [
+ "ff",
+ "rand_core 0.6.4",
+ "subtle",
+]
+
 [[package]]
 name = "gzip-header"
 version = "1.0.0"
@@ -8571,6 +8659,18 @@ dependencies = [
  "supports-color 3.0.2",
 ]
 
+[[package]]
+name = "p256"
+version = "0.13.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b"
+dependencies = [
+ "ecdsa",
+ "elliptic-curve",
+ "primeorder",
+ "sha2",
+]
+
 [[package]]
 name = "parking"
 version = "2.2.1"
@@ -9000,6 +9100,15 @@ dependencies = [
  "syn 2.0.114",
 ]
 
+[[package]]
+name = "primeorder"
+version = "0.13.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6"
+dependencies = [
+ "elliptic-curve",
+]
+
 [[package]]
 name = "proc-macro-crate"
 version = "3.4.0"
@@ -9938,6 +10047,16 @@ version = "0.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1e061d1b48cb8d38042de4ae0a7a6401009d6143dc80d2e2d6f31f0bdd6470c7"
 
+[[package]]
+name = "rfc6979"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2"
+dependencies = [
+ "hmac",
+ "subtle",
+]
+
 [[package]]
 name = "ring"
 version = "0.17.14"
@@ -10397,6 +10516,20 @@ version = "3.0.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "490dcfcbfef26be6800d11870ff2df8774fa6e86d047e3e8c8a76b25655e41ca"
 
+[[package]]
+name = "sec1"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc"
+dependencies = [
+ "base16ct",
+ "der",
+ "generic-array",
+ "pkcs8",
+ "subtle",
+ "zeroize",
+]
+
 [[package]]
 name = "seccompiler"
 version = "0.5.0"

codex-rs/Cargo.toml

@@ -24,6 +24,7 @@ members = [
     "collaboration-mode-templates",
     "connectors",
     "config",
+    "device-key",
     "shell-command",
     "shell-escalation",
     "skills",
@@ -283,6 +284,7 @@ os_info = "3.12.0"
 owo-colors = "4.3.0"
 path-absolutize = "3.1.1"
 pathdiff = "0.2"
+p256 = "0.13.2"
 portable-pty = "0.9.0"
 predicates = "3"
 pretty_assertions = "1.4.1"

codex-rs/device-key/BUILD.bazel

@@ -0,0 +1,6 @@
+load("//:defs.bzl", "codex_rust_crate")
+
+codex_rust_crate(
+    name = "device-key",
+    crate_name = "codex_device_key",
+)

codex-rs/device-key/Cargo.toml

@@ -0,0 +1,23 @@
+[package]
+name = "codex-device-key"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+
+[lints]
+workspace = true
+
+[dependencies]
+base64 = { workspace = true }
+p256 = { workspace = true, features = ["ecdsa", "pkcs8"] }
+rand = { workspace = true }
+serde = { workspace = true, features = ["derive"] }
+serde_json = { workspace = true }
+thiserror = { workspace = true }
+url = { workspace = true }
+
+[target.'cfg(target_os = "linux")'.dependencies]
+sha2 = { workspace = true }
+
+[dev-dependencies]
+pretty_assertions = { workspace = true }

codex-rs/device-key/src/platform.rs

@@ -0,0 +1,68 @@
+use crate::DeviceKeyProvider;
+use std::sync::Arc;
+
+#[cfg(target_os = "linux")]
+mod linux;
+
+#[cfg(target_os = "linux")]
+pub(crate) fn default_provider() -> Arc<dyn DeviceKeyProvider> {
+    Arc::new(linux::LinuxDeviceKeyProvider)
+}
+
+#[cfg(not(target_os = "linux"))]
+pub(crate) fn default_provider() -> Arc<dyn DeviceKeyProvider> {
+    Arc::new(unsupported::UnsupportedDeviceKeyProvider)
+}
+
+#[cfg(not(target_os = "linux"))]
+mod unsupported {
+    use crate::DeviceKeyBinding;
+    use crate::DeviceKeyError;
+    use crate::DeviceKeyInfo;
+    use crate::DeviceKeyProtectionClass;
+    use crate::DeviceKeyProvider;
+    use crate::ProviderCreateRequest;
+    use crate::ProviderSignature;
+
+    #[derive(Debug)]
+    pub(crate) struct UnsupportedDeviceKeyProvider;
+
+    impl DeviceKeyProvider for UnsupportedDeviceKeyProvider {
+        fn create(
+            &self,
+            request: ProviderCreateRequest<'_>,
+        ) -> Result<DeviceKeyInfo, DeviceKeyError> {
+            let _ = request.key_id_for(DeviceKeyProtectionClass::HardwareTpm);
+            let _ = request
+                .protection_policy
+                .allows(DeviceKeyProtectionClass::HardwareTpm);
+            let _ = request.binding;
+            Err(DeviceKeyError::HardwareBackedKeysUnavailable)
+        }
+
+        fn get_public(
+            &self,
+            _key_id: &str,
+            _protection_class: DeviceKeyProtectionClass,
+        ) -> Result<DeviceKeyInfo, DeviceKeyError> {
+            Err(DeviceKeyError::KeyNotFound)
+        }
+
+        fn binding(
+            &self,
+            _key_id: &str,
+            _protection_class: DeviceKeyProtectionClass,
+        ) -> Result<DeviceKeyBinding, DeviceKeyError> {
+            Err(DeviceKeyError::KeyNotFound)
+        }
+
+        fn sign(
+            &self,
+            _key_id: &str,
+            _protection_class: DeviceKeyProtectionClass,
+            _payload: &[u8],
+        ) -> Result<ProviderSignature, DeviceKeyError> {
+            Err(DeviceKeyError::KeyNotFound)
+        }
+    }
+}

codex-rs/device-key/src/platform/linux.rs

@@ -0,0 +1,335 @@
+use crate::DeviceKeyAlgorithm;
+use crate::DeviceKeyBinding;
+use crate::DeviceKeyError;
+use crate::DeviceKeyInfo;
+use crate::DeviceKeyProtectionClass;
+use crate::DeviceKeyProvider;
+use crate::ProviderCreateRequest;
+use crate::ProviderSignature;
+use base64::Engine;
+use base64::engine::general_purpose::STANDARD;
+use base64::engine::general_purpose::URL_SAFE_NO_PAD;
+use serde::Deserialize;
+use serde::Serialize;
+use sha2::Digest;
+use sha2::Sha256;
+use std::fs;
+use std::io;
+use std::path::Path;
+use std::path::PathBuf;
+use std::process::Command;
+use std::time::SystemTime;
+use std::time::UNIX_EPOCH;
+
+#[derive(Debug)]
+pub(crate) struct LinuxDeviceKeyProvider;
+
+impl DeviceKeyProvider for LinuxDeviceKeyProvider {
+    fn create(&self, request: ProviderCreateRequest<'_>) -> Result<DeviceKeyInfo, DeviceKeyError> {
+        if !request
+            .protection_policy
+            .allows(DeviceKeyProtectionClass::HardwareTpm)
+        {
+            return Err(DeviceKeyError::DegradedProtectionNotAllowed {
+                available: DeviceKeyProtectionClass::HardwareTpm,
+            });
+        }
+
+        let key_id = request.key_id_for(DeviceKeyProtectionClass::HardwareTpm);
+        let key_dir = key_dir(&key_id)?;
+        if key_material_exists(&key_dir) {
+            let info = key_info(&key_id, &key_dir)?;
+            store_binding(&key_dir, request.binding)?;
+            return Ok(info);
+        }
+
+        fs::create_dir_all(&key_dir).map_err(fs_error)?;
+        let tmp = TempDir::new(&key_id)?;
+        let primary_context = tmp.path.join("primary.ctx");
+        let public_blob = tmp.path.join("public.tpm");
+        let private_blob = tmp.path.join("private.tpm");
+
+        run_tpm2(
+            Command::new("tpm2_createprimary")
+                .arg("-C")
+                .arg("o")
+                .arg("-G")
+                .arg("ecc256")
+                .arg("-c")
+                .arg(&primary_context),
+        )?;
+        run_tpm2(
+            Command::new("tpm2_create")
+                .arg("-C")
+                .arg(&primary_context)
+                .arg("-G")
+                .arg("ecc256")
+                .arg("-a")
+                .arg("fixedtpm|fixedparent|sensitivedataorigin|userwithauth|sign")
+                .arg("-u")
+                .arg(&public_blob)
+                .arg("-r")
+                .arg(&private_blob),
+        )?;
+
+        replace_file(&public_blob, &key_dir.join("public.tpm"))?;
+        replace_file(&private_blob, &key_dir.join("private.tpm"))?;
+        store_binding(&key_dir, request.binding)?;
+        key_info(&key_id, &key_dir)
+    }
+
+    fn get_public(
+        &self,
+        key_id: &str,
+        protection_class: DeviceKeyProtectionClass,
+    ) -> Result<DeviceKeyInfo, DeviceKeyError> {
+        require_hardware_tpm(protection_class)?;
+        let key_dir = key_dir(key_id)?;
+        if !key_material_exists(&key_dir) {
+            return Err(DeviceKeyError::KeyNotFound);
+        }
+        key_info(key_id, &key_dir)
+    }
+
+    fn binding(
+        &self,
+        key_id: &str,
+        protection_class: DeviceKeyProtectionClass,
+    ) -> Result<DeviceKeyBinding, DeviceKeyError> {
+        require_hardware_tpm(protection_class)?;
+        let key_dir = key_dir(key_id)?;
+        if !key_material_exists(&key_dir) {
+            return Err(DeviceKeyError::KeyNotFound);
+        }
+        load_binding(&key_dir)
+    }
+
+    fn sign(
+        &self,
+        key_id: &str,
+        protection_class: DeviceKeyProtectionClass,
+        payload: &[u8],
+    ) -> Result<ProviderSignature, DeviceKeyError> {
+        require_hardware_tpm(protection_class)?;
+        let key_dir = key_dir(key_id)?;
+        if !key_material_exists(&key_dir) {
+            return Err(DeviceKeyError::KeyNotFound);
+        }
+
+        let tmp = TempDir::new(key_id)?;
+        let key_context = load_key_context(&key_dir, &tmp.path)?;
+        let digest = tmp.path.join("digest.bin");
+        let signature = tmp.path.join("signature.der");
+        fs::write(&digest, Sha256::digest(payload)).map_err(fs_error)?;
+        run_tpm2(
+            Command::new("tpm2_sign")
+                .arg("-c")
+                .arg(&key_context)
+                .arg("-g")
+                .arg("sha256")
+                .arg("-f")
+                .arg("der")
+                .arg("-o")
+                .arg(&signature)
+                .arg(&digest),
+        )?;
+
+        Ok(ProviderSignature {
+            signature_der: fs::read(signature).map_err(fs_error)?,
+            algorithm: DeviceKeyAlgorithm::EcdsaP256Sha256,
+        })
+    }
+}
+
+fn require_hardware_tpm(protection_class: DeviceKeyProtectionClass) -> Result<(), DeviceKeyError> {
+    if protection_class != DeviceKeyProtectionClass::HardwareTpm {
+        return Err(DeviceKeyError::KeyNotFound);
+    }
+    Ok(())
+}
+
+fn key_info(key_id: &str, key_dir: &Path) -> Result<DeviceKeyInfo, DeviceKeyError> {
+    let tmp = TempDir::new(key_id)?;
+    let key_context = load_key_context(key_dir, &tmp.path)?;
+    let public_pem = tmp.path.join("public.pem");
+    run_tpm2(
+        Command::new("tpm2_readpublic")
+            .arg("-c")
+            .arg(&key_context)
+            .arg("-f")
+            .arg("pem")
+            .arg("-o")
+            .arg(&public_pem),
+    )?;
+
+    let pem = fs::read_to_string(public_pem).map_err(fs_error)?;
+    Ok(DeviceKeyInfo {
+        key_id: key_id.to_string(),
+        public_key_spki_der: pem_to_der(&pem)?,
+        algorithm: DeviceKeyAlgorithm::EcdsaP256Sha256,
+        protection_class: DeviceKeyProtectionClass::HardwareTpm,
+    })
+}
+
+fn load_key_context(key_dir: &Path, tmp_dir: &Path) -> Result<PathBuf, DeviceKeyError> {
+    let primary_context = tmp_dir.join("primary.ctx");
+    let key_context = tmp_dir.join("key.ctx");
+    run_tpm2(
+        Command::new("tpm2_createprimary")
+            .arg("-C")
+            .arg("o")
+            .arg("-G")
+            .arg("ecc256")
+            .arg("-c")
+            .arg(&primary_context),
+    )?;
+    run_tpm2(
+        Command::new("tpm2_load")
+            .arg("-C")
+            .arg(&primary_context)
+            .arg("-u")
+            .arg(key_dir.join("public.tpm"))
+            .arg("-r")
+            .arg(key_dir.join("private.tpm"))
+            .arg("-c")
+            .arg(&key_context),
+    )?;
+    Ok(key_context)
+}
+
+fn key_material_exists(key_dir: &Path) -> bool {
+    key_dir.join("public.tpm").is_file() && key_dir.join("private.tpm").is_file()
+}
+
+#[derive(Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct StoredBinding {
+    account_user_id: String,
+    client_id: String,
+}
+
+fn store_binding(key_dir: &Path, binding: &DeviceKeyBinding) -> Result<(), DeviceKeyError> {
+    let stored = StoredBinding {
+        account_user_id: binding.account_user_id.clone(),
+        client_id: binding.client_id.clone(),
+    };
+    let bytes =
+        serde_json::to_vec(&stored).map_err(|err| DeviceKeyError::Platform(err.to_string()))?;
+    fs::write(key_dir.join("binding.json"), bytes).map_err(fs_error)
+}
+
+fn load_binding(key_dir: &Path) -> Result<DeviceKeyBinding, DeviceKeyError> {
+    let bytes = fs::read(key_dir.join("binding.json")).map_err(|err| {
+        if err.kind() == io::ErrorKind::NotFound {
+            DeviceKeyError::KeyNotFound
+        } else {
+            fs_error(err)
+        }
+    })?;
+    let stored: StoredBinding =
+        serde_json::from_slice(&bytes).map_err(|err| DeviceKeyError::Platform(err.to_string()))?;
+    Ok(DeviceKeyBinding {
+        account_user_id: stored.account_user_id,
+        client_id: stored.client_id,
+    })
+}
+
+fn key_dir(key_id: &str) -> Result<PathBuf, DeviceKeyError> {
+    let mut root = storage_root()?;
+    let digest = Sha256::digest(key_id.as_bytes());
+    root.push("device-keys");
+    root.push("tpm2");
+    root.push(URL_SAFE_NO_PAD.encode(digest));
+    Ok(root)
+}
+
+fn storage_root() -> Result<PathBuf, DeviceKeyError> {
+    if let Some(data_home) = std::env::var_os("XDG_DATA_HOME") {
+        return Ok(PathBuf::from(data_home).join("codex"));
+    }
+    let home = std::env::var_os("HOME").ok_or_else(|| {
+        DeviceKeyError::Platform("HOME is not set; cannot locate device key storage".to_string())
+    })?;
+    Ok(PathBuf::from(home).join(".local/share/codex"))
+}
+
+fn replace_file(source: &Path, destination: &Path) -> Result<(), DeviceKeyError> {
+    let tmp_destination = destination.with_extension("tmp");
+    fs::copy(source, &tmp_destination).map_err(fs_error)?;
+    fs::rename(tmp_destination, destination).map_err(fs_error)
+}
+
+fn pem_to_der(pem: &str) -> Result<Vec<u8>, DeviceKeyError> {
+    let base64 = pem
+        .lines()
+        .map(str::trim)
+        .filter(|line| !line.is_empty() && !line.starts_with("-----"))
+        .collect::<String>();
+    STANDARD.decode(base64).map_err(|err| {
+        DeviceKeyError::Platform(format!("failed to decode TPM public key PEM: {err}"))
+    })
+}
+
+fn run_tpm2(command: &mut Command) -> Result<(), DeviceKeyError> {
+    let program = command.get_program().to_string_lossy().into_owned();
+    let output = command.output().map_err(|err| {
+        if err.kind() == io::ErrorKind::NotFound {
+            DeviceKeyError::HardwareBackedKeysUnavailable
+        } else {
+            DeviceKeyError::Platform(format!("failed to run {program}: {err}"))
+        }
+    })?;
+    if output.status.success() {
+        return Ok(());
+    }
+
+    let stderr = String::from_utf8_lossy(&output.stderr);
+    if stderr.contains("Could not load tcti")
+        || stderr.contains("No such file or directory")
+        || stderr.contains("/dev/tpm")
+    {
+        return Err(DeviceKeyError::HardwareBackedKeysUnavailable);
+    }
+    Err(DeviceKeyError::Platform(format!(
+        "{program} failed with status {}: {}",
+        output.status,
+        stderr.trim()
+    )))
+}
+
+fn fs_error(err: io::Error) -> DeviceKeyError {
+    DeviceKeyError::Platform(err.to_string())
+}
+
+#[derive(Debug)]
+struct TempDir {
+    path: PathBuf,
+}
+
+impl TempDir {
+    fn new(key_id: &str) -> Result<Self, DeviceKeyError> {
+        let now = SystemTime::now()
+            .duration_since(UNIX_EPOCH)
+            .map_err(|err| DeviceKeyError::Platform(err.to_string()))?;
+        let mut path = std::env::temp_dir();
+        path.push(format!(
+            "codex-device-key-{}-{}-{}",
+            safe_path_component(key_id),
+            std::process::id(),
+            now.as_nanos()
+        ));
+        fs::create_dir(&path).map_err(fs_error)?;
+        Ok(Self { path })
+    }
+}
+
+impl Drop for TempDir {
+    fn drop(&mut self) {
+        let _ = fs::remove_dir_all(&self.path);
+    }
+}
+
+fn safe_path_component(value: &str) -> String {
+    let digest = Sha256::digest(value.as_bytes());
+    URL_SAFE_NO_PAD.encode(digest)
+}