attest

package
v1.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 3, 2024 License: Apache-2.0, BSD-3-Clause Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	GCEConfidentialTechnology_name = map[int32]string{
		0: "NONE",
		1: "AMD_SEV",
		2: "AMD_SEV_ES",
		3: "INTEL_TDX",
		4: "AMD_SEV_SNP",
	}
	GCEConfidentialTechnology_value = map[string]int32{
		"NONE":        0,
		"AMD_SEV":     1,
		"AMD_SEV_ES":  2,
		"INTEL_TDX":   3,
		"AMD_SEV_SNP": 4,
	}
)

Enum value maps for GCEConfidentialTechnology.

View Source 
var (
	WellKnownCertificate_name = map[int32]string{
		0: "UNKNOWN",
		1: "MS_WINDOWS_PROD_PCA_2011",
		2: "MS_THIRD_PARTY_UEFI_CA_2011",
	}
	WellKnownCertificate_value = map[string]int32{
		"UNKNOWN":                     0,
		"MS_WINDOWS_PROD_PCA_2011":    1,
		"MS_THIRD_PARTY_UEFI_CA_2011": 2,
	}
)

Enum value maps for WellKnownCertificate.

View Source 
var (
	RestartPolicy_name = map[int32]string{
		0: "Always",
		1: "OnFailure",
		2: "Never",
	}
	RestartPolicy_value = map[string]int32{
		"Always":    0,
		"OnFailure": 1,
		"Never":     2,
	}
)

Enum value maps for RestartPolicy.

View Source 
var File_attest_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type Attestation 

type Attestation struct {

	// Attestation Key (AK) Public Area, encoded as a TPMT_PUBLIC
	AkPub []byte `protobuf:"bytes,1,opt,name=ak_pub,json=akPub,proto3" json:"ak_pub,omitempty"`
	// Quotes over all supported PCR banks
	Quotes []*tpm.Quote `protobuf:"bytes,2,rep,name=quotes,proto3" json:"quotes,omitempty"`
	// TCG Event Log, encoded in the raw binary format.
	// Can be SHA-1 or crypto-agile.
	EventLog []byte `protobuf:"bytes,3,opt,name=event_log,json=eventLog,proto3" json:"event_log,omitempty"`
	// Optional information about a GCE instance, unused outside of GCE
	InstanceInfo *GCEInstanceInfo `protobuf:"bytes,4,opt,name=instance_info,json=instanceInfo,proto3" json:"instance_info,omitempty"`
	// A TCG Canonical Event Log.
	CanonicalEventLog []byte `protobuf:"bytes,5,opt,name=canonical_event_log,json=canonicalEventLog,proto3" json:"canonical_event_log,omitempty"`
	// Attestation Key (AK) Certificate, encoded as ASN.1 DER.
	// Optional.
	AkCert []byte `protobuf:"bytes,6,opt,name=ak_cert,json=akCert,proto3" json:"ak_cert,omitempty"`
	// Intermediate Certificates for verifying the AK Certificate, encoded as
	// ASN.1 DER. Optional.
	IntermediateCerts [][]byte `protobuf:"bytes,7,rep,name=intermediate_certs,json=intermediateCerts,proto3" json:"intermediate_certs,omitempty"`
	// Trusted execution environment attestation is a secondary platform
	// attestation that the machine is running within a particular confidential
	// environment.
	//
	// Types that are assignable to TeeAttestation:
	//
	//	*Attestation_SevSnpAttestation
	//	*Attestation_TdxAttestation
	TeeAttestation isAttestation_TeeAttestation `protobuf_oneof:"tee_attestation"`
	// contains filtered or unexported fields
}

func (*Attestation) Descriptor deprecated 

func (*Attestation) Descriptor() ([]byte, []int)

Deprecated: Use Attestation.ProtoReflect.Descriptor instead.

func (*Attestation) GetAkCert 

func (x *Attestation) GetAkCert() []byte

func (*Attestation) GetAkPub 

func (x *Attestation) GetAkPub() []byte

func (*Attestation) GetCanonicalEventLog 

func (x *Attestation) GetCanonicalEventLog() []byte

func (*Attestation) GetEventLog 

func (x *Attestation) GetEventLog() []byte

func (*Attestation) GetInstanceInfo 

func (x *Attestation) GetInstanceInfo() *GCEInstanceInfo

func (*Attestation) GetIntermediateCerts 

func (x *Attestation) GetIntermediateCerts() [][]byte

func (*Attestation) GetQuotes 

func (x *Attestation) GetQuotes() []*tpm.Quote

func (*Attestation) GetSevSnpAttestation 

func (x *Attestation) GetSevSnpAttestation() *sevsnp.Attestation

func (*Attestation) GetTdxAttestation 

func (x *Attestation) GetTdxAttestation() *tdx.QuoteV4

func (*Attestation) GetTeeAttestation 

func (m *Attestation) GetTeeAttestation() isAttestation_TeeAttestation

func (*Attestation) ProtoMessage 

func (*Attestation) ProtoMessage()

func (*Attestation) ProtoReflect 

func (x *Attestation) ProtoReflect() protoreflect.Message

func (*Attestation) Reset 

func (x *Attestation) Reset()

func (*Attestation) String 

func (x *Attestation) String() string

type Attestation_SevSnpAttestation 

type Attestation_SevSnpAttestation struct {
	SevSnpAttestation *sevsnp.Attestation `protobuf:"bytes,8,opt,name=sev_snp_attestation,json=sevSnpAttestation,proto3,oneof"`
}

type Attestation_TdxAttestation 

type Attestation_TdxAttestation struct {
	TdxAttestation *tdx.QuoteV4 `protobuf:"bytes,9,opt,name=tdx_attestation,json=tdxAttestation,proto3,oneof"`
}

type AttestedCosState 

type AttestedCosState struct {
	Container        *ContainerState        `protobuf:"bytes,1,opt,name=container,proto3" json:"container,omitempty"`
	CosVersion       *SemanticVersion       `protobuf:"bytes,2,opt,name=cos_version,json=cosVersion,proto3" json:"cos_version,omitempty"`
	LauncherVersion  *SemanticVersion       `protobuf:"bytes,3,opt,name=launcher_version,json=launcherVersion,proto3" json:"launcher_version,omitempty"`
	HealthMonitoring *HealthMonitoringState `protobuf:"bytes,4,opt,name=health_monitoring,json=healthMonitoring,proto3" json:"health_monitoring,omitempty"`
	// contains filtered or unexported fields
}

func (*AttestedCosState) Descriptor deprecated 

func (*AttestedCosState) Descriptor() ([]byte, []int)

Deprecated: Use AttestedCosState.ProtoReflect.Descriptor instead.

func (*AttestedCosState) GetContainer 

func (x *AttestedCosState) GetContainer() *ContainerState

func (*AttestedCosState) GetCosVersion 

func (x *AttestedCosState) GetCosVersion() *SemanticVersion

func (*AttestedCosState) GetHealthMonitoring 

func (x *AttestedCosState) GetHealthMonitoring() *HealthMonitoringState

func (*AttestedCosState) GetLauncherVersion 

func (x *AttestedCosState) GetLauncherVersion() *SemanticVersion

func (*AttestedCosState) ProtoMessage 

func (*AttestedCosState) ProtoMessage()

func (*AttestedCosState) ProtoReflect 

func (x *AttestedCosState) ProtoReflect() protoreflect.Message

func (*AttestedCosState) Reset 

func (x *AttestedCosState) Reset()

func (*AttestedCosState) String 

func (x *AttestedCosState) String() string

type Certificate 

type Certificate struct {

	// The representation of the certificate. If the certificate matches a
	// well-known certificate above, representation should contain the value in
	// the enum. Otherwise, it will contain the raw DER.
	//
	// Types that are assignable to Representation:
	//
	//	*Certificate_Der
	//	*Certificate_WellKnown
	Representation isCertificate_Representation `protobuf_oneof:"representation"`
	// contains filtered or unexported fields
}

func (*Certificate) Descriptor deprecated 

func (*Certificate) Descriptor() ([]byte, []int)

Deprecated: Use Certificate.ProtoReflect.Descriptor instead.

func (*Certificate) GetDer 

func (x *Certificate) GetDer() []byte

func (*Certificate) GetRepresentation 

func (m *Certificate) GetRepresentation() isCertificate_Representation

func (*Certificate) GetWellKnown 

func (x *Certificate) GetWellKnown() WellKnownCertificate

func (*Certificate) ProtoMessage 

func (*Certificate) ProtoMessage()

func (*Certificate) ProtoReflect 

func (x *Certificate) ProtoReflect() protoreflect.Message

func (*Certificate) Reset 

func (x *Certificate) Reset()

func (*Certificate) String 

func (x *Certificate) String() string

type Certificate_Der 

type Certificate_Der struct {
	// DER representation of the certificate.
	Der []byte `protobuf:"bytes,1,opt,name=der,proto3,oneof"`
}

type Certificate_WellKnown 

type Certificate_WellKnown struct {
	WellKnown WellKnownCertificate `protobuf:"varint,2,opt,name=well_known,json=wellKnown,proto3,enum=attest.WellKnownCertificate,oneof"`
}

type ContainerState 

type ContainerState struct {
	ImageReference string `protobuf:"bytes,1,opt,name=image_reference,json=imageReference,proto3" json:"image_reference,omitempty"`
	// Digest of the registry's image manifest, which contains a list of the
	// layers comprising the image.
	ImageDigest   string        `protobuf:"bytes,2,opt,name=image_digest,json=imageDigest,proto3" json:"image_digest,omitempty"`
	RestartPolicy RestartPolicy `` /* 127-byte string literal not displayed */
	// Digest of the local image configuration object, containing config items
	// such as local layer digests.
	ImageId string            `protobuf:"bytes,4,opt,name=image_id,json=imageId,proto3" json:"image_id,omitempty"`
	Args    []string          `protobuf:"bytes,5,rep,name=args,proto3" json:"args,omitempty"`
	EnvVars map[string]string `` /* 170-byte string literal not displayed */
	// Record operator input Env Vars and Args, should be subsets of the above
	// Env Vars and Args.
	OverriddenArgs    []string          `protobuf:"bytes,7,rep,name=overridden_args,json=overriddenArgs,proto3" json:"overridden_args,omitempty"`
	OverriddenEnvVars map[string]string `` /* 202-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*ContainerState) Descriptor deprecated 

func (*ContainerState) Descriptor() ([]byte, []int)

Deprecated: Use ContainerState.ProtoReflect.Descriptor instead.

func (*ContainerState) GetArgs 

func (x *ContainerState) GetArgs() []string

func (*ContainerState) GetEnvVars 

func (x *ContainerState) GetEnvVars() map[string]string

func (*ContainerState) GetImageDigest 

func (x *ContainerState) GetImageDigest() string

func (*ContainerState) GetImageId 

func (x *ContainerState) GetImageId() string

func (*ContainerState) GetImageReference 

func (x *ContainerState) GetImageReference() string

func (*ContainerState) GetOverriddenArgs 

func (x *ContainerState) GetOverriddenArgs() []string

func (*ContainerState) GetOverriddenEnvVars 

func (x *ContainerState) GetOverriddenEnvVars() map[string]string

func (*ContainerState) GetRestartPolicy 

func (x *ContainerState) GetRestartPolicy() RestartPolicy

func (*ContainerState) ProtoMessage 

func (*ContainerState) ProtoMessage()

func (*ContainerState) ProtoReflect 

func (x *ContainerState) ProtoReflect() protoreflect.Message

func (*ContainerState) Reset 

func (x *ContainerState) Reset()

func (*ContainerState) String 

func (x *ContainerState) String() string

type Database 

type Database struct {
	Certs  []*Certificate `protobuf:"bytes,1,rep,name=certs,proto3" json:"certs,omitempty"`
	Hashes [][]byte       `protobuf:"bytes,2,rep,name=hashes,proto3" json:"hashes,omitempty"`
	// contains filtered or unexported fields
}

A Secure Boot database containing lists of hashes and certificates, as defined by section 32.4.1 Signature Database in the UEFI spec.

func (*Database) Descriptor deprecated 

func (*Database) Descriptor() ([]byte, []int)

Deprecated: Use Database.ProtoReflect.Descriptor instead.

func (*Database) GetCerts 

func (x *Database) GetCerts() []*Certificate

func (*Database) GetHashes 

func (x *Database) GetHashes() [][]byte

func (*Database) ProtoMessage 

func (*Database) ProtoMessage()

func (*Database) ProtoReflect 

func (x *Database) ProtoReflect() protoreflect.Message

func (*Database) Reset 

func (x *Database) Reset()

func (*Database) String 

func (x *Database) String() string

type EfiApp 

type EfiApp struct {

	// The PE/COFF digest of the EFI application (pulled from the raw event digest).
	Digest []byte `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"`
	// contains filtered or unexported fields
}

func (*EfiApp) Descriptor deprecated 

func (*EfiApp) Descriptor() ([]byte, []int)

Deprecated: Use EfiApp.ProtoReflect.Descriptor instead.

func (*EfiApp) GetDigest 

func (x *EfiApp) GetDigest() []byte

func (*EfiApp) ProtoMessage 

func (*EfiApp) ProtoMessage()

func (*EfiApp) ProtoReflect 

func (x *EfiApp) ProtoReflect() protoreflect.Message

func (*EfiApp) Reset 

func (x *EfiApp) Reset()

func (*EfiApp) String 

func (x *EfiApp) String() string

type EfiState 

type EfiState struct {

	// UEFI's OS Loader code is required to measure attempts to load and execute
	// UEFI applications.
	// UEFI applications are typically bootloaders such as shim and GRUB.
	// These run and are measured using the UEFI LoadImage() service.
	Apps []*EfiApp `protobuf:"bytes,1,rep,name=apps,proto3" json:"apps,omitempty"`
	// contains filtered or unexported fields
}

The verified state of EFI Applications. Policy usage on this machine state should check the entire set of EFI App digests matches, not a subset.

func (*EfiState) Descriptor deprecated 

func (*EfiState) Descriptor() ([]byte, []int)

Deprecated: Use EfiState.ProtoReflect.Descriptor instead.

func (*EfiState) GetApps 

func (x *EfiState) GetApps() []*EfiApp

func (*EfiState) ProtoMessage 

func (*EfiState) ProtoMessage()

func (*EfiState) ProtoReflect 

func (x *EfiState) ProtoReflect() protoreflect.Message

func (*EfiState) Reset 

func (x *EfiState) Reset()

func (*EfiState) String 

func (x *EfiState) String() string

type Event 

type Event struct {

	// The Platform Control Register (PCR) this event was extended into.
	PcrIndex uint32 `protobuf:"varint,1,opt,name=pcr_index,json=pcrIndex,proto3" json:"pcr_index,omitempty"`
	// The type of this event. Note that this value is not verified, so it should
	// only be used as a hint during event parsing.
	UntrustedType uint32 `protobuf:"varint,2,opt,name=untrusted_type,json=untrustedType,proto3" json:"untrusted_type,omitempty"`
	// The raw data associated to this event. The meaning of this data is
	// specific to the type of the event.
	Data []byte `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"`
	// The event digest actually extended into the TPM. This is often the hash of
	// the data field, but in some cases it may have a type-specific calculation.
	Digest []byte `protobuf:"bytes,4,opt,name=digest,proto3" json:"digest,omitempty"`
	// This is true if hash(data) == digest.
	DigestVerified bool `protobuf:"varint,5,opt,name=digest_verified,json=digestVerified,proto3" json:"digest_verified,omitempty"`
	// contains filtered or unexported fields
}

A parsed event from the TCG event log

func (*Event) Descriptor deprecated 

func (*Event) Descriptor() ([]byte, []int)

Deprecated: Use Event.ProtoReflect.Descriptor instead.

func (*Event) GetData 

func (x *Event) GetData() []byte

func (*Event) GetDigest 

func (x *Event) GetDigest() []byte

func (*Event) GetDigestVerified 

func (x *Event) GetDigestVerified() bool

func (*Event) GetPcrIndex 

func (x *Event) GetPcrIndex() uint32

func (*Event) GetUntrustedType 

func (x *Event) GetUntrustedType() uint32

func (*Event) ProtoMessage 

func (*Event) ProtoMessage()

func (*Event) ProtoReflect 

func (x *Event) ProtoReflect() protoreflect.Message

func (*Event) Reset 

func (x *Event) Reset()

func (*Event) String 

func (x *Event) String() string

type GCEConfidentialTechnology 

type GCEConfidentialTechnology int32

Type of hardware technology used to protect this instance 

const (
	GCEConfidentialTechnology_NONE        GCEConfidentialTechnology = 0
	GCEConfidentialTechnology_AMD_SEV     GCEConfidentialTechnology = 1
	GCEConfidentialTechnology_AMD_SEV_ES  GCEConfidentialTechnology = 2
	GCEConfidentialTechnology_INTEL_TDX   GCEConfidentialTechnology = 3
	GCEConfidentialTechnology_AMD_SEV_SNP GCEConfidentialTechnology = 4
)

func (GCEConfidentialTechnology) Descriptor 

func (GCEConfidentialTechnology) Descriptor() protoreflect.EnumDescriptor

func (GCEConfidentialTechnology) Enum 

func (x GCEConfidentialTechnology) Enum() *GCEConfidentialTechnology

func (GCEConfidentialTechnology) EnumDescriptor deprecated 

func (GCEConfidentialTechnology) EnumDescriptor() ([]byte, []int)

Deprecated: Use GCEConfidentialTechnology.Descriptor instead.

func (GCEConfidentialTechnology) Number 

func (x GCEConfidentialTechnology) Number() protoreflect.EnumNumber

func (GCEConfidentialTechnology) String 

func (x GCEConfidentialTechnology) String() string

func (GCEConfidentialTechnology) Type 

func (GCEConfidentialTechnology) Type() protoreflect.EnumType

type GCEInstanceInfo 

type GCEInstanceInfo struct {
	Zone          string `protobuf:"bytes,1,opt,name=zone,proto3" json:"zone,omitempty"`
	ProjectId     string `protobuf:"bytes,2,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty"`
	ProjectNumber uint64 `protobuf:"varint,3,opt,name=project_number,json=projectNumber,proto3" json:"project_number,omitempty"`
	InstanceName  string `protobuf:"bytes,4,opt,name=instance_name,json=instanceName,proto3" json:"instance_name,omitempty"`
	InstanceId    uint64 `protobuf:"varint,5,opt,name=instance_id,json=instanceId,proto3" json:"instance_id,omitempty"`
	// contains filtered or unexported fields
}

Information uniquely identifying a GCE instance. Can be used to create an instance URL, which can then be used with GCE APIs. Formatted like: 

https://www.googleapis.com/compute/v1/projects/{project_id}/zones/{zone}/instances/{instance_name}

func (*GCEInstanceInfo) Descriptor deprecated 

func (*GCEInstanceInfo) Descriptor() ([]byte, []int)

Deprecated: Use GCEInstanceInfo.ProtoReflect.Descriptor instead.

func (*GCEInstanceInfo) GetInstanceId 

func (x *GCEInstanceInfo) GetInstanceId() uint64

func (*GCEInstanceInfo) GetInstanceName 

func (x *GCEInstanceInfo) GetInstanceName() string

func (*GCEInstanceInfo) GetProjectId 

func (x *GCEInstanceInfo) GetProjectId() string

func (*GCEInstanceInfo) GetProjectNumber 

func (x *GCEInstanceInfo) GetProjectNumber() uint64

func (*GCEInstanceInfo) GetZone 

func (x *GCEInstanceInfo) GetZone() string

func (*GCEInstanceInfo) ProtoMessage 

func (*GCEInstanceInfo) ProtoMessage()

func (*GCEInstanceInfo) ProtoReflect 

func (x *GCEInstanceInfo) ProtoReflect() protoreflect.Message

func (*GCEInstanceInfo) Reset 

func (x *GCEInstanceInfo) Reset()

func (*GCEInstanceInfo) String 

func (x *GCEInstanceInfo) String() string

type GrubFile 

type GrubFile struct {

	// The digest of the file (pulled from the raw event digest).
	Digest []byte `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"`
	// The event data. This is not measured, so it is untrusted.
	UntrustedFilename []byte `protobuf:"bytes,2,opt,name=untrusted_filename,json=untrustedFilename,proto3" json:"untrusted_filename,omitempty"`
	// contains filtered or unexported fields
}

func (*GrubFile) Descriptor deprecated 

func (*GrubFile) Descriptor() ([]byte, []int)

Deprecated: Use GrubFile.ProtoReflect.Descriptor instead.

func (*GrubFile) GetDigest 

func (x *GrubFile) GetDigest() []byte

func (*GrubFile) GetUntrustedFilename 

func (x *GrubFile) GetUntrustedFilename() []byte

func (*GrubFile) ProtoMessage 

func (*GrubFile) ProtoMessage()

func (*GrubFile) ProtoReflect 

func (x *GrubFile) ProtoReflect() protoreflect.Message

func (*GrubFile) Reset 

func (x *GrubFile) Reset()

func (*GrubFile) String 

func (x *GrubFile) String() string

type GrubState 

type GrubState struct {

	// All GRUB-read and measured files, including grub.cfg.
	Files []*GrubFile `protobuf:"bytes,1,rep,name=files,proto3" json:"files,omitempty"`
	// A list of executed GRUB commands and command lines passed to the kernel
	// and kernel modules.
	Commands []string `protobuf:"bytes,2,rep,name=commands,proto3" json:"commands,omitempty"`
	// contains filtered or unexported fields
}

func (*GrubState) Descriptor deprecated 

func (*GrubState) Descriptor() ([]byte, []int)

Deprecated: Use GrubState.ProtoReflect.Descriptor instead.

func (*GrubState) GetCommands 

func (x *GrubState) GetCommands() []string

func (*GrubState) GetFiles 

func (x *GrubState) GetFiles() []*GrubFile

func (*GrubState) ProtoMessage 

func (*GrubState) ProtoMessage()

func (*GrubState) ProtoReflect 

func (x *GrubState) ProtoReflect() protoreflect.Message

func (*GrubState) Reset 

func (x *GrubState) Reset()

func (*GrubState) String 

func (x *GrubState) String() string

type HealthMonitoringState 

type HealthMonitoringState struct {

	// Whether memory monitoring is enabled.
	MemoryEnabled *bool `protobuf:"varint,1,opt,name=memory_enabled,json=memoryEnabled,proto3,oneof" json:"memory_enabled,omitempty"`
	// contains filtered or unexported fields
}

func (*HealthMonitoringState) Descriptor deprecated 

func (*HealthMonitoringState) Descriptor() ([]byte, []int)

Deprecated: Use HealthMonitoringState.ProtoReflect.Descriptor instead.

func (*HealthMonitoringState) GetMemoryEnabled 

func (x *HealthMonitoringState) GetMemoryEnabled() bool

func (*HealthMonitoringState) ProtoMessage 

func (*HealthMonitoringState) ProtoMessage()

func (*HealthMonitoringState) ProtoReflect 

func (x *HealthMonitoringState) ProtoReflect() protoreflect.Message

func (*HealthMonitoringState) Reset 

func (x *HealthMonitoringState) Reset()

func (*HealthMonitoringState) String 

func (x *HealthMonitoringState) String() string

type LinuxKernelState 

type LinuxKernelState struct {

	// The kernel command line.
	CommandLine string `protobuf:"bytes,1,opt,name=command_line,json=commandLine,proto3" json:"command_line,omitempty"`
	// contains filtered or unexported fields
}

The state of the Linux kernel. At the moment, parsing LinuxKernelState relies on parsing the GrubState. To do so, use ParseOpts{Loader: GRUB} when calling ParseMachineState.

func (*LinuxKernelState) Descriptor deprecated 

func (*LinuxKernelState) Descriptor() ([]byte, []int)

Deprecated: Use LinuxKernelState.ProtoReflect.Descriptor instead.

func (*LinuxKernelState) GetCommandLine 

func (x *LinuxKernelState) GetCommandLine() string

func (*LinuxKernelState) ProtoMessage 

func (*LinuxKernelState) ProtoMessage()

func (*LinuxKernelState) ProtoReflect 

func (x *LinuxKernelState) ProtoReflect() protoreflect.Message

func (*LinuxKernelState) Reset 

func (x *LinuxKernelState) Reset()

func (*LinuxKernelState) String 

func (x *LinuxKernelState) String() string

type MachineState 

type MachineState struct {
	Platform   *PlatformState   `protobuf:"bytes,1,opt,name=platform,proto3" json:"platform,omitempty"`
	SecureBoot *SecureBootState `protobuf:"bytes,2,opt,name=secure_boot,json=secureBoot,proto3" json:"secure_boot,omitempty"`
	// The complete parsed TCG Event Log, including those events used to
	// create the PlatformState.
	RawEvents []*Event `protobuf:"bytes,3,rep,name=raw_events,json=rawEvents,proto3" json:"raw_events,omitempty"`
	// The hash algorithm used when verifying the Attestation. This indicates:
	//   - which PCR bank was used for for quote validation and event log replay
	//   - the hash algorithm used to calculate event digests
	Hash        tpm.HashAlgo      `protobuf:"varint,4,opt,name=hash,proto3,enum=tpm.HashAlgo" json:"hash,omitempty"`
	Grub        *GrubState        `protobuf:"bytes,5,opt,name=grub,proto3" json:"grub,omitempty"`
	LinuxKernel *LinuxKernelState `protobuf:"bytes,6,opt,name=linux_kernel,json=linuxKernel,proto3" json:"linux_kernel,omitempty"`
	Cos         *AttestedCosState `protobuf:"bytes,7,opt,name=cos,proto3" json:"cos,omitempty"`
	Efi         *EfiState         `protobuf:"bytes,8,opt,name=efi,proto3" json:"efi,omitempty"`
	// contains filtered or unexported fields
}

The verified state of a booted machine, obtained from an Attestation

func (*MachineState) Descriptor deprecated 

func (*MachineState) Descriptor() ([]byte, []int)

Deprecated: Use MachineState.ProtoReflect.Descriptor instead.

func (*MachineState) GetCos 

func (x *MachineState) GetCos() *AttestedCosState

func (*MachineState) GetEfi 

func (x *MachineState) GetEfi() *EfiState

func (*MachineState) GetGrub 

func (x *MachineState) GetGrub() *GrubState

func (*MachineState) GetHash 

func (x *MachineState) GetHash() tpm.HashAlgo

func (*MachineState) GetLinuxKernel 

func (x *MachineState) GetLinuxKernel() *LinuxKernelState

func (*MachineState) GetPlatform 

func (x *MachineState) GetPlatform() *PlatformState

func (*MachineState) GetRawEvents 

func (x *MachineState) GetRawEvents() []*Event

func (*MachineState) GetSecureBoot 

func (x *MachineState) GetSecureBoot() *SecureBootState

func (*MachineState) ProtoMessage 

func (*MachineState) ProtoMessage()

func (*MachineState) ProtoReflect 

func (x *MachineState) ProtoReflect() protoreflect.Message

func (*MachineState) Reset 

func (x *MachineState) Reset()

func (*MachineState) String 

func (x *MachineState) String() string

type PlatformPolicy 

type PlatformPolicy struct {

	// If PlatformState.firmware contains a scrtm_version_id, it must appear
	// in this list. For use with a GCE VM, minimum_gce_firmware_version is
	// often a better alternative.
	AllowedScrtmVersionIds [][]byte `` /* 131-byte string literal not displayed */
	// If PlatformState.firmware contains a minimum_gce_firmware_version, it must
	// be greater than or equal to this value. Currently, the max version is 1.
	MinimumGceFirmwareVersion uint32 `` /* 141-byte string literal not displayed */
	// The PlatformState's technology must be at least as secure as
	// the specified minimum_technology (i.e. AMD_SEV_ES > AMD_SEV > NONE).
	MinimumTechnology GCEConfidentialTechnology `` /* 151-byte string literal not displayed */
	// contains filtered or unexported fields
}

A policy dictating which values of PlatformState to allow

func (*PlatformPolicy) Descriptor deprecated 

func (*PlatformPolicy) Descriptor() ([]byte, []int)

Deprecated: Use PlatformPolicy.ProtoReflect.Descriptor instead.

func (*PlatformPolicy) GetAllowedScrtmVersionIds 

func (x *PlatformPolicy) GetAllowedScrtmVersionIds() [][]byte

func (*PlatformPolicy) GetMinimumGceFirmwareVersion 

func (x *PlatformPolicy) GetMinimumGceFirmwareVersion() uint32

func (*PlatformPolicy) GetMinimumTechnology 

func (x *PlatformPolicy) GetMinimumTechnology() GCEConfidentialTechnology

func (*PlatformPolicy) ProtoMessage 

func (*PlatformPolicy) ProtoMessage()

func (*PlatformPolicy) ProtoReflect 

func (x *PlatformPolicy) ProtoReflect() protoreflect.Message

func (*PlatformPolicy) Reset 

func (x *PlatformPolicy) Reset()

func (*PlatformPolicy) String 

func (x *PlatformPolicy) String() string

type PlatformState 

type PlatformState struct {

	// Types that are assignable to Firmware:
	//
	//	*PlatformState_ScrtmVersionId
	//	*PlatformState_GceVersion
	Firmware isPlatformState_Firmware `protobuf_oneof:"firmware"`
	// Set to NONE on non-GCE instances or non-Confidential Shielded GCE instances
	Technology GCEConfidentialTechnology `protobuf:"varint,3,opt,name=technology,proto3,enum=attest.GCEConfidentialTechnology" json:"technology,omitempty"`
	// Only set for GCE instances
	InstanceInfo *GCEInstanceInfo `protobuf:"bytes,4,opt,name=instance_info,json=instanceInfo,proto3" json:"instance_info,omitempty"`
	// contains filtered or unexported fields
}

The platform/firmware state for this instance

func (*PlatformState) Descriptor deprecated 

func (*PlatformState) Descriptor() ([]byte, []int)

Deprecated: Use PlatformState.ProtoReflect.Descriptor instead.

func (*PlatformState) GetFirmware 

func (m *PlatformState) GetFirmware() isPlatformState_Firmware

func (*PlatformState) GetGceVersion 

func (x *PlatformState) GetGceVersion() uint32

func (*PlatformState) GetInstanceInfo 

func (x *PlatformState) GetInstanceInfo() *GCEInstanceInfo

func (*PlatformState) GetScrtmVersionId 

func (x *PlatformState) GetScrtmVersionId() []byte

func (*PlatformState) GetTechnology 

func (x *PlatformState) GetTechnology() GCEConfidentialTechnology

func (*PlatformState) ProtoMessage 

func (*PlatformState) ProtoMessage()

func (*PlatformState) ProtoReflect 

func (x *PlatformState) ProtoReflect() protoreflect.Message

func (*PlatformState) Reset 

func (x *PlatformState) Reset()

func (*PlatformState) String 

func (x *PlatformState) String() string

type PlatformState_GceVersion 

type PlatformState_GceVersion struct {
	// Virtual GCE firmware version (parsed from S-CRTM version id)
	GceVersion uint32 `protobuf:"varint,2,opt,name=gce_version,json=gceVersion,proto3,oneof"`
}

type PlatformState_ScrtmVersionId 

type PlatformState_ScrtmVersionId struct {
	// Raw S-CRTM version identifier (EV_S_CRTM_VERSION)
	ScrtmVersionId []byte `protobuf:"bytes,1,opt,name=scrtm_version_id,json=scrtmVersionId,proto3,oneof"`
}

type Policy 

type Policy struct {
	Platform *PlatformPolicy `protobuf:"bytes,1,opt,name=platform,proto3" json:"platform,omitempty"`
	// contains filtered or unexported fields
}

A policy dictating which type of MachineStates to allow

func (*Policy) Descriptor deprecated 

func (*Policy) Descriptor() ([]byte, []int)

Deprecated: Use Policy.ProtoReflect.Descriptor instead.

func (*Policy) GetPlatform 

func (x *Policy) GetPlatform() *PlatformPolicy

func (*Policy) ProtoMessage 

func (*Policy) ProtoMessage()

func (*Policy) ProtoReflect 

func (x *Policy) ProtoReflect() protoreflect.Message

func (*Policy) Reset 

func (x *Policy) Reset()

func (*Policy) String 

func (x *Policy) String() string

type RestartPolicy 

type RestartPolicy int32

The container's restart policy. See the following Kubernetes documentation for more details: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy Note that these enum variants do not conform to the standard Protocol Buffers Style Guide so that RestartPolicy_name, RestartPolicy_value, and RestartPolicy.String() match the values used by Kubernetes and others. 

const (
	RestartPolicy_Always    RestartPolicy = 0
	RestartPolicy_OnFailure RestartPolicy = 1
	RestartPolicy_Never     RestartPolicy = 2
)

func (RestartPolicy) Descriptor 

func (RestartPolicy) Descriptor() protoreflect.EnumDescriptor

func (RestartPolicy) Enum 

func (x RestartPolicy) Enum() *RestartPolicy

func (RestartPolicy) EnumDescriptor deprecated 

func (RestartPolicy) EnumDescriptor() ([]byte, []int)

Deprecated: Use RestartPolicy.Descriptor instead.

func (RestartPolicy) Number 

func (x RestartPolicy) Number() protoreflect.EnumNumber

func (RestartPolicy) String 

func (x RestartPolicy) String() string

func (RestartPolicy) Type 

func (RestartPolicy) Type() protoreflect.EnumType

type SecureBootState 

type SecureBootState struct {

	// Whether Secure Boot is enabled.
	Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// The Secure Boot signature (allowed) database.
	Db *Database `protobuf:"bytes,2,opt,name=db,proto3" json:"db,omitempty"`
	// The Secure Boot revoked signature (forbidden) database.
	Dbx *Database `protobuf:"bytes,3,opt,name=dbx,proto3" json:"dbx,omitempty"`
	// Authority events post-separator. Pre-separator authorities
	// are currently not supported.
	Authority *Database `protobuf:"bytes,4,opt,name=authority,proto3" json:"authority,omitempty"`
	// contains filtered or unexported fields
}

The Secure Boot state for this instance.

func (*SecureBootState) Descriptor deprecated 

func (*SecureBootState) Descriptor() ([]byte, []int)

Deprecated: Use SecureBootState.ProtoReflect.Descriptor instead.

func (*SecureBootState) GetAuthority 

func (x *SecureBootState) GetAuthority() *Database

func (*SecureBootState) GetDb 

func (x *SecureBootState) GetDb() *Database

func (*SecureBootState) GetDbx 

func (x *SecureBootState) GetDbx() *Database

func (*SecureBootState) GetEnabled 

func (x *SecureBootState) GetEnabled() bool

func (*SecureBootState) ProtoMessage 

func (*SecureBootState) ProtoMessage()

func (*SecureBootState) ProtoReflect 

func (x *SecureBootState) ProtoReflect() protoreflect.Message

func (*SecureBootState) Reset 

func (x *SecureBootState) Reset()

func (*SecureBootState) String 

func (x *SecureBootState) String() string

type SemanticVersion 

type SemanticVersion struct {
	Major uint32 `protobuf:"varint,1,opt,name=major,proto3" json:"major,omitempty"`
	Minor uint32 `protobuf:"varint,2,opt,name=minor,proto3" json:"minor,omitempty"`
	Patch uint32 `protobuf:"varint,3,opt,name=patch,proto3" json:"patch,omitempty"`
	// contains filtered or unexported fields
}

func (*SemanticVersion) Descriptor deprecated 

func (*SemanticVersion) Descriptor() ([]byte, []int)

Deprecated: Use SemanticVersion.ProtoReflect.Descriptor instead.

func (*SemanticVersion) GetMajor 

func (x *SemanticVersion) GetMajor() uint32

func (*SemanticVersion) GetMinor 

func (x *SemanticVersion) GetMinor() uint32

func (*SemanticVersion) GetPatch 

func (x *SemanticVersion) GetPatch() uint32

func (*SemanticVersion) ProtoMessage 

func (*SemanticVersion) ProtoMessage()

func (*SemanticVersion) ProtoReflect 

func (x *SemanticVersion) ProtoReflect() protoreflect.Message

func (*SemanticVersion) Reset 

func (x *SemanticVersion) Reset()

func (*SemanticVersion) String 

func (x *SemanticVersion) String() string

type WellKnownCertificate 

type WellKnownCertificate int32

Common, publicly-listed certificates by different vendors. 

const (
	WellKnownCertificate_UNKNOWN WellKnownCertificate = 0
	// Microsoft certs:
	// https://go.microsoft.com/fwlink/p/?linkid=321192
	WellKnownCertificate_MS_WINDOWS_PROD_PCA_2011 WellKnownCertificate = 1
	// https://go.microsoft.com/fwlink/p/?linkid=321194
	WellKnownCertificate_MS_THIRD_PARTY_UEFI_CA_2011 WellKnownCertificate = 2
)

func (WellKnownCertificate) Descriptor 

func (WellKnownCertificate) Descriptor() protoreflect.EnumDescriptor

func (WellKnownCertificate) Enum 

func (x WellKnownCertificate) Enum() *WellKnownCertificate

func (WellKnownCertificate) EnumDescriptor deprecated 

func (WellKnownCertificate) EnumDescriptor() ([]byte, []int)

Deprecated: Use WellKnownCertificate.Descriptor instead.

func (WellKnownCertificate) Number 

func (x WellKnownCertificate) Number() protoreflect.EnumNumber

func (WellKnownCertificate) String 

func (x WellKnownCertificate) String() string

func (WellKnownCertificate) Type 

func (WellKnownCertificate) Type() protoreflect.EnumType

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.