attest

package
v0.3.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 26, 2021 License: Apache-2.0, BSD-3-Clause Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	GCEConfidentialTechnology_name = map[int32]string{
		0: "NONE",
		1: "AMD_SEV",
		2: "AMD_SEV_ES",
	}
	GCEConfidentialTechnology_value = map[string]int32{
		"NONE":       0,
		"AMD_SEV":    1,
		"AMD_SEV_ES": 2,
	}
)

Enum value maps for GCEConfidentialTechnology.

View Source 
var File_proto_attest_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type Attestation 

type Attestation struct {

	// Attestation Key (AK) Public Area, encoded as a TPMT_PUBLIC
	AkPub []byte `protobuf:"bytes,1,opt,name=ak_pub,json=akPub,proto3" json:"ak_pub,omitempty"`
	// Quotes over all supported PCR banks
	Quotes []*tpm.Quote `protobuf:"bytes,2,rep,name=quotes,proto3" json:"quotes,omitempty"`
	// TCG Event Log, encoded in the raw binary format
	EventLog []byte `protobuf:"bytes,3,opt,name=event_log,json=eventLog,proto3" json:"event_log,omitempty"`
	// Optional information about a GCE instance, unused outside of GCE
	InstanceInfo *GCEInstanceInfo `protobuf:"bytes,4,opt,name=instance_info,json=instanceInfo,proto3" json:"instance_info,omitempty"`
	// contains filtered or unexported fields
}

func (*Attestation) Descriptor deprecated 

func (*Attestation) Descriptor() ([]byte, []int)

Deprecated: Use Attestation.ProtoReflect.Descriptor instead.

func (*Attestation) GetAkPub 

func (x *Attestation) GetAkPub() []byte

func (*Attestation) GetEventLog 

func (x *Attestation) GetEventLog() []byte

func (*Attestation) GetInstanceInfo 

func (x *Attestation) GetInstanceInfo() *GCEInstanceInfo

func (*Attestation) GetQuotes 

func (x *Attestation) GetQuotes() []*tpm.Quote

func (*Attestation) ProtoMessage 

func (*Attestation) ProtoMessage()

func (*Attestation) ProtoReflect 

func (x *Attestation) ProtoReflect() protoreflect.Message

func (*Attestation) Reset 

func (x *Attestation) Reset()

func (*Attestation) String 

func (x *Attestation) String() string

type AttestationPolicy added in v0.3.3 

type AttestationPolicy struct {
	Platform   *PlatformPolicy   `protobuf:"bytes,1,opt,name=platform,proto3" json:"platform,omitempty"`
	SecureBoot *SecureBootPolicy `protobuf:"bytes,2,opt,name=secure_boot,json=secureBoot,proto3" json:"secure_boot,omitempty"`
	// contains filtered or unexported fields
}

A policy dictating which type of MachineStates to allow and disallow

func (*AttestationPolicy) Descriptor deprecated added in v0.3.3 

func (*AttestationPolicy) Descriptor() ([]byte, []int)

Deprecated: Use AttestationPolicy.ProtoReflect.Descriptor instead.

func (*AttestationPolicy) GetPlatform added in v0.3.3 

func (x *AttestationPolicy) GetPlatform() *PlatformPolicy

func (*AttestationPolicy) GetSecureBoot added in v0.3.3 

func (x *AttestationPolicy) GetSecureBoot() *SecureBootPolicy

func (*AttestationPolicy) ProtoMessage added in v0.3.3 

func (*AttestationPolicy) ProtoMessage()

func (*AttestationPolicy) ProtoReflect added in v0.3.3 

func (x *AttestationPolicy) ProtoReflect() protoreflect.Message

func (*AttestationPolicy) Reset added in v0.3.3 

func (x *AttestationPolicy) Reset()

func (*AttestationPolicy) String added in v0.3.3 

func (x *AttestationPolicy) String() string

type Certificate added in v0.3.3 

type Certificate struct {
	Der []byte `protobuf:"bytes,1,opt,name=der,proto3" json:"der,omitempty"`
	// contains filtered or unexported fields
}

func (*Certificate) Descriptor deprecated added in v0.3.3 

func (*Certificate) Descriptor() ([]byte, []int)

Deprecated: Use Certificate.ProtoReflect.Descriptor instead.

func (*Certificate) GetDer added in v0.3.3 

func (x *Certificate) GetDer() []byte

func (*Certificate) ProtoMessage added in v0.3.3 

func (*Certificate) ProtoMessage()

func (*Certificate) ProtoReflect added in v0.3.3 

func (x *Certificate) ProtoReflect() protoreflect.Message

func (*Certificate) Reset added in v0.3.3 

func (x *Certificate) Reset()

func (*Certificate) String added in v0.3.3 

func (x *Certificate) String() string

type Database added in v0.3.3 

type Database struct {
	Certs  []*Certificate `protobuf:"bytes,1,rep,name=certs,proto3" json:"certs,omitempty"`
	Hashes [][]byte       `protobuf:"bytes,2,rep,name=hashes,proto3" json:"hashes,omitempty"`
	// contains filtered or unexported fields
}

A Secure Boot database containing lists of hashes and certificates, as defined by section 32.4.1 Signature Database in the UEFI spec.

func (*Database) Descriptor deprecated added in v0.3.3 

func (*Database) Descriptor() ([]byte, []int)

Deprecated: Use Database.ProtoReflect.Descriptor instead.

func (*Database) GetCerts added in v0.3.3 

func (x *Database) GetCerts() []*Certificate

func (*Database) GetHashes added in v0.3.3 

func (x *Database) GetHashes() [][]byte

func (*Database) ProtoMessage added in v0.3.3 

func (*Database) ProtoMessage()

func (*Database) ProtoReflect added in v0.3.3 

func (x *Database) ProtoReflect() protoreflect.Message

func (*Database) Reset added in v0.3.3 

func (x *Database) Reset()

func (*Database) String added in v0.3.3 

func (x *Database) String() string

type Event added in v0.3.3 

type Event struct {
	Index         uint32 `protobuf:"varint,1,opt,name=index,proto3" json:"index,omitempty"`
	UntrustedType uint32 `protobuf:"varint,2,opt,name=untrusted_type,json=untrustedType,proto3" json:"untrusted_type,omitempty"`
	Data          []byte `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"`
	Digest        []byte `protobuf:"bytes,4,opt,name=digest,proto3" json:"digest,omitempty"`
	// contains filtered or unexported fields
}

A parsed event from the TCG event log

func (*Event) Descriptor deprecated added in v0.3.3 

func (*Event) Descriptor() ([]byte, []int)

Deprecated: Use Event.ProtoReflect.Descriptor instead.

func (*Event) GetData added in v0.3.3 

func (x *Event) GetData() []byte

func (*Event) GetDigest added in v0.3.3 

func (x *Event) GetDigest() []byte

func (*Event) GetIndex added in v0.3.3 

func (x *Event) GetIndex() uint32

func (*Event) GetUntrustedType added in v0.3.3 

func (x *Event) GetUntrustedType() uint32

func (*Event) ProtoMessage added in v0.3.3 

func (*Event) ProtoMessage()

func (*Event) ProtoReflect added in v0.3.3 

func (x *Event) ProtoReflect() protoreflect.Message

func (*Event) Reset added in v0.3.3 

func (x *Event) Reset()

func (*Event) String added in v0.3.3 

func (x *Event) String() string

type GCEConfidentialTechnology added in v0.3.3 

type GCEConfidentialTechnology int32

Type of hardware technology used to protect this instance 

const (
	GCEConfidentialTechnology_NONE       GCEConfidentialTechnology = 0
	GCEConfidentialTechnology_AMD_SEV    GCEConfidentialTechnology = 1
	GCEConfidentialTechnology_AMD_SEV_ES GCEConfidentialTechnology = 2
)

func (GCEConfidentialTechnology) Descriptor added in v0.3.3 

func (GCEConfidentialTechnology) Descriptor() protoreflect.EnumDescriptor

func (GCEConfidentialTechnology) Enum added in v0.3.3 

func (x GCEConfidentialTechnology) Enum() *GCEConfidentialTechnology

func (GCEConfidentialTechnology) EnumDescriptor deprecated added in v0.3.3 

func (GCEConfidentialTechnology) EnumDescriptor() ([]byte, []int)

Deprecated: Use GCEConfidentialTechnology.Descriptor instead.

func (GCEConfidentialTechnology) Number added in v0.3.3 

func (x GCEConfidentialTechnology) Number() protoreflect.EnumNumber

func (GCEConfidentialTechnology) String added in v0.3.3 

func (x GCEConfidentialTechnology) String() string

func (GCEConfidentialTechnology) Type added in v0.3.3 

func (GCEConfidentialTechnology) Type() protoreflect.EnumType

type GCEInstanceInfo 

type GCEInstanceInfo struct {
	Zone          string `protobuf:"bytes,1,opt,name=zone,proto3" json:"zone,omitempty"`
	ProjectId     string `protobuf:"bytes,2,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty"`
	ProjectNumber uint64 `protobuf:"varint,3,opt,name=project_number,json=projectNumber,proto3" json:"project_number,omitempty"`
	InstanceName  string `protobuf:"bytes,4,opt,name=instance_name,json=instanceName,proto3" json:"instance_name,omitempty"`
	InstanceId    uint64 `protobuf:"varint,5,opt,name=instance_id,json=instanceId,proto3" json:"instance_id,omitempty"`
	// contains filtered or unexported fields
}

Information uniquely identifying a GCE instance. Can be used to create an instance URL, which can then be used with GCE APIs. Formatted like: 

https://www.googleapis.com/compute/v1/projects/{project_id}/zones/{zone}/instances/{instance_name}

func (*GCEInstanceInfo) Descriptor deprecated 

func (*GCEInstanceInfo) Descriptor() ([]byte, []int)

Deprecated: Use GCEInstanceInfo.ProtoReflect.Descriptor instead.

func (*GCEInstanceInfo) GetInstanceId 

func (x *GCEInstanceInfo) GetInstanceId() uint64

func (*GCEInstanceInfo) GetInstanceName 

func (x *GCEInstanceInfo) GetInstanceName() string

func (*GCEInstanceInfo) GetProjectId 

func (x *GCEInstanceInfo) GetProjectId() string

func (*GCEInstanceInfo) GetProjectNumber 

func (x *GCEInstanceInfo) GetProjectNumber() uint64

func (*GCEInstanceInfo) GetZone 

func (x *GCEInstanceInfo) GetZone() string

func (*GCEInstanceInfo) ProtoMessage 

func (*GCEInstanceInfo) ProtoMessage()

func (*GCEInstanceInfo) ProtoReflect 

func (x *GCEInstanceInfo) ProtoReflect() protoreflect.Message

func (*GCEInstanceInfo) Reset 

func (x *GCEInstanceInfo) Reset()

func (*GCEInstanceInfo) String 

func (x *GCEInstanceInfo) String() string

type MachineState added in v0.3.3 

type MachineState struct {
	Platform   *PlatformState   `protobuf:"bytes,1,opt,name=platform,proto3" json:"platform,omitempty"`
	SecureBoot *SecureBootState `protobuf:"bytes,2,opt,name=secure_boot,json=secureBoot,proto3" json:"secure_boot,omitempty"`
	// The complete TCG Event Log, including those events used to create the
	// PlatformState and SecureBootState.
	RawEvents []*Event `protobuf:"bytes,3,rep,name=raw_events,json=rawEvents,proto3" json:"raw_events,omitempty"`
	// contains filtered or unexported fields
}

The verified state of a booted machine obtained from an Attestation

func (*MachineState) Descriptor deprecated added in v0.3.3 

func (*MachineState) Descriptor() ([]byte, []int)

Deprecated: Use MachineState.ProtoReflect.Descriptor instead.

func (*MachineState) GetPlatform added in v0.3.3 

func (x *MachineState) GetPlatform() *PlatformState

func (*MachineState) GetRawEvents added in v0.3.3 

func (x *MachineState) GetRawEvents() []*Event

func (*MachineState) GetSecureBoot added in v0.3.3 

func (x *MachineState) GetSecureBoot() *SecureBootState

func (*MachineState) ProtoMessage added in v0.3.3 

func (*MachineState) ProtoMessage()

func (*MachineState) ProtoReflect added in v0.3.3 

func (x *MachineState) ProtoReflect() protoreflect.Message

func (*MachineState) Reset added in v0.3.3 

func (x *MachineState) Reset()

func (*MachineState) String added in v0.3.3 

func (x *MachineState) String() string

type PlatformPolicy added in v0.3.3 

type PlatformPolicy struct {

	// If non-empty, the PlatformState's firmware.scrtm_version_id must appear
	// in this list. For use with a GCE VM, minimum_gce_firmware_version is
	// often a better altenative.
	AllowedScrtmVersionIds [][]byte `` /* 131-byte string literal not displayed */
	// If non-zero, the PlatformState's firmware.gce_version must be greater
	// than or equal to this value. Currently, the max version is 1.
	MinimumGceFirmwareVersion uint32 `` /* 141-byte string literal not displayed */
	// If not NONE, the PlatformState's technology must be at least as secure as
	// the specified minimum_technology (i.e. AMD_SEV_ES > AMD_SEV).
	MinimumTechnology GCEConfidentialTechnology `` /* 151-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*PlatformPolicy) Descriptor deprecated added in v0.3.3 

func (*PlatformPolicy) Descriptor() ([]byte, []int)

Deprecated: Use PlatformPolicy.ProtoReflect.Descriptor instead.

func (*PlatformPolicy) GetAllowedScrtmVersionIds added in v0.3.3 

func (x *PlatformPolicy) GetAllowedScrtmVersionIds() [][]byte

func (*PlatformPolicy) GetMinimumGceFirmwareVersion added in v0.3.3 

func (x *PlatformPolicy) GetMinimumGceFirmwareVersion() uint32

func (*PlatformPolicy) GetMinimumTechnology added in v0.3.3 

func (x *PlatformPolicy) GetMinimumTechnology() GCEConfidentialTechnology

func (*PlatformPolicy) ProtoMessage added in v0.3.3 

func (*PlatformPolicy) ProtoMessage()

func (*PlatformPolicy) ProtoReflect added in v0.3.3 

func (x *PlatformPolicy) ProtoReflect() protoreflect.Message

func (*PlatformPolicy) Reset added in v0.3.3 

func (x *PlatformPolicy) Reset()

func (*PlatformPolicy) String added in v0.3.3 

func (x *PlatformPolicy) String() string

type PlatformState added in v0.3.3 

type PlatformState struct {

	// Types that are assignable to Firmware:
	//	*PlatformState_ScrtmVersionId
	//	*PlatformState_GceVersion
	Firmware isPlatformState_Firmware `protobuf_oneof:"firmware"`
	// Set to NONE on non-GCE instances or non-Confidenital Shielded GCE instances
	Technology GCEConfidentialTechnology `protobuf:"varint,3,opt,name=technology,proto3,enum=attest.GCEConfidentialTechnology" json:"technology,omitempty"`
	// Only set for GCE instances
	InstanceInfo *GCEInstanceInfo `protobuf:"bytes,4,opt,name=instance_info,json=instanceInfo,proto3" json:"instance_info,omitempty"`
	// contains filtered or unexported fields
}

func (*PlatformState) Descriptor deprecated added in v0.3.3 

func (*PlatformState) Descriptor() ([]byte, []int)

Deprecated: Use PlatformState.ProtoReflect.Descriptor instead.

func (*PlatformState) GetFirmware added in v0.3.3 

func (m *PlatformState) GetFirmware() isPlatformState_Firmware

func (*PlatformState) GetGceVersion added in v0.3.3 

func (x *PlatformState) GetGceVersion() uint32

func (*PlatformState) GetInstanceInfo added in v0.3.3 

func (x *PlatformState) GetInstanceInfo() *GCEInstanceInfo

func (*PlatformState) GetScrtmVersionId added in v0.3.3 

func (x *PlatformState) GetScrtmVersionId() []byte

func (*PlatformState) GetTechnology added in v0.3.3 

func (x *PlatformState) GetTechnology() GCEConfidentialTechnology

func (*PlatformState) ProtoMessage added in v0.3.3 

func (*PlatformState) ProtoMessage()

func (*PlatformState) ProtoReflect added in v0.3.3 

func (x *PlatformState) ProtoReflect() protoreflect.Message

func (*PlatformState) Reset added in v0.3.3 

func (x *PlatformState) Reset()

func (*PlatformState) String added in v0.3.3 

func (x *PlatformState) String() string

type PlatformState_GceVersion added in v0.3.3 

type PlatformState_GceVersion struct {
	// Virtual GCE firmware version (parsed from S-CRTM version id)
	GceVersion uint32 `protobuf:"varint,2,opt,name=gce_version,json=gceVersion,proto3,oneof"`
}

type PlatformState_ScrtmVersionId added in v0.3.3 

type PlatformState_ScrtmVersionId struct {
	// Raw S-CRTM version identifier (EV_S_CRTM_VERSION)
	ScrtmVersionId []byte `protobuf:"bytes,1,opt,name=scrtm_version_id,json=scrtmVersionId,proto3,oneof"`
}

type SecureBootPolicy added in v0.3.3 

type SecureBootPolicy struct {

	// If present, only these entries may appear in the SecureBootState's db. It
	// is fine for some of the permitted entries to be missing from the db, as
	// that does not decrease security.
	Permitted *Database `protobuf:"bytes,1,opt,name=permitted,proto3" json:"permitted,omitempty"`
	// If present, all of these entries must appear in the SecureBootState's dbx.
	// It is fine for the dbx to contain additional entries, as that does not
	// decrease security.
	Forbidden *Database `protobuf:"bytes,2,opt,name=forbidden,proto3" json:"forbidden,omitempty"`
	// If non-empty, only authorites in this list may appear as authorities. This
	// is useful for furthur restricting which OSes are allowed. For example,
	// adding the Ubuntu Secure Boot key here causes Red Hat boots to be denied.
	PermittedAuthorities []*Certificate `protobuf:"bytes,3,rep,name=permitted_authorities,json=permittedAuthorities,proto3" json:"permitted_authorities,omitempty"`
	// contains filtered or unexported fields
}

func (*SecureBootPolicy) Descriptor deprecated added in v0.3.3 

func (*SecureBootPolicy) Descriptor() ([]byte, []int)

Deprecated: Use SecureBootPolicy.ProtoReflect.Descriptor instead.

func (*SecureBootPolicy) GetForbidden added in v0.3.3 

func (x *SecureBootPolicy) GetForbidden() *Database

func (*SecureBootPolicy) GetPermitted added in v0.3.3 

func (x *SecureBootPolicy) GetPermitted() *Database

func (*SecureBootPolicy) GetPermittedAuthorities added in v0.3.3 

func (x *SecureBootPolicy) GetPermittedAuthorities() []*Certificate

func (*SecureBootPolicy) ProtoMessage added in v0.3.3 

func (*SecureBootPolicy) ProtoMessage()

func (*SecureBootPolicy) ProtoReflect added in v0.3.3 

func (x *SecureBootPolicy) ProtoReflect() protoreflect.Message

func (*SecureBootPolicy) Reset added in v0.3.3 

func (x *SecureBootPolicy) Reset()

func (*SecureBootPolicy) String added in v0.3.3 

func (x *SecureBootPolicy) String() string

type SecureBootState added in v0.3.3 

type SecureBootState struct {

	// Set to true if Secure Boot is enabled
	Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// The certs/hashes that can be used to authorize Secure Boot
	Db *Database `protobuf:"bytes,2,opt,name=db,proto3" json:"db,omitempty"`
	// These certs/hashes block Secure Boot authorization (precedence over db)
	Dbx *Database `protobuf:"bytes,3,opt,name=dbx,proto3" json:"dbx,omitempty"`
	// Authority events post-separator. Pre-separator authorities
	// are currently not supported.
	Authority *Database `protobuf:"bytes,4,opt,name=authority,proto3" json:"authority,omitempty"`
	// contains filtered or unexported fields
}

func (*SecureBootState) Descriptor deprecated added in v0.3.3 

func (*SecureBootState) Descriptor() ([]byte, []int)

Deprecated: Use SecureBootState.ProtoReflect.Descriptor instead.

func (*SecureBootState) GetAuthority added in v0.3.3 

func (x *SecureBootState) GetAuthority() *Database

func (*SecureBootState) GetDb added in v0.3.3 

func (x *SecureBootState) GetDb() *Database

func (*SecureBootState) GetDbx added in v0.3.3 

func (x *SecureBootState) GetDbx() *Database

func (*SecureBootState) GetEnabled added in v0.3.3 

func (x *SecureBootState) GetEnabled() bool

func (*SecureBootState) ProtoMessage added in v0.3.3 

func (*SecureBootState) ProtoMessage()

func (*SecureBootState) ProtoReflect added in v0.3.3 

func (x *SecureBootState) ProtoReflect() protoreflect.Message

func (*SecureBootState) Reset added in v0.3.3 

func (x *SecureBootState) Reset()

func (*SecureBootState) String added in v0.3.3 

func (x *SecureBootState) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.