Documentation
¶
Index ¶
- Constants
- func CheckLUKSPassphrase(path, decryptionPassphrase string) error
- func GenerateDiskEncryptionPassphrase() (string, error)
- func GenerateMeasurement(workloadConfig WorkloadConfig, firmwareLibrary string) (string, error)
- func MakeFS(sourcePath, imageFile, filesystem string) (string, string, error)
- func SendRegistrationRequest(workloadConfig WorkloadConfig, ...) error
- func WriteWorkloadConfigToImage(imageFile *os.File, workloadConfigBytes []byte, overwrite bool) error
- type ArchiveOptions
- type RegistrationRequest
- type SevWorkloadData
- type SnpWorkloadData
- type TeeConfig
- type TeeConfigFlags
- type TeeConfigMinFW
- type TeeType
- type WorkloadConfig
Constants ¶
const ( // SEV is a known trusted execution environment type: AMD-SEV SEV = define.SEV // SEV_NO_ES is a known trusted execution environment type: AMD-SEV without encrypted state SEV_NO_ES = types.SEV_NO_ES //revive:disable-line:var-naming // SNP is a known trusted execution environment type: AMD-SNP SNP = define.SNP )
Variables ¶
This section is empty.
Functions ¶
func CheckLUKSPassphrase ¶
CheckLUKSPassphrase checks that the specified LUKS-encrypted file can be decrypted using the specified passphrase.
func GenerateDiskEncryptionPassphrase ¶
GenerateDiskEncryptionPassphrase generates a random disk encryption password
func GenerateMeasurement ¶
func GenerateMeasurement(workloadConfig WorkloadConfig, firmwareLibrary string) (string, error)
GenerateMeasurement generates the runtime measurement using the CPU count, memory size, and the firmware shared library, whatever it's called, wherever it is. If firmwareLibrary is a path, it will be the only one checked. If firmwareLibrary is a filename, it will be checked for in a hard-coded set of directories. If firmwareLibrary is empty, both the filename and the directory it is in will be taken from a hard-coded set of candidates.
func MakeFS ¶
MakeFS formats the imageFile as a filesystem of the specified type, populating it with the contents of the directory at sourcePath. Recognized filesystem types are "ext2", "ext3", "ext4", and "btrfs". Note that krun's init is currently hard-wired to assume "ext4". Returns the stdout, stderr, and any error returned by the mkfs command.
func SendRegistrationRequest ¶
func SendRegistrationRequest(workloadConfig WorkloadConfig, diskEncryptionPassphrase, firmwareLibrary string, ignoreAttestationErrors bool, logger *logrus.Logger) error
SendRegistrationRequest registers a workload with the specified decryption passphrase with the service whose location is part of the WorkloadConfig.
func WriteWorkloadConfigToImage ¶
func WriteWorkloadConfigToImage(imageFile *os.File, workloadConfigBytes []byte, overwrite bool) error
WriteWorkloadConfigToImage writes the workload configuration to the specified disk image file, overwriting a previous configuration if it's asked to and it finds one
Types ¶
type ArchiveOptions ¶
type ArchiveOptions struct {
// If supplied, we'll register the workload with this server.
// Practically necessary if DiskEncryptionPassphrase is not set, in
// which case we'll generate one and throw it away after.
AttestationURL string
// Used to measure the environment. If left unset (0, ""), defaults will be applied.
CPUs int
Memory int
// Can be manually set. If left unset ("", false, nil), reasonable values will be used.
TempDir string
TeeType TeeType
IgnoreAttestationErrors bool
ImageSize int64
WorkloadID string
Slop string
DiskEncryptionPassphrase string
FirmwareLibrary string
Logger *logrus.Logger
GraphOptions []string // passed in from a storage Store, probably
ExtraImageContent map[string]string
}
ArchiveOptions includes optional settings for generating an archive.
type RegistrationRequest ¶
type RegistrationRequest = types.RegistrationRequest
type SevWorkloadData ¶
type SevWorkloadData = types.SevWorkloadData
SevWorkloadData is the type of data in WorkloadConfig.TeeData when the type is SEV.
type SnpWorkloadData ¶
type SnpWorkloadData = types.SnpWorkloadData
SnpWorkloadData is the type of data in WorkloadConfig.TeeData when the type is SNP.
type TeeConfigFlags ¶
type TeeConfigFlags = types.TeeConfigFlags
type TeeConfigMinFW ¶
type TeeConfigMinFW = types.TeeConfigMinFW
type TeeType ¶
TeeType is one of the known types of trusted execution environments for which we can generate suitable image contents.
type WorkloadConfig ¶
type WorkloadConfig = types.WorkloadConfig
WorkloadConfig is the data type which is encoded and stored in an image.
func Archive ¶
func Archive(rootfsPath string, ociConfig *v1.Image, options ArchiveOptions) (io.ReadCloser, WorkloadConfig, error)
Archive generates a WorkloadConfig for a specified directory and produces a tar archive of a container image's rootfs with the expected contents.
func ReadWorkloadConfigFromImage ¶
func ReadWorkloadConfigFromImage(path string) (WorkloadConfig, error)
ReadWorkloadConfigFromImage reads the workload configuration from the specified disk image file
Source Files
Directories