Documentation ¶
Overview ¶
This package deals with the low level attestation and verification logic of Constellation nodes.
General tpm attestation code that is not subjective to a single platform should go into the vtpm package. Since attestation capabilities can differ between platforms, the attestation code should go into a subpackage for that respective platform.
We commonly implement the following two interfaces for a platform:
// Issuer issues an attestation document. type Issuer interface { oid.Getter Issue(userData []byte, nonce []byte) (quote []byte, err error) } // Validator is able to validate an attestation document. type Validator interface { oid.Getter Validate(attDoc []byte, nonce []byte) ([]byte, error) }
Attestation code for new platforms needs to implement these two interfaces.
Index ¶
Constants ¶
View Source
const ( // MeasurementSecretContext is the value to use for info // when deriving the measurement secret from the master secret. MeasurementSecretContext = "measurementSecret" )
Variables ¶
This section is empty.
Functions ¶
func DeriveClusterID ¶
DeriveClusterID derives the cluster ID from a salt and secret value.
Types ¶
This section is empty.
Directories ¶
Path | Synopsis |
---|---|
Package idkeydigest contains policies and type definitions for checking the ID Key Digest value in SEV-SNP attestation.
|
Package idkeydigest contains policies and type definitions for checking the ID Key Digest value in SEV-SNP attestation. |
TPM2 simulator used for unit tests.
|
TPM2 simulator used for unit tests. |
Click to show internal directories.
Click to hide internal directories.