Documentation ¶
Overview ¶
This package deals with the low level attestation and verification logic of Constellation nodes.
General tpm attestation code that is not subjective to a single platform should go into the vtpm package. Since attestation capabilities can differ between platforms, the attestation code should go into a subpackage for that respective platform.
We commonly implement the following two interfaces for a platform:
// Issuer issues an attestation document. type Issuer interface { oid.Getter Issue(userData []byte, nonce []byte) (quote []byte, err error) } // Validator is able to validate an attestation document. type Validator interface { oid.Getter Validate(attDoc []byte, nonce []byte) ([]byte, error) }
Attestation code for new platforms needs to implement these two interfaces.
Index ¶
Constants ¶
const ( // MeasurementSecretContext is the value to use for info // when deriving the measurement secret from the master secret. MeasurementSecretContext = "measurementSecret" )
Variables ¶
This section is empty.
Functions ¶
func CompareExtraData ¶ added in v2.8.0
CompareExtraData compares the extra data of a quote with the expected extra data. Returns true if the data from the quote matches the expected data. If the slices are not of equal length, the shorter slice is padded with zeros.
func DeriveClusterID ¶
DeriveClusterID derives the cluster ID from a salt and secret value.
func MakeExtraData ¶ added in v2.8.0
MakeExtraData binds userData to a random nonce used in attestation.
Types ¶
type Logger ¶ added in v2.8.0
Logger is a logger used to print warnings and infos during attestation validation.
Directories ¶
Path | Synopsis |
---|---|
snp
--------- WARNING! ---------
|
--------- WARNING! --------- |
Package idkeydigest provides type definitions for the `idkeydigest` value of SEV-SNP attestation.
|
Package idkeydigest provides type definitions for the `idkeydigest` value of SEV-SNP attestation. |
Package initialize implements functions to mark a node as initialized in the context of cluster attestation.
|
Package initialize implements functions to mark a node as initialized in the context of cluster attestation. |
TPM2 simulator used for unit tests.
|
TPM2 simulator used for unit tests. |
Package TDX implements attestation for Intel TDX.
|
Package TDX implements attestation for Intel TDX. |
Package variant defines Attestation variants for different CSPs.
|
Package variant defines Attestation variants for different CSPs. |