Documentation
¶
Overview ¶
NitroTPM Attestation. ¶
Uses NitroTPM to enable a TPM based measured boot Constellation deployment. The origin of the attesation statement can not be verified.
Issuer ¶
The TPM attestation is signed by the NitroTPM's RSA attestation key. Additionally to the TPM attestation, we attach a node's instance identity document to the attestation document.
Validator ¶
Currently, the NitroTPM provides no endorsement certificate for its attestation key, nor does AWS offer an alternative way of verifying it. For now we have to blindly trust the key.
Additionally to verifying the TPM attestation, we also check the instance identity document for consistency.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Issuer ¶
type Issuer struct {
variant.AWSNitroTPM
*vtpm.Issuer
}
Issuer for AWS TPM attestation.
func NewIssuer ¶
func NewIssuer(log attestation.Logger) *Issuer
NewIssuer creates a TPM based issuer for AWS.
type Validator ¶
type Validator struct {
variant.AWSNitroTPM
*vtpm.Validator
// contains filtered or unexported fields
}
Validator for AWS TPM attestation.
func NewValidator ¶
func NewValidator(cfg *config.AWSNitroTPM, log attestation.Logger) *Validator
NewValidator create a new Validator structure and returns it.
Source Files