Affected by GO-2023-1583 and 2 other vulnerabilities

GO-2023-1583: User data in TPM attestation vulnerable to MITM in github.com/edgelesssys/constellation

GO-2023-1622: Constellation allows Emergency shell access during initramfs boot phase in github.com/edgelesssys/constellation

GO-2024-2727: Constellation has pods exposed to peers in VPC in github.com/edgelesssys/constellation

gcp

package

v2.5.1 Latest Latest Go to latest Published: Jan 27, 2023 License: AGPL-3.0 Imports: 21 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/edgelesssys/constellation

Links

Open Source Insights

Documentation ¶

Overview ¶

Google Cloud Platform attestation ¶

Google offers confidential VMs, utilizing AMD SEV-ES to provide memory encryption.

AMD SEV-ES doesn't offer much in terms of remote attestation, and following that the VMs don't offer much either, see their docs on how to validate a confidential VM for some insights. However, each VM comes with a virtual Trusted Platform Module (vTPM). This module can be used to generate VM unique encryption keys or to attest the platform's chain of boot. We can use the vTPM to verify the VM is running on AMD SEV-ES enabled hardware, allowing us to bootstrap a constellation cluster.

Issuer ¶

Generates a TPM attestation key using a Google provided attestation key. Additionally project ID, zone, and instance name are fetched from the metadata server and attached to the attestation document.

Validator ¶

Verifies the TPM attestation by using a public key provided by Google's API corresponding to the project ID, zone, instance name tuple attached to the attestation document.

Problems ¶

SEV-ES is somewhat limited when compared to the newer version SEV-SNP
Comparison of SEV, SEV-ES, and SEV-SNP can be seen on page seven of AMD's SNP whitepaper
We have to trust Google
Since the vTPM is provided by Google, and they could do whatever they want with it, we have no save proof of the VMs actually being confidential.
The provided vTPM has no endorsement certificate for its attestation key
Without a certificate signing the authenticity of any endorsement keys we have no way of establishing a chain of trust. Instead, we have to rely on Google's API to provide us with the public key of the vTPM's endorsement key.

Index ¶

type Issuer
- func NewIssuer() *Issuer
type Validator
- func NewValidator(pcrs measurements.M, log vtpm.AttestationLogger) *Validator

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Issuer ¶

type Issuer struct {
	oid.GCP
	*vtpm.Issuer
}

Issuer for GCP confidential VM attestation.

func NewIssuer ¶

func NewIssuer() *Issuer

NewIssuer initializes a new GCP Issuer.

type Validator ¶

type Validator struct {
	oid.GCP
	*vtpm.Validator
}

Validator for GCP confidential VM attestation.

func NewValidator ¶

func NewValidator(pcrs measurements.M, log vtpm.AttestationLogger) *Validator

NewValidator initializes a new GCP validator with the provided PCR values.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL