Affected by 
Documentation
¶
Overview ¶
Measurements ¶
Defines default expected measurements for the current release, as well as functions for comparing, updating and marshalling measurements.
This package should not include TPM specific code.
Index ¶
Constants ¶
const ( // PCRIndexClusterID is a PCR we extend to mark the node as initialized. // The value used to extend is a random generated 32 Byte value. PCRIndexClusterID = tpmutil.Handle(15) // PCRIndexOwnerID is a PCR we extend to mark the node as initialized. // The value used to extend is derived from Constellation's master key. // TODO: move to stable, non-debug PCR before use. PCRIndexOwnerID = tpmutil.Handle(16) )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type M ¶
type M map[uint32]Measurement
M are Platform Configuration Register (PCR) values that make up the Measurements.
func DefaultsFor ¶
func DefaultsFor(provider cloudprovider.Provider) M
DefaultsFor provides the default measurements for given cloud provider.
func (*M) CopyFrom ¶
CopyFrom copies over all values from other. Overwriting existing values, but keeping not specified values untouched.
func (*M) EqualTo ¶
EqualTo tests whether the provided other Measurements are equal to these measurements.
func (*M) FetchAndVerify ¶
func (m *M) FetchAndVerify( ctx context.Context, client *http.Client, measurementsURL, signatureURL *url.URL, publicKey []byte, metadata WithMetadata, ) (string, error)
FetchAndVerify fetches measurement and signature files via provided URLs, using client for download. The publicKey is used to verify the measurements. The hash of the fetched measurements is returned.
func (*M) GetEnforced ¶
GetEnforced returns a list of all enforced Measurements, i.e. all Measurements that are not marked as WarnOnly.
func (M) MarshalYAML ¶
MarshalYAML returns the YAML encoding of m.
func (*M) SetEnforced ¶
SetEnforced sets the WarnOnly flag to true for all Measurements that are NOT included in the provided list of enforced measurements.
type Measurement ¶
type Measurement struct {
// Expected measurement value.
Expected [32]byte `json:"expected" yaml:"expected"`
// WarnOnly if set to true, a mismatching measurement will only result in a warning.
WarnOnly bool `json:"warnOnly" yaml:"warnOnly"`
}
Measurement wraps expected PCR value and whether it is enforced.
func PlaceHolderMeasurement ¶
func PlaceHolderMeasurement() Measurement
PlaceHolderMeasurement returns a measurement with placeholder values for Expected.
func WithAllBytes ¶
func WithAllBytes(b byte, warnOnly bool) Measurement
WithAllBytes returns a measurement value where all 32 bytes are set to b.
func (Measurement) MarshalJSON ¶
func (m Measurement) MarshalJSON() ([]byte, error)
MarshalJSON writes out a Measurement with Expected encoded as a hex string.
func (Measurement) MarshalYAML ¶
func (m Measurement) MarshalYAML() (any, error)
MarshalYAML writes out a Measurement with Expected encoded as a hex string.
func (*Measurement) UnmarshalJSON ¶
func (m *Measurement) UnmarshalJSON(b []byte) error
UnmarshalJSON reads a Measurement either as json object, or as a simple hex or base64 encoded string.
func (*Measurement) UnmarshalYAML ¶
func (m *Measurement) UnmarshalYAML(unmarshal func(any) error) error
UnmarshalYAML reads a Measurement either as yaml object, or as a simple hex or base64 encoded string.
type WithMetadata ¶
type WithMetadata struct {
CSP cloudprovider.Provider `json:"csp" yaml:"csp"`
Image string `json:"image" yaml:"image"`
Measurements M `json:"measurements" yaml:"measurements"`
}
WithMetadata is a struct supposed to provide CSP & image metadata next to measurements.
Source Files
Directories