snp

package
v2.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 3, 2023 License: AGPL-3.0 Imports: 24 Imported by: 0

Documentation

Overview

SNP

Attestation based on TPM and SEV-SNP attestation. The TPM is used to generate runtime measurements and signed by an attestation key that can be verified using the SEV-SNP attestation report.

Issuer

Generates a TPM attestation using an attestation key saved in the TPM. Additionally loads the SEV-SNP attestation report and AMD VCEK certificate chain, and adds them to the attestation document.

Validator

Verifies the attestation key used by first verifying the VCEK certificate chain and the SNP attestation report.

Glossary

This section explains abbreviations used in SNP implementation.

  • Attestation Key (AK)

  • AMD Root Key (ARK)

  • AMD Signing Key (ASK)

  • Versioned Chip Endorsement Key (VCEK)

    For more information see SNP WhitePaper

  • Host (Hardware?) Compatibility Layer (HCL)

    No public information. Azure compute API has a field `isHostCompatibilityLayerVm`, with only a single sentence of documentation.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Issuer

type Issuer struct {
	variant.AzureSEVSNP
	*vtpm.Issuer
	// contains filtered or unexported fields
}

Issuer for Azure TPM attestation.

func NewIssuer

func NewIssuer(log vtpm.AttestationLogger) *Issuer

NewIssuer initializes a new Azure Issuer.

type Validator

type Validator struct {
	variant.AzureSEVSNP
	*vtpm.Validator
	// contains filtered or unexported fields
}

Validator for Azure confidential VM attestation.

func NewValidator

func NewValidator(pcrs measurements.M, idKeyConf idkeydigest.Config, log vtpm.AttestationLogger) *Validator

NewValidator initializes a new Azure validator with the provided PCR values.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL