Documentation
¶
Overview ¶
Package idkeydigest contains policies and type definitions for checking the ID Key Digest value in SEV-SNP attestation.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶ added in v2.7.0
type Config struct {
IDKeyDigests IDKeyDigests `json:"idKeyDigests"`
EnforcementPolicy EnforceIDKeyDigest `json:"enforcementPolicy"`
MAAURL string `json:"maaURL,omitempty"`
}
Config contains the configuration for ID Key Digest validation.
type EnforceIDKeyDigest ¶ added in v2.7.0
type EnforceIDKeyDigest uint32
EnforceIDKeyDigest defines the behavior of the validator when the ID key digest is not found in the expected list.
const ( // Unknown is reserved for invalid configurations. Unknown EnforceIDKeyDigest = iota // StrictChecking will return an error if the ID key digest is not found in the expected list. StrictChecking // MAAFallback attempts to verify the attestation using Microsoft Azure Attestation (MAA), // if the ID key digest is not found in the expected list. MAAFallback // WarnOnly logs a warning if the ID key digest is not found in the expected list. // No error is returned. WarnOnly )
TODO: Decide on final value naming.
func EnforcePolicyFromString ¶ added in v2.7.0
func EnforcePolicyFromString(s string) EnforceIDKeyDigest
EnforcePolicyFromString returns EnforceIDKeyDigest from string.
func (EnforceIDKeyDigest) MarshalJSON ¶ added in v2.7.0
func (e EnforceIDKeyDigest) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface.
func (EnforceIDKeyDigest) MarshalYAML ¶ added in v2.7.0
func (e EnforceIDKeyDigest) MarshalYAML() (any, error)
MarshalYAML implements the yaml.Marshaler interface.
func (EnforceIDKeyDigest) String ¶ added in v2.7.0
func (i EnforceIDKeyDigest) String() string
func (*EnforceIDKeyDigest) UnmarshalJSON ¶ added in v2.7.0
func (e *EnforceIDKeyDigest) UnmarshalJSON(b []byte) error
UnmarshalJSON implements the json.Unmarshaler interface.
func (*EnforceIDKeyDigest) UnmarshalYAML ¶ added in v2.7.0
func (e *EnforceIDKeyDigest) UnmarshalYAML(unmarshal func(any) error) error
UnmarshalYAML implements the yaml.Unmarshaler interface.
type IDKeyDigests ¶
type IDKeyDigests [][]byte
IDKeyDigests is a list of trusted digest values for the ID key.
func DefaultsFor ¶
func DefaultsFor(csp cloudprovider.Provider) IDKeyDigests
DefaultsFor returns the default IDKeyDigests for the given cloud provider.
func NewIDKeyDigests ¶
func NewIDKeyDigests(digests [][]byte) IDKeyDigests
NewIDKeyDigests creates a new IDKeyDigests from a list of digests.
func (IDKeyDigests) MarshalJSON ¶
func (d IDKeyDigests) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface.
func (IDKeyDigests) MarshalYAML ¶
func (d IDKeyDigests) MarshalYAML() (any, error)
MarshalYAML implements the yaml.Marshaler interface.
func (*IDKeyDigests) UnmarshalJSON ¶
func (d *IDKeyDigests) UnmarshalJSON(b []byte) error
UnmarshalJSON implements the json.Unmarshaler interface.
func (*IDKeyDigests) UnmarshalYAML ¶
func (d *IDKeyDigests) UnmarshalYAML(unmarshal func(any) error) error
UnmarshalYAML implements the yaml.Unmarshaler interface.
Source Files