Documentation ¶
Overview ¶
package tdx implements attestation for TDX on Azure.
Quotes are generated using an Azure provided vTPM and the IMDS API. They are verified using the go-tdx-guest library.
More specifically: - The vTPM is used to collected a TPM attestation and a Hardware Compatibility Layer (HCL) report. - The HCL report is sent to the IMDS API to generate a TDX quote. - The quote is verified using the go-tdx-guest library. - The quote's report data can be used to verify the TPM's attestation key. - The attestation key can be used to verify the TPM attestation.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ParseAzureTDXAttestationMeasurements = vtpm.ParseAzureTDXAttestationMeasurements
Functions ¶
This section is empty.
Types ¶
type InstanceInfo ¶
InstanceInfo wraps the TDX report with additional Azure specific runtime data.
type Issuer ¶
Issuer for Azure confidential VM attestation using TDX.
func NewIssuer ¶
func NewIssuer(log attestation.Logger) *Issuer
NewIssuer initializes a new Azure Issuer.
type Validator ¶
type Validator struct { variant.AzureTDX *vtpm.Validator // contains filtered or unexported fields }
Validator for Azure confidential VM attestation using TDX.
func NewValidator ¶
func NewValidator(cfg *config.AzureTDX, log attestation.Logger) *Validator
NewValidator returns a new Validator for Azure confidential VM attestation using TDX.