tdx

Documentation

Index

• type TDX
  • func FromPlatform() (*TDX, error)
  • func (td *TDX) AttestationType() string
  • func (td *TDX) GetName() string
  • func (td *TDX) GetTOTPSecret() string
  • func (td *TDX) MatchesQuoteV4(quote *tdxpb.QuoteV4) ([]error, []error)
  • func (td *TDX) SetTOTPSecret(totpSecret string)

Types

type TDX

type TDX struct {
	tokenutil.TokenParams `json:"-" mapstructure:"-" structs:"-"`

	// Name is the name of trusted domain.
	Name string `json:"-" mapstructure:"-" structs:"-"`

	// TOTPSecret is the secret used to generate initial TOTP codes.
	TOTPSecret string `json:"totp_secret" mapstructure:"totp_secret" structs:"totp_secret"`

	// MrOwner is the expected software-defined ID for the TD's owner.
	MrOwner *types.Byte48 `json:"tdx_mr_owner,omitempty" mapstructure:"tdx_mr_owner,omitempty" structs:"tdx_mr_owner,omitempty"`

	// MrOwnerConfig is the expected software-defined ID for owner-defined
	// configuration of the TD, e.g., specific to the workload rather than the
	// runtime or OS.
	MrOwnerConfig *types.Byte48 `json:"tdx_mr_owner_config,omitempty" mapstructure:"tdx_mr_owner_config,omitempty" structs:"tdx_mr_owner_config,omitempty"`

	// MrConfigID is the expected software-defined ID for non-owner-defined
	// configuration of the TD, e.g., runtime or OS configuration.
	MrConfigID *types.Byte48 `json:"tdx_mr_config_id,omitempty" mapstructure:"tdx_mr_config_id,omitempty" structs:"tdx_mr_config_id,omitempty"`

	// MrTD is the expected measurement of initial contents of the TD.
	MrTD *types.Byte48 `json:"tdx_mr_td,omitempty" mapstructure:"tdx_mr_td,omitempty" structs:"tdx_mr_td,omitempty"`

	// RTMR0 is the expected runtime-extendable measurement register #0.
	//
	// By convention, RTMR[0] is updated by the TD virtual firmware/BIOS (TDVF).
	// The measurements and the log file may differ depending on the TDVF
	// vendor. For more information on the measurements in RTMR[0], contact your
	// TDVF vendor.
	RTMR0 *types.Byte48 `json:"tdx_rtmr0,omitempty" mapstructure:"tdx_rtmr0,omitempty" structs:"tdx_rtmr0,omitempty"`

	// RTMR1 is the expected runtime-extendable measurement register #1.
	//
	// By convention, RTMR[1] is updated by the TD virtual firmware/BIOS (TDVF).
	// The measurements and the log file may differ depending on the TDVF
	// vendor. For more information on the measurements in RTMR[1], contact your
	// TDVF vendor.
	RTMR1 *types.Byte48 `json:"tdx_rtmr1,omitempty" mapstructure:"tdx_rtmr1,omitempty" structs:"tdx_rtmr1,omitempty"`

	// RTMR2 is the expected runtime-extendable measurement register #2.
	//
	// By convention, RTMR[2] measurements are generated by the OS. For more
	// information on this measurement, contact your OS vendor.
	RTMR2 *types.Byte48 `json:"tdx_rtmr2,omitempty" mapstructure:"tdx_rtmr2,omitempty" structs:"tdx_rtmr2,omitempty"`

	// RTMR3 is the expected runtime-extendable measurement register #3.
	//
	// By convention, RTMR[3] measurements are generated by runtime code. For
	// more information on this measurement, contact the TD workload owner.
	RTMR3 *types.Byte48 `json:"tdx_rtmr3,omitempty" mapstructure:"tdx_rtmr3,omitempty" structs:"tdx_rtmr3,omitempty"`

	// CheckTDAttrDebug indicates whether TUD.DEBUG == 0 is verified.
	//
	// TUD.DEBUG defines whether the TD runs in TD debug mode (set to 1) or not
	// (set to 0). In TD debug mode, the CPU state and private memory are
	// accessible by the host VMM.
	CheckDebug bool `json:"tdx_check_debug" mapstructure:"tdx_check_debug" structs:"tdx_check_debug"`

	// CheckTDAttrSeptVeDisable indicates whether SEC.SEPT_VE_DISABLE == 1 is
	// verified.
	//
	// SEC.SEPT_VE_DISABLE defines if EPT violation conversion to #VE on TD
	// access of PENDING pages is disabled.
	//
	// See also: https://intel.github.io/ccc-linux-guest-hardening-docs/security-spec.html#safety-against-ve-in-kernel-code
	CheckSeptVeDisable bool `json:"tdx_check_sept_ve_disable" mapstructure:"tdx_check_sept_ve_disable" structs:"tdx_check_sept_ve_disable"`
}

TDX reflects our expectations about TDX trusted domain.

For the reference see Intel TDX DCAP: Quote Generation Library and Quote Verification Library (rev 0.9, 2023/12).

See also:

• https://cc-enabling.trustedservices.intel.com/intel-tdx-enabling-guide/02/infrastructure_setup/#td-quote-verification
• https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/SGX_DCAP_Caching_Service_Design_Guide.pdf
• https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf

func FromPlatform

func FromPlatform() (*TDX, error)

FromPlatform creates new TDX instance from the parameters of the platform we are currently running on.

func (*TDX) AttestationType

func (td *TDX) AttestationType() string

func (*TDX) GetName

func (td *TDX) GetName() string

func (*TDX) GetTOTPSecret

func (td *TDX) GetTOTPSecret() string

func (*TDX) MatchesQuoteV4

func (td *TDX) MatchesQuoteV4(quote *tdxpb.QuoteV4) (
	[]error, []error,
)

func (*TDX) SetTOTPSecret

func (td *TDX) SetTOTPSecret(totpSecret string)