extract

Documentation

Overview

Package extract provides endorsement extraction logic to access cached information available from either an attestation report or an event logger. Event logs may point to downloadable URIs and/or local UEFI variables, so extraction ought to be done by the lead attester to include as evidence to an attestation verification service.

Index

• Constants
• Variables
• func Attestation(quote []byte) (*tpmpb.Attestation, error)
• func Endorsement(opts *Options) (out []byte, err error)
• type ConfigfsTsmQuoteProvider
  • func (qp *ConfigfsTsmQuoteProvider) GetRawQuote(reportData [64]byte) ([]uint8, error)
  • func (qp *ConfigfsTsmQuoteProvider) IsSupported() bool
• type Options
  • func DefaultOptions() *Options
• type QuoteProvider

Constants

const (
	// GCEFirmwareManufacturer is the expected FirmwareManufacturer value in an SP800-155 Event3 event
	// on a GCE VM.
	GCEFirmwareManufacturer = "Google, Inc."
)

Variables

var (
	// ErrOptionsNil is returned when an Options is needed but is nil.
	ErrOptionsNil = errors.New("extract options is nil")
	// ErrGetterNil is returned when a Getter is needed but is nil.
	ErrGetterNil = errors.New("getter is nil")
	// ErrQuoteNil is returned when a Quote is needed but is nil.
	ErrQuoteNil = errors.New("quote is nil")
	// ErrUnknownFormat is returned when an attestation file cannot be decoded from any of the
	// supported forms.
	ErrUnknownFormat = errors.New("unknown attestation format")
	// ErrEventLogPathEmpty is returned when the event log path in Options is empty.
	ErrEventLogPathEmpty = errors.New("event log path is empty")
)

Functions

func Attestation

func Attestation(quote []byte) (*tpmpb.Attestation, error)

Attestation will try to deserialize a given attestation in any of the supported formats and return it packaged in the most general format.

func Endorsement

func Endorsement(opts *Options) (out []byte, err error)

Endorsement will try to find the UEFI endorsement from local context.

Types

type ConfigfsTsmQuoteProvider

type ConfigfsTsmQuoteProvider struct {
	Client configfsi.Client
}

ConfigfsTsmQuoteProvider provides quotes through the Linux configfs-tsm report interface.

func (*ConfigfsTsmQuoteProvider) GetRawQuote

func (qp *ConfigfsTsmQuoteProvider) GetRawQuote(reportData [64]byte) ([]uint8, error)

GetRawQuote returns the raw quote from the configfs-tsm report.

func (*ConfigfsTsmQuoteProvider) IsSupported

func (qp *ConfigfsTsmQuoteProvider) IsSupported() bool

IsSupported returns true if the quote provider supports configfs-tsm reports.

type Options

type Options struct {
	Provider             QuoteProvider
	Getter               trust.HTTPSGetter
	FirmwareManufacturer string
	EventLogLocation     string
	UEFIVariableReader   exel.VariableReader
	// Quote is any of the supported formats. If empty, the Provider will be used to get a quote.
	Quote []byte
}

Options provides configuration for RIM extraction logic.

func DefaultOptions

func DefaultOptions() *Options

DefaultOptions returns the default options for RIM extraction.

type QuoteProvider

type QuoteProvider interface {
	// IsSupported returns whether the kernel supports this implementation.
	IsSupported() bool
	// GetRawQuote returns a raw report with the default privilege level.
	GetRawQuote(reportData [64]byte) ([]uint8, error)
}

QuoteProvider provides a raw quote within a trusted execution environment.