tdx

package

v0.0.0-...-264fa3d Latest Latest Go to latest Published: Jun 3, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/gce-tcb-verifier

Links

Documentation ¶

Overview ¶

Package tdx implements launch measurement reconstruction given a few inputs such as firmware.

Index ¶

func MRTD(opts *LaunchOptions, fw []byte) ([48]byte, error)
func UnsignedTDX(uefi []byte, tdxRequest *EndorsementRequest) (*epb.VMTdx, error)
type EndorsementRequest
type LaunchOptions
- func LaunchOptionsDefault(machineType string) *LaunchOptions
type Measurement
- func NewMeasurement() *Measurement
- func (m *Measurement) Finalize() [48]byte
- func (m *Measurement) InitMemoryRegion(region *ovmf.MaterialGuestPhysicalRegion) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func MRTD ¶

func MRTD(opts *LaunchOptions, fw []byte) ([48]byte, error)

MRTD returns the expected MRTD from booting a given OVMF and Google Compute Engine configuration.

func UnsignedTDX ¶

func UnsignedTDX(uefi []byte, tdxRequest *EndorsementRequest) (*epb.VMTdx, error)

UnsignedTDX returns the TDX component of a GoldenMeasurement for a given UEFI.

Types ¶

type EndorsementRequest ¶

type EndorsementRequest struct {
	// Svn is the image's security version number.
	Svn uint32
	// IncludeEarlyAccept if true adds a second set of measurements where all memory is accepted
	// and therefore has different measured resource attributes.
	IncludeEarlyAccept bool
	// The list of machine shapes whose configuration is relevant to measurement.
	MachineShapes []string
}

EndorsementRequest encapsulates all Intel TDX-specific information needed to endorse a UEFI binary for TDX.

type LaunchOptions ¶

type LaunchOptions struct {
	GuestRAMBanks           []ovmf.GuestPhysicalRegion
	DisableUnacceptedMemory bool
}

LaunchOptions contains GCE API surface options for launching a TDX VM that translate into the relevant memory bank topology for measurement.

func LaunchOptionsDefault ¶

func LaunchOptionsDefault(machineType string) *LaunchOptions

LaunchOptionsDefault returns a default LaunchOptions instance.

type Measurement ¶

type Measurement struct {
	// contains filtered or unexported fields
}

Measurement represents the expected MRTD field of a TDX Quote.

func NewMeasurement ¶

func NewMeasurement() *Measurement

NewMeasurement returns a new Measurement construct for calculating the TDX MRTD.

func (*Measurement) Finalize ¶

func (m *Measurement) Finalize() [48]byte

Finalize returns the final measurement of the VM.

func (*Measurement) InitMemoryRegion ¶

func (m *Measurement) InitMemoryRegion(region *ovmf.MaterialGuestPhysicalRegion) error

InitMemoryRegion extends a Measurement with the initial contents of a page.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL