Documentation
¶
Overview ¶
Package check defines the message type for the check CLI tool's options.
Index ¶
- Variables
- type Config
- type Policy
- func (*Policy) Descriptor() ([]byte, []int)deprecated
- func (x *Policy) GetChipId() []byte
- func (x *Policy) GetFamilyId() []byte
- func (x *Policy) GetHostData() []byte
- func (x *Policy) GetImageId() []byte
- func (x *Policy) GetMeasurement() []byte
- func (x *Policy) GetMinimumBuild() uint32
- func (x *Policy) GetMinimumGuestSvn() uint32
- func (x *Policy) GetMinimumLaunchTcb() uint64
- func (x *Policy) GetMinimumTcb() uint64
- func (x *Policy) GetMinimumVersion() string
- func (x *Policy) GetPermitProvisionalFirmware() bool
- func (x *Policy) GetPlatformInfo() *wrapperspb.UInt64Value
- func (x *Policy) GetPolicy() uint64
- func (x *Policy) GetProduct() *sevsnp.SevProduct
- func (x *Policy) GetReportData() []byte
- func (x *Policy) GetReportId() []byte
- func (x *Policy) GetReportIdMa() []byte
- func (x *Policy) GetRequireAuthorKey() bool
- func (x *Policy) GetRequireIdBlock() bool
- func (x *Policy) GetTrustedAuthorKeyHashes() [][]byte
- func (x *Policy) GetTrustedAuthorKeys() [][]byte
- func (x *Policy) GetTrustedIdKeyHashes() [][]byte
- func (x *Policy) GetTrustedIdKeys() [][]byte
- func (x *Policy) GetVmpl() *wrapperspb.UInt32Value
- func (*Policy) ProtoMessage()
- func (x *Policy) ProtoReflect() protoreflect.Message
- func (x *Policy) Reset()
- func (x *Policy) String() string
- type RootOfTrust
- func (*RootOfTrust) Descriptor() ([]byte, []int)deprecated
- func (x *RootOfTrust) GetCabundlePaths() []string
- func (x *RootOfTrust) GetCabundles() []string
- func (x *RootOfTrust) GetCheckCrl() bool
- func (x *RootOfTrust) GetDisallowNetwork() bool
- func (x *RootOfTrust) GetProduct() stringdeprecated
- func (x *RootOfTrust) GetProductLine() string
- func (*RootOfTrust) ProtoMessage()
- func (x *RootOfTrust) ProtoReflect() protoreflect.Message
- func (x *RootOfTrust) Reset()
- func (x *RootOfTrust) String() string
Constants ¶
This section is empty.
Variables ¶
View Source
var File_check_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// Configures which hardware keys to trust. Default uses library-embedded
// certificates.
RootOfTrust *RootOfTrust `protobuf:"bytes,1,opt,name=root_of_trust,json=rootOfTrust,proto3" json:"root_of_trust,omitempty"`
// The report validation policy.
Policy *Policy `protobuf:"bytes,2,opt,name=policy,proto3" json:"policy,omitempty"`
// contains filtered or unexported fields
}
Config is the overall message input for the check tool. This provides all the flags that configure the tool, including the validation policy.
func (*Config) Descriptor
deprecated
func (*Config) GetRootOfTrust ¶
func (x *Config) GetRootOfTrust() *RootOfTrust
func (*Config) ProtoMessage ¶
func (*Config) ProtoMessage()
func (*Config) ProtoReflect ¶
func (x *Config) ProtoReflect() protoreflect.Message
type Policy ¶
type Policy struct {
MinimumGuestSvn uint32 `protobuf:"varint,1,opt,name=minimum_guest_svn,json=minimumGuestSvn,proto3" json:"minimum_guest_svn,omitempty"`
// The component-wise maximum permissible guest policy, except
// API version values, and SingleSocket are the minimum permissible.
Policy uint64 `protobuf:"varint,2,opt,name=policy,proto3" json:"policy,omitempty"`
FamilyId []byte `protobuf:"bytes,3,opt,name=family_id,json=familyId,proto3" json:"family_id,omitempty"` // Should be 16 bytes long
ImageId []byte `protobuf:"bytes,4,opt,name=image_id,json=imageId,proto3" json:"image_id,omitempty"` // Should be 16 bytes long
Vmpl *wrapperspb.UInt32Value `protobuf:"bytes,5,opt,name=vmpl,proto3" json:"vmpl,omitempty"`
MinimumTcb uint64 `protobuf:"varint,6,opt,name=minimum_tcb,json=minimumTcb,proto3" json:"minimum_tcb,omitempty"`
MinimumLaunchTcb uint64 `protobuf:"varint,7,opt,name=minimum_launch_tcb,json=minimumLaunchTcb,proto3" json:"minimum_launch_tcb,omitempty"`
PlatformInfo *wrapperspb.UInt64Value `protobuf:"bytes,8,opt,name=platform_info,json=platformInfo,proto3" json:"platform_info,omitempty"`
RequireAuthorKey bool `protobuf:"varint,9,opt,name=require_author_key,json=requireAuthorKey,proto3" json:"require_author_key,omitempty"`
ReportData []byte `protobuf:"bytes,10,opt,name=report_data,json=reportData,proto3" json:"report_data,omitempty"` // Should be 64 bytes long
Measurement []byte `protobuf:"bytes,11,opt,name=measurement,proto3" json:"measurement,omitempty"` // Should be 48 bytes long
HostData []byte `protobuf:"bytes,12,opt,name=host_data,json=hostData,proto3" json:"host_data,omitempty"` // Should be 32 bytes long
ReportId []byte `protobuf:"bytes,13,opt,name=report_id,json=reportId,proto3" json:"report_id,omitempty"` // Should be 32 bytes long
ReportIdMa []byte `protobuf:"bytes,14,opt,name=report_id_ma,json=reportIdMa,proto3" json:"report_id_ma,omitempty"` // Should be 32 bytes long
ChipId []byte `protobuf:"bytes,15,opt,name=chip_id,json=chipId,proto3" json:"chip_id,omitempty"` // Should be 64 bytes long
MinimumBuild uint32 `protobuf:"varint,16,opt,name=minimum_build,json=minimumBuild,proto3" json:"minimum_build,omitempty"`
MinimumVersion string `protobuf:"bytes,17,opt,name=minimum_version,json=minimumVersion,proto3" json:"minimum_version,omitempty"` // Should be "maj.min", both should be 0-255.
PermitProvisionalFirmware bool `` /* 140-byte string literal not displayed */
RequireIdBlock bool `protobuf:"varint,19,opt,name=require_id_block,json=requireIdBlock,proto3" json:"require_id_block,omitempty"`
TrustedAuthorKeys [][]byte `protobuf:"bytes,20,rep,name=trusted_author_keys,json=trustedAuthorKeys,proto3" json:"trusted_author_keys,omitempty"`
TrustedAuthorKeyHashes [][]byte `` /* 132-byte string literal not displayed */
TrustedIdKeys [][]byte `protobuf:"bytes,22,rep,name=trusted_id_keys,json=trustedIdKeys,proto3" json:"trusted_id_keys,omitempty"`
TrustedIdKeyHashes [][]byte `protobuf:"bytes,23,rep,name=trusted_id_key_hashes,json=trustedIdKeyHashes,proto3" json:"trusted_id_key_hashes,omitempty"`
// The expected product that generated the attestation report. Stepping optional.
Product *sevsnp.SevProduct `protobuf:"bytes,24,opt,name=product,proto3" json:"product,omitempty"`
// contains filtered or unexported fields
}
Policy is a representation of an attestation report validation policy. Each field corresponds to a field on validate.Options. This format is useful for providing programmatic inputs to the `check` CLI tool.
func (*Policy) Descriptor
deprecated
func (*Policy) GetFamilyId ¶
func (*Policy) GetHostData ¶
func (*Policy) GetImageId ¶
func (*Policy) GetMeasurement ¶
func (*Policy) GetMinimumBuild ¶
func (*Policy) GetMinimumGuestSvn ¶
func (*Policy) GetMinimumLaunchTcb ¶
func (*Policy) GetMinimumTcb ¶
func (*Policy) GetMinimumVersion ¶
func (*Policy) GetPermitProvisionalFirmware ¶
func (*Policy) GetPlatformInfo ¶
func (x *Policy) GetPlatformInfo() *wrapperspb.UInt64Value
func (*Policy) GetProduct ¶ added in v0.9.2
func (x *Policy) GetProduct() *sevsnp.SevProduct
func (*Policy) GetReportData ¶
func (*Policy) GetReportId ¶
func (*Policy) GetReportIdMa ¶
func (*Policy) GetRequireAuthorKey ¶
func (*Policy) GetRequireIdBlock ¶
func (*Policy) GetTrustedAuthorKeyHashes ¶
func (*Policy) GetTrustedAuthorKeys ¶
func (*Policy) GetTrustedIdKeyHashes ¶
func (*Policy) GetTrustedIdKeys ¶
func (*Policy) GetVmpl ¶
func (x *Policy) GetVmpl() *wrapperspb.UInt32Value
func (*Policy) ProtoMessage ¶
func (*Policy) ProtoMessage()
func (*Policy) ProtoReflect ¶
func (x *Policy) ProtoReflect() protoreflect.Message
type RootOfTrust ¶
type RootOfTrust struct {
// The expected AMD product the attestation was collected from. Default
// "Milan".
//
// Deprecated: Marked as deprecated in check.proto.
Product string `protobuf:"bytes,1,opt,name=product,proto3" json:"product,omitempty"`
// Paths to CA bundles for the AMD product.
// Must be in PEM format, AS[V]K, then ARK certificates.
// This is for verifing a report's signature, as opposed to validating trust
// in the report's ID key or author key.
// If empty, uses the verification library's embedded certificates from AMD.
CabundlePaths []string `protobuf:"bytes,2,rep,name=cabundle_paths,json=cabundlePaths,proto3" json:"cabundle_paths,omitempty"`
// PEM format CA bundles for the AMD product. Combined with contents of cabundle_paths.
Cabundles []string `protobuf:"bytes,3,rep,name=cabundles,proto3" json:"cabundles,omitempty"`
// If true, download and check the CRL for revoked certificates.
CheckCrl bool `protobuf:"varint,4,opt,name=check_crl,json=checkCrl,proto3" json:"check_crl,omitempty"`
// If true, then check is not permitted to download necessary files for verification.
DisallowNetwork bool `protobuf:"varint,5,opt,name=disallow_network,json=disallowNetwork,proto3" json:"disallow_network,omitempty"`
// The expected AMD product line the attestation was collected from. Default "Milan".
ProductLine string `protobuf:"bytes,6,opt,name=product_line,json=productLine,proto3" json:"product_line,omitempty"`
// contains filtered or unexported fields
}
RootOfTrust represents configuration for which hardware root of trust certificates to use for verifying attestation report signatures.
func (*RootOfTrust) Descriptor
deprecated
func (*RootOfTrust) Descriptor() ([]byte, []int)
Deprecated: Use RootOfTrust.ProtoReflect.Descriptor instead.
func (*RootOfTrust) GetCabundlePaths ¶
func (x *RootOfTrust) GetCabundlePaths() []string
func (*RootOfTrust) GetCabundles ¶
func (x *RootOfTrust) GetCabundles() []string
func (*RootOfTrust) GetCheckCrl ¶
func (x *RootOfTrust) GetCheckCrl() bool
func (*RootOfTrust) GetDisallowNetwork ¶
func (x *RootOfTrust) GetDisallowNetwork() bool
func (*RootOfTrust) GetProduct
deprecated
func (x *RootOfTrust) GetProduct() string
Deprecated: Marked as deprecated in check.proto.
func (*RootOfTrust) GetProductLine ¶ added in v0.11.1
func (x *RootOfTrust) GetProductLine() string
func (*RootOfTrust) ProtoMessage ¶
func (*RootOfTrust) ProtoMessage()
func (*RootOfTrust) ProtoReflect ¶
func (x *RootOfTrust) ProtoReflect() protoreflect.Message
func (*RootOfTrust) Reset ¶
func (x *RootOfTrust) Reset()
func (*RootOfTrust) String ¶
func (x *RootOfTrust) String() string
Source Files
Click to show internal directories.
Click to hide internal directories.