Documentation ¶
Overview ¶
Package validate is for checking attestation report properties other than signature verification.
Index ¶
Constants ¶
const ( // CertEntryAllowMissing will only error if the key is present in the certificate table and // Validate returns an error. CertEntryAllowMissing = iota // CertEntryRequire will cause an error if the certificate table does not include the key. CertEntryRequire )
Variables ¶
This section is empty.
Functions ¶
func RawSnpAttestation ¶
RawSnpAttestation validates fields of a raw attestation report against expectations. Does not check the attestation certificates or signature.
func SnpAttestation ¶
func SnpAttestation(attestation *spb.Attestation, options *Options) error
SnpAttestation validates fields of the protobuf representation of an attestation report against expectations. Does not check the attestation certificates or signature.
Types ¶
type CertEntryKind ¶ added in v0.9.0
type CertEntryKind int
CertEntryKind represents a simple policy kind for cert table entries. If a UUID string key is present in the CertTableOptions, then the Validate function must not error when given both the attestation and the blob associated with the UUID. If a UUID is missing, then the kind matters: should missing entries be considered an error, or an allowed omission?
type CertEntryOption ¶ added in v0.9.0
type CertEntryOption struct { Kind CertEntryKind Validate func(attestation *spb.Attestation, blob []byte) error }
CertEntryOption represents a pluggable validation option for CertTable entries. This allows for golden measurements (RIMs and the like) to be injected into the guest about various provided infrastructure.
type Options ¶
type Options struct { // GuestPolicy is the maximum of acceptable guest policies. GuestPolicy abi.SnpPolicy // MinimumGuestSvn is the minimum guest security version number. MinimumGuestSvn uint32 // ReportData is the expected REPORT_DATA field. Must be nil or 64 bytes long. Not checked if nil. ReportData []byte // HostData is the expected HOST_DATA field. Must be nil or 32 bytes long. Not checked if nil. HostData []byte // ImageID is the expected IMAGE_ID field. Must be nil or 16 bytes long. Not checked if nil. ImageID []byte // FamilyID is the expected FAMILY_ID field. Must be nil or 16 bytes long. Not checked if nil. FamilyID []byte // ReportID is the expected REPORT_ID field. Must be nil or 32 bytes long. Not checked if nil. ReportID []byte // ReportIDMA is the expected REPORT_ID_MA field. Must be nil or 32 bytes long. Not checked if nil. ReportIDMA []byte // Measurement is the expected MEASUREMENT field. Must be nil or 48 bytes long. Not checked if nil. Measurement []byte // ChipID is the expected CHIP_ID field. Must be nil or 64 bytes long. Not checked if nil. ChipID []byte // MinimumBuild is the minimum firmware build version reported in the attestation report. MinimumBuild uint8 // MinimumVersion is the minimum firmware API version reported in the attestation report, // where the MSB is the major number and the LSB is the minor number. MinimumVersion uint16 // MinimumTCB is the component-wise minimum TCB reported in the attestation report. This // does not include the LaunchTCB. MinimumTCB kds.TCBParts // MinimumLaunchTCB is the component-wise minimum for the attestation report LaunchTCB. MinimumLaunchTCB kds.TCBParts // PermitProvisionalFirmware if true, allows the committed TCB, build, and API values to be less // than or equal to the current values. If false, committed and current values must be equal. PermitProvisionalFirmware bool // PlatformInfo is the maximum of acceptable PLATFORM_INFO data. Not checked if nil. PlatformInfo *abi.SnpPlatformInfo // RequireAuthorKey if true, will not validate a report without AUTHOR_KEY_EN equal to 1. // Implies RequireIDBlock is true. RequireAuthorKey bool // VMPL is the expected VMPL value, 0-3. Unchecked if nil. VMPL *int // RequireIDBlock if true, will not validate a report if it does not have an ID_KEY_DIGEST that // is trusted through all keys in TrustedIDKeys or TrustedIDKeyHashes, or any ID key whose hash // was signed by a key in TrustedAuthorKeys or TrustedIDKeyHashes. No signatures are checked, // since presence in the attestation report implies that the AMD firmware successfully verified // the signature at VM launch. If false, ID_KEY_DIGEST and AUTHOR_KEY_DIGEST are not checked. RequireIDBlock bool // Certificates of keys that are permitted to sign ID keys. Any ID key signed by a trusted author // key is implicitly trusted. Not required if TrustedAuthorKeyHashes is provided. TrustedAuthorKeys []*x509.Certificate // TrustedAuthorKeys is an array of SHA-384 hashes of trusted author keys's public key in SEV-SNP // API format. Not required if TrustedAuthorKeys is provided. TrustedAuthorKeyHashes [][]byte // Certificates of keys that are permitted to sign IDBlocks. Not required if TrustedIDKeyHashes is // provided. TrustedIDKeys []*x509.Certificate // TrustedIDKeyHashes is an array of SHA-384 hashes of trusted ID signer keys's public key in // SEV-SNP API format. Not required if TrustedIDKeys is provided. TrustedIDKeyHashes [][]byte // CertTableOptions allows the caller to specify extra validation conditions on non-standard // UUID entries in the certificate table returned by GetExtendedReport. CertTableOptions map[string]*CertEntryOption }
Options represents verification options for an SEV-SNP attestation report.