client

package

v0.4.0 Latest Latest Go to latest Published: Dec 12, 2022 License: Apache-2.0 Imports: 7 Imported by: 8

Documentation ¶

Rendered for

Index ¶

Constants
func GetDerivedKeyAcknowledgingItsLimitations(d Device, request *SnpDerivedKeyReq) (*labi.SnpDerivedKeyRespABI, error)
func GetExtendedReport(d Device, reportData [64]byte) (*pb.Attestation, error)
func GetExtendedReportAtVmpl(d Device, reportData [64]byte, vmpl int) (*pb.Attestation, error)
func GetRawExtendedReport(d Device, reportData [64]byte) ([]byte, []byte, error)
func GetRawExtendedReportAtVmpl(d Device, reportData [64]byte, vmpl int) ([]byte, []byte, error)
func GetRawReport(d Device, reportData [64]byte) ([]byte, error)
func GetRawReportAtVmpl(d Device, reportData [64]byte, vmpl int) ([]byte, error)
func GetReport(d Device, reportData [64]byte) (*pb.Report, error)
func GetReportAtVmpl(d Device, reportData [64]byte, vmpl int) (*pb.Report, error)
func UseDefaultSevGuest() bool
type Device
type GuestFieldSelect
- func (g GuestFieldSelect) ABI() uint64
type MacOSDevice
- func OpenDevice() (*MacOSDevice, error)
type SnpDerivedKeyReq

Constants ¶

const DefaultSevGuestDevicePath = "unknown"

DefaultSevGuestDevicePath is the platform's usual device path to the SEV guest.

Variables ¶

This section is empty.

Functions ¶

func GetDerivedKeyAcknowledgingItsLimitations ¶

func GetDerivedKeyAcknowledgingItsLimitations(d Device, request *SnpDerivedKeyReq) (*labi.SnpDerivedKeyRespABI, error)

GetDerivedKeyAcknowledgingItsLimitations returns 32 bytes of key material that the AMD security processor derives from the given parameters. Security limitations of this command are described more in the project README.

func GetExtendedReport ¶

func GetExtendedReport(d Device, reportData [64]byte) (*pb.Attestation, error)

GetExtendedReport gets an extended attestation report at VMPL0 into a structured type.

func GetExtendedReportAtVmpl ¶

func GetExtendedReportAtVmpl(d Device, reportData [64]byte, vmpl int) (*pb.Attestation, error)

GetExtendedReportAtVmpl gets an extended attestation report at the given VMPL into a structured type.

func GetRawExtendedReport ¶

func GetRawExtendedReport(d Device, reportData [64]byte) ([]byte, []byte, error)

GetRawExtendedReport requests for an attestation report that incorporates the given user data, and additional key certificate information.

func GetRawExtendedReportAtVmpl ¶

func GetRawExtendedReportAtVmpl(d Device, reportData [64]byte, vmpl int) ([]byte, []byte, error)

GetRawExtendedReportAtVmpl requests for an attestation report that incorporates the given user data at the given VMPL, and additional key certificate information.

func GetRawReport ¶

func GetRawReport(d Device, reportData [64]byte) ([]byte, error)

GetRawReport requests for an attestation report at VMPL0 that incorporates the given user data.

func GetRawReportAtVmpl ¶

func GetRawReportAtVmpl(d Device, reportData [64]byte, vmpl int) ([]byte, error)

GetRawReportAtVmpl requests for an attestation report at the given VMPL that incorporates the given user data.

func GetReport ¶

func GetReport(d Device, reportData [64]byte) (*pb.Report, error)

GetReport gets an attestation report at VMPL0 into its protobuf representation.

func GetReportAtVmpl ¶

func GetReportAtVmpl(d Device, reportData [64]byte, vmpl int) (*pb.Report, error)

GetReportAtVmpl gets an attestation report at the given VMPL into its protobuf representation.

func UseDefaultSevGuest ¶ added in v0.4.0

func UseDefaultSevGuest() bool

UseDefaultSevGuest returns true iff -sev_guest_device_path=default.

Types ¶

type Device ¶

type Device interface {
	Open(path string) error
	Close() error
	Ioctl(command uintptr, argument any) (uintptr, error)
}

Device encapsulates the possible commands to the AMD SEV guest device.

type GuestFieldSelect ¶

type GuestFieldSelect struct {
	TCBVersion  bool
	GuestSVN    bool
	Measurement bool
	FamilyID    bool
	ImageID     bool
	GuestPolicy bool
}

GuestFieldSelect represents which guest-provided information will be mixed into a derived key.

func (GuestFieldSelect) ABI ¶

func (g GuestFieldSelect) ABI() uint64

ABI returns the SNP ABI-specified uint64 bitmask of guest field selection.

type MacOSDevice ¶

type MacOSDevice struct{}

MacOSDevice implements the Device interface with Linux ioctls.

func OpenDevice ¶

func OpenDevice() (*MacOSDevice, error)

OpenDevice fails on MacOS.

func (*MacOSDevice) Close ¶

func (d *MacOSDevice) Close() error

Close is not supported on MacOS.

func (*MacOSDevice) Ioctl ¶

func (d *MacOSDevice) Ioctl(command uintptr, req any) (uintptr, error)

Ioctl is not supported on MacOS.

func (*MacOSDevice) Open ¶

func (d *MacOSDevice) Open(path string) error

Open is not supported on MacOS.

type SnpDerivedKeyReq ¶

type SnpDerivedKeyReq struct {
	// UseVCEK determines if the derived key will be based on VCEK or VMRK. This is opposite from the
	// ABI's ROOT_KEY_SELECT to avoid accidentally making an unsafe choice in a multitenant
	// environment.
	UseVCEK          bool
	GuestFieldSelect GuestFieldSelect
	// Vmpl to mix into the key. Must be greater than or equal to current Vmpl.
	Vmpl uint32
	// GuestSVN to mix into the key. Must be less than or equal to GuestSVN at launch.
	GuestSVN uint32
	// TCBVersion to mix into the key. Must be less than or equal to the CommittedTcb.
	TCBVersion uint64
}

SnpDerivedKeyReq represents a request to the SEV guest device to derive a key from specified information.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
linuxabi Package linuxabi describes the /dev/sev-guest ioctl command ABI.	Package linuxabi describes the /dev/sev-guest ioctl command ABI.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL