client

package
v0.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 27, 2023 License: Apache-2.0 Imports: 8 Imported by: 7

Documentation

Overview

Package client provides an interface to the AMD SEV-SNP guest device commands.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetDerivedKeyAcknowledgingItsLimitations added in v0.2.3 

func GetDerivedKeyAcknowledgingItsLimitations(d Device, request *SnpDerivedKeyReq) (*labi.SnpDerivedKeyRespABI, error)

GetDerivedKeyAcknowledgingItsLimitations returns 32 bytes of key material that the AMD security processor derives from the given parameters. Security limitations of this command are described more in the project README.

func GetExtendedReport 

func GetExtendedReport(d Device, reportData [64]byte) (*pb.Attestation, error)

GetExtendedReport gets an extended attestation report at VMPL0 into a structured type.

func GetExtendedReportAtVmpl 

func GetExtendedReportAtVmpl(d Device, reportData [64]byte, vmpl int) (*pb.Attestation, error)

GetExtendedReportAtVmpl gets an extended attestation report at the given VMPL into a structured type.

func GetRawExtendedReport 

func GetRawExtendedReport(d Device, reportData [64]byte) ([]byte, []byte, error)

GetRawExtendedReport requests for an attestation report that incorporates the given user data, and additional key certificate information.

func GetRawExtendedReportAtVmpl 

func GetRawExtendedReportAtVmpl(d Device, reportData [64]byte, vmpl int) ([]byte, []byte, error)

GetRawExtendedReportAtVmpl requests for an attestation report that incorporates the given user data at the given VMPL, and additional key certificate information.

func GetRawReport 

func GetRawReport(d Device, reportData [64]byte) ([]byte, error)

GetRawReport requests for an attestation report at VMPL0 that incorporates the given user data.

func GetRawReportAtVmpl 

func GetRawReportAtVmpl(d Device, reportData [64]byte, vmpl int) ([]byte, error)

GetRawReportAtVmpl requests for an attestation report at the given VMPL that incorporates the given user data.

func GetReport 

func GetReport(d Device, reportData [64]byte) (*pb.Report, error)

GetReport gets an attestation report at VMPL0 into its protobuf representation.

func GetReportAtVmpl 

func GetReportAtVmpl(d Device, reportData [64]byte, vmpl int) (*pb.Report, error)

GetReportAtVmpl gets an attestation report at the given VMPL into its protobuf representation.

func UseDefaultSevGuest added in v0.4.0 

func UseDefaultSevGuest() bool

UseDefaultSevGuest returns true iff -sev_guest_device_path=default.

Types

type Device 

type Device interface {
	// Open prepares the Device from the given path.
	Open(path string) error
	// Close releases the device resource.
	Close() error
	// Ioctl performs the given command with the given argument.
	Ioctl(command uintptr, argument any) (uintptr, error)
	// Product returns AMD SEV-related CPU information of the calling CPU.
	Product() *pb.SevProduct
}

Device encapsulates the possible commands to the AMD SEV guest device.

type GuestFieldSelect added in v0.2.3 

type GuestFieldSelect struct {
	TCBVersion  bool
	GuestSVN    bool
	Measurement bool
	FamilyID    bool
	ImageID     bool
	GuestPolicy bool
}

GuestFieldSelect represents which guest-provided information will be mixed into a derived key.

func (GuestFieldSelect) ABI added in v0.2.3 

func (g GuestFieldSelect) ABI() uint64

ABI returns the SNP ABI-specified uint64 bitmask of guest field selection.

type LinuxDevice 

type LinuxDevice struct {
	// contains filtered or unexported fields
}

LinuxDevice implements the Device interface with Linux ioctls.

func OpenDevice 

func OpenDevice() (*LinuxDevice, error)

OpenDevice opens the SEV-SNP guest device.

func (*LinuxDevice) Close 

func (d *LinuxDevice) Close() error

Close closes the SEV-SNP guest device.

func (*LinuxDevice) Ioctl 

func (d *LinuxDevice) Ioctl(command uintptr, req any) (uintptr, error)

Ioctl sends a command with its wrapped request and response values to the Linux device.

func (*LinuxDevice) Open 

func (d *LinuxDevice) Open(path string) error

Open opens the SEV-SNP guest device from a given path

func (*LinuxDevice) Product added in v0.7.1 

func (d *LinuxDevice) Product() *spb.SevProduct

Product returns the current CPU's associated AMD SEV product information.

type SnpDerivedKeyReq added in v0.2.3 

type SnpDerivedKeyReq struct {
	// UseVCEK determines if the derived key will be based on VCEK or VMRK. This is opposite from the
	// ABI's ROOT_KEY_SELECT to avoid accidentally making an unsafe choice in a multitenant
	// environment.
	UseVCEK          bool
	GuestFieldSelect GuestFieldSelect
	// Vmpl to mix into the key. Must be greater than or equal to current Vmpl.
	Vmpl uint32
	// GuestSVN to mix into the key. Must be less than or equal to GuestSVN at launch.
	GuestSVN uint32
	// TCBVersion to mix into the key. Must be less than or equal to the CommittedTcb.
	TCBVersion uint64
}

SnpDerivedKeyReq represents a request to the SEV guest device to derive a key from specified information.

Source Files

View all Source files

Directories

Path Synopsis
Package linuxabi describes the /dev/sev-guest ioctl command ABI.
 Package linuxabi describes the /dev/sev-guest ioctl command ABI.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.