api

package
v3.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 9, 2022 License: MIT Imports: 29 Imported by: 0

Documentation

Overview

Keep in sync with agent/pkg/api/types.go

Index

Constants

View Source
const (
	OSWindows = "windows"
	OSLinux   = "linux"
	OSUnknown = "unknown"
)
View Source
const (
	EFICertificate = "certificate"
	EFIFingerprint = "fingerprint"
)
View Source
const (
	ModeSetup    = "setup"
	ModeAudit    = "audit"
	ModeUser     = "user"
	ModeDeployed = "deployed"
)
View Source
const (
	ICU        = "ICU"
	TXE        = "TXE"
	ConsumerME = "Consumer CSME"
	BusinessME = "Business CSME"
	LightME    = "Light ME"
	SPS        = "SPS"
	UnknownME  = "Unrecognized"
)
View Source
const (
	BootchainCategory     = "bootchain"
	FirmwareCategory      = "firmware"
	ConfigurationCategory = "configuration"
)
View Source
const (
	// host
	AnnHostname  = "host-hostname"
	AnnOSType    = "host-type"
	AnnCPUVendor = "host-cpu-ven"

	// smbios
	AnnNoSMBIOS           = "smbios-miss"
	AnnInvalidSMBIOS      = "smbios-inv"
	AnnSMBIOSType0Missing = "smbios-type0-miss"
	AnnSMBIOSType0Dup     = "smbios-type0-dup"
	AnnSMBIOSType1Missing = "smbios-type1-miss"
	AnnSMBIOSType1Dup     = "smbios-type1-dup"

	// uefi
	AnnNoEFI                = "uefi-vars-miss"
	AnnNoSecureBoot         = "uefi-secure-boot"
	AnnNoDeployedSecureBoot = "uefi-deployed-secure-boot"
	AnnMissingEventLog      = "uefi-eventlog-miss"
	AnnModeInvalid          = "uefi-mode-inv"
	AnnPKMissing            = "uefi-pk-miss"
	AnnPKInvalid            = "uefi-pk-inv"
	AnnKEKMissing           = "uefi-kek-miss"
	AnnKEKInvalid           = "uefi-kek-inv"
	AnnDBMissing            = "uefi-db-miss"
	AnnDBInvalid            = "uefi-db-inv"
	AnnDBxMissing           = "uefi-dbx-miss"
	AnnDBxInvalid           = "uefi-dbx-inv"

	// txt
	AnnNoTXTPubspace = "txt-public-miss"

	// sgx
	AnnNoSGX            = "sgx-missing"
	AnnSGXDisabled      = "sgx-disabled"
	AnnSGXCaps0Missing  = "sgx-cpuid0-miss"
	AnnSGXCaps1Missing  = "sgx-cpuid1-miss"
	AnnSGXCaps29Missing = "sgx-cpuid2-9-miss"

	// tpm
	AnnNoTPM                  = "tpm-miss"
	AnnNoTPMManufacturer      = "tpm-manuf-miss"
	AnnInvalidTPMManufacturer = "tpm-manuf-inv"
	AnnNoTPMVendorID          = "tpm-vid-miss"
	AnnInvalidTPMVendorID     = "tpm-vid-inv"
	AnnNoTPMSpecVersion       = "tpm-spec-miss"
	AnnInvalidTPMSpecVersion  = "tpm-spec-inv"
	AnnEventLogMissing        = "tpm-eventlog-miss"
	AnnEventLogInvalid        = "tpm-eventlog-inv"
	AnnEventLogBad            = "tpm-eventlog-bad"
	AnnPCRInvalid             = "tpm-pcr-miss"
	AnnPCRMissing             = "tpm-pcr-inv"

	// sev
	AnnNoSEV                 = "sev-miss"
	AnnSEVDisabled           = "sev-disabled"
	AnnPlatformStatusMissing = "sev-ps-miss"
	AnnPlatformStatusInvalid = "sev-ps-inv"

	// me
	AnnNoMEDevice           = "me-miss"
	AnnMEConfigSpaceInvalid = "me-inv"
	AnnMEVariantInvalid     = "me-variant-inv"
	AnnMEVersionMissing     = "me-version-miss"
	AnnMEVersionInvalid     = "me-version-inv"
	AnnMEFeaturesMissing    = "me-feat-miss"
	AnnMEFeaturesInvalid    = "me-feat-inv"
	AnnMEFWUPMissing        = "me-fwup-miss"
	AnnMEFWUPInvalid        = "me-fwup-inv"
)
View Source
const (
	StateNew           = "new"
	StateUnseen        = "unseen"
	StateVuln          = "vulnerable"
	StateTrusted       = "trusted"
	StateOutdated      = "outdated"
	StateRetired       = "retired"
	StateResurrectable = "resurrectable"
)
View Source
const DefaultHTTPRequestTimeoutSec = 30
View Source
const DefaultPostRequestTimeoutSec = 60
View Source
const EvidenceType = "evidence/1"
View Source
const ReportType = "report/2"
View Source
const ReportTypeV1 = "report/1"
View Source
const VerdictType = "verdict/1"

Variables

View Source
var (
	ServerError  = errors.New("API server error")
	NetworkError = errors.New("Connection error")
	AuthError    = errors.New("Authentication token invalid")
	FormatError  = errors.New("Data invalid")
	PaymentError = errors.New("Payment required")
)
View Source
var (
	ChangeEnroll     = "enroll"      // device
	ChangeRename     = "rename"      // device
	ChangeTag        = "tag"         // device
	ChangeAssociate  = "associate"   // device,policy
	ChangeTemplate   = "template"    // policy
	ChangeNew        = "new"         // policy
	ChangeInstaciate = "instanciate" // policy
	ChangeRevoke     = "revoke"      // policy
	ChangeRetire     = "retire"      // device
)

Functions

func Cookie(rng io.Reader) (string, error)

func EqualNames

func EqualNames(n1 *Name, n2 *Name) bool

func GenerateAttestationCreation

func GenerateAttestationCreation(rand *rand.Rand) tpm2.AttestationData

func GenerateAttestationData

func GenerateAttestationData(rand *rand.Rand) tpm2.AttestationData

func GenerateCertifyInfo

func GenerateCertifyInfo(rand *rand.Rand) tpm2.CertifyInfo

func GenerateClockInfo

func GenerateClockInfo(rand *rand.Rand) tpm2.ClockInfo

func GenerateCreationInfo

func GenerateCreationInfo(rand *rand.Rand) tpm2.CreationInfo

func GenerateECPoint

func GenerateECPoint(rand *rand.Rand, cv elliptic.Curve, size uint) tpm2.ECPoint

func GenerateEK

func GenerateEK(rand *rand.Rand) tpm2.Public

func GenerateKDFScheme

func GenerateKDFScheme(rand *rand.Rand) tpm2.KDFScheme

func GenerateName

func GenerateName(rand *rand.Rand) tpm2.Name

func GenerateParamsECC

func GenerateParamsECC(rand *rand.Rand, prop tpm2.KeyProp) tpm2.ECCParams

func GenerateParamsRSA

func GenerateParamsRSA(rand *rand.Rand, prop tpm2.KeyProp) tpm2.RSAParams

func GeneratePublic

func GeneratePublic(rand *rand.Rand) tpm2.Public

func GeneratePublicECC

func GeneratePublicECC(rand *rand.Rand) tpm2.Public

func GeneratePublicRSA

func GeneratePublicRSA(rand *rand.Rand) tpm2.Public

func GenerateSigScheme

func GenerateSigScheme(rand *rand.Rand, ecc bool) tpm2.SigScheme

func GenerateSignature

func GenerateSignature(rand *rand.Rand) tpm2.Signature

func GenerateSignatureECC

func GenerateSignatureECC(rand *rand.Rand) tpm2.SignatureECC

func GenerateSignatureRSA

func GenerateSignatureRSA(rand *rand.Rand) tpm2.SignatureRSA

func GenerateSymScheme

func GenerateSymScheme(rand *rand.Rand) tpm2.SymScheme

Types

type ACPITables

type ACPITables struct {
	Tables map[string]Buffer `json:"tables,omitempty"`
	Error  FirmwareError     `json:"error,omitempty"` // FirmwareErr*
}

type Agent

type Agent struct {
	Release   string      `json:"release"`
	ImageSHA2 ErrorBuffer `json:"sha,omitempty"`
}

type Annotation

type Annotation struct {
	Id       AnnotationID `json:"id"`
	Expected string       `json:"expected,omitempty"`
	Path     string       `json:"path"`
	Fatal    bool         `json:"fatal"`
}

/v2/devices (apisrv)

func (Annotation) Category

func (a Annotation) Category() string

type AnnotationID

type AnnotationID string

func (AnnotationID) IsFatal

func (a AnnotationID) IsFatal() bool

type Appraisal

type Appraisal struct {
	Id        string    `jsonapi:"primary,appraisals" json:"id"`
	Received  time.Time `jsonapi:"attr,received,rfc3339" json:"received"`
	Appraised time.Time `jsonapi:"attr,appraised,rfc3339" json:"appraised"`
	Expires   time.Time `jsonapi:"attr,expires,rfc3339" json:"expires"`
	Verdict   Verdict   `jsonapi:"attr,verdict" json:"verdict"`
	Report    Report    `jsonapi:"attr,report" json:"report"`
	Policy    *Policy   `jsonapi:"relation,policy" json:"policy"`
}

/v2/devices (apisrv)

type Attest

type Attest tpm2.AttestationData

TPM2B_ATTEST wrapper type

func (Attest) Generate

func (Attest) Generate(rand *rand.Rand, size int) reflect.Value

func (Attest) MarshalJSON

func (a Attest) MarshalJSON() ([]byte, error)

func (*Attest) UnmarshalJSON

func (a *Attest) UnmarshalJSON(data []byte) error

type Buffer

type Buffer []byte

func (Buffer) MarshalJSON

func (a Buffer) MarshalJSON() ([]byte, error)

func (*Buffer) UnmarshalJSON

func (a *Buffer) UnmarshalJSON(data []byte) error

type CPUIDLeaf

type CPUIDLeaf struct {
	LeafEAX uint32        `json:"leaf_eax,string"`
	LeafECX uint32        `json:"leaf_ecx,string"`
	EAX     *uint32       `json:"eax,string,omitempty"`
	EBX     *uint32       `json:"ebx,string,omitempty"`
	ECX     *uint32       `json:"ecx,string,omitempty"`
	EDX     *uint32       `json:"edx,string,omitempty"`
	Error   FirmwareError `json:"error,omitempty"` // FirmwareErr*
}

type CPUVendor

type CPUVendor string
const (
	IntelCPU CPUVendor = "GenuineIntel"
	AMDCPU   CPUVendor = "AuthenticAMD"
)

type Certificate

type Certificate x509.Certificate

Certificate wrapper type

func (Certificate) MarshalJSON

func (c Certificate) MarshalJSON() ([]byte, error)

func (*Certificate) UnmarshalJSON

func (c *Certificate) UnmarshalJSON(data []byte) error

type Change

type Change struct {
	Id        string    `jsonapi:"primary,changes" json:"id"`
	Actor     *string   `jsonapi:"attr,actor,omitempty" json:"actor,omitempty"`
	Timestamp time.Time `jsonapi:"attr,timestamp,rfc3339" json:"timestamp"`
	Comment   *string   `jsonapi:"attr,comment,omitempty" json:"comment,omitempty"`
	Type      string    `jsonapi:"attr,type" json:"type"` // Change*
	Device    *Device   `jsonapi:"relation,devices,omitempty" json:"device,omitempty"`
	Policy    *Policy   `jsonapi:"relation,policies,omitempty" json:"policy,omitempty"`
}

/v2/changes

type Client

type Client struct {
	HTTP               *http.Client
	Base               *url.URL
	Auth               string
	HTTPRequestTimeout time.Duration // Timeout for all HTTP requests except POST
	PostRequestTimeout time.Duration // POST requests may contain lots of data and need a different timeout
	AgentVersion       string
}

func NewClient

func NewClient(base *url.URL, ca *x509.Certificate, agentVersion string) Client

func (*Client) Attest

func (c *Client) Attest(ctx context.Context, quoteCredential string, ev Evidence) (*Appraisal, error)

func (*Client) Configuration

func (c *Client) Configuration(ctx context.Context, lastUpdate *time.Time) (*Configuration, error)

Client.Configuration returns a nil Configuration when lastUpdate is not nil and the server tells us to use a cached configuration

func (*Client) Enroll

func (c *Client) Enroll(ctx context.Context, enrollToken string, enroll Enrollment) ([]*EncryptedCredential, error)

func (*Client) Get

func (c *Client) Get(ctx context.Context, route string, ifModifiedSince *time.Time) (jsonapi.Payloader, error)

Client.Get returns a nil jsonapi.Payloader if the server sent no body in case of a 304

func (*Client) Post

func (c *Client) Post(ctx context.Context, route string, doc interface{}) (jsonapi.Payloader, error)

type Configuration

type Configuration struct {
	Root            KeyTemplate            `jsonapi:"attr,root" json:"root"`
	Keys            map[string]KeyTemplate `jsonapi:"attr,keys" json:"keys"`
	PCRBank         uint16                 `jsonapi:"attr,pcr_bank" json:"pcr_bank"`
	PCRs            []int                  `jsonapi:"attr,pcrs" json:"pcrs"`
	UEFIVariables   []UEFIVariable         `jsonapi:"attr,uefi" json:"uefi"`
	MSRs            []MSR                  `jsonapi:"attr,msrs" json:"msrs"`
	CPUIDLeafs      []CPUIDLeaf            `jsonapi:"attr,cpuid" json:"cpuid"`
	TPM2NVRAM       []uint32               `jsonapi:"attr,tpm2_nvram" json:"tpm2_nvram,string"`
	SEV             []SEVCommand           `jsonapi:"attr,sev" json:"sev"`
	ME              []MEClientCommands     `jsonapi:"attr,me" json:"me"`
	TPM2Properties  []TPM2Property         `jsonapi:"attr,tpm2_properties" json:"tpm2_properties"`
	PCIConfigSpaces []PCIConfigSpace       `jsonapi:"attr,pci" json:"pci"`
}

/v2/configuration (apisrv)

type Device

type Device struct {
	Id         string                 `jsonapi:"primary,devices" json:"id"`
	Cookie     string                 `jsonapi:"attr,cookie,omitempty" json:"cookie,omitempty"`
	Name       string                 `jsonapi:"attr,name" json:"name"`
	Attributes map[string]interface{} `jsonapi:"attr,groups" json:"attributes"`
	State      string                 `jsonapi:"attr,state" json:"state"`
	Hwid       string                 `jsonapi:"attr,hwid" json:"hwid"`
	Policies   []*Policy              `jsonapi:"relation,policies,omitempty" json:"policies,omitempty"`
	Replaces   []*Device              `jsonapi:"relation,replaces,omitempty" json:"replaces,omitempty"`
	ReplacedBy []*Device              `jsonapi:"relation,replaced_by,omitempty" json:"replaced_by,omitempty"`
	Appraisals []*Appraisal           `jsonapi:"relation,appraisals,omitempty" json:"appraisals,omitempty"`
	Changes    []*Change              `jsonapi:"relation,changes,omitempty" json:"changes,omitempty"`
}

/v2/devices

type DevicePatch

type DevicePatch struct {
	Id         string                  `jsonapi:"primary,devices" json:"id"`
	Name       *string                 `jsonapi:"attr,name,omitempty" json:"name"`
	Attributes *map[string]interface{} `jsonapi:"attr,groups,omitempty" json:"attributes"`
	State      *string                 `jsonapi:"attr,state,omitempty" json:"state"`
	Comment    *string                 `jsonapi:"attr,comment,omitempty" json:"comment,omitempty"`
}

/v2/devices

type EFISignature

type EFISignature struct {
	Type        string     `json:"type"`              // EFIFingerprint or EFICertificate
	Subject     *string    `json:"subject,omitempty"` // certificate only
	Issuer      *string    `json:"issuer,omitempty"`  // certificate only
	Fingerprint string     `json:"fingerprint"`
	NotBefore   *time.Time `json:"not_before,omitempty,rfc3339"` // certificate only
	NotAfter    *time.Time `json:"not_after,omitempty,rfc3339"`  // certificate only
	Algorithm   *string    `json:"algorithm,omitempty"`          // certificate only
}

type EnclavePageCache

type EnclavePageCache struct {
	Base          uint64 `json:"base"`
	Size          uint64 `json:"size"`
	CIRProtection bool   `json:"cir_protection"`
}

/v2/devices (apisrv)

type EncryptedCredential

type EncryptedCredential struct {
	Name       string `jsonapi:"attr,name" json:"name"`
	KeyID      Buffer `jsonapi:"attr,key_id" json:"key_id"`
	Credential Buffer `jsonapi:"attr,credential" json:"credential"` // encrypted JWT
	Secret     Buffer `jsonapi:"attr,secret" json:"secret"`
	Nonce      Buffer `jsonapi:"attr,nonce" json:"nonce"`
}

/v2/enroll (apisrv)

type Enrollment

type Enrollment struct {
	NameHint               string         `jsonapi:"attr,name_hint" json:"name_hint"`
	EndoresmentKey         PublicKey      `jsonapi:"attr,endoresment_key" json:"endoresment_key"`
	EndoresmentCertificate *Certificate   `jsonapi:"attr,endoresment_certificate" json:"endoresment_certificate"`
	Root                   PublicKey      `jsonapi:"attr,root" json:"root"`
	Keys                   map[string]Key `jsonapi:"attr,keys" json:"keys"`
	Cookie                 string         `jsonapi:"attr,cookie" json:"cookie"`
}

/v2/enroll (apisrv)

type ErrorBuffer

type ErrorBuffer struct {
	Data  Buffer        `json:"data,omitempty"`
	Error FirmwareError `json:"error,omitempty"` // FirmwareErr*
}

type Evidence

type Evidence struct {
	Type      string                       `jsonapi:"attr,type" json:"type"`
	Quote     *Attest                      `jsonapi:"attr,quote,omitempty" json:"quote,omitempty"`
	Signature *Signature                   `jsonapi:"attr,signature,omitempty" json:"signature,omitempty"`
	Algorithm string                       `jsonapi:"attr,algorithm" json:"algorithm"`
	PCRs      map[string]Buffer            `jsonapi:"attr,pcrs" json:"pcrs"`
	AllPCRs   map[string]map[string]Buffer `json:"allpcrs,omitempty"`
	Firmware  FirmwareProperties           `jsonapi:"attr,firmware" json:"firmware"`
	Cookie    string                       `jsonapi:"attr,cookie" json:"cookie"`
}

/v2/attest (apisrv)

type FirmwareError

type FirmwareError string
const (
	NoError        FirmwareError = ""
	UnknownError   FirmwareError = "unkn"
	NoPermission   FirmwareError = "no-perm"
	NoResponse     FirmwareError = "no-resp"
	NotImplemented FirmwareError = "not-impl"
)

type FirmwareProperties

type FirmwareProperties struct {
	UEFIVariables   []UEFIVariable     `json:"uefi,omitempty"`
	MSRs            []MSR              `json:"msrs,omitempty"`
	CPUIDLeafs      []CPUIDLeaf        `json:"cpuid,omitempty"`
	SEV             []SEVCommand       `json:"sev,omitempty"`
	ME              []MEClientCommands `json:"me,omitempty"`
	TPM2Properties  []TPM2Property     `json:"tpm2_properties,omitempty"`
	TPM2NVRAM       []TPM2NVIndex      `json:"tpm2_nvram,omitempty"`
	PCIConfigSpaces []PCIConfigSpace   `json:"pci,omitempty"`
	ACPI            ACPITables         `json:"acpi"`
	SMBIOS          ErrorBuffer        `json:"smbios"`
	TXTPublicSpace  ErrorBuffer        `json:"txt"`
	VTdRegisterSet  ErrorBuffer        `json:"vtd"`
	Flash           ErrorBuffer        `json:"flash"`
	TPM2EventLog    ErrorBuffer        `json:"event_log"`
	MACAddresses    MACAddresses       `json:"mac"`
	OS              OS                 `json:"os"`
	NICs            *NICList           `json:"nic,omitempty"`
	Memory          Memory             `json:"memory"`
	Agent           *Agent             `json:"agent,omitempty"`
}

/v2/attest (apisrv)

type Host

type Host struct {
	// Windows: <ProductName> <CurrentMajorVersionNumber>.<CurrentMinorVersionNumber> Build <CurrentBuild>
	// Linux: /etc/os-release PRETTY_NAME or lsb_release -d
	OSName    string    `json:"name"`
	Hostname  string    `json:"hostname"`
	OSType    string    `json:"type"` // OS*
	CPUVendor CPUVendor `json:"cpu_vendor"`
}

type Info

type Info struct {
	APIVersion string `jsonapi:"attr,api_version" json:"api_version"`
}

/v2/info (apisrv)

type Key

type Key struct {
	Public                 PublicKey `json:"public"`
	CreationProof          Attest    `json:"certify_info"`
	CreationProofSignature Signature `json:"certify_signature"`
}

/v2/enroll (apisrv)

type KeyTemplate

type KeyTemplate struct {
	Public PublicKey `json:"public"`
	Label  string    `json:"label"`
}

/v2/configuration (apisrv)

type MACAddresses

type MACAddresses struct {
	Addresses []string      `json:"addrs"`
	Error     FirmwareError `json:"error,omitempty"` // FirmwareErr*
}

type ME

type ME struct {
	Features        []string `json:"features"`
	Variant         string   `json:"variant"` // constants above
	Version         []uint16 `json:"version"`
	RecoveryVersion []uint16 `json:"recovery_version"`
	FITCVersion     []uint16 `json:"fitc_version"`
	API             []uint   `json:"api_version,string"`
	MEUpdate        string   `json:"updatable"`
	ChipsetVersion  uint     `json:"chipset_version,string"`
	ChipID          uint     `json:"chip_id,string"`
	Manufacturer    string   `json:"manufacturer,omitempty"`
	Size            uint     `json:"size,string"`
	Signature       string   `json:"signature"`
}

type MEClientCommands

type MEClientCommands struct {
	GUID     *uuid.UUID    `json:"guid,omitempty"`
	Address  string        `json:"address,omitempty"`
	Commands []MECommand   `json:"commands"`
	Error    FirmwareError `json:"error,omitempty"` // FirmwareErr*
}

type MECommand

type MECommand struct {
	Command  Buffer        `json:"command"`
	Response Buffer        `json:"response,omitempty"`
	Error    FirmwareError `json:"error,omitempty"` // FirmwareErr*
}

type MSR

type MSR struct {
	MSR    uint32        `json:"msr,string"`
	Values []uint64      `json:"value,omitempty"`
	Error  FirmwareError `json:"error,omitempty"` // FirmwareErr*
}

type Memory

type Memory struct {
	Values []MemoryRange `json:"values,omitempty"`
	Error  FirmwareError `json:"error,omitempty"` // FirmwareErr*
}

type MemoryRange

type MemoryRange struct {
	Start    uint64 `json:"start,string"`
	Bytes    uint64 `json:"bytes,string"`
	Reserved bool   `json:"reserved"`
}

type NIC

type NIC struct {
	Name  string        `json:"name,omitempty"`
	IPv4  []string      `json:"ipv4,omitempty"`
	IPv6  []string      `json:"ipv6,omitempty"`
	MAC   string        `json:"mac"`
	Error FirmwareError `json:"error,omitempty"` // FirmwareErr*
}

type NICList

type NICList struct {
	List  []NIC         `json:"list,omitempty"`
	Error FirmwareError `json:"error,omitempty"` // FirmwareErr*
}

type NVPublic

type NVPublic tpm2.NVPublic

TPMS_NV_PUBLIC wrapper type

func (NVPublic) MarshalJSON

func (a NVPublic) MarshalJSON() ([]byte, error)

func (*NVPublic) Scan

func (pub *NVPublic) Scan(src interface{}) error

func (*NVPublic) UnmarshalJSON

func (a *NVPublic) UnmarshalJSON(data []byte) error

func (NVPublic) Value

func (pub NVPublic) Value() (driver.Value, error)

type Name

type Name tpm2.Name

TPM2_Name wrapper type

func ComputeName

func ComputeName(path ...interface{}) (Name, error)

Comptes the TCG Name and Qualified Name of TPM 2.0 entities.

func (Name) Generate

func (Name) Generate(rand *rand.Rand, size int) reflect.Value

func (Name) MarshalJSON

func (n Name) MarshalJSON() ([]byte, error)

func (*Name) Scan

func (nam *Name) Scan(src interface{}) error

func (*Name) UnmarshalJSON

func (n *Name) UnmarshalJSON(data []byte) error

func (Name) Value

func (nam Name) Value() (driver.Value, error)

type OS

type OS struct {
	Hostname string        `json:"hostname"`
	Release  string        `json:"name"`
	Error    FirmwareError `json:"error,omitempty"` // FirmwareErr*
}

type PCIConfigSpace

type PCIConfigSpace struct {
	Bus      uint16        `json:"bus,string"`
	Device   uint16        `json:"device,string"`
	Function uint8         `json:"function,string"`
	Value    Buffer        `json:"value,omitempty"`
	Error    FirmwareError `json:"error,omitempty"` // FirmwareErr*
}

type Policy

type Policy struct {
	Id          string                 `jsonapi:"primary,policies" json:"id"`
	Cookie      string                 `jsonapi:"attr,cookie,omitempty" json:"cookie,omitempty"`
	Name        string                 `jsonapi:"attr,name" json:"name"`
	ValidSince  *time.Time             `jsonapi:"attr,valid_from,omitempty,rfc3339" json:"valid_since,string,omitempty"`
	ValidUntil  *time.Time             `jsonapi:"attr,valid_until,omitempty,rfc3339" json:"valid_until,string,omitempty"`
	Revoked     bool                   `jsonapi:"attr,revoked" json:"revoked"`
	PCRTemplate []string               `jsonapi:"attr,pcr_template,omitempty" json:"pcr_template,string,omitempty"`
	FWTemplate  []string               `jsonapi:"attr,fw_template,omitempty" json:"fw_template,omitempty"`
	PCRs        map[string]interface{} `jsonapi:"attr,pcrs,omitempty" json:"pcrs,omitempty"`
	FWOverrides []string               `jsonapi:"attr,fw_overrides,omitempty" json:"fw_overrides,omitempty"`
	Devices     []*Device              `jsonapi:"relation,devices,omitempty" json:"devices,string"`
	Replaces    []*Policy              `jsonapi:"relation,replaces,omitempty" json:"replaces,omitempty,string"`
	ReplacedBy  []*Policy              `jsonapi:"relation,replaced_by,omitempty" json:"replaced_by,omitempty,string"`
	Changes     []*Change              `jsonapi:"relation,changes,omitempty" json:"changes"`
}

/v2/policies

type PolicyCreation

type PolicyCreation struct {
	Id         string     `jsonapi:"primary,policies" json:"id"`
	Name       string     `jsonapi:"attr,name,omitempty" json:"name"`
	Devices    []*Device  `jsonapi:"relation,devices,omitempty" json:"devices,string"`
	Cookie     *string    `jsonapi:"attr,cookie,omitempty" json:"cookie,omitempty"`
	ValidSince *time.Time `jsonapi:"attr,valid_from,omitempty,rfc3339" json:"valid_since,string,omitempty"`
	ValidUntil *time.Time `jsonapi:"attr,valid_until,omitempty,rfc3339" json:"valid_until,string,omitempty"`

	// policy.Template
	PCRTemplate  []string   `jsonapi:"attr,pcr_template,omitempty" json:"pcr_template,string,omitempty"`
	FWTemplate   []string   `jsonapi:"attr,fw_template,omitempty" json:"fw_template,omitempty"`
	RevokeActive *time.Time `jsonapi:"attr,revoke_active,omitempty,rfc3339" json:"revoke_active,string,omitempty"`

	// policy.New
	PCRs        map[string]interface{} `jsonapi:"attr,pcrs,omitempty" json:"pcrs,omitempty"`
	FWOverrides []string               `jsonapi:"attr,fw_overrides,omitempty" json:"fw_overrides,omitempty"`
}

/v2/policies

type PublicKey

type PublicKey tpm2.Public

TPMT_PUBLIC wrapper type

func (*PublicKey) Encode

func (p *PublicKey) Encode() (Buffer, error)

func (PublicKey) Generate

func (PublicKey) Generate(rand *rand.Rand, size int) reflect.Value

func (PublicKey) MarshalJSON

func (a PublicKey) MarshalJSON() ([]byte, error)

func (*PublicKey) Name

func (p *PublicKey) Name() (Name, error)

func (*PublicKey) Scan

func (pub *PublicKey) Scan(src interface{}) error

func (*PublicKey) UnmarshalJSON

func (a *PublicKey) UnmarshalJSON(data []byte) error

func (PublicKey) Value

func (pub PublicKey) Value() (driver.Value, error)

type Report

type Report struct {
	Type        string       `json:"type"`
	Values      ReportValues `json:"values"`
	Annotations []Annotation `json:"annotations"`
}

/v2/devices (apisrv)

type ReportV1

type ReportV1 struct {
	Type        string       `json:"type"`
	Host        Host         `json:"host"`
	SMBIOS      *SMBIOS      `json:"smbios,omitempty"`
	UEFI        *UEFI        `json:"uefi,omitempty"`
	TPM         *TPM         `json:"tpm,omitempty"`
	ME          *ME          `json:"me,omitempty"`
	SGX         *SGX         `json:"sgx,omitempty"`
	TXT         *TXT         `json:"txt,omitempty"`
	SEV         *SEV         `json:"sev,omitempty"`
	Annotations []Annotation `json:"annotations"`
}

/v2/devices (apisrv)

type ReportValues

type ReportValues struct {
	Host   Host    `json:"host"`
	SMBIOS *SMBIOS `json:"smbios,omitempty"`
	UEFI   *UEFI   `json:"uefi,omitempty"`
	TPM    *TPM    `json:"tpm,omitempty"`
	ME     *ME     `json:"me,omitempty"`
	SGX    *SGX    `json:"sgx,omitempty"`
	TXT    *TXT    `json:"txt,omitempty"`
	SEV    *SEV    `json:"sev,omitempty"`
	NICs   []NIC   `json:"nics,omitempty"`
}

type SEV

type SEV struct {
	Enabled bool   `json:"enabled"`
	Version []uint `json:"version"`
	SME     bool   `json:"sme"`
	ES      bool   `json:"es"`
	VTE     bool   `json:"vte"`
	SNP     bool   `json:"snp"`
	VMPL    bool   `json:"vmpl"`
	Guests  uint   `json:"guests"`
	MinASID uint   `json:"min_asid"`
}

type SEVCommand

type SEVCommand struct {
	Command    uint32        `json:"command"` // firmware.SEV*
	ReadLength uint32        `json:"read_length"`
	Response   *Buffer       `json:"response,omitempty"`
	Error      FirmwareError `json:"error,omitempty"` // FirmwareErr*
}

type SGX

type SGX struct {
	Version          uint               `json:"version"`
	Enabled          bool               `json:"enabled"`
	FLC              bool               `json:"flc"`
	KSS              bool               `json:"kss"`
	MaxEnclaveSize32 uint               `json:"enclave_size_32"`
	MaxEnclaveSize64 uint               `json:"enclave_size_64"`
	EPC              []EnclavePageCache `json:"epc"`
}

type SMBIOS

type SMBIOS struct {
	Manufacturer    string `json:"manufacturer"`
	Product         string `json:"product"`
	Serial          string `json:"serial,omitempty"`
	UUID            string `json:"uuid,omitempty"`
	BIOSReleaseDate string `json:"bios_release_date"`
	BIOSVendor      string `json:"bios_vendor"`
	BIOSVersion     string `json:"bios_version"`
}

type Signature

type Signature tpm2.Signature

TPMT_SIGNATURE wrapper type

func (Signature) Generate

func (Signature) Generate(rand *rand.Rand, size int) reflect.Value

func (Signature) MarshalJSON

func (a Signature) MarshalJSON() ([]byte, error)

func (*Signature) UnmarshalJSON

func (a *Signature) UnmarshalJSON(data []byte) error

type TPM

type TPM struct {
	Manufacturer string            `json:"manufacturer"`
	VendorID     string            `json:"vendor_id"`
	SpecVersion  string            `json:"spec_version"`
	EventLog     []TPMEvent        `json:"eventlog"`
	PCR          map[string]string `json:"pcr"`
}

type TPM2NVIndex

type TPM2NVIndex struct {
	Index  uint32        `json:"index,string"`
	Public *NVPublic     `json:"public,omitempty"`
	Value  *Buffer       `json:"value,omitempty"`
	Error  FirmwareError `json:"error,omitempty"` // FirmwareErr*
}

type TPM2Property

type TPM2Property struct {
	Property uint32        `json:"property,string"`
	Value    *uint32       `json:"value,omitempty,string"`
	Error    FirmwareError `json:"error,omitempty"` // FirmwareErr*
}

type TPMEvent

type TPMEvent struct {
	PCR       uint   `json:"pcr"`
	Value     string `json:"value"`
	Algorithm uint   `json:"algorithm"`
	Note      string `json:"note"`
}

/v2/devices (apisrv)

type TXT

type TXT struct {
	Ready bool `json:"ready"`
}

type UEFI

type UEFI struct {
	Mode          string          `json:"mode"` // Mode*
	SecureBoot    bool            `json:"secureboot"`
	PlatformKeys  *[]EFISignature `json:"platform_keys"`
	ExchangeKeys  *[]EFISignature `json:"exchange_keys"`
	PermittedKeys *[]EFISignature `json:"permitted_keys"`
	ForbiddenKeys *[]EFISignature `json:"forbidden_keys"`
}

type UEFIVariable

type UEFIVariable struct {
	Vendor string        `json:"vendor"`
	Name   string        `json:"name"`
	Value  *Buffer       `json:"value,omitempty"`
	Error  FirmwareError `json:"error,omitempty"` // FirmwareErr*
}

type Verdict

type Verdict struct {
	Type               string `json:"type"`
	Result             bool   `json:"result"`
	SupplyChain        bool   `json:"supply_chain"`
	Configuration      bool   `json:"configuration"`
	Firmware           bool   `json:"firmware"`
	Bootloader         bool   `json:"bootloader"`
	OperatingSystem    bool   `json:"operating_system"`
	EndpointProtection bool   `json:"endpoint_protection"`

	Bootchain bool `json:"bootchain"` // deprecated
}

/v2/devices (apisrv)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL