mkcw

package

v0.0.0-...-05e3d3c Latest Latest Go to latest Published: Jul 31, 2023 License: Apache-2.0 Imports: 29 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/nalind/mkcw

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func CheckLUKSPassphrase(path, decryptionPassphrase string) error
func GenerateDiskEncryptionPassphrase() (string, error)
func GenerateMeasurement(workloadConfig WorkloadConfig) (string, error)
func MakeFS(sourcePath, imageFile, filesystem string) (string, string, error)
func SendRegistrationRequest(workloadConfig WorkloadConfig, diskEncryptionPassphrase string, ...) error
func WriteWorkloadConfigToImage(imageFile *os.File, workloadConfigBytes []byte, overwrite bool) error
type ArchiveOptions
type RegistrationRequest
type SevWorkloadData
type SnpWorkloadData
type TeeConfig
type TeeConfigFlags
type TeeConfigMinFW
type TeeType
type WorkloadConfig
- func Archive(path string, ociConfig *v1.Image, options ArchiveOptions) (io.ReadCloser, WorkloadConfig, error)
- func ReadWorkloadConfigFromImage(path string) (WorkloadConfig, error)

Constants ¶

View Source

const (

	// SEV is a known trusted execution environment type: AMD-SEV
	SEV = types.SEV
	// SEV_NO_ES is a known trusted execution environment type: AMD-SEV without encrypted state
	SEV_NO_ES = types.SEV_NO_ES
	// SNP is a known trusted execution environment type: AMD-SNP
	SNP = types.SNP
)

Variables ¶

This section is empty.

Functions ¶

func CheckLUKSPassphrase ¶

func CheckLUKSPassphrase(path, decryptionPassphrase string) error

CheckLUKSPassphrase checks that the specified LUKS-encrypted file can be decrypted using the specified passphrase.

func GenerateDiskEncryptionPassphrase ¶

func GenerateDiskEncryptionPassphrase() (string, error)

GenerateDiskEncryptionPassphrase generates a random disk encryption password

func GenerateMeasurement ¶

func GenerateMeasurement(workloadConfig WorkloadConfig) (string, error)

GenerateMeasurement generates the runtime measurement using the CPU count, memory size, and the firmware shared library, whatever it's called, wherever it is.

func MakeFS ¶

func MakeFS(sourcePath, imageFile, filesystem string) (string, string, error)

MakeFS formats the imageFile as a filesystem of the specified type, populating it with the contents of the directory at sourcePath. Recognized filesystem types are "ext2", "ext3", "ext4", and "btrfs". Note that krun's init is currently hard-wired to assume "ext4". Returns the stdout, stderr, and any error returned by the mkfs command.

func SendRegistrationRequest ¶

func SendRegistrationRequest(workloadConfig WorkloadConfig, diskEncryptionPassphrase string, ignoreAttestationErrors bool, logger *logrus.Logger) error

SendRegistrationRequest registers a workload with the specified decryption passphrase with the service whose location is part of the WorkloadConfig.

func WriteWorkloadConfigToImage ¶

func WriteWorkloadConfigToImage(imageFile *os.File, workloadConfigBytes []byte, overwrite bool) error

WriteWorkloadConfigToImage writes the workload configuration to the specified disk image file, overwriting a previous configuration if it's asked to and it finds one

Types ¶

type ArchiveOptions ¶

type ArchiveOptions struct {
	// If supplied, we'll register the workload with this server.
	// Practically necessary if DiskEncryptionPassphrase is not set, in
	// which case we'll generate one and throw it away after.
	AttestationURL string

	// Used to measure the environment.  If left unset (0, ""), defaults will be applied.
	CPUs   int
	Memory int

	// Can be manually set.  If left unset ("", false, nil), reasonable values will be used.
	TempDir                    string
	TeeType                    TeeType
	IgnoreChainRetrievalErrors bool
	IgnoreAttestationErrors    bool
	ImageSize                  int64
	WorkloadID                 string
	Slop                       string
	DiskEncryptionPassphrase   string
	Logger                     *logrus.Logger
}

ArchiveOptions includes optional settings for generating an archive.

type RegistrationRequest ¶

type RegistrationRequest = types.RegistrationRequest

type SevWorkloadData ¶

type SevWorkloadData = types.SevWorkloadData

SevWorkloadData is the type of data in WorkloadConfig.TeeData when the type is SEV.

type SnpWorkloadData ¶

type SnpWorkloadData = types.SnpWorkloadData

SnpWorkloadData is the type of data in WorkloadConfig.TeeData when the type is SNP.

type TeeConfig ¶

type TeeConfig = types.TeeConfig

type TeeConfigFlags ¶

type TeeConfigFlags = types.TeeConfigFlags

type TeeConfigMinFW ¶

type TeeConfigMinFW = types.TeeConfigMinFW

type TeeType ¶

type TeeType = types.TeeType

TeeType is one of the known types of trusted execution environments for which we can generate suitable image contents.

type WorkloadConfig ¶

type WorkloadConfig = types.WorkloadConfig

WorkloadConfig is the data type which is encoded and stored in an image.

func Archive ¶

func Archive(path string, ociConfig *v1.Image, options ArchiveOptions) (io.ReadCloser, WorkloadConfig, error)

Archive generates a WorkloadConfig for a specified directory and produces a tar archive of a container image's rootfs with the expected contents. The input directory will have a ".krun_config.json" file added to it while this function is running, but it will be removed on completion.

func ReadWorkloadConfigFromImage ¶

func ReadWorkloadConfigFromImage(path string) (WorkloadConfig, error)

ReadWorkloadConfigFromImage reads the workload configuration from the specified disk image file

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
types

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL