types

package

v0.0.0-...-05e3d3c Latest Latest Go to latest Published: Jul 31, 2023 License: Apache-2.0 Imports: 0 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/nalind/mkcw

Links

Open Source Insights

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type RegistrationRequest ¶

type RegistrationRequest struct {
	WorkloadID        string `json:"workload_id"`
	LaunchMeasurement string `json:"launch_measurement"`
	Passphrase        string `json:"passphrase"`
	TeeConfig         string `json:"tee_config"` // JSON-encoded teeConfig? or specific to the type of TEE?
}

RegistrationRequest is the body of the request which we use for registering this confidential workload with the attestation server. https://github.com/virtee/reference-kbs/blob/10b2a4c0f8caf78a077210b172863bbae54f66aa/src/main.rs#L83

type SevWorkloadData ¶

type SevWorkloadData struct {
	VendorChain             string `json:"vendor_chain"`
	AttestationServerPubkey string `json:"attestation_server_pubkey"`
}

SevWorkloadData contains the path to the SEV certificate chain and optionally, the attestation server's public key(?) https://github.com/containers/libkrun/blob/d31747aa92cf83df2abaeb87e2a83311c135d003/src/vmm/src/linux/tee/amdsev.rs#L222

type SnpWorkloadData ¶

type SnpWorkloadData struct {
	Generation string `json:"gen"` // "milan" (naples=1, rome=2, milan=3, genoa/bergamo=4)
}

SnpWorkloadData contains the required CPU generation name. https://github.com/virtee/oci2cw/blob/1502d5be33c2fa82d49aaa95781bbab2aa932781/examples/tee-config-snp.json

type TeeConfig ¶

type TeeConfig struct {
	Flags TeeConfigFlags `json:"flags"` // runtime requirement bits
	MinFW TeeConfigMinFW `json:"minfw"` // minimum platform firmware version
}

TeeConfig contains information about a trusted execution environment.

type TeeConfigFlagBits ¶

type TeeConfigFlagBits int

TeeConfigFlagBits are bits representing run-time expectations.

const (
	SEV_CONFIG_NO_DEBUG        TeeConfigFlagBits = 0b00000001 // no debugging of guests
	SEV_CONFIG_NO_KEY_SHARING  TeeConfigFlagBits = 0b00000010 // no sharing keys between guests
	SEV_CONFIG_ENCRYPTED_STATE TeeConfigFlagBits = 0b00000100 // requires SEV-ES
	SEV_CONFIG_NO_SEND         TeeConfigFlagBits = 0b00001000 // no transferring the guest to another platform
	SEV_CONFIG_DOMAIN          TeeConfigFlagBits = 0b00010000 // no transferring the guest out of the domain (?)
	SEV_CONFIG_SEV             TeeConfigFlagBits = 0b00100000 // no transferring the guest to non-SEV platforms
	SNP_CONFIG_SMT             TeeConfigFlagBits = 0b00000001 // SMT is enabled on the host machine
	SNP_CONFIG_MANDATORY       TeeConfigFlagBits = 0b00000010 // reserved bit which should always be set
	SNP_CONFIG_MIGRATE_MA      TeeConfigFlagBits = 0b00000100 // allowed to use a migration agent
	SNP_CONFIG_DEBUG           TeeConfigFlagBits = 0b00001000 // allow debugging
)

type TeeConfigFlags ¶

type TeeConfigFlags struct {
	Bits TeeConfigFlagBits `json:"bits"`
}

TeeConfigFlags is a bit field containing policy flags specific to the environment. https://github.com/virtee/sev/blob/d3e40917fd8531c69f47c2498e9667fe8a5303aa/src/launch/sev.rs#L172 https://github.com/virtee/sev/blob/d3e40917fd8531c69f47c2498e9667fe8a5303aa/src/launch/snp.rs#L114

type TeeConfigMinFW ¶

type TeeConfigMinFW struct {
	Major int `json:"major"`
	Minor int `json:"minor"`
}

TeeConfigFlagMinFW corresponds to a minimum version of the kernel+initrd combination that should be booted.

type TeeType ¶

type TeeType string

TeeType is a supported trusted execution environment type.

const (
	// SEV is a known trusted execution environment type: AMD-SEV (secure encrypted virtualization using encrypted state, requires epyc 1000 "naples")
	SEV TeeType = "sev"
	// SEV_NO_ES is a known trusted execution environment type: AMD-SEV (secure encrypted virtualization without encrypted state, requires epyc 1000 "naples")
	SEV_NO_ES TeeType = "sev_no_es"
	// SNP is a known trusted execution environment type: AMD-SNP (SEV secure nested pages) (requires epyc 3000 "milan")
	SNP TeeType = "snp"
)

type WorkloadConfig ¶

type WorkloadConfig struct {
	Type           TeeType `json:"tee"`
	TeeData        string  `json:"tee_data"` // Type == SEV: JSON-encoded SevWorkloadData, SNP: JSON-encoded SnpWorkloadData, others?
	WorkloadID     string  `json:"workload_id"`
	CPUs           int     `json:"cpus"`
	Memory         int     `json:"ram_mib"`
	AttestationURL string  `json:"attestation_url"`
}

WorkloadConfig is the data type which is encoded and stored in /krun-sev.json in a container image, and included directly in the disk image. https://github.com/containers/libkrun/blob/57c59dc5359bdeeb8260b3493e9f63d3708f9ab9/src/vmm/src/resources.rs#L57

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL