tdx-cli

command

v0.0.0-...-d84e2fa Latest Latest Go to latest Published: Sep 22, 2023 License: BSD-3-Clause Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/treid-intel/trustauthority-client

Links

Open Source Insights

README ¶

Intel® Trust Authority TDX CLI

An easy-to-use command line interface for attesting TDX TEE(TD) with Intel Trust Authority. The CLI will be installed and run inside the TD.

Prerequisites

The default TDX CLI has dependency on Intel SGX DCAP. Install TDX Attestation library dev package from Intel SGX DCAP. Instructions follows.

For Ubuntu* OS

Install the Debian package for libtdx-attest-dev following these steps:

Add the following repository to your sources:

For Ubuntu* 20.04:

echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list

For Ubuntu* 22.04:

echo 'deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list

Get the Debian repo public key and add it to the list of trusted keys that are used by apt to authenticate packages:

For Ubuntu* 20.04:

wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add

For Ubuntu* 22.04:

wget https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key
cat intel-sgx-deb.key | sudo tee /etc/apt/keyrings/intel-sgx-keyring.asc > /dev/null

Update apt and install the libtdx-attest-dev package:

sudo apt-get update
sudo apt-get install libtdx-attest-dev

For RHEL* OS

Install the RPM package for libtdx-attest-devel following these steps:

Find RPM packages for DCAP libraries and services, which are currently provided in a single TAR archive at
```
https://download.01.org/intel-sgx/latest/linux-latest/distro/<distro>/
```

Download the file sgx_rpm_local_repo.tgz to a selected folder, for example /opt/intel

cd /opt/intel
sudo wget https://download.01.org/intel-sgx/latest/linux-latest/distro/<distro>/sgx_rpm_local_repo.tgz

Verify the downloaded repo file with the SHA value in this file: https://download.01.org/intel-sgx/latest/dcap-latest/linux/SHA256SUM_dcap_.cfg
```
sha256sum sgx_rpm_local_repo.tgz
```
Expand the archive:
```
sudo tar xvf sgx_rpm_local_repo.tgz
```

Add the RPM local repository to your local repository list

sudo yum-config-manager --add-repo file://PATH_TO_LOCAL_REPO

Install all the latest packages using sudo dnf --nogpgcheck install <package names>
```
sudo dnf --nogpgcheck install libtdx-attest-devel
```

Go Requirement

Use go1.19 or newer. Follow https://go.dev/doc/install for installation of Go.

Installation

Build

Compile Intel Trust Authority TDX CLI. This will generate trustauthority-cli binary in current directory:

cd tdx-cli/
make cli

Unit Tests

To run the tests, run cd tdx-cli && make test-coverage

See the example test in tdx-cli/token_test.go for an example of a test.

Usage

To get list of all the available commands

trustauthority-cli --help

More info about a specific command can be found using

trustauthority-cli <command> --help

To create RSA keypair

trustauthority-cli create-key-pair --pub-path <public key file path>

To get Intel Trust Authority signed token

token command requires Intel Trust Authority configuration to be passed in json format

{
    "trustauthority_api_url": "<trustauthority attestation api url>",
    "trustauthority_api_key": "<trustauthority attestation api key>"
}

Save this data in config.json file and invoke token command

trustauthority-cli token --config config.json --user-data <base64 encoded userdata> --policy-ids <comma separated trustauthority attestation policy ids>

OR

trustauthority-cli token --config config.json --pub-path <public key file path> --policy-ids <comma separated trustauthority attestation policy ids>

To get TD quote with Nonce and UserData

trustauthority-cli quote --nonce <base64 encoded nonce> --user-data <base64 encoded userdata>

To decrypt an encrypted blob

trustauthority-cli decrypt --key-path <private key file path> --in <base64 encoded encrypted blob>

OR

trustauthority-cli decrypt --key <base64 encoded private key> --in <base64 encoded encrypted blob>

To verify Intel Trust Authority signed token

verify command requires Intel Trust Authority URL to be passed in json format

{
    "trustauthority_url": "<trustauthority url>"
}

Save this data in config.json file and invoke verify command

trustauthority-cli verify --config config.json --token <attestation token in JWT format>

License

This source is distributed under the BSD-style license found in the LICENSE file.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
cmd
constants
test

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL