Documentation
¶
Index ¶
- Variables
- type Attestation
- func (*Attestation) Descriptor() ([]byte, []int)deprecated
- func (x *Attestation) GetAkPub() []byte
- func (x *Attestation) GetEventLog() []byte
- func (x *Attestation) GetInstanceInfo() *GCEInstanceInfo
- func (x *Attestation) GetQuotes() []*tpm.Quote
- func (*Attestation) ProtoMessage()
- func (x *Attestation) ProtoReflect() protoreflect.Message
- func (x *Attestation) Reset()
- func (x *Attestation) String() string
- type Event
- func (*Event) Descriptor() ([]byte, []int)deprecated
- func (x *Event) GetData() []byte
- func (x *Event) GetDigest() []byte
- func (x *Event) GetDigestVerified() bool
- func (x *Event) GetPcrIndex() uint32
- func (x *Event) GetUntrustedType() uint32
- func (*Event) ProtoMessage()
- func (x *Event) ProtoReflect() protoreflect.Message
- func (x *Event) Reset()
- func (x *Event) String() string
- type GCEConfidentialTechnology
- func (GCEConfidentialTechnology) Descriptor() protoreflect.EnumDescriptor
- func (x GCEConfidentialTechnology) Enum() *GCEConfidentialTechnology
- func (GCEConfidentialTechnology) EnumDescriptor() ([]byte, []int)deprecated
- func (x GCEConfidentialTechnology) Number() protoreflect.EnumNumber
- func (x GCEConfidentialTechnology) String() string
- func (GCEConfidentialTechnology) Type() protoreflect.EnumType
- type GCEInstanceInfo
- func (*GCEInstanceInfo) Descriptor() ([]byte, []int)deprecated
- func (x *GCEInstanceInfo) GetInstanceId() uint64
- func (x *GCEInstanceInfo) GetInstanceName() string
- func (x *GCEInstanceInfo) GetProjectId() string
- func (x *GCEInstanceInfo) GetProjectNumber() uint64
- func (x *GCEInstanceInfo) GetZone() string
- func (*GCEInstanceInfo) ProtoMessage()
- func (x *GCEInstanceInfo) ProtoReflect() protoreflect.Message
- func (x *GCEInstanceInfo) Reset()
- func (x *GCEInstanceInfo) String() string
- type MachineState
- func (*MachineState) Descriptor() ([]byte, []int)deprecated
- func (x *MachineState) GetHash() tpm.HashAlgo
- func (x *MachineState) GetPlatform() *PlatformState
- func (x *MachineState) GetRawEvents() []*Event
- func (*MachineState) ProtoMessage()
- func (x *MachineState) ProtoReflect() protoreflect.Message
- func (x *MachineState) Reset()
- func (x *MachineState) String() string
- type PlatformPolicy
- func (*PlatformPolicy) Descriptor() ([]byte, []int)deprecated
- func (x *PlatformPolicy) GetAllowedScrtmVersionIds() [][]byte
- func (x *PlatformPolicy) GetMinimumGceFirmwareVersion() uint32
- func (x *PlatformPolicy) GetMinimumTechnology() GCEConfidentialTechnology
- func (*PlatformPolicy) ProtoMessage()
- func (x *PlatformPolicy) ProtoReflect() protoreflect.Message
- func (x *PlatformPolicy) Reset()
- func (x *PlatformPolicy) String() string
- type PlatformState
- func (*PlatformState) Descriptor() ([]byte, []int)deprecated
- func (m *PlatformState) GetFirmware() isPlatformState_Firmware
- func (x *PlatformState) GetGceVersion() uint32
- func (x *PlatformState) GetInstanceInfo() *GCEInstanceInfo
- func (x *PlatformState) GetScrtmVersionId() []byte
- func (x *PlatformState) GetTechnology() GCEConfidentialTechnology
- func (*PlatformState) ProtoMessage()
- func (x *PlatformState) ProtoReflect() protoreflect.Message
- func (x *PlatformState) Reset()
- func (x *PlatformState) String() string
- type PlatformState_GceVersion
- type PlatformState_ScrtmVersionId
- type Policy
Constants ¶
This section is empty.
Variables ¶
View Source
var ( GCEConfidentialTechnology_name = map[int32]string{ 0: "NONE", 1: "AMD_SEV", 2: "AMD_SEV_ES", } GCEConfidentialTechnology_value = map[string]int32{ "NONE": 0, "AMD_SEV": 1, "AMD_SEV_ES": 2, } )
Enum value maps for GCEConfidentialTechnology.
View Source
var File_attest_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type Attestation ¶
type Attestation struct {
// Attestation Key (AK) Public Area, encoded as a TPMT_PUBLIC
AkPub []byte `protobuf:"bytes,1,opt,name=ak_pub,json=akPub,proto3" json:"ak_pub,omitempty"`
// Quotes over all supported PCR banks
Quotes []*tpm.Quote `protobuf:"bytes,2,rep,name=quotes,proto3" json:"quotes,omitempty"`
// TCG Event Log, encoded in the raw binary format
EventLog []byte `protobuf:"bytes,3,opt,name=event_log,json=eventLog,proto3" json:"event_log,omitempty"`
// Optional information about a GCE instance, unused outside of GCE
InstanceInfo *GCEInstanceInfo `protobuf:"bytes,4,opt,name=instance_info,json=instanceInfo,proto3" json:"instance_info,omitempty"`
// contains filtered or unexported fields
}
func (*Attestation) Descriptor
deprecated
func (*Attestation) Descriptor() ([]byte, []int)
Deprecated: Use Attestation.ProtoReflect.Descriptor instead.
func (*Attestation) GetAkPub ¶
func (x *Attestation) GetAkPub() []byte
func (*Attestation) GetEventLog ¶
func (x *Attestation) GetEventLog() []byte
func (*Attestation) GetInstanceInfo ¶
func (x *Attestation) GetInstanceInfo() *GCEInstanceInfo
func (*Attestation) GetQuotes ¶
func (x *Attestation) GetQuotes() []*tpm.Quote
func (*Attestation) ProtoMessage ¶
func (*Attestation) ProtoMessage()
func (*Attestation) ProtoReflect ¶
func (x *Attestation) ProtoReflect() protoreflect.Message
func (*Attestation) Reset ¶
func (x *Attestation) Reset()
func (*Attestation) String ¶
func (x *Attestation) String() string
type Event ¶ added in v0.3.3
type Event struct {
// The Platform Control Register (PCR) this event was extended into.
PcrIndex uint32 `protobuf:"varint,1,opt,name=pcr_index,json=pcrIndex,proto3" json:"pcr_index,omitempty"`
// The type of this event. Note that this value is not verified, so it should
// only be used as a hint during event parsing.
UntrustedType uint32 `protobuf:"varint,2,opt,name=untrusted_type,json=untrustedType,proto3" json:"untrusted_type,omitempty"`
// The raw data associated to this event. The meaning of this data is
// specific to the type of the event.
Data []byte `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"`
// The event digest actually extended into the TPM. This is often the hash of
// the data field, but in some cases it may have a type-specific calculation.
Digest []byte `protobuf:"bytes,4,opt,name=digest,proto3" json:"digest,omitempty"`
// This is true if hash(data) == digest.
DigestVerified bool `protobuf:"varint,5,opt,name=digest_verified,json=digestVerified,proto3" json:"digest_verified,omitempty"`
// contains filtered or unexported fields
}
A parsed event from the TCG event log
func (*Event) Descriptor
deprecated
added in
v0.3.3
func (*Event) GetDigestVerified ¶ added in v0.3.11
func (*Event) GetPcrIndex ¶ added in v0.3.11
func (*Event) GetUntrustedType ¶ added in v0.3.3
func (*Event) ProtoMessage ¶ added in v0.3.3
func (*Event) ProtoMessage()
func (*Event) ProtoReflect ¶ added in v0.3.3
func (x *Event) ProtoReflect() protoreflect.Message
type GCEConfidentialTechnology ¶ added in v0.3.3
type GCEConfidentialTechnology int32
Type of hardware technology used to protect this instance
const ( GCEConfidentialTechnology_NONE GCEConfidentialTechnology = 0 GCEConfidentialTechnology_AMD_SEV GCEConfidentialTechnology = 1 GCEConfidentialTechnology_AMD_SEV_ES GCEConfidentialTechnology = 2 )
func (GCEConfidentialTechnology) Descriptor ¶ added in v0.3.3
func (GCEConfidentialTechnology) Descriptor() protoreflect.EnumDescriptor
func (GCEConfidentialTechnology) Enum ¶ added in v0.3.3
func (x GCEConfidentialTechnology) Enum() *GCEConfidentialTechnology
func (GCEConfidentialTechnology) EnumDescriptor
deprecated
added in
v0.3.3
func (GCEConfidentialTechnology) EnumDescriptor() ([]byte, []int)
Deprecated: Use GCEConfidentialTechnology.Descriptor instead.
func (GCEConfidentialTechnology) Number ¶ added in v0.3.3
func (x GCEConfidentialTechnology) Number() protoreflect.EnumNumber
func (GCEConfidentialTechnology) String ¶ added in v0.3.3
func (x GCEConfidentialTechnology) String() string
func (GCEConfidentialTechnology) Type ¶ added in v0.3.3
func (GCEConfidentialTechnology) Type() protoreflect.EnumType
type GCEInstanceInfo ¶
type GCEInstanceInfo struct {
Zone string `protobuf:"bytes,1,opt,name=zone,proto3" json:"zone,omitempty"`
ProjectId string `protobuf:"bytes,2,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty"`
ProjectNumber uint64 `protobuf:"varint,3,opt,name=project_number,json=projectNumber,proto3" json:"project_number,omitempty"`
InstanceName string `protobuf:"bytes,4,opt,name=instance_name,json=instanceName,proto3" json:"instance_name,omitempty"`
InstanceId uint64 `protobuf:"varint,5,opt,name=instance_id,json=instanceId,proto3" json:"instance_id,omitempty"`
// contains filtered or unexported fields
}
Information uniquely identifying a GCE instance. Can be used to create an instance URL, which can then be used with GCE APIs. Formatted like:
https://www.googleapis.com/compute/v1/projects/{project_id}/zones/{zone}/instances/{instance_name}
func (*GCEInstanceInfo) Descriptor
deprecated
func (*GCEInstanceInfo) Descriptor() ([]byte, []int)
Deprecated: Use GCEInstanceInfo.ProtoReflect.Descriptor instead.
func (*GCEInstanceInfo) GetInstanceId ¶
func (x *GCEInstanceInfo) GetInstanceId() uint64
func (*GCEInstanceInfo) GetInstanceName ¶
func (x *GCEInstanceInfo) GetInstanceName() string
func (*GCEInstanceInfo) GetProjectId ¶
func (x *GCEInstanceInfo) GetProjectId() string
func (*GCEInstanceInfo) GetProjectNumber ¶
func (x *GCEInstanceInfo) GetProjectNumber() uint64
func (*GCEInstanceInfo) GetZone ¶
func (x *GCEInstanceInfo) GetZone() string
func (*GCEInstanceInfo) ProtoMessage ¶
func (*GCEInstanceInfo) ProtoMessage()
func (*GCEInstanceInfo) ProtoReflect ¶
func (x *GCEInstanceInfo) ProtoReflect() protoreflect.Message
func (*GCEInstanceInfo) Reset ¶
func (x *GCEInstanceInfo) Reset()
func (*GCEInstanceInfo) String ¶
func (x *GCEInstanceInfo) String() string
type MachineState ¶ added in v0.3.3
type MachineState struct {
Platform *PlatformState `protobuf:"bytes,1,opt,name=platform,proto3" json:"platform,omitempty"`
// The complete parsed TCG Event Log, including those events used to
// create the PlatformState.
RawEvents []*Event `protobuf:"bytes,3,rep,name=raw_events,json=rawEvents,proto3" json:"raw_events,omitempty"`
// The hash algorithm used when verifying the Attestation. This indicates:
// - which PCR bank was used for for quote validation and event log replay
// - the hash algorithm used to calculate event digests
Hash tpm.HashAlgo `protobuf:"varint,4,opt,name=hash,proto3,enum=tpm.HashAlgo" json:"hash,omitempty"`
// contains filtered or unexported fields
}
The verified state of a booted machine, obtained from an Attestation
func (*MachineState) Descriptor
deprecated
added in
v0.3.3
func (*MachineState) Descriptor() ([]byte, []int)
Deprecated: Use MachineState.ProtoReflect.Descriptor instead.
func (*MachineState) GetHash ¶ added in v0.3.11
func (x *MachineState) GetHash() tpm.HashAlgo
func (*MachineState) GetPlatform ¶ added in v0.3.3
func (x *MachineState) GetPlatform() *PlatformState
func (*MachineState) GetRawEvents ¶ added in v0.3.3
func (x *MachineState) GetRawEvents() []*Event
func (*MachineState) ProtoMessage ¶ added in v0.3.3
func (*MachineState) ProtoMessage()
func (*MachineState) ProtoReflect ¶ added in v0.3.3
func (x *MachineState) ProtoReflect() protoreflect.Message
func (*MachineState) Reset ¶ added in v0.3.3
func (x *MachineState) Reset()
func (*MachineState) String ¶ added in v0.3.3
func (x *MachineState) String() string
type PlatformPolicy ¶ added in v0.3.3
type PlatformPolicy struct {
// If PlatformState.firmware contains a scrtm_version_id, it must appear
// in this list. For use with a GCE VM, minimum_gce_firmware_version is
// often a better alternative.
AllowedScrtmVersionIds [][]byte `` /* 131-byte string literal not displayed */
// If PlatformState.firmware contains a minimum_gce_firmware_version, it must
// be greater than or equal to this value. Currently, the max version is 1.
MinimumGceFirmwareVersion uint32 `` /* 141-byte string literal not displayed */
// The PlatformState's technology must be at least as secure as
// the specified minimum_technology (i.e. AMD_SEV_ES > AMD_SEV > NONE).
MinimumTechnology GCEConfidentialTechnology `` /* 151-byte string literal not displayed */
// contains filtered or unexported fields
}
A policy dictating which values of PlatformState to allow
func (*PlatformPolicy) Descriptor
deprecated
added in
v0.3.3
func (*PlatformPolicy) Descriptor() ([]byte, []int)
Deprecated: Use PlatformPolicy.ProtoReflect.Descriptor instead.
func (*PlatformPolicy) GetAllowedScrtmVersionIds ¶ added in v0.3.3
func (x *PlatformPolicy) GetAllowedScrtmVersionIds() [][]byte
func (*PlatformPolicy) GetMinimumGceFirmwareVersion ¶ added in v0.3.3
func (x *PlatformPolicy) GetMinimumGceFirmwareVersion() uint32
func (*PlatformPolicy) GetMinimumTechnology ¶ added in v0.3.3
func (x *PlatformPolicy) GetMinimumTechnology() GCEConfidentialTechnology
func (*PlatformPolicy) ProtoMessage ¶ added in v0.3.3
func (*PlatformPolicy) ProtoMessage()
func (*PlatformPolicy) ProtoReflect ¶ added in v0.3.3
func (x *PlatformPolicy) ProtoReflect() protoreflect.Message
func (*PlatformPolicy) Reset ¶ added in v0.3.3
func (x *PlatformPolicy) Reset()
func (*PlatformPolicy) String ¶ added in v0.3.3
func (x *PlatformPolicy) String() string
type PlatformState ¶ added in v0.3.3
type PlatformState struct {
// Types that are assignable to Firmware:
// *PlatformState_ScrtmVersionId
// *PlatformState_GceVersion
Firmware isPlatformState_Firmware `protobuf_oneof:"firmware"`
// Set to NONE on non-GCE instances or non-Confidential Shielded GCE instances
Technology GCEConfidentialTechnology `protobuf:"varint,3,opt,name=technology,proto3,enum=attest.GCEConfidentialTechnology" json:"technology,omitempty"`
// Only set for GCE instances
InstanceInfo *GCEInstanceInfo `protobuf:"bytes,4,opt,name=instance_info,json=instanceInfo,proto3" json:"instance_info,omitempty"`
// contains filtered or unexported fields
}
The platform/firmware state for this instance
func (*PlatformState) Descriptor
deprecated
added in
v0.3.3
func (*PlatformState) Descriptor() ([]byte, []int)
Deprecated: Use PlatformState.ProtoReflect.Descriptor instead.
func (*PlatformState) GetFirmware ¶ added in v0.3.3
func (m *PlatformState) GetFirmware() isPlatformState_Firmware
func (*PlatformState) GetGceVersion ¶ added in v0.3.3
func (x *PlatformState) GetGceVersion() uint32
func (*PlatformState) GetInstanceInfo ¶ added in v0.3.3
func (x *PlatformState) GetInstanceInfo() *GCEInstanceInfo
func (*PlatformState) GetScrtmVersionId ¶ added in v0.3.3
func (x *PlatformState) GetScrtmVersionId() []byte
func (*PlatformState) GetTechnology ¶ added in v0.3.3
func (x *PlatformState) GetTechnology() GCEConfidentialTechnology
func (*PlatformState) ProtoMessage ¶ added in v0.3.3
func (*PlatformState) ProtoMessage()
func (*PlatformState) ProtoReflect ¶ added in v0.3.3
func (x *PlatformState) ProtoReflect() protoreflect.Message
func (*PlatformState) Reset ¶ added in v0.3.3
func (x *PlatformState) Reset()
func (*PlatformState) String ¶ added in v0.3.3
func (x *PlatformState) String() string
type PlatformState_GceVersion ¶ added in v0.3.3
type PlatformState_GceVersion struct {
// Virtual GCE firmware version (parsed from S-CRTM version id)
GceVersion uint32 `protobuf:"varint,2,opt,name=gce_version,json=gceVersion,proto3,oneof"`
}
type PlatformState_ScrtmVersionId ¶ added in v0.3.3
type PlatformState_ScrtmVersionId struct {
// Raw S-CRTM version identifier (EV_S_CRTM_VERSION)
ScrtmVersionId []byte `protobuf:"bytes,1,opt,name=scrtm_version_id,json=scrtmVersionId,proto3,oneof"`
}
type Policy ¶ added in v0.3.11
type Policy struct {
Platform *PlatformPolicy `protobuf:"bytes,1,opt,name=platform,proto3" json:"platform,omitempty"`
// contains filtered or unexported fields
}
A policy dictating which type of MachineStates to allow
func (*Policy) Descriptor
deprecated
added in
v0.3.11
func (*Policy) GetPlatform ¶ added in v0.3.11
func (x *Policy) GetPlatform() *PlatformPolicy
func (*Policy) ProtoMessage ¶ added in v0.3.11
func (*Policy) ProtoMessage()
func (*Policy) ProtoReflect ¶ added in v0.3.11
func (x *Policy) ProtoReflect() protoreflect.Message
Source Files
Click to show internal directories.
Click to hide internal directories.