launcher

package module

v0.4.5 Latest Latest Go to latest Published: Jan 21, 2025 License: Apache-2.0, BSD-3-Clause Imports: 39 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/google/go-tpm-tools

Links

Open Source Insights

Documentation ¶

Overview ¶

Package launcher contains functionalities to start a measured workload

Index ¶

func FetchImpersonatedToken(ctx context.Context, serviceAccount string, audience string, ...) ([]byte, error)
func SetTPMDAParams(tpm io.ReadWriter, daParams TPMDAParams) error
type ContainerRunner
- func NewRunner(ctx context.Context, cdClient *containerd.Client, token oauth2.Token, ...) (*ContainerRunner, error)
- func (r *ContainerRunner) Close(ctx context.Context)
- func (r *ContainerRunner) Run(ctx context.Context) error
type RetryableError
- func (e *RetryableError) Error() string
type TPMDAParams
- func GetTPMDAInfo(tpm io.ReadWriter) (*TPMDAParams, error)
type WorkloadError
- func (e *WorkloadError) Error() string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func FetchImpersonatedToken ¶ added in v0.4.5

func FetchImpersonatedToken(ctx context.Context, serviceAccount string, audience string, opts ...option.ClientOption) ([]byte, error)

FetchImpersonatedToken return an access token for the impersonated service account.

func SetTPMDAParams ¶ added in v0.4.5

func SetTPMDAParams(tpm io.ReadWriter, daParams TPMDAParams) error

SetTPMDAParams takes in a TPM and updates its Dictionary Attack parameters Only MaxAuthFail, LockoutInterval and LockoutRecovery of TPMDAParams are used in this function.

Types ¶

type ContainerRunner ¶

type ContainerRunner struct {
	// contains filtered or unexported fields
}

ContainerRunner contains information about the container settings

func NewRunner ¶

func NewRunner(ctx context.Context, cdClient *containerd.Client, token oauth2.Token, launchSpec spec.LaunchSpec, mdsClient *metadata.Client, tpm io.ReadWriteCloser, logger logging.Logger, serialConsole *os.File) (*ContainerRunner, error)

NewRunner returns a runner.

func (*ContainerRunner) Close ¶

func (r *ContainerRunner) Close(ctx context.Context)

Close the container runner

func (*ContainerRunner) Run ¶

func (r *ContainerRunner) Run(ctx context.Context) error

Run the container Container output will always be redirected to logger writer for now

type RetryableError ¶

type RetryableError struct {
	Err error
}

RetryableError means launcher should reboot the VM to retry.

func (*RetryableError) Error ¶

func (e *RetryableError) Error() string

type TPMDAParams ¶ added in v0.4.5

type TPMDAParams struct {
	LockoutCounter      uint32
	MaxTries            uint32 // aka "MaxAuthFail" in TPM Properties
	RecoveryTime        uint32 // aka "LockoutInterval" in TPM Properties
	LockoutRecovery     uint32 // aka "LockoutRecovery" in TPM Properties
	StartupClearOrderly bool
}

TPMDAParams holds TPM Dictionary Attack parameters.

func GetTPMDAInfo ¶ added in v0.4.5

func GetTPMDAInfo(tpm io.ReadWriter) (*TPMDAParams, error)

GetTPMDAInfo takes in a TPM and read its Dictionary Attack parameters

type WorkloadError ¶

type WorkloadError struct {
	ReturnCode uint32
}

WorkloadError represents the result of an workload/task that is non-zero.

func (*WorkloadError) Error ¶

func (e *WorkloadError) Error() string

Source Files ¶

View all Source files

Directories ¶

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Path	Synopsis
agent Package agent coordinates the communication between the TPM and the remote attestation service.	Package agent coordinates the communication between the TPM and the remote attestation service.
image
testworkloads/basic command package main is a binary that will print out the MDS vars and check the token.	package main is a binary that will print out the MDS vars and check the token.
testworkloads/customtoken/happypath command package main is a binary that will print out the validation status of a custom attestation token.	package main is a binary that will print out the validation status of a custom attestation token.
internal
experiments Package experiments contains functionalities to retrieve synced experiments	Package experiments contains functionalities to retrieve synced experiments
healthmonitoring/nodeproblemdetector Package nodeproblemdetector provides configurations for node-problem-detector.service.	Package nodeproblemdetector provides configurations for node-problem-detector.service.
launchermount Package launchermount defines mount types for the launcher workload.	Package launchermount defines mount types for the launcher workload.
logging Package logging implements a logger to be used in the client.	Package logging implements a logger to be used in the client.
signaturediscovery Package signaturediscovery contains functionalities to discover container image signatures.	Package signaturediscovery contains functionalities to discover container image signatures.
systemctl Package systemctl implements a subset of systemctl operations.	Package systemctl implements a subset of systemctl operations.
launcher package main is a program that will start a container with attestation.	package main is a program that will start a container with attestation.
launcherfile Package launcherfile contains functions and constants for interacting with launcher files.	Package launcherfile contains functions and constants for interacting with launcher files.
registryauth Package registryauth contains functionalities to authenticate docker repo.	Package registryauth contains functionalities to authenticate docker repo.
spec Package spec contains definition of some basic container launch specs needed to launch a container, provided by the operator.	Package spec contains definition of some basic container launch specs needed to launch a container, provided by the operator.
teeserver Package teeserver implements a server to be run in the launcher.	Package teeserver implements a server to be run in the launcher.