attest

package
v0.4.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 29, 2024 License: Apache-2.0, BSD-3-Clause Imports: 7 Imported by: 18

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	GCEConfidentialTechnology_name = map[int32]string{
		0: "NONE",
		1: "AMD_SEV",
		2: "AMD_SEV_ES",
		3: "INTEL_TDX",
		4: "AMD_SEV_SNP",
	}
	GCEConfidentialTechnology_value = map[string]int32{
		"NONE":        0,
		"AMD_SEV":     1,
		"AMD_SEV_ES":  2,
		"INTEL_TDX":   3,
		"AMD_SEV_SNP": 4,
	}
)

Enum value maps for GCEConfidentialTechnology.

View Source 
var (
	WellKnownCertificate_name = map[int32]string{
		0: "UNKNOWN",
		1: "MS_WINDOWS_PROD_PCA_2011",
		2: "MS_THIRD_PARTY_UEFI_CA_2011",
	}
	WellKnownCertificate_value = map[string]int32{
		"UNKNOWN":                     0,
		"MS_WINDOWS_PROD_PCA_2011":    1,
		"MS_THIRD_PARTY_UEFI_CA_2011": 2,
	}
)

Enum value maps for WellKnownCertificate.

View Source 
var (
	RestartPolicy_name = map[int32]string{
		0: "Always",
		1: "OnFailure",
		2: "Never",
	}
	RestartPolicy_value = map[string]int32{
		"Always":    0,
		"OnFailure": 1,
		"Never":     2,
	}
)

Enum value maps for RestartPolicy.

View Source 
var File_attest_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type Attestation 

type Attestation struct {

	// Attestation Key (AK) Public Area, encoded as a TPMT_PUBLIC
	AkPub []byte `protobuf:"bytes,1,opt,name=ak_pub,json=akPub,proto3" json:"ak_pub,omitempty"`
	// Quotes over all supported PCR banks
	Quotes []*tpm.Quote `protobuf:"bytes,2,rep,name=quotes,proto3" json:"quotes,omitempty"`
	// TCG Event Log, encoded in the raw binary format.
	// Can be SHA-1 or crypto-agile.
	EventLog []byte `protobuf:"bytes,3,opt,name=event_log,json=eventLog,proto3" json:"event_log,omitempty"`
	// Optional information about a GCE instance, unused outside of GCE
	InstanceInfo *GCEInstanceInfo `protobuf:"bytes,4,opt,name=instance_info,json=instanceInfo,proto3" json:"instance_info,omitempty"`
	// A TCG Canonical Event Log.
	CanonicalEventLog []byte `protobuf:"bytes,5,opt,name=canonical_event_log,json=canonicalEventLog,proto3" json:"canonical_event_log,omitempty"`
	// Attestation Key (AK) Certificate, encoded as ASN.1 DER.
	// Optional.
	AkCert []byte `protobuf:"bytes,6,opt,name=ak_cert,json=akCert,proto3" json:"ak_cert,omitempty"`
	// Intermediate Certificates for verifying the AK Certificate, encoded as
	// ASN.1 DER. Optional.
	IntermediateCerts [][]byte `protobuf:"bytes,7,rep,name=intermediate_certs,json=intermediateCerts,proto3" json:"intermediate_certs,omitempty"`
	// Trusted execution environment attestation is a secondary platform
	// attestation that the machine is running within a particular confidential
	// environment.
	//
	// Types that are assignable to TeeAttestation:
	//
	//	*Attestation_SevSnpAttestation
	//	*Attestation_TdxAttestation
	TeeAttestation isAttestation_TeeAttestation `protobuf_oneof:"tee_attestation"`
	// contains filtered or unexported fields
}

func (*Attestation) Descriptor deprecated 

func (*Attestation) Descriptor() ([]byte, []int)

Deprecated: Use Attestation.ProtoReflect.Descriptor instead.

func (*Attestation) GetAkCert added in v0.3.2 

func (x *Attestation) GetAkCert() []byte

func (*Attestation) GetAkPub 

func (x *Attestation) GetAkPub() []byte

func (*Attestation) GetCanonicalEventLog added in v0.3.2 

func (x *Attestation) GetCanonicalEventLog() []byte

func (*Attestation) GetEventLog 

func (x *Attestation) GetEventLog() []byte

func (*Attestation) GetInstanceInfo 

func (x *Attestation) GetInstanceInfo() *GCEInstanceInfo

func (*Attestation) GetIntermediateCerts added in v0.3.4 

func (x *Attestation) GetIntermediateCerts() [][]byte

func (*Attestation) GetQuotes 

func (x *Attestation) GetQuotes() []*tpm.Quote

func (*Attestation) GetSevSnpAttestation added in v0.3.10 

func (x *Attestation) GetSevSnpAttestation() *sevsnp.Attestation

func (*Attestation) GetTdxAttestation added in v0.4.1 

func (x *Attestation) GetTdxAttestation() *tdx.QuoteV4

func (*Attestation) GetTeeAttestation added in v0.3.10 

func (m *Attestation) GetTeeAttestation() isAttestation_TeeAttestation

func (*Attestation) ProtoMessage 

func (*Attestation) ProtoMessage()

func (*Attestation) ProtoReflect 

func (x *Attestation) ProtoReflect() protoreflect.Message

func (*Attestation) Reset 

func (x *Attestation) Reset()

func (*Attestation) String 

func (x *Attestation) String() string

type Attestation_SevSnpAttestation added in v0.3.10 

type Attestation_SevSnpAttestation struct {
	SevSnpAttestation *sevsnp.Attestation `protobuf:"bytes,8,opt,name=sev_snp_attestation,json=sevSnpAttestation,proto3,oneof"`
}

type Attestation_TdxAttestation added in v0.4.1 

type Attestation_TdxAttestation struct {
	TdxAttestation *tdx.QuoteV4 `protobuf:"bytes,9,opt,name=tdx_attestation,json=tdxAttestation,proto3,oneof"`
}

type AttestedCosState added in v0.3.2 

type AttestedCosState struct {
	Container        *ContainerState        `protobuf:"bytes,1,opt,name=container,proto3" json:"container,omitempty"`
	CosVersion       *SemanticVersion       `protobuf:"bytes,2,opt,name=cos_version,json=cosVersion,proto3" json:"cos_version,omitempty"`
	LauncherVersion  *SemanticVersion       `protobuf:"bytes,3,opt,name=launcher_version,json=launcherVersion,proto3" json:"launcher_version,omitempty"`
	HealthMonitoring *HealthMonitoringState `protobuf:"bytes,4,opt,name=health_monitoring,json=healthMonitoring,proto3" json:"health_monitoring,omitempty"`
	// contains filtered or unexported fields
}

func (*AttestedCosState) Descriptor deprecated added in v0.3.2 

func (*AttestedCosState) Descriptor() ([]byte, []int)

Deprecated: Use AttestedCosState.ProtoReflect.Descriptor instead.

func (*AttestedCosState) GetContainer added in v0.3.2 

func (x *AttestedCosState) GetContainer() *ContainerState

func (*AttestedCosState) GetCosVersion added in v0.3.2 

func (x *AttestedCosState) GetCosVersion() *SemanticVersion

func (*AttestedCosState) GetHealthMonitoring added in v0.4.3 

func (x *AttestedCosState) GetHealthMonitoring() *HealthMonitoringState

func (*AttestedCosState) GetLauncherVersion added in v0.3.2 

func (x *AttestedCosState) GetLauncherVersion() *SemanticVersion

func (*AttestedCosState) ProtoMessage added in v0.3.2 

func (*AttestedCosState) ProtoMessage()

func (*AttestedCosState) ProtoReflect added in v0.3.2 

func (x *AttestedCosState) ProtoReflect() protoreflect.Message

func (*AttestedCosState) Reset added in v0.3.2 

func (x *AttestedCosState) Reset()

func (*AttestedCosState) String added in v0.3.2 

func (x *AttestedCosState) String() string

type Certificate added in v0.3.2 

type Certificate struct {

	// The representation of the certificate. If the certificate matches a
	// well-known certificate above, representation should contain the value in
	// the enum. Otherwise, it will contain the raw DER.
	//
	// Types that are assignable to Representation:
	//
	//	*Certificate_Der
	//	*Certificate_WellKnown
	Representation isCertificate_Representation `protobuf_oneof:"representation"`
	// contains filtered or unexported fields
}

func (*Certificate) Descriptor deprecated added in v0.3.2 

func (*Certificate) Descriptor() ([]byte, []int)

Deprecated: Use Certificate.ProtoReflect.Descriptor instead.

func (*Certificate) GetDer added in v0.3.2 

func (x *Certificate) GetDer() []byte

func (*Certificate) GetRepresentation added in v0.3.2 

func (m *Certificate) GetRepresentation() isCertificate_Representation

func (*Certificate) GetWellKnown added in v0.3.2 

func (x *Certificate) GetWellKnown() WellKnownCertificate

func (*Certificate) ProtoMessage added in v0.3.2 

func (*Certificate) ProtoMessage()

func (*Certificate) ProtoReflect added in v0.3.2 

func (x *Certificate) ProtoReflect() protoreflect.Message

func (*Certificate) Reset added in v0.3.2 

func (x *Certificate) Reset()

func (*Certificate) String added in v0.3.2 

func (x *Certificate) String() string

type Certificate_Der added in v0.3.2 

type Certificate_Der struct {
	// DER representation of the certificate.
	Der []byte `protobuf:"bytes,1,opt,name=der,proto3,oneof"`
}

type Certificate_WellKnown added in v0.3.2 

type Certificate_WellKnown struct {
	WellKnown WellKnownCertificate `protobuf:"varint,2,opt,name=well_known,json=wellKnown,proto3,enum=attest.WellKnownCertificate,oneof"`
}

type ContainerState added in v0.3.2 

type ContainerState struct {
	ImageReference string `protobuf:"bytes,1,opt,name=image_reference,json=imageReference,proto3" json:"image_reference,omitempty"`
	// Digest of the registry's image manifest, which contains a list of the
	// layers comprising the image.
	ImageDigest   string        `protobuf:"bytes,2,opt,name=image_digest,json=imageDigest,proto3" json:"image_digest,omitempty"`
	RestartPolicy RestartPolicy `` /* 127-byte string literal not displayed */
	// Digest of the local image configuration object, containing config items
	// such as local layer digests.
	ImageId string            `protobuf:"bytes,4,opt,name=image_id,json=imageId,proto3" json:"image_id,omitempty"`
	Args    []string          `protobuf:"bytes,5,rep,name=args,proto3" json:"args,omitempty"`
	EnvVars map[string]string `` /* 170-byte string literal not displayed */
	// Record operator input Env Vars and Args, should be subsets of the above
	// Env Vars and Args.
	OverriddenArgs    []string          `protobuf:"bytes,7,rep,name=overridden_args,json=overriddenArgs,proto3" json:"overridden_args,omitempty"`
	OverriddenEnvVars map[string]string `` /* 202-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*ContainerState) Descriptor deprecated added in v0.3.2 

func (*ContainerState) Descriptor() ([]byte, []int)

Deprecated: Use ContainerState.ProtoReflect.Descriptor instead.

func (*ContainerState) GetArgs added in v0.3.2 

func (x *ContainerState) GetArgs() []string

func (*ContainerState) GetEnvVars added in v0.3.2 

func (x *ContainerState) GetEnvVars() map[string]string

func (*ContainerState) GetImageDigest added in v0.3.2 

func (x *ContainerState) GetImageDigest() string

func (*ContainerState) GetImageId added in v0.3.2 

func (x *ContainerState) GetImageId() string

func (*ContainerState) GetImageReference added in v0.3.2 

func (x *ContainerState) GetImageReference() string

func (*ContainerState) GetOverriddenArgs added in v0.3.9 

func (x *ContainerState) GetOverriddenArgs() []string

func (*ContainerState) GetOverriddenEnvVars added in v0.3.9 

func (x *ContainerState) GetOverriddenEnvVars() map[string]string

func (*ContainerState) GetRestartPolicy added in v0.3.2 

func (x *ContainerState) GetRestartPolicy() RestartPolicy

func (*ContainerState) ProtoMessage added in v0.3.2 

func (*ContainerState) ProtoMessage()

func (*ContainerState) ProtoReflect added in v0.3.2 

func (x *ContainerState) ProtoReflect() protoreflect.Message

func (*ContainerState) Reset added in v0.3.2 

func (x *ContainerState) Reset()

func (*ContainerState) String added in v0.3.2 

func (x *ContainerState) String() string

type Database added in v0.3.2 

type Database struct {
	Certs  []*Certificate `protobuf:"bytes,1,rep,name=certs,proto3" json:"certs,omitempty"`
	Hashes [][]byte       `protobuf:"bytes,2,rep,name=hashes,proto3" json:"hashes,omitempty"`
	// contains filtered or unexported fields
}

A Secure Boot database containing lists of hashes and certificates, as defined by section 32.4.1 Signature Database in the UEFI spec.

func (*Database) Descriptor deprecated added in v0.3.2 

func (*Database) Descriptor() ([]byte, []int)

Deprecated: Use Database.ProtoReflect.Descriptor instead.

func (*Database) GetCerts added in v0.3.2 

func (x *Database) GetCerts() []*Certificate

func (*Database) GetHashes added in v0.3.2 

func (x *Database) GetHashes() [][]byte

func (*Database) ProtoMessage added in v0.3.2 

func (*Database) ProtoMessage()

func (*Database) ProtoReflect added in v0.3.2 

func (x *Database) ProtoReflect() protoreflect.Message

func (*Database) Reset added in v0.3.2 

func (x *Database) Reset()

func (*Database) String added in v0.3.2 

func (x *Database) String() string

type EfiApp added in v0.3.11 

type EfiApp struct {

	// The PE/COFF digest of the EFI application (pulled from the raw event digest).
	Digest []byte `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"`
	// contains filtered or unexported fields
}

func (*EfiApp) Descriptor deprecated added in v0.3.11 

func (*EfiApp) Descriptor() ([]byte, []int)

Deprecated: Use EfiApp.ProtoReflect.Descriptor instead.

func (*EfiApp) GetDigest added in v0.3.11 

func (x *EfiApp) GetDigest() []byte

func (*EfiApp) ProtoMessage added in v0.3.11 

func (*EfiApp) ProtoMessage()

func (*EfiApp) ProtoReflect added in v0.3.11 

func (x *EfiApp) ProtoReflect() protoreflect.Message

func (*EfiApp) Reset added in v0.3.11 

func (x *EfiApp) Reset()

func (*EfiApp) String added in v0.3.11 

func (x *EfiApp) String() string

type EfiState added in v0.3.11 

type EfiState struct {

	// UEFI's OS Loader code is required to measure attempts to load and execute
	// UEFI applications.
	// UEFI applications are typically bootloaders such as shim and GRUB.
	// These run and are measured using the UEFI LoadImage() service.
	Apps []*EfiApp `protobuf:"bytes,1,rep,name=apps,proto3" json:"apps,omitempty"`
	// contains filtered or unexported fields
}

The verified state of EFI Applications. Policy usage on this machine state should check the entire set of EFI App digests matches, not a subset.

func (*EfiState) Descriptor deprecated added in v0.3.11 

func (*EfiState) Descriptor() ([]byte, []int)

Deprecated: Use EfiState.ProtoReflect.Descriptor instead.

func (*EfiState) GetApps added in v0.3.11 

func (x *EfiState) GetApps() []*EfiApp

func (*EfiState) ProtoMessage added in v0.3.11 

func (*EfiState) ProtoMessage()

func (*EfiState) ProtoReflect added in v0.3.11 

func (x *EfiState) ProtoReflect() protoreflect.Message

func (*EfiState) Reset added in v0.3.11 

func (x *EfiState) Reset()

func (*EfiState) String added in v0.3.11 

func (x *EfiState) String() string

type Event 

type Event struct {

	// The Platform Control Register (PCR) this event was extended into.
	PcrIndex uint32 `protobuf:"varint,1,opt,name=pcr_index,json=pcrIndex,proto3" json:"pcr_index,omitempty"`
	// The type of this event. Note that this value is not verified, so it should
	// only be used as a hint during event parsing.
	UntrustedType uint32 `protobuf:"varint,2,opt,name=untrusted_type,json=untrustedType,proto3" json:"untrusted_type,omitempty"`
	// The raw data associated to this event. The meaning of this data is
	// specific to the type of the event.
	Data []byte `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"`
	// The event digest actually extended into the TPM. This is often the hash of
	// the data field, but in some cases it may have a type-specific calculation.
	Digest []byte `protobuf:"bytes,4,opt,name=digest,proto3" json:"digest,omitempty"`
	// This is true if hash(data) == digest.
	DigestVerified bool `protobuf:"varint,5,opt,name=digest_verified,json=digestVerified,proto3" json:"digest_verified,omitempty"`
	// contains filtered or unexported fields
}

A parsed event from the TCG event log

func (*Event) Descriptor deprecated 

func (*Event) Descriptor() ([]byte, []int)

Deprecated: Use Event.ProtoReflect.Descriptor instead.

func (*Event) GetData 

func (x *Event) GetData() []byte

func (*Event) GetDigest 

func (x *Event) GetDigest() []byte

func (*Event) GetDigestVerified 

func (x *Event) GetDigestVerified() bool

func (*Event) GetPcrIndex 

func (x *Event) GetPcrIndex() uint32

func (*Event) GetUntrustedType 

func (x *Event) GetUntrustedType() uint32

func (*Event) ProtoMessage 

func (*Event) ProtoMessage()

func (*Event) ProtoReflect 

func (x *Event) ProtoReflect() protoreflect.Message

func (*Event) Reset 

func (x *Event) Reset()

func (*Event) String 

func (x *Event) String() string

type GCEConfidentialTechnology 

type GCEConfidentialTechnology int32

Type of hardware technology used to protect this instance 

const (
	GCEConfidentialTechnology_NONE        GCEConfidentialTechnology = 0
	GCEConfidentialTechnology_AMD_SEV     GCEConfidentialTechnology = 1
	GCEConfidentialTechnology_AMD_SEV_ES  GCEConfidentialTechnology = 2
	GCEConfidentialTechnology_INTEL_TDX   GCEConfidentialTechnology = 3
	GCEConfidentialTechnology_AMD_SEV_SNP GCEConfidentialTechnology = 4
)

func (GCEConfidentialTechnology) Descriptor 

func (GCEConfidentialTechnology) Descriptor() protoreflect.EnumDescriptor

func (GCEConfidentialTechnology) Enum 

func (x GCEConfidentialTechnology) Enum() *GCEConfidentialTechnology

func (GCEConfidentialTechnology) EnumDescriptor deprecated 

func (GCEConfidentialTechnology) EnumDescriptor() ([]byte, []int)

Deprecated: Use GCEConfidentialTechnology.Descriptor instead.

func (GCEConfidentialTechnology) Number 

func (x GCEConfidentialTechnology) Number() protoreflect.EnumNumber

func (GCEConfidentialTechnology) String 

func (x GCEConfidentialTechnology) String() string

func (GCEConfidentialTechnology) Type 

func (GCEConfidentialTechnology) Type() protoreflect.EnumType

type GCEInstanceInfo 

type GCEInstanceInfo struct {
	Zone          string `protobuf:"bytes,1,opt,name=zone,proto3" json:"zone,omitempty"`
	ProjectId     string `protobuf:"bytes,2,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty"`
	ProjectNumber uint64 `protobuf:"varint,3,opt,name=project_number,json=projectNumber,proto3" json:"project_number,omitempty"`
	InstanceName  string `protobuf:"bytes,4,opt,name=instance_name,json=instanceName,proto3" json:"instance_name,omitempty"`
	InstanceId    uint64 `protobuf:"varint,5,opt,name=instance_id,json=instanceId,proto3" json:"instance_id,omitempty"`
	// contains filtered or unexported fields
}

Information uniquely identifying a GCE instance. Can be used to create an instance URL, which can then be used with GCE APIs. Formatted like: 

https://www.googleapis.com/compute/v1/projects/{project_id}/zones/{zone}/instances/{instance_name}

func (*GCEInstanceInfo) Descriptor deprecated 

func (*GCEInstanceInfo) Descriptor() ([]byte, []int)

Deprecated: Use GCEInstanceInfo.ProtoReflect.Descriptor instead.

func (*GCEInstanceInfo) GetInstanceId 

func (x *GCEInstanceInfo) GetInstanceId() uint64

func (*GCEInstanceInfo) GetInstanceName 

func (x *GCEInstanceInfo) GetInstanceName() string

func (*GCEInstanceInfo) GetProjectId 

func (x *GCEInstanceInfo) GetProjectId() string

func (*GCEInstanceInfo) GetProjectNumber 

func (x *GCEInstanceInfo) GetProjectNumber() uint64

func (*GCEInstanceInfo) GetZone 

func (x *GCEInstanceInfo) GetZone() string

func (*GCEInstanceInfo) ProtoMessage 

func (*GCEInstanceInfo) ProtoMessage()

func (*GCEInstanceInfo) ProtoReflect 

func (x *GCEInstanceInfo) ProtoReflect() protoreflect.Message

func (*GCEInstanceInfo) Reset 

func (x *GCEInstanceInfo) Reset()

func (*GCEInstanceInfo) String 

func (x *GCEInstanceInfo) String() string

type GrubFile added in v0.3.9 

type GrubFile struct {

	// The digest of the file (pulled from the raw event digest).
	Digest []byte `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"`
	// The event data. This is not measured, so it is untrusted.
	UntrustedFilename []byte `protobuf:"bytes,2,opt,name=untrusted_filename,json=untrustedFilename,proto3" json:"untrusted_filename,omitempty"`
	// contains filtered or unexported fields
}

func (*GrubFile) Descriptor deprecated added in v0.3.9 

func (*GrubFile) Descriptor() ([]byte, []int)

Deprecated: Use GrubFile.ProtoReflect.Descriptor instead.

func (*GrubFile) GetDigest added in v0.3.9 

func (x *GrubFile) GetDigest() []byte

func (*GrubFile) GetUntrustedFilename added in v0.3.9 

func (x *GrubFile) GetUntrustedFilename() []byte

func (*GrubFile) ProtoMessage added in v0.3.9 

func (*GrubFile) ProtoMessage()

func (*GrubFile) ProtoReflect added in v0.3.9 

func (x *GrubFile) ProtoReflect() protoreflect.Message

func (*GrubFile) Reset added in v0.3.9 

func (x *GrubFile) Reset()

func (*GrubFile) String added in v0.3.9 

func (x *GrubFile) String() string

type GrubState added in v0.3.9 

type GrubState struct {

	// All GRUB-read and measured files, including grub.cfg.
	Files []*GrubFile `protobuf:"bytes,1,rep,name=files,proto3" json:"files,omitempty"`
	// A list of executed GRUB commands and command lines passed to the kernel
	// and kernel modules.
	Commands []string `protobuf:"bytes,2,rep,name=commands,proto3" json:"commands,omitempty"`
	// contains filtered or unexported fields
}

func (*GrubState) Descriptor deprecated added in v0.3.9 

func (*GrubState) Descriptor() ([]byte, []int)

Deprecated: Use GrubState.ProtoReflect.Descriptor instead.

func (*GrubState) GetCommands added in v0.3.9 

func (x *GrubState) GetCommands() []string

func (*GrubState) GetFiles added in v0.3.9 

func (x *GrubState) GetFiles() []*GrubFile

func (*GrubState) ProtoMessage added in v0.3.9 

func (*GrubState) ProtoMessage()

func (*GrubState) ProtoReflect added in v0.3.9 

func (x *GrubState) ProtoReflect() protoreflect.Message

func (*GrubState) Reset added in v0.3.9 

func (x *GrubState) Reset()

func (*GrubState) String added in v0.3.9 

func (x *GrubState) String() string

type HealthMonitoringState added in v0.4.3 

type HealthMonitoringState struct {

	// Whether memory monitoring is enabled.
	MemoryEnabled *bool `protobuf:"varint,1,opt,name=memory_enabled,json=memoryEnabled,proto3,oneof" json:"memory_enabled,omitempty"`
	// contains filtered or unexported fields
}

func (*HealthMonitoringState) Descriptor deprecated added in v0.4.3 

func (*HealthMonitoringState) Descriptor() ([]byte, []int)

Deprecated: Use HealthMonitoringState.ProtoReflect.Descriptor instead.

func (*HealthMonitoringState) GetMemoryEnabled added in v0.4.3 

func (x *HealthMonitoringState) GetMemoryEnabled() bool

func (*HealthMonitoringState) ProtoMessage added in v0.4.3 

func (*HealthMonitoringState) ProtoMessage()

func (*HealthMonitoringState) ProtoReflect added in v0.4.3 

func (x *HealthMonitoringState) ProtoReflect() protoreflect.Message

func (*HealthMonitoringState) Reset added in v0.4.3 

func (x *HealthMonitoringState) Reset()

func (*HealthMonitoringState) String added in v0.4.3 

func (x *HealthMonitoringState) String() string

type LinuxKernelState added in v0.3.9 

type LinuxKernelState struct {

	// The kernel command line.
	CommandLine string `protobuf:"bytes,1,opt,name=command_line,json=commandLine,proto3" json:"command_line,omitempty"`
	// contains filtered or unexported fields
}

The state of the Linux kernel. At the moment, parsing LinuxKernelState relies on parsing the GrubState. To do so, use ParseOpts{Loader: GRUB} when calling ParseMachineState.

func (*LinuxKernelState) Descriptor deprecated added in v0.3.9 

func (*LinuxKernelState) Descriptor() ([]byte, []int)

Deprecated: Use LinuxKernelState.ProtoReflect.Descriptor instead.

func (*LinuxKernelState) GetCommandLine added in v0.3.9 

func (x *LinuxKernelState) GetCommandLine() string

func (*LinuxKernelState) ProtoMessage added in v0.3.9 

func (*LinuxKernelState) ProtoMessage()

func (*LinuxKernelState) ProtoReflect added in v0.3.9 

func (x *LinuxKernelState) ProtoReflect() protoreflect.Message

func (*LinuxKernelState) Reset added in v0.3.9 

func (x *LinuxKernelState) Reset()

func (*LinuxKernelState) String added in v0.3.9 

func (x *LinuxKernelState) String() string

type MachineState 

type MachineState struct {
	Platform   *PlatformState   `protobuf:"bytes,1,opt,name=platform,proto3" json:"platform,omitempty"`
	SecureBoot *SecureBootState `protobuf:"bytes,2,opt,name=secure_boot,json=secureBoot,proto3" json:"secure_boot,omitempty"`
	// The complete parsed TCG Event Log, including those events used to
	// create the PlatformState.
	RawEvents []*Event `protobuf:"bytes,3,rep,name=raw_events,json=rawEvents,proto3" json:"raw_events,omitempty"`
	// The hash algorithm used when verifying the Attestation. This indicates:
	//   - which PCR bank was used for for quote validation and event log replay
	//   - the hash algorithm used to calculate event digests
	Hash        tpm.HashAlgo      `protobuf:"varint,4,opt,name=hash,proto3,enum=tpm.HashAlgo" json:"hash,omitempty"`
	Grub        *GrubState        `protobuf:"bytes,5,opt,name=grub,proto3" json:"grub,omitempty"`
	LinuxKernel *LinuxKernelState `protobuf:"bytes,6,opt,name=linux_kernel,json=linuxKernel,proto3" json:"linux_kernel,omitempty"`
	Cos         *AttestedCosState `protobuf:"bytes,7,opt,name=cos,proto3" json:"cos,omitempty"`
	Efi         *EfiState         `protobuf:"bytes,8,opt,name=efi,proto3" json:"efi,omitempty"`
	// contains filtered or unexported fields
}

The verified state of a booted machine, obtained from an Attestation

func (*MachineState) Descriptor deprecated 

func (*MachineState) Descriptor() ([]byte, []int)

Deprecated: Use MachineState.ProtoReflect.Descriptor instead.

func (*MachineState) GetCos added in v0.3.2 

func (x *MachineState) GetCos() *AttestedCosState

func (*MachineState) GetEfi added in v0.3.11 

func (x *MachineState) GetEfi() *EfiState

func (*MachineState) GetGrub added in v0.3.9 

func (x *MachineState) GetGrub() *GrubState

func (*MachineState) GetHash 

func (x *MachineState) GetHash() tpm.HashAlgo

func (*MachineState) GetLinuxKernel added in v0.3.9 

func (x *MachineState) GetLinuxKernel() *LinuxKernelState

func (*MachineState) GetPlatform 

func (x *MachineState) GetPlatform() *PlatformState

func (*MachineState) GetRawEvents 

func (x *MachineState) GetRawEvents() []*Event

func (*MachineState) GetSecureBoot added in v0.3.2 

func (x *MachineState) GetSecureBoot() *SecureBootState

func (*MachineState) ProtoMessage 

func (*MachineState) ProtoMessage()

func (*MachineState) ProtoReflect 

func (x *MachineState) ProtoReflect() protoreflect.Message

func (*MachineState) Reset 

func (x *MachineState) Reset()

func (*MachineState) String 

func (x *MachineState) String() string

type PlatformPolicy 

type PlatformPolicy struct {

	// If PlatformState.firmware contains a scrtm_version_id, it must appear
	// in this list. For use with a GCE VM, minimum_gce_firmware_version is
	// often a better alternative.
	AllowedScrtmVersionIds [][]byte `` /* 131-byte string literal not displayed */
	// If PlatformState.firmware contains a minimum_gce_firmware_version, it must
	// be greater than or equal to this value. Currently, the max version is 1.
	MinimumGceFirmwareVersion uint32 `` /* 141-byte string literal not displayed */
	// The PlatformState's technology must be at least as secure as
	// the specified minimum_technology (i.e. AMD_SEV_ES > AMD_SEV > NONE).
	MinimumTechnology GCEConfidentialTechnology `` /* 151-byte string literal not displayed */
	// contains filtered or unexported fields
}

A policy dictating which values of PlatformState to allow

func (*PlatformPolicy) Descriptor deprecated 

func (*PlatformPolicy) Descriptor() ([]byte, []int)

Deprecated: Use PlatformPolicy.ProtoReflect.Descriptor instead.

func (*PlatformPolicy) GetAllowedScrtmVersionIds 

func (x *PlatformPolicy) GetAllowedScrtmVersionIds() [][]byte

func (*PlatformPolicy) GetMinimumGceFirmwareVersion 

func (x *PlatformPolicy) GetMinimumGceFirmwareVersion() uint32

func (*PlatformPolicy) GetMinimumTechnology 

func (x *PlatformPolicy) GetMinimumTechnology() GCEConfidentialTechnology

func (*PlatformPolicy) ProtoMessage 

func (*PlatformPolicy) ProtoMessage()

func (*PlatformPolicy) ProtoReflect 

func (x *PlatformPolicy) ProtoReflect() protoreflect.Message

func (*PlatformPolicy) Reset 

func (x *PlatformPolicy) Reset()

func (*PlatformPolicy) String 

func (x *PlatformPolicy) String() string

type PlatformState 

type PlatformState struct {

	// Types that are assignable to Firmware:
	//
	//	*PlatformState_ScrtmVersionId
	//	*PlatformState_GceVersion
	Firmware isPlatformState_Firmware `protobuf_oneof:"firmware"`
	// Set to NONE on non-GCE instances or non-Confidential Shielded GCE instances
	Technology GCEConfidentialTechnology `protobuf:"varint,3,opt,name=technology,proto3,enum=attest.GCEConfidentialTechnology" json:"technology,omitempty"`
	// Only set for GCE instances
	InstanceInfo *GCEInstanceInfo `protobuf:"bytes,4,opt,name=instance_info,json=instanceInfo,proto3" json:"instance_info,omitempty"`
	// contains filtered or unexported fields
}

The platform/firmware state for this instance

func (*PlatformState) Descriptor deprecated 

func (*PlatformState) Descriptor() ([]byte, []int)

Deprecated: Use PlatformState.ProtoReflect.Descriptor instead.

func (*PlatformState) GetFirmware 

func (m *PlatformState) GetFirmware() isPlatformState_Firmware

func (*PlatformState) GetGceVersion 

func (x *PlatformState) GetGceVersion() uint32

func (*PlatformState) GetInstanceInfo 

func (x *PlatformState) GetInstanceInfo() *GCEInstanceInfo

func (*PlatformState) GetScrtmVersionId 

func (x *PlatformState) GetScrtmVersionId() []byte

func (*PlatformState) GetTechnology 

func (x *PlatformState) GetTechnology() GCEConfidentialTechnology

func (*PlatformState) ProtoMessage 

func (*PlatformState) ProtoMessage()

func (*PlatformState) ProtoReflect 

func (x *PlatformState) ProtoReflect() protoreflect.Message

func (*PlatformState) Reset 

func (x *PlatformState) Reset()

func (*PlatformState) String 

func (x *PlatformState) String() string

type PlatformState_GceVersion 

type PlatformState_GceVersion struct {
	// Virtual GCE firmware version (parsed from S-CRTM version id)
	GceVersion uint32 `protobuf:"varint,2,opt,name=gce_version,json=gceVersion,proto3,oneof"`
}

type PlatformState_ScrtmVersionId 

type PlatformState_ScrtmVersionId struct {
	// Raw S-CRTM version identifier (EV_S_CRTM_VERSION)
	ScrtmVersionId []byte `protobuf:"bytes,1,opt,name=scrtm_version_id,json=scrtmVersionId,proto3,oneof"`
}

type Policy 

type Policy struct {
	Platform *PlatformPolicy `protobuf:"bytes,1,opt,name=platform,proto3" json:"platform,omitempty"`
	// contains filtered or unexported fields
}

A policy dictating which type of MachineStates to allow

func (*Policy) Descriptor deprecated 

func (*Policy) Descriptor() ([]byte, []int)

Deprecated: Use Policy.ProtoReflect.Descriptor instead.

func (*Policy) GetPlatform 

func (x *Policy) GetPlatform() *PlatformPolicy

func (*Policy) ProtoMessage 

func (*Policy) ProtoMessage()

func (*Policy) ProtoReflect 

func (x *Policy) ProtoReflect() protoreflect.Message

func (*Policy) Reset 

func (x *Policy) Reset()

func (*Policy) String 

func (x *Policy) String() string

type RestartPolicy added in v0.3.2 

type RestartPolicy int32

The container's restart policy. See the following Kubernetes documentation for more details: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy Note that these enum variants do not conform to the standard Protocol Buffers Style Guide so that RestartPolicy_name, RestartPolicy_value, and RestartPolicy.String() match the values used by Kubernetes and others. 

const (
	RestartPolicy_Always    RestartPolicy = 0
	RestartPolicy_OnFailure RestartPolicy = 1
	RestartPolicy_Never     RestartPolicy = 2
)

func (RestartPolicy) Descriptor added in v0.3.2 

func (RestartPolicy) Descriptor() protoreflect.EnumDescriptor

func (RestartPolicy) Enum added in v0.3.2 

func (x RestartPolicy) Enum() *RestartPolicy

func (RestartPolicy) EnumDescriptor deprecated added in v0.3.2 

func (RestartPolicy) EnumDescriptor() ([]byte, []int)

Deprecated: Use RestartPolicy.Descriptor instead.

func (RestartPolicy) Number added in v0.3.2 

func (x RestartPolicy) Number() protoreflect.EnumNumber

func (RestartPolicy) String added in v0.3.2 

func (x RestartPolicy) String() string

func (RestartPolicy) Type added in v0.3.2 

func (RestartPolicy) Type() protoreflect.EnumType

type SecureBootState added in v0.3.2 

type SecureBootState struct {

	// Whether Secure Boot is enabled.
	Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// The Secure Boot signature (allowed) database.
	Db *Database `protobuf:"bytes,2,opt,name=db,proto3" json:"db,omitempty"`
	// The Secure Boot revoked signature (forbidden) database.
	Dbx *Database `protobuf:"bytes,3,opt,name=dbx,proto3" json:"dbx,omitempty"`
	// Authority events post-separator. Pre-separator authorities
	// are currently not supported.
	Authority *Database `protobuf:"bytes,4,opt,name=authority,proto3" json:"authority,omitempty"`
	// contains filtered or unexported fields
}

The Secure Boot state for this instance.

func (*SecureBootState) Descriptor deprecated added in v0.3.2 

func (*SecureBootState) Descriptor() ([]byte, []int)

Deprecated: Use SecureBootState.ProtoReflect.Descriptor instead.

func (*SecureBootState) GetAuthority added in v0.3.2 

func (x *SecureBootState) GetAuthority() *Database

func (*SecureBootState) GetDb added in v0.3.2 

func (x *SecureBootState) GetDb() *Database

func (*SecureBootState) GetDbx added in v0.3.2 

func (x *SecureBootState) GetDbx() *Database

func (*SecureBootState) GetEnabled added in v0.3.2 

func (x *SecureBootState) GetEnabled() bool

func (*SecureBootState) ProtoMessage added in v0.3.2 

func (*SecureBootState) ProtoMessage()

func (*SecureBootState) ProtoReflect added in v0.3.2 

func (x *SecureBootState) ProtoReflect() protoreflect.Message

func (*SecureBootState) Reset added in v0.3.2 

func (x *SecureBootState) Reset()

func (*SecureBootState) String added in v0.3.2 

func (x *SecureBootState) String() string

type SemanticVersion added in v0.3.2 

type SemanticVersion struct {
	Major uint32 `protobuf:"varint,1,opt,name=major,proto3" json:"major,omitempty"`
	Minor uint32 `protobuf:"varint,2,opt,name=minor,proto3" json:"minor,omitempty"`
	Patch uint32 `protobuf:"varint,3,opt,name=patch,proto3" json:"patch,omitempty"`
	// contains filtered or unexported fields
}

func (*SemanticVersion) Descriptor deprecated added in v0.3.2 

func (*SemanticVersion) Descriptor() ([]byte, []int)

Deprecated: Use SemanticVersion.ProtoReflect.Descriptor instead.

func (*SemanticVersion) GetMajor added in v0.3.2 

func (x *SemanticVersion) GetMajor() uint32

func (*SemanticVersion) GetMinor added in v0.3.2 

func (x *SemanticVersion) GetMinor() uint32

func (*SemanticVersion) GetPatch added in v0.3.2 

func (x *SemanticVersion) GetPatch() uint32

func (*SemanticVersion) ProtoMessage added in v0.3.2 

func (*SemanticVersion) ProtoMessage()

func (*SemanticVersion) ProtoReflect added in v0.3.2 

func (x *SemanticVersion) ProtoReflect() protoreflect.Message

func (*SemanticVersion) Reset added in v0.3.2 

func (x *SemanticVersion) Reset()

func (*SemanticVersion) String added in v0.3.2 

func (x *SemanticVersion) String() string

type WellKnownCertificate added in v0.3.2 

type WellKnownCertificate int32

Common, publicly-listed certificates by different vendors. 

const (
	WellKnownCertificate_UNKNOWN WellKnownCertificate = 0
	// Microsoft certs:
	// https://go.microsoft.com/fwlink/p/?linkid=321192
	WellKnownCertificate_MS_WINDOWS_PROD_PCA_2011 WellKnownCertificate = 1
	// https://go.microsoft.com/fwlink/p/?linkid=321194
	WellKnownCertificate_MS_THIRD_PARTY_UEFI_CA_2011 WellKnownCertificate = 2
)

func (WellKnownCertificate) Descriptor added in v0.3.2 

func (WellKnownCertificate) Descriptor() protoreflect.EnumDescriptor

func (WellKnownCertificate) Enum added in v0.3.2 

func (x WellKnownCertificate) Enum() *WellKnownCertificate

func (WellKnownCertificate) EnumDescriptor deprecated added in v0.3.2 

func (WellKnownCertificate) EnumDescriptor() ([]byte, []int)

Deprecated: Use WellKnownCertificate.Descriptor instead.

func (WellKnownCertificate) Number added in v0.3.2 

func (x WellKnownCertificate) Number() protoreflect.EnumNumber

func (WellKnownCertificate) String added in v0.3.2 

func (x WellKnownCertificate) String() string

func (WellKnownCertificate) Type added in v0.3.2 

func (WellKnownCertificate) Type() protoreflect.EnumType

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.