Documentation
¶
Overview ¶
Package agent coordinates the communication between the TPM and the remote attestation service. It handles:
- All TPM-related functionality (quotes, logs, certs, etc...)
- Fetching the relevant principal ID tokens
- Calling VerifyAttestation on the remote service
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AttestationAgent ¶
type AttestationAgent interface {
MeasureEvent(cel.Content) error
Attest(context.Context) ([]byte, error)
}
AttestationAgent is an agent that interacts with GCE's Attestation Service to Verify an attestation message. It is an interface instead of a concrete struct to make testing easier.
func CreateAttestationAgent ¶
func CreateAttestationAgent(tpm io.ReadWriteCloser, akFetcher tpmKeyFetcher, verifierClient verifier.Client, principalFetcher principalIDTokenFetcher) AttestationAgent
CreateAttestationAgent returns an agent capable of performing remote attestation using the machine's (v)TPM to GCE's Attestation Service. - tpm is a handle to the TPM on the instance - akFetcher is a func to fetch an attestation key: see go-tpm-tools/client. - principalFetcher is a func to fetch GCE principal tokens for a given audience.
Source Files
Click to show internal directories.
Click to hide internal directories.