Documentation
¶
Overview ¶
Keep in sync with agent/pkg/api/types.go
Index ¶
- Constants
- Variables
- func Cookie(rng io.Reader) (string, error)
- func EqualNames(n1 *Name, n2 *Name) bool
- func GenerateAttestationCreation(rand *rand.Rand) tpm2.AttestationData
- func GenerateAttestationData(rand *rand.Rand) tpm2.AttestationData
- func GenerateCertifyInfo(rand *rand.Rand) tpm2.CertifyInfo
- func GenerateClockInfo(rand *rand.Rand) tpm2.ClockInfo
- func GenerateCreationInfo(rand *rand.Rand) tpm2.CreationInfo
- func GenerateECPoint(rand *rand.Rand, cv elliptic.Curve, size uint) tpm2.ECPoint
- func GenerateEK(rand *rand.Rand) tpm2.Public
- func GenerateKDFScheme(rand *rand.Rand) tpm2.KDFScheme
- func GenerateName(rand *rand.Rand) tpm2.Name
- func GenerateParamsECC(rand *rand.Rand, prop tpm2.KeyProp) tpm2.ECCParams
- func GenerateParamsRSA(rand *rand.Rand, prop tpm2.KeyProp) tpm2.RSAParams
- func GeneratePublic(rand *rand.Rand) tpm2.Public
- func GeneratePublicECC(rand *rand.Rand) tpm2.Public
- func GeneratePublicRSA(rand *rand.Rand) tpm2.Public
- func GenerateSigScheme(rand *rand.Rand, ecc bool) tpm2.SigScheme
- func GenerateSignature(rand *rand.Rand) tpm2.Signature
- func GenerateSignatureECC(rand *rand.Rand) tpm2.SignatureECC
- func GenerateSignatureRSA(rand *rand.Rand) tpm2.SignatureRSA
- func GenerateSymScheme(rand *rand.Rand) tpm2.SymScheme
- func ProcessFirmwarePropertiesHashBlobs(fw *FirmwareProperties) map[string][]byte
- type ACPITables
- type Agent
- type Annotation
- type AnnotationID
- type Appraisal
- type Attest
- type BootApps
- type Buffer
- type CPUIDLeaf
- type CPUVendor
- type Certificate
- type Client
- func (c *Client) Attest(ctx context.Context, quoteCredential string, ev Evidence, ...) (*Appraisal, string, error)
- func (c *Client) Configuration(ctx context.Context, lastUpdate *time.Time) (*Configuration, error)
- func (c *Client) Enroll(ctx context.Context, enrollToken string, enroll Enrollment) ([]*EncryptedCredential, error)
- func (c *Client) Get(ctx context.Context, route string, ifModifiedSince *time.Time) (jsonapi.Payloader, error)
- func (c *Client) Post(ctx context.Context, route string, doc interface{}, ...) (jsonapi.Payloader, error)
- type Configuration
- type Devices
- type EFISignature
- type EPPInfo
- type ESETConfig
- type EnclavePageCache
- type EncryptedCredential
- type Enrollment
- type ErrorBuffer
- type Evidence
- type FWUPdDevice
- type FWUPdReleaseInfo
- type FirmwareError
- type FirmwareProperties
- type HashBlob
- type Host
- type Info
- type Key
- type KeyTemplate
- type MACAddresses
- type ME
- type MEClientCommands
- type MECommand
- type MSR
- type Memory
- type MemoryRange
- type NIC
- type NICList
- type NVPublic
- type Name
- type OS
- type PCIConfigSpace
- type PublicKey
- func (p *PublicKey) Encode() (Buffer, error)
- func (PublicKey) Generate(rand *rand.Rand, size int) reflect.Value
- func (a PublicKey) MarshalJSON() ([]byte, error)
- func (p *PublicKey) Name() (Name, error)
- func (pub *PublicKey) Scan(src interface{}) error
- func (a *PublicKey) UnmarshalJSON(data []byte) error
- func (pub PublicKey) Value() (driver.Value, error)
- type Report
- type ReportValues
- type SEV
- type SEVCommand
- type SGX
- type SMBIOS
- type Signature
- type TPM
- type TPM2NVIndex
- type TPM2Property
- type TPMEvent
- type TXT
- type UEFI
- type UEFIVariable
- type Verdict
Constants ¶
View Source
const ( Unsupported = "unsupported" Trusted = "trusted" Vulnerable = "vulnerable" )
View Source
const ( OSWindows = "windows" OSLinux = "linux" OSUnknown = "unknown" )
View Source
const ( EFICertificate = "certificate" EFIFingerprint = "fingerprint" )
View Source
const ( ModeSetup = "setup" ModeAudit = "audit" ModeUser = "user" ModeDeployed = "deployed" )
View Source
const ( ICU = "ICU" TXE = "TXE" ConsumerME = "Consumer CSME" BusinessME = "Business CSME" LightME = "Light ME" SPS = "SPS" UnknownME = "Unrecognized" )
View Source
const DefaultHTTPRequestTimeoutSec = 30
View Source
const DefaultPostRequestTimeoutSec = 60
View Source
const EvidenceType = "evidence/1"
View Source
const ReportType = "report/2"
View Source
const VerdictType = "verdict/3"
Variables ¶
Functions ¶
func EqualNames ¶
func GenerateAttestationCreation ¶
func GenerateAttestationCreation(rand *rand.Rand) tpm2.AttestationData
func GenerateAttestationData ¶
func GenerateAttestationData(rand *rand.Rand) tpm2.AttestationData
func GenerateCertifyInfo ¶
func GenerateCertifyInfo(rand *rand.Rand) tpm2.CertifyInfo
func GenerateCreationInfo ¶
func GenerateCreationInfo(rand *rand.Rand) tpm2.CreationInfo
func GenerateECPoint ¶
func GenerateSignatureECC ¶
func GenerateSignatureECC(rand *rand.Rand) tpm2.SignatureECC
func GenerateSignatureRSA ¶
func GenerateSignatureRSA(rand *rand.Rand) tpm2.SignatureRSA
func ProcessFirmwarePropertiesHashBlobs ¶ added in v3.13.2
func ProcessFirmwarePropertiesHashBlobs(fw *FirmwareProperties) map[string][]byte
ProcessFirmwarePropertiesHashBlobs compresses and strips hash blobs from the given firmware properties only leaving their hashes; the blobs can then be transmitted out-of-band
Types ¶
type ACPITables ¶
type ACPITables struct {
Blobs map[string]HashBlob `json:"blobs,omitempty"`
Error FirmwareError `json:"error,omitempty"` // FirmwareErr*
}
type Agent ¶
type Agent struct {
Release string `json:"release"`
ImageSHA2 ErrorBuffer `json:"sha,omitempty"`
}
type Annotation ¶
type Annotation struct {
Id AnnotationID `json:"id"`
Expected string `json:"expected,omitempty"`
Path string `json:"path"`
Fatal bool `json:"fatal"`
}
/v2/devices (apisrv)
type AnnotationID ¶
type AnnotationID string
type Appraisal ¶
type Appraisal struct {
Id string `jsonapi:"primary,appraisals" json:"id"`
Received time.Time `jsonapi:"attr,received,rfc3339" json:"received"`
Appraised time.Time `jsonapi:"attr,appraised,rfc3339" json:"appraised"`
Expires time.Time `jsonapi:"attr,expires,rfc3339" json:"expires"`
Verdict Verdict `jsonapi:"attr,verdict" json:"verdict"`
Report Report `jsonapi:"attr,report" json:"report"`
}
/v2/devices (apisrv)
type Attest ¶
type Attest tpm2.AttestationData
TPM2B_ATTEST wrapper type
func (Attest) MarshalJSON ¶
func (*Attest) UnmarshalJSON ¶
type BootApps ¶ added in v3.13.0
type BootApps struct {
Images map[string]HashBlob `json:"images,omitempty"` // path -> pe file
ImagesErr FirmwareError `json:"images_err,omitempty"`
}
type CPUIDLeaf ¶
type CPUIDLeaf struct {
LeafEAX uint32 `json:"leaf_eax,string"`
LeafECX uint32 `json:"leaf_ecx,string"`
EAX *uint32 `json:"eax,string,omitempty"`
EBX *uint32 `json:"ebx,string,omitempty"`
ECX *uint32 `json:"ecx,string,omitempty"`
EDX *uint32 `json:"edx,string,omitempty"`
Error FirmwareError `json:"error,omitempty"` // FirmwareErr*
}
type Certificate ¶
type Certificate x509.Certificate
Certificate wrapper type
func (Certificate) MarshalJSON ¶
func (c Certificate) MarshalJSON() ([]byte, error)
func (*Certificate) UnmarshalJSON ¶
func (c *Certificate) UnmarshalJSON(data []byte) error
type Client ¶
type Client struct {
HTTP *http.Client
Base *url.URL
Auth string
HTTPRequestTimeout time.Duration // Timeout for all HTTP requests except POST
PostRequestTimeout time.Duration // POST requests may contain lots of data and need a different timeout
AgentVersion string
}
func (*Client) Configuration ¶
Client.Configuration returns a nil Configuration when lastUpdate is not nil and the server tells us to use a cached configuration
func (*Client) Enroll ¶
func (c *Client) Enroll(ctx context.Context, enrollToken string, enroll Enrollment) ([]*EncryptedCredential, error)
type Configuration ¶
type Configuration struct {
Root KeyTemplate `jsonapi:"attr,root" json:"root"`
Keys map[string]KeyTemplate `jsonapi:"attr,keys" json:"keys"`
PCRBank uint16 `jsonapi:"attr,pcr_bank" json:"pcr_bank"`
PCRs []int `jsonapi:"attr,pcrs" json:"pcrs"`
UEFIVariables []UEFIVariable `jsonapi:"attr,uefi" json:"uefi"`
MSRs []MSR `jsonapi:"attr,msrs" json:"msrs"`
CPUIDLeafs []CPUIDLeaf `jsonapi:"attr,cpuid" json:"cpuid"`
TPM2NVRAM []uint32 `jsonapi:"attr,tpm2_nvram" json:"tpm2_nvram,string"`
SEV []SEVCommand `jsonapi:"attr,sev" json:"sev"`
ME []MEClientCommands `jsonapi:"attr,me" json:"me"`
TPM2Properties []TPM2Property `jsonapi:"attr,tpm2_properties" json:"tpm2_properties"`
PCIConfigSpaces []PCIConfigSpace `jsonapi:"attr,pci" json:"pci"`
}
/v2/configuration (apisrv)
type Devices ¶ added in v3.6.0
type Devices struct {
FWUPdVersion string `json:"fwupd_version"`
Topology []FWUPdDevice `json:"topology"`
Releases map[string][]FWUPdReleaseInfo `json:"releases,omitempty"`
}
type EFISignature ¶
type EFISignature struct {
Type string `json:"type"` // EFIFingerprint or EFICertificate
Subject *string `json:"subject,omitempty"` // certificate only
Issuer *string `json:"issuer,omitempty"` // certificate only
Fingerprint string `json:"fingerprint"`
NotBefore *time.Time `json:"not_before,omitempty,rfc3339"` // certificate only
NotAfter *time.Time `json:"not_after,omitempty,rfc3339"` // certificate only
Algorithm *string `json:"algorithm,omitempty"` // certificate only
}
type EPPInfo ¶ added in v3.8.0
type EPPInfo struct {
AntimalwareProcesses map[string]HashBlob `json:"antimalware_processes,omitempty"` // path -> exe file
AntimalwareProcessesErr FirmwareError `json:"antimalware_processes_err,omitempty"`
EarlyLaunchDrivers map[string]HashBlob `json:"early_launch_drivers,omitempty"` // path -> sys file
EarlyLaunchDriversErr FirmwareError `json:"early_launch_drivers_err,omitempty"`
ESET *ESETConfig `json:"eset,omitempty"` // Linux only
}
type ESETConfig ¶ added in v3.8.0
type ESETConfig struct {
Enabled ErrorBuffer `json:"enabled"`
ExcludedFiles ErrorBuffer `json:"excluded_files"`
ExcludedProcesses ErrorBuffer `json:"excluded_processes"`
}
type EnclavePageCache ¶
type EnclavePageCache struct {
Base uint64 `json:"base"`
Size uint64 `json:"size"`
CIRProtection bool `json:"cir_protection"`
}
/v2/devices (apisrv)
type EncryptedCredential ¶
type EncryptedCredential struct {
Name string `jsonapi:"attr,name" json:"name"`
KeyID Buffer `jsonapi:"attr,key_id" json:"key_id"`
Credential Buffer `jsonapi:"attr,credential" json:"credential"` // encrypted JWT
Secret Buffer `jsonapi:"attr,secret" json:"secret"`
Nonce Buffer `jsonapi:"attr,nonce" json:"nonce"`
}
/v2/enroll (apisrv)
type Enrollment ¶
type Enrollment struct {
NameHint string `jsonapi:"attr,name_hint" json:"name_hint"`
EndoresmentKey PublicKey `jsonapi:"attr,endoresment_key" json:"endoresment_key"`
EndoresmentCertificate *Certificate `jsonapi:"attr,endoresment_certificate" json:"endoresment_certificate"`
Root PublicKey `jsonapi:"attr,root" json:"root"`
Keys map[string]Key `jsonapi:"attr,keys" json:"keys"`
Cookie string `jsonapi:"attr,cookie" json:"cookie"`
}
/v2/enroll (apisrv)
type ErrorBuffer ¶
type ErrorBuffer struct {
Data Buffer `json:"data,omitempty"`
Error FirmwareError `json:"error,omitempty"` // FirmwareErr*
}
type Evidence ¶
type Evidence struct {
Type string `jsonapi:"attr,type" json:"type"`
Quote *Attest `jsonapi:"attr,quote,omitempty" json:"quote,omitempty"`
Signature *Signature `jsonapi:"attr,signature,omitempty" json:"signature,omitempty"`
Algorithm string `jsonapi:"attr,algorithm" json:"algorithm"`
PCRs map[string]Buffer `jsonapi:"attr,pcrs" json:"pcrs"`
AllPCRs map[string]map[string]Buffer `jsonapi:"attr,allpcrs" json:"allpcrs"`
Firmware FirmwareProperties `jsonapi:"attr,firmware" json:"firmware"`
Cookie string `jsonapi:"attr,cookie" json:"cookie"`
}
/v2/attest (apisrv)
type FWUPdDevice ¶ added in v3.6.0
type FWUPdDevice = map[string]interface{}
type FWUPdReleaseInfo ¶ added in v3.8.6
type FWUPdReleaseInfo = map[string]interface{}
type FirmwareError ¶
type FirmwareError string
const ( NoError FirmwareError = "" UnknownError FirmwareError = "unkn" NoPermission FirmwareError = "no-perm" NoResponse FirmwareError = "no-resp" NotImplemented FirmwareError = "not-impl" )
type FirmwareProperties ¶
type FirmwareProperties struct {
UEFIVariables []UEFIVariable `json:"uefi,omitempty"`
MSRs []MSR `json:"msrs,omitempty"`
CPUIDLeafs []CPUIDLeaf `json:"cpuid,omitempty"`
SEV []SEVCommand `json:"sev,omitempty"`
ME []MEClientCommands `json:"me,omitempty"`
TPM2Properties []TPM2Property `json:"tpm2_properties,omitempty"`
TPM2NVRAM []TPM2NVIndex `json:"tpm2_nvram,omitempty"`
PCIConfigSpaces []PCIConfigSpace `json:"pci,omitempty"`
ACPI ACPITables `json:"acpi"`
SMBIOS HashBlob `json:"smbios"`
TXTPublicSpace HashBlob `json:"txt"`
VTdRegisterSet HashBlob `json:"vtd"`
Flash HashBlob `json:"flash"`
TPM2EventLog ErrorBuffer `json:"event_log"` // deprecated
TPM2EventLogZ *ErrorBuffer `json:"event_log_z,omitempty"` // deprecated
TPM2EventLogs []HashBlob `json:"event_logs,omitempty"`
PCPQuoteKeys map[string]Buffer `json:"pcp_quote_keys,omitempty"` // windows only
MACAddresses MACAddresses `json:"mac"`
OS OS `json:"os"`
NICs *NICList `json:"nic,omitempty"`
Memory Memory `json:"memory"`
Agent *Agent `json:"agent,omitempty"`
Devices *Devices `json:"devices,omitempty"`
IMALog *ErrorBuffer `json:"ima_log,omitempty"`
EPPInfo *EPPInfo `json:"epp_info,omitempty"`
BootApps *BootApps `json:"boot_apps,omitempty"`
}
/v2/attest (apisrv)
type HashBlob ¶ added in v3.8.0
type HashBlob struct {
Sha256 Buffer `json:"sha256,omitempty"` // hash of uncompressed data
ZData Buffer `json:"z_data,omitempty"` // zstd compressed data, maybe omitted if data is assumed to be known
Data Buffer `json:"data,omitempty"` // deprecated: uncompressed data for backwards compatibility to ErrorBuffer
Error FirmwareError `json:"error,omitempty"` // FirmwareErr*
}
type Host ¶
type Host struct {
// Windows: <ProductName> <CurrentMajorVersionNumber>.<CurrentMinorVersionNumber> Build <CurrentBuild>
// Linux: /etc/os-release PRETTY_NAME or lsb_release -d
OSName string `json:"name"`
Hostname string `json:"hostname"`
OSType string `json:"type"` // OS*
CPUVendor CPUVendor `json:"cpu_vendor"`
}
type Info ¶
type Info struct {
APIVersion string `jsonapi:"attr,api_version" json:"api_version"`
}
/v2/info (apisrv)
type Key ¶
type Key struct {
Public PublicKey `json:"public"`
CreationProof Attest `json:"certify_info"`
CreationProofSignature Signature `json:"certify_signature"`
}
/v2/enroll (apisrv)
type KeyTemplate ¶
/v2/configuration (apisrv)
type MACAddresses ¶
type MACAddresses struct {
Addresses []string `json:"addrs"`
Error FirmwareError `json:"error,omitempty"` // FirmwareErr*
}
type ME ¶
type ME struct {
Features []string `json:"features"`
Variant string `json:"variant"` // constants above
Version []uint16 `json:"version"`
RecoveryVersion []uint16 `json:"recovery_version"`
FITCVersion []uint16 `json:"fitc_version"`
API []uint `json:"api_version,string"`
MEUpdate string `json:"updatable"`
ChipsetVersion uint `json:"chipset_version,string"`
ChipID uint `json:"chip_id,string"`
Manufacturer string `json:"manufacturer,omitempty"`
Size uint `json:"size,string"`
Signature string `json:"signature"`
}
type MEClientCommands ¶
type MEClientCommands struct {
GUID *uuid.UUID `json:"guid,omitempty"`
Address string `json:"address,omitempty"`
Commands []MECommand `json:"commands"`
Error FirmwareError `json:"error,omitempty"` // FirmwareErr*
}
type MECommand ¶
type MECommand struct {
Command Buffer `json:"command"`
Response Buffer `json:"response,omitempty"`
Error FirmwareError `json:"error,omitempty"` // FirmwareErr*
}
type MSR ¶
type MSR struct {
MSR uint32 `json:"msr,string"`
Values []uint64 `json:"value,omitempty"`
Error FirmwareError `json:"error,omitempty"` // FirmwareErr*
}
type Memory ¶
type Memory struct {
Values []MemoryRange `json:"values,omitempty"`
Error FirmwareError `json:"error,omitempty"` // FirmwareErr*
}
type MemoryRange ¶
type NIC ¶
type NIC struct {
Name string `json:"name,omitempty"`
IPv4 []string `json:"ipv4,omitempty"`
IPv6 []string `json:"ipv6,omitempty"`
MAC string `json:"mac"`
Error FirmwareError `json:"error,omitempty"` // FirmwareErr*
}
type NICList ¶
type NICList struct {
List []NIC `json:"list,omitempty"`
Error FirmwareError `json:"error,omitempty"` // FirmwareErr*
}
type NVPublic ¶
TPMS_NV_PUBLIC wrapper type
func (NVPublic) MarshalJSON ¶
func (*NVPublic) UnmarshalJSON ¶
type Name ¶
TPM2_Name wrapper type
func ComputeName ¶
Comptes the TCG Name and Qualified Name of TPM 2.0 entities.
func (Name) MarshalJSON ¶
func (*Name) UnmarshalJSON ¶
type OS ¶
type OS struct {
Hostname string `json:"hostname"`
Release string `json:"name"`
Error FirmwareError `json:"error,omitempty"` // FirmwareErr*
}
type PCIConfigSpace ¶
type PCIConfigSpace struct {
Bus uint16 `json:"bus,string"`
Device uint16 `json:"device,string"`
Function uint8 `json:"function,string"`
Value Buffer `json:"value,omitempty"`
Error FirmwareError `json:"error,omitempty"` // FirmwareErr*
}
type PublicKey ¶
TPMT_PUBLIC wrapper type
func (PublicKey) MarshalJSON ¶
func (*PublicKey) UnmarshalJSON ¶
type Report ¶
type Report struct {
Type string `json:"type"`
Values ReportValues `json:"values"`
Annotations []Annotation `json:"annotations"`
}
/v2/devices (apisrv)
type ReportValues ¶
type ReportValues struct {
Host Host `json:"host"`
SMBIOS *SMBIOS `json:"smbios,omitempty"`
UEFI *UEFI `json:"uefi,omitempty"`
TPM *TPM `json:"tpm,omitempty"`
ME *ME `json:"me,omitempty"`
SGX *SGX `json:"sgx,omitempty"`
TXT *TXT `json:"txt,omitempty"`
SEV *SEV `json:"sev,omitempty"`
NICs []NIC `json:"nics,omitempty"`
}
type SEVCommand ¶
type SEVCommand struct {
Command uint32 `json:"command"` // firmware.SEV*
ReadLength uint32 `json:"read_length"`
Response *Buffer `json:"response,omitempty"`
Error FirmwareError `json:"error,omitempty"` // FirmwareErr*
}
type SMBIOS ¶
type SMBIOS struct {
Manufacturer string `json:"manufacturer"`
Product string `json:"product"`
Serial string `json:"serial,omitempty"`
UUID string `json:"uuid,omitempty"`
BIOSReleaseDate string `json:"bios_release_date"`
BIOSVendor string `json:"bios_vendor"`
BIOSVersion string `json:"bios_version"`
}
type Signature ¶
TPMT_SIGNATURE wrapper type
func (Signature) MarshalJSON ¶
func (*Signature) UnmarshalJSON ¶
type TPM2NVIndex ¶
type TPM2NVIndex struct {
Index uint32 `json:"index,string"`
Public *NVPublic `json:"public,omitempty"`
Value *Buffer `json:"value,omitempty"`
Error FirmwareError `json:"error,omitempty"` // FirmwareErr*
}
type TPM2Property ¶
type TPM2Property struct {
Property uint32 `json:"property,string"`
Value *uint32 `json:"value,omitempty,string"`
Error FirmwareError `json:"error,omitempty"` // FirmwareErr*
}
type TPMEvent ¶
type TPMEvent struct {
PCR uint `json:"pcr"`
Value string `json:"value"`
Algorithm uint `json:"algorithm"`
Note string `json:"note"`
}
/v2/devices (apisrv)
type UEFI ¶
type UEFI struct {
Mode string `json:"mode"` // Mode*
SecureBoot bool `json:"secureboot"`
PlatformKeys *[]EFISignature `json:"platform_keys"`
ExchangeKeys *[]EFISignature `json:"exchange_keys"`
PermittedKeys *[]EFISignature `json:"permitted_keys"`
ForbiddenKeys *[]EFISignature `json:"forbidden_keys"`
}
type UEFIVariable ¶
type UEFIVariable struct {
Vendor string `json:"vendor"`
Name string `json:"name"`
Value *Buffer `json:"value,omitempty"`
Error FirmwareError `json:"error,omitempty"` // FirmwareErr*
}
type Verdict ¶
type Verdict struct {
Type string `json:"type"`
Result string `json:"result"`
SupplyChain string `json:"supply_chain"`
Configuration string `json:"configuration"`
Firmware string `json:"firmware"`
Bootloader string `json:"bootloader"`
OperatingSystem string `json:"operating_system"`
EndpointProtection string `json:"endpoint_protection"`
}
/v2/devices (apisrv)
Source Files
Click to show internal directories.
Click to hide internal directories.