Documentation
¶
Overview ¶
Package validate is for checking attestation report properties other than signature verification.
Index ¶
Constants ¶
View Source
const ( // CertEntryAllowMissing will only error if the key is present in the certificate table and // Validate returns an error. CertEntryAllowMissing = iota // CertEntryRequire will cause an error if the certificate table does not include the key. CertEntryRequire )
Variables ¶
This section is empty.
Functions ¶
func RawSnpAttestation ¶
RawSnpAttestation validates fields of a raw attestation report against expectations. Does not check the attestation certificates or signature.
func SnpAttestation ¶
func SnpAttestation(attestation *spb.Attestation, options *Options) error
SnpAttestation validates fields of the protobuf representation of an attestation report against expectations. Does not check the attestation certificates or signature.
Types ¶
type CertEntryKind ¶ added in v0.9.0
type CertEntryKind int
CertEntryKind represents a simple policy kind for cert table entries. If a UUID string key is present in the CertTableOptions, then the Validate function must not error when given both the attestation and the blob associated with the UUID. If a UUID is missing, then the kind matters: should missing entries be considered an error, or an allowed omission?
type CertEntryOption ¶ added in v0.9.0
type CertEntryOption struct {
Kind CertEntryKind
Validate func(attestation *spb.Attestation, blob []byte) error
}
CertEntryOption represents a pluggable validation option for CertTable entries. This allows for golden measurements (RIMs and the like) to be injected into the guest about various provided infrastructure.
type Options ¶
type Options struct {
// GuestPolicy is the maximum of acceptable guest policies.
GuestPolicy abi.SnpPolicy
// MinimumGuestSvn is the minimum guest security version number.
MinimumGuestSvn uint32
// ReportData is the expected REPORT_DATA field. Must be nil or 64 bytes long. Not checked if nil.
ReportData []byte
// HostData is the expected HOST_DATA field. Must be nil or 32 bytes long. Not checked if nil.
HostData []byte
// ImageID is the expected IMAGE_ID field. Must be nil or 16 bytes long. Not checked if nil.
ImageID []byte
// FamilyID is the expected FAMILY_ID field. Must be nil or 16 bytes long. Not checked if nil.
FamilyID []byte
// ReportID is the expected REPORT_ID field. Must be nil or 32 bytes long. Not checked if nil.
ReportID []byte
// ReportIDMA is the expected REPORT_ID_MA field. Must be nil or 32 bytes long. Not checked if nil.
ReportIDMA []byte
// Measurement is the expected MEASUREMENT field. Must be nil or 48 bytes long. Not checked if nil.
Measurement []byte
// ChipID is the expected CHIP_ID field. Must be nil or 64 bytes long. Not checked if nil.
ChipID []byte
// MinimumBuild is the minimum firmware build version reported in the attestation report.
MinimumBuild uint8
// MinimumVersion is the minimum firmware API version reported in the attestation report,
// where the MSB is the major number and the LSB is the minor number.
MinimumVersion uint16
// MinimumTCB is the component-wise minimum TCB reported in the attestation report. This
// does not include the LaunchTCB.
MinimumTCB kds.TCBParts
// MinimumLaunchTCB is the component-wise minimum for the attestation report LaunchTCB.
MinimumLaunchTCB kds.TCBParts
// PermitProvisionalFirmware if true, allows the committed TCB, build, and API values to be less
// than or equal to the current values. If false, committed and current values must be equal.
PermitProvisionalFirmware bool
// PlatformInfo is the maximum of acceptable PLATFORM_INFO data. Not checked if nil.
PlatformInfo *abi.SnpPlatformInfo
// RequireAuthorKey if true, will not validate a report without AUTHOR_KEY_EN equal to 1.
// Implies RequireIDBlock is true.
RequireAuthorKey bool
// VMPL is the expected VMPL value, 0-3. Unchecked if nil.
VMPL *int
// RequireIDBlock if true, will not validate a report if it does not have an ID_KEY_DIGEST that
// is trusted through all keys in TrustedIDKeys or TrustedIDKeyHashes, or any ID key whose hash
// was signed by a key in TrustedAuthorKeys or TrustedIDKeyHashes. No signatures are checked,
// since presence in the attestation report implies that the AMD firmware successfully verified
// the signature at VM launch. If false, ID_KEY_DIGEST and AUTHOR_KEY_DIGEST are not checked.
RequireIDBlock bool
// Certificates of keys that are permitted to sign ID keys. Any ID key signed by a trusted author
// key is implicitly trusted. Not required if TrustedAuthorKeyHashes is provided.
TrustedAuthorKeys []*x509.Certificate
// TrustedAuthorKeys is an array of SHA-384 hashes of trusted author keys's public key in SEV-SNP
// API format. Not required if TrustedAuthorKeys is provided.
TrustedAuthorKeyHashes [][]byte
// Certificates of keys that are permitted to sign IDBlocks. Not required if TrustedIDKeyHashes is
// provided.
TrustedIDKeys []*x509.Certificate
// TrustedIDKeyHashes is an array of SHA-384 hashes of trusted ID signer keys's public key in
// SEV-SNP API format. Not required if TrustedIDKeys is provided.
TrustedIDKeyHashes [][]byte
// CertTableOptions allows the caller to specify extra validation conditions on non-standard
// UUID entries in the certificate table returned by GetExtendedReport.
CertTableOptions map[string]*CertEntryOption
}
Options represents verification options for an SEV-SNP attestation report.
Source Files
Click to show internal directories.
Click to hide internal directories.