README
¶
TDX Guest
This project offers libraries for a simple wrapper around quote providing tools
such as the go-configfs-tsm library, or the /dev/tdx_guest device in Linux,
as well as a library for attestation verification of fundamental components of
an attestation quote.
This project is split into two complementary roles. The first role is producing
an attestation quote, and the second is checking an attestation quote. The
client library produces quote, the verify library verifies quote's
signatures and certificates.
client
This library should be used within the confidential workload to collect an attestation quote along with requisite certificates.
Your main interactions with it will be to first get the quote provider, or open the device, then get an attestation quote with your provided 64 bytes of user data (typically a nonce), and then close the device. For convenience, the attestation with its associated certificates can be collected in a wire-transmittable protocol buffer format.
func GetQuoteProvider() (*LinuxConfigFsQuoteProvider, error)
This function creates an instance of a quote provider which uses the go-configfs-tsm library to fetch attestation quotes via ConfigFS.
func OpenDevice() (*LinuxDevice, error)
This function creates a file descriptor to the /dev/tdx_guest device and
returns an object that has methods encapsulating commands to the device. When
done, remember to Close() the device.
Note:- The Device interface is deprecated, and use of quote provider interface
is recommended for fetching attestation quote.
func GetQuote(quoteProvider any, reportData [64]byte) (any, error)
This function takes an object implementing either the QuoteProvider interface
(e.g. LinuxConfigFsQuoteProvider), or the Device interface (e.g., a LinuxDevice)
along with report data which typically consists of a nonce value.
It returns the protocol buffer representation of the attestation quote.
You can use GetRawQuote to get the TDX Quote in byte array format.
func (d Device) Close() error
Closes the device.
verify
This library will check the signature, certificate chain and basic well-formedness properties of an attestation quote. The requirements for quote well-formedness come from the Intel TDX specification, and the requirements for certificate well-formedness come from the Intel PCK Certificate specification.
The presence of the PCK Certificate Chain within the input attestation quote is expected.
func TdxQuote(quote *pb.QuoteV4, options *Options) error
This function verifies that the attestation has a valid signature and certificate chain. It provides an optional verification against the collateral obtained from the Intel PCS API and also offers an optional check against the certificate revocation list (CRL). By default, the option to verify against collaterals and the certificate revocation list(CRL) is disabled. The verification using collaterals is based on Intel PCS API specification documentation.
Example expected invocation:
verify.TdxQuote(myAttestation, verify.Options())
Options type
This type contains five fields:
GetCollateral bool: if true, thenTdxQuotewill download the collateral from Intel PCS API service and check against collateral obtained. Must betrueifCheckRevocationsis true.CheckRevocations bool: if true, thenTdxQuotewill download the certificate revocation list (CRL) from Intel PCS API service and check for revocations.Getter HTTPSGetter: ifnil, usesDefaultHTTPSGetter(). TheHTTPSGetterinterface consists of a single methodGet(url string) (map[string][]string, []byte, error)that should return the headers and body of the HTTPS response.Now time.Time: ifnil, usestime.Now(). It is the time at which to verify the validity of certificates and collaterals.TrustedRoots *x509.CertPool: ifnil, uses the library's embedded certificate. Certificate chain verification is performed using trusted roots.
License
go-tdx-guest is released under the Apache 2.0 license.
Copyright 2023 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Links
Disclaimers
This is not an officially supported Google product.
Directories
¶
| Path | Synopsis |
|---|---|
|
Package abi provides Go representations and conversions for TDX attestation data structures
|
Package abi provides Go representations and conversions for TDX attestation data structures |
|
Package client provides the library functions to get a TDX quote from the TDX guest device
|
Package client provides the library functions to get a TDX quote from the TDX guest device |
|
linuxabi
Package linuxabi describes the ABI required for the TDX ioctl commands
|
Package linuxabi describes the ABI required for the TDX ioctl commands |
|
Package pcs defines values specified for the Intel's Provisioning Certification Service
|
Package pcs defines values specified for the Intel's Provisioning Certification Service |
|
Package proto contains protocol buffers that are exchanged between the client and server, as well as convenience configuration definitions for tools.
|
Package proto contains protocol buffers that are exchanged between the client and server, as well as convenience configuration definitions for tools. |
|
checkconfig
Package checkconfig defines the message type for the check CLI tool's options.
|
Package checkconfig defines the message type for the check CLI tool's options. |
|
tdx
Package tdx implements a protocol buffer for representing TDX attestations.
|
Package tdx implements a protocol buffer for representing TDX attestations. |
|
Package testing defines the mock tdx-guest device
|
Package testing defines the mock tdx-guest device |
|
client
Package client (in testing) allows tests to get a fake or real tdx-guest device.
|
Package client (in testing) allows tests to get a fake or real tdx-guest device. |
|
tools
|
|
|
attest
Package main implements a CLI tool for collecting attestation reports.
|
Package main implements a CLI tool for collecting attestation reports. |
|
check
Package main implements a CLI tool for checking Intel TDX quotes.
|
Package main implements a CLI tool for checking Intel TDX quotes. |
|
Package validate provides the library functions to validate a TDX quote
|
Package validate provides the library functions to validate a TDX quote |
|
Package verify provides the library functions to verify a TDX quote
|
Package verify provides the library functions to verify a TDX quote |
|
trust
Package trust defines core trust types and values for attestation verification.
|
Package trust defines core trust types and values for attestation verification. |