Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Device ¶
type Device interface {
// EKCertDER returns the DER-encoded EK certificate from TPM NVRAM.
EKCertDER() ([]byte, error)
// AKPublic returns the raw TPMT_PUBLIC bytes from CreateKey.
// Server's ParseAKPublic calls tpm2legacy.DecodePublic() which expects this format.
AKPublic() ([]byte, error)
// ActivateCredential decrypts the server's credential challenge.
// Input: raw wire bytes (uint16(credBlobLen) || credBlob || encSecret)
// Output: decrypted 32-byte secret
ActivateCredential(encCredential []byte) ([]byte, error)
// Quote generates a TPM quote signed by the AK.
// Returns base64-encoded wire format: uint32(quoteLen) || TPMS_ATTEST || TPMT_SIGNATURE
Quote(nonce string) (string, error)
// Close releases TPM handles (EK, AK) and closes the connection.
Close() error
}
Device abstracts TPM operations needed for attestation. Callers manage the TPM lifecycle externally; Device only holds the connection.
type OpenOption ¶
type OpenOption func(*device)
OpenOption configures how a Device is opened.
func WithStateDir ¶
func WithStateDir(dir string) OpenOption
WithStateDir enables AK persistence. When set, Open() will load AK blobs from stateDir if they exist, or save newly-created AK blobs there. Files written: ak_pub (TPMT_PUBLIC), ak_priv (TPM2B_PRIVATE).
Source Files
Click to show internal directories.
Click to hide internal directories.