tee

package
v0.8.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 24, 2026 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Overview

Package tee provides Linux Trusted Execution Environment (TEE) key management and attestation for Intel TDX, AMD SEV-SNP, and AWS Nitro Enclaves. Keys implement the enclave.Key interface so the inference gateway can use TEE-backed keys interchangeably with macOS Secure Enclave keys.

On platforms without TEE hardware (or when no build tag is set), a software stub backend generates standard in-process P-256 keys with dummy attestation quotes. This allows development and CI testing on any machine.

Build with -tags tdx, -tags snp, or -tags nitro to enable real hardware backends. Without any of these tags the stub is used automatically.

Index

Constants

View Source 
const (
	CoCoChartOCI     = "oci://ghcr.io/confidential-containers/charts/confidential-containers"
	CoCoChartVersion = "0.18.0"
	CoCoNamespace    = "coco-system"
	CoCoReleaseName  = "coco"
)

CoCo constants for Confidential Containers operator installation.

Variables

This section is empty.

Functions

func ComputeModelHash 

func ComputeModelHash(modelID string) string

ComputeModelHash returns the hex-encoded SHA-256 of the given model identifier string. This is a convenience for callers that don't have a pre-computed hash of the model weights.

func InstallCoCo 

func InstallCoCo(ctx context.Context, opts *CoCoInstallOpts) (string, error)

InstallCoCo installs the Confidential Containers operator on a k3s cluster.

This runs: 

helm install coco oci://ghcr.io/confidential-containers/charts/confidential-containers \
  --version 0.18.0 \
  --set kata-as-coco-runtime.k8sDistribution=k3s \
  --namespace coco-system --create-namespace

The function returns the helm install command output or an error.

func MarshalReport 

func MarshalReport(r *AttestationReport) ([]byte, error)

MarshalReport encodes a report as indented JSON.

func NewKey 

func NewKey(tag, modelHash string) (enclave.Key, error)

NewKey generates (or loads) a P-256 key inside the TEE (or stub) and returns a Key handle satisfying enclave.Key.

tag namespaces the key (same semantics as the macOS enclave tag). modelHash is the hex-encoded SHA-256 of the model being served — bound into attestation user_data for verifier checks.

func UninstallCoCo 

func UninstallCoCo(ctx context.Context, opts *CoCoInstallOpts) (string, error)

UninstallCoCo removes the CoCo operator.

func UserData 

func UserData(pubkey []byte, modelHash string) ([]byte, error)

UserData computes the attestation user_data binding: 

SHA256(pubkeyBytes || modelHashBytes)

where pubkeyBytes is the 65-byte uncompressed SEC1 public key and modelHashBytes is the raw 32-byte SHA-256 of the model.

func VerifyBinding 

func VerifyBinding(quote, pubkey []byte, modelHash string) error

VerifyBinding checks that a quote's user_data matches the expected binding of pubkey + modelHash: 

SHA256(pubkeyBytes || modelHashBytes) == extracted user_data

This is the fundamental verification step that any client should perform.

func VerifyNitro 

func VerifyNitro(doc []byte, expectedUserData []byte) error

VerifyNitro verifies an AWS Nitro attestation document against the Nitro CA certificate chain (embedded in the nitrite library).

Verification steps:

  1. CBOR-decode the COSE_Sign1 structure
  2. Validate the certificate chain to the AWS Nitro Root CA G1
  3. Verify the ECDSA-P384-SHA384 COSE signature
  4. Check user_data matches expectedUserData
  5. Optionally check PCR0 against expected enclave image hash

func VerifyNitroWithPCR0 

func VerifyNitroWithPCR0(doc []byte, expectedUserData []byte, expectedPCR0 []byte) error

VerifyNitroWithPCR0 extends VerifyNitro with a PCR0 check against an expected enclave image hash (SHA-384 of the EIF file).

func VerifySNP 

func VerifySNP(report []byte, expectedUserData []byte) error

VerifySNP parses and cryptographically verifies an AMD SEV-SNP attestation report against AMD's VCEK/VLEK certificate chain.

Verification steps:

  1. Parse the raw 1184-byte report into a protobuf
  2. Validate the certificate chain (AMD ARK → ASK → VCEK)
  3. Verify ECDSA-P384-SHA384 signature over report bytes 0x000–0x29F
  4. Validate reportData matches expectedUserData
  5. Enforce policy: no debug mode

func VerifyTDX 

func VerifyTDX(quote []byte, expectedUserData []byte) error

VerifyTDX parses and cryptographically verifies a TDX DCAP quote v4.

Verification steps:

  1. Parse the raw bytes into a QuoteV4 protobuf
  2. Validate the PCK certificate chain (Intel Root CA → Intermediate → PCK Leaf)
  3. Verify the ECDSA-256 signature over Header + TDQuoteBody
  4. Optionally fetch Intel PCS collateral for TCB/QE identity checks
  5. Validate reportData matches expectedUserData

Types

type AttestationReport 

type AttestationReport struct {
	TEEType   TEEType `json:"tee_type"`
	Pubkey    string  `json:"pubkey"`     // hex-encoded 65-byte uncompressed P-256
	ModelHash string  `json:"model_hash"` // hex SHA-256 of model weights/ID
	Quote     []byte  `json:"quote"`      // raw TEE quote bytes (base64 in JSON)
	Timestamp int64   `json:"timestamp"`  // Unix seconds
}

AttestationReport is returned by the /v1/attestation endpoint and contains the TEE quote plus metadata needed for client-side verification.

func Attest 

func Attest(key enclave.Key, modelHash string) (*AttestationReport, error)

Attest generates an attestation report for the given key and model. The report binds the key's public key and the model hash into the TEE quote's user_data field.

The key must have been created by tee.NewKey(); passing any other enclave.Key implementation returns an error.

type CoCoInstallOpts 

type CoCoInstallOpts struct {
	// HelmBin is the path to the helm binary (default: "helm").
	HelmBin string

	// KubectlBin is the path to kubectl (default: "kubectl").
	KubectlBin string

	// Kubeconfig is the path to the kubeconfig file.
	// Empty string uses the default kube config.
	Kubeconfig string

	// DryRun only prints the commands without executing them.
	DryRun bool
}

CoCoInstallOpts configures the CoCo Helm install.

type CoCoRuntimeClass 

type CoCoRuntimeClass string

CoCoRuntimeClass represents a CoCo-provided Kubernetes RuntimeClass. 

const (
	// RuntimeQEMUCoCoDev is the development runtime (QEMU, no TEE hardware).
	// Use for testing on any machine with /dev/kvm.
	RuntimeQEMUCoCoDev CoCoRuntimeClass = "kata-qemu-coco-dev"

	// RuntimeQEMUSNP is for AMD SEV-SNP confidential VMs.
	RuntimeQEMUSNP CoCoRuntimeClass = "kata-qemu-snp"

	// RuntimeQEMUTDX is for Intel TDX confidential VMs.
	RuntimeQEMUTDX CoCoRuntimeClass = "kata-qemu-tdx"
)

func ParseCoCoRuntime 

func ParseCoCoRuntime(s string) (CoCoRuntimeClass, error)

ParseCoCoRuntime validates a string as a known CoCo runtime class. "none" returns an empty string (no CoCo).

func ValidCoCoRuntimes 

func ValidCoCoRuntimes() []CoCoRuntimeClass

ValidCoCoRuntimes returns the set of CoCo runtime classes this package knows about.

type CoCoStatus 

type CoCoStatus struct {
	Installed      bool     `json:"installed"`
	Version        string   `json:"version,omitempty"`
	Namespace      string   `json:"namespace,omitempty"`
	RuntimeClasses []string `json:"runtime_classes,omitempty"`
	OperatorReady  bool     `json:"operator_ready"`
	KVMAvailable   bool     `json:"kvm_available"`
}

CoCoStatus describes the installation state of the CoCo operator.

func CheckCoCo 

func CheckCoCo(ctx context.Context, opts *CoCoInstallOpts) (*CoCoStatus, error)

CheckCoCo queries the cluster for CoCo installation status.

type TEEType 

type TEEType string

TEEType identifies the hardware TEE backend in use. 

const (
	TEETypeTDX   TEEType = "tdx"
	TEETypeSNP   TEEType = "snp"
	TEETypeNitro TEEType = "nitro"
	TEETypeStub  TEEType = "stub" // software fallback, dev mode
)

func ExtractUserData 

func ExtractUserData(quote []byte) ([]byte, TEEType, error)

ExtractUserData extracts the user_data field from a quote regardless of TEE type. The TEE type is auto-detected from the quote header.

For stub quotes, user_data is the hex-decoded "user_data" JSON field. For real TEE quotes, the native format is parsed.

func ParseTEEType 

func ParseTEEType(s string) (TEEType, error)

ParseTEEType validates a string as a TEEType.

func ValidTEETypes 

func ValidTEETypes() []TEEType

ValidTEETypes returns the list of accepted --tee flag values.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.