Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type TDX ¶
type TDX struct {
tokenutil.TokenParams `json:"-" mapstructure:"-" structs:"-"`
// TOTPSecret is the secret used to generate initial TOTP codes.
TOTPSecret string `json:"totp_secret" mapstructure:"-" structs:"-"`
// MrOwner is the expected software-defined ID for the TD's owner.
MrOwner *Byte48 `json:"tdx_mr_owner,omitempty" mapstructure:"tdx_mr_owner,omitempty" structs:"tdx_mr_owner,omitempty"`
// MrOwnerConfig is the expected software-defined ID for owner-defined
// configuration of the TD, e.g., specific to the workload rather than the
// runtime or OS.
MrOwnerConfig *Byte48 `json:"tdx_mr_owner_config,omitempty" mapstructure:"tdx_mr_owner_config,omitempty" structs:"tdx_mr_owner_config,omitempty"`
// MrConfigID is the expected software-defined ID for non-owner-defined
// configuration of the TD, e.g., runtime or OS configuration.
MrConfigID *Byte48 `json:"tdx_mr_config_id,omitempty" mapstructure:"tdx_mr_config_id,omitempty" structs:"tdx_mr_config_id,omitempty"`
// MrTD is the expected measurement of initial contents of the TD.
MrTD *Byte48 `json:"tdx_mr_td,omitempty" mapstructure:"tdx_mr_td,omitempty" structs:"tdx_mr_td,omitempty"`
// RTMR0 is the expected runtime-extendable measurement register #0.
//
// By convention, RTMR[0] is updated by the TD virtual firmware/BIOS (TDVF).
// The measurements and the log file may differ depending on the TDVF
// vendor. For more information on the measurements in RTMR[0], contact your
// TDVF vendor.
RTMR0 *Byte48 `json:"tdx_rtmr0,omitempty" mapstructure:"tdx_rtmr0,omitempty" structs:"tdx_rtmr0,omitempty"`
// RTMR1 is the expected runtime-extendable measurement register #1.
//
// By convention, RTMR[1] is updated by the TD virtual firmware/BIOS (TDVF).
// The measurements and the log file may differ depending on the TDVF
// vendor. For more information on the measurements in RTMR[1], contact your
// TDVF vendor.
RTMR1 *Byte48 `json:"tdx_rtmr1,omitempty" mapstructure:"tdx_rtmr1,omitempty" structs:"tdx_rtmr1,omitempty"`
// RTMR2 is the expected runtime-extendable measurement register #2.
//
// By convention, RTMR[2] measurements are generated by the OS. For more
// information on this measurement, contact your OS vendor.
RTMR2 *Byte48 `json:"tdx_rtmr2,omitempty" mapstructure:"tdx_rtmr2,omitempty" structs:"tdx_rtmr2,omitempty"`
// RTMR3 is the expected runtime-extendable measurement register #3.
//
// By convention, RTMR[3] measurements are generated by runtime code. For
// more information on this measurement, contact the TD workload owner.
RTMR3 *Byte48 `json:"tdx_rtmr3,omitempty" mapstructure:"tdx_rtmr3,omitempty" structs:"tdx_rtmr3,omitempty"`
// CheckTDAttrDebug indicates whether TUD.DEBUG == 0 is verified.
//
// TUD.DEBUG defines whether the TD runs in TD debug mode (set to 1) or not
// (set to 0). In TD debug mode, the CPU state and private memory are
// accessible by the host VMM.
CheckDebug bool `json:"tdx_check_debug" mapstructure:"tdx_check_debug" structs:"tdx_check_debug"`
// CheckTDAttrSeptVeDisable indicates whether SEC.SEPT_VE_DISABLE == 1 is
// verified.
//
// SEC.SEPT_VE_DISABLE defines if EPT violation conversion to #VE on TD
// access of PENDING pages is disabled.
//
// See also: https://intel.github.io/ccc-linux-guest-hardening-docs/security-spec.html#safety-against-ve-in-kernel-code
CheckSeptVeDisable bool `json:"tdx_check_sept_ve_disable" mapstructure:"tdx_check_sept_ve_disable" structs:"tdx_check_sept_ve_disable"`
}
TDX reflects our expectations about TDX trusted domain.
For the reference see Intel TDX DCAP: Quote Generation Library and Quote Verification Library (rev 0.9, 2023/12).
Source Files
Click to show internal directories.
Click to hide internal directories.