go-tpm-tools
go-tpm-tools copied to clipboard
google
Go packages built on go-tpm providing a high-level API for using TPMs
This should hopefully reduce errors when cutting new releases of go-tpm-tools and related submodules. I'll wait until #186 is done before merging this, as we should make sure the instructions...
Potential packages to use: - https://pkg.go.dev/go.uber.org/multierr - https://pkg.go.dev/github.com/hashicorp/go-multierror This would make it easier for both us and our users to deal with functions that may return multiple errors. Examples include:...
The Attest command supports generating a proto containing the quote, AK, and TCG event log using client.Attest. The user can pass in which key type (GCE or go-tpm-tools generated AK)...
This is a rough draft of what an `activate` package would look like in go-tpm-tools Ideally, it would provide two things: - A set of functions to run on the...
The text "a fork of the upstream source" links to https://github.com/josephlr/ms-tpm-20-ref/tree/google, which is 404. I think it should just be https://github.com/josephlr/ms-tpm-20-ref/.
Attempting to use `server.VerifyAttestation` using the snippet provided below [server.VerifyAttestation](https://pkg.go.dev/github.com/google/[email protected]/server#VerifyAttestation) fails on debian 10 with ``` gcloud compute instances create shielded-sb --zone=us-central1-a --machine-type=e2-medium --no-service-account --no-scopes \ --create-disk=auto-delete=yes,boot=yes,device-name=shielded-sb,image=projects/debian-cloud/global/images/debian-10-buster-v20211104,mode=rw,size=10,type=projects/mineral-minutia-820/zones/us-central1-a/diskTypes/pd-balanced \ --shielded-vtpm --shielded-secure-boot...
When cgo picks up OpenSSL 3.0 (for example via brew on macOS), compilation outputs quite a few deprecation warnings similar to the following: ```In file included from include.c:172: /redacted/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c:600:9: warning:...
For db additions, this would look more like take an existing Database/empty Database and update with hashes and certificates. - AddCertificate, AddHash For dbx, we should support reading a dbx...
Current seal/unseal operations in tpm2tools only check PCRs. We should support the operation with a user specified password. So users can seal the secret to not only PCRs but also...
