go-tpm-tools
go-tpm-tools copied to clipboard
google
Go packages built on go-tpm providing a high-level API for using TPMs
Systemd measures into various PCRs from userspace. An up to date list can be found [here](https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/). Interesting entries are those marked as `Userspace`. For some time, those measurements were not...
[CreateSigningKeyImportBlob](https://pkg.go.dev/github.com/google/go-tpm-tools/server#CreateSigningKeyImportBlob) and [ImportSigningKey](https://pkg.go.dev/github.com/google/go-tpm-tools/client#Key.ImportSigningKey) only support restrictions with pcr values. However, the imorted key does not have any `authorization policy` that prevent duplication afaik (only pcr binding) ``` # tpm2_readpublic -c...
`GetGCEInstanceInfo` return `nil,nil` in certain circumstances: https://github.com/google/go-tpm-tools/blob/master/server/verify.go#L208-L211 shoudn't these `return nil, fmt.Errorf("...")`
`go-tpm-tools` currenlty supports importing an external rsa key _into_ the tpm using [CreateSigningKeyImportBlob](https://pkg.go.dev/github.com/google/[email protected]/server#CreateSigningKeyImportBlob) it also supports encrypting an arbitrary secret which can get decrypted by the target TPM (using [CreateImportBlob](https://pkg.go.dev/github.com/google/[email protected]/server#CreateImportBlob)...
https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html describes a (de facto, for now) standard for PEM files containing TPMv2-wrapped keys. It is supported by both the IBM and TCG OpenSSL ENGINEs/providers, as well as GnuTLS and...
``` // // Flags to find OpenSSL installation on macOS (default Homebrew location) // #cgo darwin CFLAGS: -I/usr/local/opt/openssl/include // #cgo darwin LDFLAGS: -L/usr/local/opt/openssl/lib ``` The aforementioned flags are correct on...
This PR includes changes to populate the machinState proto with the verified SNP/TDX attestation data. The attestation verifier service will leverage the verified machineState to make claims around. # Breaking...
CS operators can use tee-dev-shm-size to increase the size of the /dev/shm mount for the workload. CS operators can use `tee-mount` to specify tmpfs mounts in the running container. For...
