UNPKG

@reclaimprotocol/attestor-core

Version:

<div> <div> <img src="https://raw.githubusercontent.com/reclaimprotocol/.github/main/assets/banners/Attestor-Core.png" /> </div> </div>

436 lines (435 loc) 18.3 kB
import { BinaryReader, BinaryWriter } from "@bufbuild/protobuf/wire"; import { NvidiaAttestationReport } from "./attestation.ts"; import { Attestation as Attestation1 } from "./sevsnp.ts"; import { QuoteV4 } from "./tdx.ts"; import { HashAlgo, Quote } from "./tpm.ts"; export declare const protobufPackage = "attest"; /** Type of hardware technology used to protect this instance */ export declare const GCEConfidentialTechnology: { readonly NONE: 0; readonly AMD_SEV: 1; readonly AMD_SEV_ES: 2; readonly INTEL_TDX: 3; readonly AMD_SEV_SNP: 4; readonly UNRECOGNIZED: -1; }; export type GCEConfidentialTechnology = typeof GCEConfidentialTechnology[keyof typeof GCEConfidentialTechnology]; export declare namespace GCEConfidentialTechnology { type NONE = typeof GCEConfidentialTechnology.NONE; type AMD_SEV = typeof GCEConfidentialTechnology.AMD_SEV; type AMD_SEV_ES = typeof GCEConfidentialTechnology.AMD_SEV_ES; type INTEL_TDX = typeof GCEConfidentialTechnology.INTEL_TDX; type AMD_SEV_SNP = typeof GCEConfidentialTechnology.AMD_SEV_SNP; type UNRECOGNIZED = typeof GCEConfidentialTechnology.UNRECOGNIZED; } export declare function gCEConfidentialTechnologyFromJSON(object: any): GCEConfidentialTechnology; export declare function gCEConfidentialTechnologyToJSON(object: GCEConfidentialTechnology): string; /** Common, publicly-listed certificates by different vendors. */ export declare const WellKnownCertificate: { readonly UNKNOWN: 0; /** * MS_WINDOWS_PROD_PCA_2011 - Microsoft certs: * https://go.microsoft.com/fwlink/p/?linkid=321192 */ readonly MS_WINDOWS_PROD_PCA_2011: 1; /** MS_THIRD_PARTY_UEFI_CA_2011 - https://go.microsoft.com/fwlink/p/?linkid=321194 */ readonly MS_THIRD_PARTY_UEFI_CA_2011: 2; /** MS_THIRD_PARTY_KEK_CA_2011 - https://go.microsoft.com/fwlink/p/?linkid=321185 */ readonly MS_THIRD_PARTY_KEK_CA_2011: 3; /** GCE_DEFAULT_PK - GCE certs: */ readonly GCE_DEFAULT_PK: 4; readonly UNRECOGNIZED: -1; }; export type WellKnownCertificate = typeof WellKnownCertificate[keyof typeof WellKnownCertificate]; export declare namespace WellKnownCertificate { type UNKNOWN = typeof WellKnownCertificate.UNKNOWN; type MS_WINDOWS_PROD_PCA_2011 = typeof WellKnownCertificate.MS_WINDOWS_PROD_PCA_2011; type MS_THIRD_PARTY_UEFI_CA_2011 = typeof WellKnownCertificate.MS_THIRD_PARTY_UEFI_CA_2011; type MS_THIRD_PARTY_KEK_CA_2011 = typeof WellKnownCertificate.MS_THIRD_PARTY_KEK_CA_2011; type GCE_DEFAULT_PK = typeof WellKnownCertificate.GCE_DEFAULT_PK; type UNRECOGNIZED = typeof WellKnownCertificate.UNRECOGNIZED; } export declare function wellKnownCertificateFromJSON(object: any): WellKnownCertificate; export declare function wellKnownCertificateToJSON(object: WellKnownCertificate): string; /** * The container's restart policy. * See the following Kubernetes documentation for more details: * https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy * Note that these enum variants do not conform to the standard Protocol Buffers * Style Guide so that RestartPolicy_name, RestartPolicy_value, and * RestartPolicy.String() match the values used by Kubernetes and others. */ export declare const RestartPolicy: { readonly Always: 0; readonly OnFailure: 1; readonly Never: 2; readonly UNRECOGNIZED: -1; }; export type RestartPolicy = typeof RestartPolicy[keyof typeof RestartPolicy]; export declare namespace RestartPolicy { type Always = typeof RestartPolicy.Always; type OnFailure = typeof RestartPolicy.OnFailure; type Never = typeof RestartPolicy.Never; type UNRECOGNIZED = typeof RestartPolicy.UNRECOGNIZED; } export declare function restartPolicyFromJSON(object: any): RestartPolicy; export declare function restartPolicyToJSON(object: RestartPolicy): string; /** Confidential Computing mode for GPU device. Reference for these CC mode values: https://developer.nvidia.com/blog/confidential-computing-on-h100-gpus-for-secure-and-trustworthy-ai/#hardware_security_for_nvidia_h100_gpus */ export declare const GPUDeviceCCMode: { readonly UNSET: 0; /** ON - The NVIDIA H100 hardware, firmware, and software have fully activated all the confidential computing features. */ readonly ON: 1; /** OFF - None of the confidential computing-specific features are active. */ readonly OFF: 2; /** DEVTOOLS - The GPU is in a partial CC mode that will match the workflows of CC mode ON, but with security protections disabled. */ readonly DEVTOOLS: 3; readonly UNRECOGNIZED: -1; }; export type GPUDeviceCCMode = typeof GPUDeviceCCMode[keyof typeof GPUDeviceCCMode]; export declare namespace GPUDeviceCCMode { type UNSET = typeof GPUDeviceCCMode.UNSET; type ON = typeof GPUDeviceCCMode.ON; type OFF = typeof GPUDeviceCCMode.OFF; type DEVTOOLS = typeof GPUDeviceCCMode.DEVTOOLS; type UNRECOGNIZED = typeof GPUDeviceCCMode.UNRECOGNIZED; } export declare function gPUDeviceCCModeFromJSON(object: any): GPUDeviceCCMode; export declare function gPUDeviceCCModeToJSON(object: GPUDeviceCCMode): string; /** * Information uniquely identifying a GCE instance. Can be used to create an * instance URL, which can then be used with GCE APIs. Formatted like: * https://www.googleapis.com/compute/v1/projects/{project_id}/zones/{zone}/instances/{instance_name} */ export interface GCEInstanceInfo { zone: string; projectId: string; projectNumber: bigint; instanceName: string; instanceId: bigint; } export interface Attestation { /** Attestation Key (AK) Public Area, encoded as a TPMT_PUBLIC */ akPub: Uint8Array; /** Quotes over all supported PCR banks */ quotes: Quote[]; /** * TCG Event Log, encoded in the raw binary format. * Can be SHA-1 or crypto-agile. */ eventLog: Uint8Array; /** Optional information about a GCE instance, unused outside of GCE */ instanceInfo: GCEInstanceInfo | undefined; /** A COS event log using the TCG Canonical Event Log format */ canonicalEventLog: Uint8Array; /** * Attestation Key (AK) Certificate, encoded as ASN.1 DER. * Optional. */ akCert: Uint8Array; /** * Intermediate Certificates for verifying the AK Certificate, encoded as * ASN.1 DER. Optional. */ intermediateCerts: Uint8Array[]; sevSnpAttestation?: Attestation1 | undefined; tdxAttestation?: QuoteV4 | undefined; } /** * For VMs running SEV-SNP with an SVSM-based e-vTPM, this contains a TPM quote * and all the information needed to verify it. */ export interface SevSnpSvsmAttestation { attestation: Attestation | undefined; sevSnpAttestation: Attestation1 | undefined; /** * vTPM service manifest is retrieved from configfs-tsm-report via manifest blob * See https://github.com/torvalds/linux/blob/v6.16/Documentation/ABI/testing/configfs-tsm-report * The manifest format is defined by the SVSM spec at https://www.amd.com/en/developer/sev.html */ vtpmServiceManifest: Uint8Array; vtpmServiceManifestVersion: string; /** This contains a launch endorsement for guest firmware that includes SVSM. */ launchEndorsement: Uint8Array; } /** The platform/firmware state for this instance */ export interface PlatformState { /** Raw S-CRTM version identifier (EV_S_CRTM_VERSION) */ scrtmVersionId?: Uint8Array | undefined; /** Virtual GCE firmware version (parsed from S-CRTM version id) */ gceVersion?: number | undefined; /** Set to NONE on non-GCE instances or non-Confidential Shielded GCE instances */ technology: GCEConfidentialTechnology; /** Only set for GCE instances */ instanceInfo: GCEInstanceInfo | undefined; } export interface GrubFile { /** The digest of the file (pulled from the raw event digest). */ digest: Uint8Array; /** The event data. This is not measured, so it is untrusted. */ untrustedFilename: Uint8Array; } export interface GrubState { /** All GRUB-read and measured files, including grub.cfg. */ files: GrubFile[]; /** * A list of executed GRUB commands and command lines passed to the kernel * and kernel modules. */ commands: string[]; } /** * The state of the Linux kernel. * At the moment, parsing LinuxKernelState relies on parsing the GrubState. * To do so, use ParseOpts{Loader: GRUB} when calling ParseMachineState. */ export interface LinuxKernelState { /** The kernel command line. */ commandLine: string; } /** A parsed event from the TCG event log */ export interface Event { /** The Platform Control Register (PCR) this event was extended into. */ pcrIndex: number; /** * The type of this event. Note that this value is not verified, so it should * only be used as a hint during event parsing. */ untrustedType: number; /** * The raw data associated to this event. The meaning of this data is * specific to the type of the event. */ data: Uint8Array; /** * The event digest actually extended into the TPM. This is often the hash of * the data field, but in some cases it may have a type-specific calculation. */ digest: Uint8Array; /** This is true if hash(data) == digest. */ digestVerified: boolean; } export interface Certificate { /** DER representation of the certificate. */ der?: Uint8Array | undefined; wellKnown?: WellKnownCertificate | undefined; } /** * A Secure Boot database containing lists of hashes and certificates, * as defined by section 32.4.1 Signature Database in the UEFI spec. */ export interface Database { certs: Certificate[]; hashes: Uint8Array[]; } /** The Secure Boot state for this instance. */ export interface SecureBootState { /** Whether Secure Boot is enabled. */ enabled: boolean; /** The Secure Boot signature (allowed) database. */ db: Database | undefined; /** The Secure Boot revoked signature (forbidden) database. */ dbx: Database | undefined; /** * Authority events post-separator. Pre-separator authorities * are currently not supported. */ authority: Database | undefined; /** The Secure Boot Platform key, used to sign key exchange keys. */ pk: Database | undefined; /** The Secure Boot Key Exchange Keys, used to sign db and dbx updates. */ kek: Database | undefined; } export interface ContainerState { imageReference: string; /** * Digest of the registry's image manifest, which contains a list of the * layers comprising the image. */ imageDigest: string; restartPolicy: RestartPolicy; /** * Digest of the local image configuration object, containing config items * such as local layer digests. */ imageId: string; args: string[]; envVars: { [key: string]: string; }; /** * Record operator input Env Vars and Args, should be subsets of the above * Env Vars and Args. */ overriddenArgs: string[]; overriddenEnvVars: { [key: string]: string; }; } export interface ContainerState_EnvVarsEntry { key: string; value: string; } export interface ContainerState_OverriddenEnvVarsEntry { key: string; value: string; } export interface SemanticVersion { major: number; minor: number; patch: number; } export interface HealthMonitoringState { /** Whether memory monitoring is enabled. */ memoryEnabled?: boolean | undefined; } export interface GpuDeviceState { /** Whether Confidential Computing mode is enabled for GPU. */ ccMode: GPUDeviceCCMode; nvidiaAttestationReport: NvidiaAttestationReport | undefined; } export interface AttestedCosState { container: ContainerState | undefined; cosVersion: SemanticVersion | undefined; launcherVersion: SemanticVersion | undefined; healthMonitoring: HealthMonitoringState | undefined; gpuDeviceState: GpuDeviceState | undefined; } export interface EfiApp { /** The PE/COFF digest of the EFI application (pulled from the raw event digest). */ digest: Uint8Array; } /** * The verified state of EFI Applications. Policy usage on this machine state * should check the entire set of EFI App digests matches, not a subset. */ export interface EfiState { /** * UEFI's OS Loader code is required to measure attempts to load and execute * UEFI applications. * UEFI applications are typically bootloaders such as shim and GRUB. * These run and are measured using the UEFI LoadImage() service. */ apps: EfiApp[]; /** * The EFI drivers, * obtained from https://trustedcomputinggroup.org/wp-content/uploads/TCG_EFI_Platform_1_22_Final_-v15.pdf#page=22. * The EFI Boot Services Drivers from adapter or loaded bydriver in adapter. */ bootServicesDrivers: EfiApp[]; /** The EFI Runtime Drivers from adapter or loaded bydriver in adapter. */ runtimeServicesDrivers: EfiApp[]; } /** The verified state of a booted machine, obtained from an Attestation */ export interface MachineState { platform: PlatformState | undefined; secureBoot: SecureBootState | undefined; /** * The complete parsed TCG Event Log, including those events used to * create the PlatformState. */ rawEvents: Event[]; /** * The hash algorithm used when verifying the Attestation. This indicates: * - which PCR bank was used for for quote validation and event log replay * - the hash algorithm used to calculate event digests */ hash: HashAlgo; grub: GrubState | undefined; linuxKernel: LinuxKernelState | undefined; cos: AttestedCosState | undefined; efi: EfiState | undefined; sevSnpAttestation?: Attestation1 | undefined; tdxAttestation?: QuoteV4 | undefined; } /** A policy dictating which values of PlatformState to allow */ export interface PlatformPolicy { /** * If PlatformState.firmware contains a scrtm_version_id, it must appear * in this list. For use with a GCE VM, minimum_gce_firmware_version is * often a better alternative. */ allowedScrtmVersionIds: Uint8Array[]; /** * If PlatformState.firmware contains a minimum_gce_firmware_version, it must * be greater than or equal to this value. Currently, the max version is 1. */ minimumGceFirmwareVersion: number; /** * The PlatformState's technology must be at least as secure as * the specified minimum_technology (i.e. AMD_SEV_ES > AMD_SEV > NONE). */ minimumTechnology: GCEConfidentialTechnology; } /** * A policy about what parts of a RIM to compare against machine state as * reflected in a quote or (verified) event log. Reference measurements for * a component are expected to be addressable by the machine state's reported * digest, or otherwise presented as cached collateral with the attestation * itself. The method of delivery is vendor-specific. */ export interface RIMPolicy { /** * If true, the signed measurement must be available (by means that can be * vendor-specific), and the target measurement must be among the listed * signed measurements. If false, then only error if there is a problem * verifying the signed measurements when they are available. */ requireSigned: boolean; /** x.509 certificates in ASN.1 DER format. */ rootCerts: Uint8Array[]; } /** * Represent minimal decisions about attestation fields until necessary to * add for policy reasons. */ export interface SevSnpPolicy { /** The policy for checking the signed reference values for the UEFI at launch. */ uefi: RIMPolicy | undefined; } /** A policy dictating which type of MachineStates to allow */ export interface Policy { platform: PlatformPolicy | undefined; /** * When the attestation is on SEV-SNP, this is the policy. Unset means no * constraints. */ sevSnp: SevSnpPolicy | undefined; } export declare const GCEInstanceInfo: MessageFns<GCEInstanceInfo>; export declare const Attestation: MessageFns<Attestation>; export declare const SevSnpSvsmAttestation: MessageFns<SevSnpSvsmAttestation>; export declare const PlatformState: MessageFns<PlatformState>; export declare const GrubFile: MessageFns<GrubFile>; export declare const GrubState: MessageFns<GrubState>; export declare const LinuxKernelState: MessageFns<LinuxKernelState>; export declare const Event: MessageFns<Event>; export declare const Certificate: MessageFns<Certificate>; export declare const Database: MessageFns<Database>; export declare const SecureBootState: MessageFns<SecureBootState>; export declare const ContainerState: MessageFns<ContainerState>; export declare const ContainerState_EnvVarsEntry: MessageFns<ContainerState_EnvVarsEntry>; export declare const ContainerState_OverriddenEnvVarsEntry: MessageFns<ContainerState_OverriddenEnvVarsEntry>; export declare const SemanticVersion: MessageFns<SemanticVersion>; export declare const HealthMonitoringState: MessageFns<HealthMonitoringState>; export declare const GpuDeviceState: MessageFns<GpuDeviceState>; export declare const AttestedCosState: MessageFns<AttestedCosState>; export declare const EfiApp: MessageFns<EfiApp>; export declare const EfiState: MessageFns<EfiState>; export declare const MachineState: MessageFns<MachineState>; export declare const PlatformPolicy: MessageFns<PlatformPolicy>; export declare const RIMPolicy: MessageFns<RIMPolicy>; export declare const SevSnpPolicy: MessageFns<SevSnpPolicy>; export declare const Policy: MessageFns<Policy>; type Builtin = Date | Function | Uint8Array | string | number | boolean | bigint | undefined; export type DeepPartial<T> = T extends Builtin ? T : T extends globalThis.Array<infer U> ? globalThis.Array<DeepPartial<U>> : T extends ReadonlyArray<infer U> ? ReadonlyArray<DeepPartial<U>> : T extends {} ? { [K in keyof T]?: DeepPartial<T[K]>; } : Partial<T>; export interface MessageFns<T> { encode(message: T, writer?: BinaryWriter): BinaryWriter; decode(input: BinaryReader | Uint8Array, length?: number): T; fromJSON(object: any): T; toJSON(message: T): unknown; create(base?: DeepPartial<T>): T; fromPartial(object: DeepPartial<T>): T; } export {};