@reclaimprotocol/attestor-core
Version:
<div> <div> <img src="https://raw.githubusercontent.com/reclaimprotocol/.github/main/assets/banners/Attestor-Core.png" /> </div> </div>
436 lines (435 loc) • 18.3 kB
TypeScript
import { BinaryReader, BinaryWriter } from "@bufbuild/protobuf/wire";
import { NvidiaAttestationReport } from "./attestation.ts";
import { Attestation as Attestation1 } from "./sevsnp.ts";
import { QuoteV4 } from "./tdx.ts";
import { HashAlgo, Quote } from "./tpm.ts";
export declare const protobufPackage = "attest";
/** Type of hardware technology used to protect this instance */
export declare const GCEConfidentialTechnology: {
readonly NONE: 0;
readonly AMD_SEV: 1;
readonly AMD_SEV_ES: 2;
readonly INTEL_TDX: 3;
readonly AMD_SEV_SNP: 4;
readonly UNRECOGNIZED: -1;
};
export type GCEConfidentialTechnology = typeof GCEConfidentialTechnology[keyof typeof GCEConfidentialTechnology];
export declare namespace GCEConfidentialTechnology {
type NONE = typeof GCEConfidentialTechnology.NONE;
type AMD_SEV = typeof GCEConfidentialTechnology.AMD_SEV;
type AMD_SEV_ES = typeof GCEConfidentialTechnology.AMD_SEV_ES;
type INTEL_TDX = typeof GCEConfidentialTechnology.INTEL_TDX;
type AMD_SEV_SNP = typeof GCEConfidentialTechnology.AMD_SEV_SNP;
type UNRECOGNIZED = typeof GCEConfidentialTechnology.UNRECOGNIZED;
}
export declare function gCEConfidentialTechnologyFromJSON(object: any): GCEConfidentialTechnology;
export declare function gCEConfidentialTechnologyToJSON(object: GCEConfidentialTechnology): string;
/** Common, publicly-listed certificates by different vendors. */
export declare const WellKnownCertificate: {
readonly UNKNOWN: 0;
/**
* MS_WINDOWS_PROD_PCA_2011 - Microsoft certs:
* https://go.microsoft.com/fwlink/p/?linkid=321192
*/
readonly MS_WINDOWS_PROD_PCA_2011: 1;
/** MS_THIRD_PARTY_UEFI_CA_2011 - https://go.microsoft.com/fwlink/p/?linkid=321194 */
readonly MS_THIRD_PARTY_UEFI_CA_2011: 2;
/** MS_THIRD_PARTY_KEK_CA_2011 - https://go.microsoft.com/fwlink/p/?linkid=321185 */
readonly MS_THIRD_PARTY_KEK_CA_2011: 3;
/** GCE_DEFAULT_PK - GCE certs: */
readonly GCE_DEFAULT_PK: 4;
readonly UNRECOGNIZED: -1;
};
export type WellKnownCertificate = typeof WellKnownCertificate[keyof typeof WellKnownCertificate];
export declare namespace WellKnownCertificate {
type UNKNOWN = typeof WellKnownCertificate.UNKNOWN;
type MS_WINDOWS_PROD_PCA_2011 = typeof WellKnownCertificate.MS_WINDOWS_PROD_PCA_2011;
type MS_THIRD_PARTY_UEFI_CA_2011 = typeof WellKnownCertificate.MS_THIRD_PARTY_UEFI_CA_2011;
type MS_THIRD_PARTY_KEK_CA_2011 = typeof WellKnownCertificate.MS_THIRD_PARTY_KEK_CA_2011;
type GCE_DEFAULT_PK = typeof WellKnownCertificate.GCE_DEFAULT_PK;
type UNRECOGNIZED = typeof WellKnownCertificate.UNRECOGNIZED;
}
export declare function wellKnownCertificateFromJSON(object: any): WellKnownCertificate;
export declare function wellKnownCertificateToJSON(object: WellKnownCertificate): string;
/**
* The container's restart policy.
* See the following Kubernetes documentation for more details:
* https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
* Note that these enum variants do not conform to the standard Protocol Buffers
* Style Guide so that RestartPolicy_name, RestartPolicy_value, and
* RestartPolicy.String() match the values used by Kubernetes and others.
*/
export declare const RestartPolicy: {
readonly Always: 0;
readonly OnFailure: 1;
readonly Never: 2;
readonly UNRECOGNIZED: -1;
};
export type RestartPolicy = typeof RestartPolicy[keyof typeof RestartPolicy];
export declare namespace RestartPolicy {
type Always = typeof RestartPolicy.Always;
type OnFailure = typeof RestartPolicy.OnFailure;
type Never = typeof RestartPolicy.Never;
type UNRECOGNIZED = typeof RestartPolicy.UNRECOGNIZED;
}
export declare function restartPolicyFromJSON(object: any): RestartPolicy;
export declare function restartPolicyToJSON(object: RestartPolicy): string;
/** Confidential Computing mode for GPU device. Reference for these CC mode values: https://developer.nvidia.com/blog/confidential-computing-on-h100-gpus-for-secure-and-trustworthy-ai/#hardware_security_for_nvidia_h100_gpus */
export declare const GPUDeviceCCMode: {
readonly UNSET: 0;
/** ON - The NVIDIA H100 hardware, firmware, and software have fully activated all the confidential computing features. */
readonly ON: 1;
/** OFF - None of the confidential computing-specific features are active. */
readonly OFF: 2;
/** DEVTOOLS - The GPU is in a partial CC mode that will match the workflows of CC mode ON, but with security protections disabled. */
readonly DEVTOOLS: 3;
readonly UNRECOGNIZED: -1;
};
export type GPUDeviceCCMode = typeof GPUDeviceCCMode[keyof typeof GPUDeviceCCMode];
export declare namespace GPUDeviceCCMode {
type UNSET = typeof GPUDeviceCCMode.UNSET;
type ON = typeof GPUDeviceCCMode.ON;
type OFF = typeof GPUDeviceCCMode.OFF;
type DEVTOOLS = typeof GPUDeviceCCMode.DEVTOOLS;
type UNRECOGNIZED = typeof GPUDeviceCCMode.UNRECOGNIZED;
}
export declare function gPUDeviceCCModeFromJSON(object: any): GPUDeviceCCMode;
export declare function gPUDeviceCCModeToJSON(object: GPUDeviceCCMode): string;
/**
* Information uniquely identifying a GCE instance. Can be used to create an
* instance URL, which can then be used with GCE APIs. Formatted like:
* https://www.googleapis.com/compute/v1/projects/{project_id}/zones/{zone}/instances/{instance_name}
*/
export interface GCEInstanceInfo {
zone: string;
projectId: string;
projectNumber: bigint;
instanceName: string;
instanceId: bigint;
}
export interface Attestation {
/** Attestation Key (AK) Public Area, encoded as a TPMT_PUBLIC */
akPub: Uint8Array;
/** Quotes over all supported PCR banks */
quotes: Quote[];
/**
* TCG Event Log, encoded in the raw binary format.
* Can be SHA-1 or crypto-agile.
*/
eventLog: Uint8Array;
/** Optional information about a GCE instance, unused outside of GCE */
instanceInfo: GCEInstanceInfo | undefined;
/** A COS event log using the TCG Canonical Event Log format */
canonicalEventLog: Uint8Array;
/**
* Attestation Key (AK) Certificate, encoded as ASN.1 DER.
* Optional.
*/
akCert: Uint8Array;
/**
* Intermediate Certificates for verifying the AK Certificate, encoded as
* ASN.1 DER. Optional.
*/
intermediateCerts: Uint8Array[];
sevSnpAttestation?: Attestation1 | undefined;
tdxAttestation?: QuoteV4 | undefined;
}
/**
* For VMs running SEV-SNP with an SVSM-based e-vTPM, this contains a TPM quote
* and all the information needed to verify it.
*/
export interface SevSnpSvsmAttestation {
attestation: Attestation | undefined;
sevSnpAttestation: Attestation1 | undefined;
/**
* vTPM service manifest is retrieved from configfs-tsm-report via manifest blob
* See https://github.com/torvalds/linux/blob/v6.16/Documentation/ABI/testing/configfs-tsm-report
* The manifest format is defined by the SVSM spec at https://www.amd.com/en/developer/sev.html
*/
vtpmServiceManifest: Uint8Array;
vtpmServiceManifestVersion: string;
/** This contains a launch endorsement for guest firmware that includes SVSM. */
launchEndorsement: Uint8Array;
}
/** The platform/firmware state for this instance */
export interface PlatformState {
/** Raw S-CRTM version identifier (EV_S_CRTM_VERSION) */
scrtmVersionId?: Uint8Array | undefined;
/** Virtual GCE firmware version (parsed from S-CRTM version id) */
gceVersion?: number | undefined;
/** Set to NONE on non-GCE instances or non-Confidential Shielded GCE instances */
technology: GCEConfidentialTechnology;
/** Only set for GCE instances */
instanceInfo: GCEInstanceInfo | undefined;
}
export interface GrubFile {
/** The digest of the file (pulled from the raw event digest). */
digest: Uint8Array;
/** The event data. This is not measured, so it is untrusted. */
untrustedFilename: Uint8Array;
}
export interface GrubState {
/** All GRUB-read and measured files, including grub.cfg. */
files: GrubFile[];
/**
* A list of executed GRUB commands and command lines passed to the kernel
* and kernel modules.
*/
commands: string[];
}
/**
* The state of the Linux kernel.
* At the moment, parsing LinuxKernelState relies on parsing the GrubState.
* To do so, use ParseOpts{Loader: GRUB} when calling ParseMachineState.
*/
export interface LinuxKernelState {
/** The kernel command line. */
commandLine: string;
}
/** A parsed event from the TCG event log */
export interface Event {
/** The Platform Control Register (PCR) this event was extended into. */
pcrIndex: number;
/**
* The type of this event. Note that this value is not verified, so it should
* only be used as a hint during event parsing.
*/
untrustedType: number;
/**
* The raw data associated to this event. The meaning of this data is
* specific to the type of the event.
*/
data: Uint8Array;
/**
* The event digest actually extended into the TPM. This is often the hash of
* the data field, but in some cases it may have a type-specific calculation.
*/
digest: Uint8Array;
/** This is true if hash(data) == digest. */
digestVerified: boolean;
}
export interface Certificate {
/** DER representation of the certificate. */
der?: Uint8Array | undefined;
wellKnown?: WellKnownCertificate | undefined;
}
/**
* A Secure Boot database containing lists of hashes and certificates,
* as defined by section 32.4.1 Signature Database in the UEFI spec.
*/
export interface Database {
certs: Certificate[];
hashes: Uint8Array[];
}
/** The Secure Boot state for this instance. */
export interface SecureBootState {
/** Whether Secure Boot is enabled. */
enabled: boolean;
/** The Secure Boot signature (allowed) database. */
db: Database | undefined;
/** The Secure Boot revoked signature (forbidden) database. */
dbx: Database | undefined;
/**
* Authority events post-separator. Pre-separator authorities
* are currently not supported.
*/
authority: Database | undefined;
/** The Secure Boot Platform key, used to sign key exchange keys. */
pk: Database | undefined;
/** The Secure Boot Key Exchange Keys, used to sign db and dbx updates. */
kek: Database | undefined;
}
export interface ContainerState {
imageReference: string;
/**
* Digest of the registry's image manifest, which contains a list of the
* layers comprising the image.
*/
imageDigest: string;
restartPolicy: RestartPolicy;
/**
* Digest of the local image configuration object, containing config items
* such as local layer digests.
*/
imageId: string;
args: string[];
envVars: {
[]: string;
};
/**
* Record operator input Env Vars and Args, should be subsets of the above
* Env Vars and Args.
*/
overriddenArgs: string[];
overriddenEnvVars: {
[]: string;
};
}
export interface ContainerState_EnvVarsEntry {
key: string;
value: string;
}
export interface ContainerState_OverriddenEnvVarsEntry {
key: string;
value: string;
}
export interface SemanticVersion {
major: number;
minor: number;
patch: number;
}
export interface HealthMonitoringState {
/** Whether memory monitoring is enabled. */
memoryEnabled?: boolean | undefined;
}
export interface GpuDeviceState {
/** Whether Confidential Computing mode is enabled for GPU. */
ccMode: GPUDeviceCCMode;
nvidiaAttestationReport: NvidiaAttestationReport | undefined;
}
export interface AttestedCosState {
container: ContainerState | undefined;
cosVersion: SemanticVersion | undefined;
launcherVersion: SemanticVersion | undefined;
healthMonitoring: HealthMonitoringState | undefined;
gpuDeviceState: GpuDeviceState | undefined;
}
export interface EfiApp {
/** The PE/COFF digest of the EFI application (pulled from the raw event digest). */
digest: Uint8Array;
}
/**
* The verified state of EFI Applications. Policy usage on this machine state
* should check the entire set of EFI App digests matches, not a subset.
*/
export interface EfiState {
/**
* UEFI's OS Loader code is required to measure attempts to load and execute
* UEFI applications.
* UEFI applications are typically bootloaders such as shim and GRUB.
* These run and are measured using the UEFI LoadImage() service.
*/
apps: EfiApp[];
/**
* The EFI drivers,
* obtained from https://trustedcomputinggroup.org/wp-content/uploads/TCG_EFI_Platform_1_22_Final_-v15.pdf#page=22.
* The EFI Boot Services Drivers from adapter or loaded bydriver in adapter.
*/
bootServicesDrivers: EfiApp[];
/** The EFI Runtime Drivers from adapter or loaded bydriver in adapter. */
runtimeServicesDrivers: EfiApp[];
}
/** The verified state of a booted machine, obtained from an Attestation */
export interface MachineState {
platform: PlatformState | undefined;
secureBoot: SecureBootState | undefined;
/**
* The complete parsed TCG Event Log, including those events used to
* create the PlatformState.
*/
rawEvents: Event[];
/**
* The hash algorithm used when verifying the Attestation. This indicates:
* - which PCR bank was used for for quote validation and event log replay
* - the hash algorithm used to calculate event digests
*/
hash: HashAlgo;
grub: GrubState | undefined;
linuxKernel: LinuxKernelState | undefined;
cos: AttestedCosState | undefined;
efi: EfiState | undefined;
sevSnpAttestation?: Attestation1 | undefined;
tdxAttestation?: QuoteV4 | undefined;
}
/** A policy dictating which values of PlatformState to allow */
export interface PlatformPolicy {
/**
* If PlatformState.firmware contains a scrtm_version_id, it must appear
* in this list. For use with a GCE VM, minimum_gce_firmware_version is
* often a better alternative.
*/
allowedScrtmVersionIds: Uint8Array[];
/**
* If PlatformState.firmware contains a minimum_gce_firmware_version, it must
* be greater than or equal to this value. Currently, the max version is 1.
*/
minimumGceFirmwareVersion: number;
/**
* The PlatformState's technology must be at least as secure as
* the specified minimum_technology (i.e. AMD_SEV_ES > AMD_SEV > NONE).
*/
minimumTechnology: GCEConfidentialTechnology;
}
/**
* A policy about what parts of a RIM to compare against machine state as
* reflected in a quote or (verified) event log. Reference measurements for
* a component are expected to be addressable by the machine state's reported
* digest, or otherwise presented as cached collateral with the attestation
* itself. The method of delivery is vendor-specific.
*/
export interface RIMPolicy {
/**
* If true, the signed measurement must be available (by means that can be
* vendor-specific), and the target measurement must be among the listed
* signed measurements. If false, then only error if there is a problem
* verifying the signed measurements when they are available.
*/
requireSigned: boolean;
/** x.509 certificates in ASN.1 DER format. */
rootCerts: Uint8Array[];
}
/**
* Represent minimal decisions about attestation fields until necessary to
* add for policy reasons.
*/
export interface SevSnpPolicy {
/** The policy for checking the signed reference values for the UEFI at launch. */
uefi: RIMPolicy | undefined;
}
/** A policy dictating which type of MachineStates to allow */
export interface Policy {
platform: PlatformPolicy | undefined;
/**
* When the attestation is on SEV-SNP, this is the policy. Unset means no
* constraints.
*/
sevSnp: SevSnpPolicy | undefined;
}
export declare const GCEInstanceInfo: MessageFns<GCEInstanceInfo>;
export declare const Attestation: MessageFns<Attestation>;
export declare const SevSnpSvsmAttestation: MessageFns<SevSnpSvsmAttestation>;
export declare const PlatformState: MessageFns<PlatformState>;
export declare const GrubFile: MessageFns<GrubFile>;
export declare const GrubState: MessageFns<GrubState>;
export declare const LinuxKernelState: MessageFns<LinuxKernelState>;
export declare const Event: MessageFns<Event>;
export declare const Certificate: MessageFns<Certificate>;
export declare const Database: MessageFns<Database>;
export declare const SecureBootState: MessageFns<SecureBootState>;
export declare const ContainerState: MessageFns<ContainerState>;
export declare const ContainerState_EnvVarsEntry: MessageFns<ContainerState_EnvVarsEntry>;
export declare const ContainerState_OverriddenEnvVarsEntry: MessageFns<ContainerState_OverriddenEnvVarsEntry>;
export declare const SemanticVersion: MessageFns<SemanticVersion>;
export declare const HealthMonitoringState: MessageFns<HealthMonitoringState>;
export declare const GpuDeviceState: MessageFns<GpuDeviceState>;
export declare const AttestedCosState: MessageFns<AttestedCosState>;
export declare const EfiApp: MessageFns<EfiApp>;
export declare const EfiState: MessageFns<EfiState>;
export declare const MachineState: MessageFns<MachineState>;
export declare const PlatformPolicy: MessageFns<PlatformPolicy>;
export declare const RIMPolicy: MessageFns<RIMPolicy>;
export declare const SevSnpPolicy: MessageFns<SevSnpPolicy>;
export declare const Policy: MessageFns<Policy>;
type Builtin = Date | Function | Uint8Array | string | number | boolean | bigint | undefined;
export type DeepPartial<T> = T extends Builtin ? T : T extends globalThis.Array<infer U> ? globalThis.Array<DeepPartial<U>> : T extends ReadonlyArray<infer U> ? ReadonlyArray<DeepPartial<U>> : T extends {} ? {
[]?: DeepPartial<T[K]>;
} : Partial<T>;
export interface MessageFns<T> {
encode(message: T, writer?: BinaryWriter): BinaryWriter;
decode(input: BinaryReader | Uint8Array, length?: number): T;
fromJSON(object: any): T;
toJSON(message: T): unknown;
create(base?: DeepPartial<T>): T;
fromPartial(object: DeepPartial<T>): T;
}
export {};