Crate underhill_attestation 

This modules implements attestation protocols for Underhill to support TVM and CVM, including getting a tenant key via secure key release (SKR) for unlocking VMGS and requesting an attestation key (AK) certificate for TPM. The module also implements the VMGS unlocking process based on SKR.

Structs

Error

An attestation error.

HostAttestationSettings

Host attestation settings obtained via the GET GSP call-out.

IgvmAttestRequestHelper

Helper struct to create IgvmAttestRequest in raw bytes.

PlatformAttestationData

The return values of initialize_platform_security.

Enums

AttestationType

The attestation type to use.

IgvmAttestError

Functions

derive_vmgsid

Derive the expected VMGSID from the encrypted seed data.

get_provenance_claims

Read the VMGS provenance doc and produce runtime claims

initialize_platform_security

If required, attest platform. Gets VMGS datastore key.

parse_ak_cert_response

Parse a AK_CERT_REQUEST response and return the payload (i.e., the AK cert).