@super-protocol/addons-tee 0.8.16 → 0.8.17-beta.2

package/dist/sgx-native-module/sev-snp-mrenclave.js

@@ -0,0 +1,290 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SNPMrEnclaveCalculator = void 0;
+const fs = __importStar(require("fs"));
+const fsAsync = __importStar(require("fs/promises"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const sev_snp_1 = require("./sev-snp");
+const axios_1 = __importDefault(require("axios"));
+const sdk_js_1 = require("@super-protocol/sdk-js");
+const dto_js_1 = require("@super-protocol/dto-js");
+const crypto_1 = require("crypto");
+const stream_1 = require("stream");
+class VMConfigCache {
+    constructor(ttl = 5 * 60 * 1000) {
+        this.cache = {};
+        this.ttl = ttl;
+    }
+    set(key, value) {
+        const timestamp = Date.now();
+        this.cache[key] = {
+            value,
+            timestamp,
+        };
+    }
+    get(key, force = false) {
+        const record = this.cache[key];
+        if (record) {
+            if (force === false) {
+                const now = Date.now();
+                if (now - record.timestamp > this.ttl) {
+                    return null;
+                }
+            }
+            return record.value;
+        }
+        return null;
+    }
+    clear() {
+        this.cache = {};
+    }
+}
+class SNPMrEnclaveCalculator {
+    constructor(config) {
+        this.axiosInstance = axios_1.default.create();
+        this.defaultCredentials = {
+            token: "1UXqNMwov41q9TgHmyopNg5q2giQ8aTdh1gjKWKjfbWPFrcrnhenp6QZfd5ukyVnYXDx9Cok6RtnQMMnXmoZPrSUMNGZGF9KuLCzvRNmQYHowX14C2xAxtJeH6VCuNX39ist4bRE9L5VT3k41frDVh3cG1gZvsqh4EaDeaJyV6U4xVaqXqULnSb9PozqU97VVLWhfwdnj6XgUM59Wzq7yo7vn8RxwSyn8H74TEiLNGUPPA3frsYZuoqWQkNzbiYev5ByWeLro1TXo7DogD4WALCKfEmpwHs9j9rsX5WZvvZ13ourTiuZp5vTTZkByB2ibxUJqkSoZSpCNVtmDToNVKkMREVySe",
+        };
+        this.cacheFolder = config.cacheFolder || fs.mkdtempSync(path.join(os.tmpdir(), "snp-mrenclave-cache-"));
+        const rmPrevCache = config.rmPrevCache ?? false;
+        this.vmRepoOwner = config.vmRepoOwner || "Super-Protocol";
+        this.vmRepo = config.vmRepo || "sp-vm";
+        this.releaseAsset = config.releaseAsset || "vm.json";
+        this.retryInterval = config.downloadAssetRetryInterval ?? 1000;
+        this.retryMax = config.downloadAssetRetryMax ?? 3;
+        if ((config.storageCredentials && !config.storageType) || (!config.storageCredentials && config.storageType)) {
+            throw new Error("Both the StorageCredentials and StorageType parameters must either be passed or not passed");
+        }
+        this.storageCredentials = config.storageCredentials ?? this.defaultCredentials;
+        this.storageType = config.storageType ?? dto_js_1.StorageType.StorJ;
+        const cacheRecordsTTL = config.cacheRecordsTTL ?? 5 * 60 * 1000;
+        if (rmPrevCache && fs.existsSync(this.cacheFolder)) {
+            this.clearFileCache();
+        }
+        if (!fs.existsSync(this.cacheFolder)) {
+            fs.mkdirSync(this.cacheFolder, { recursive: true });
+        }
+        this.vmInfoCache = new VMConfigCache(cacheRecordsTTL);
+    }
+    clearFileCache() {
+        fs.rmSync(this.cacheFolder, {
+            recursive: true,
+            force: true,
+        });
+    }
+    /**
+     * The method allows to obtain expected mrenclave if the virtual machine for which the report is
+     * submitted was running on one core and a Milan processor
+     * @param report - @see CalcSnpMrEnclaveParams
+     */
+    async getSingleCoreMrEnclave(report) {
+        const mrEnclave = await sev_snp_1.SevSNP.getMrEnclave(report.report);
+        const vmMeasure = await this.downloadVM(report.build);
+        const expectedMrEnclave = await sev_snp_1.SevSNP.calcSnpMrEnclave({
+            ovmfPath: vmMeasure.ovmfFilePath,
+            kernelHash: vmMeasure.kernelHash,
+            initrdHash: vmMeasure.initrdHash,
+            cmdLineHash: report.cmdLineHash,
+            vcpuSig: report.cpuSig,
+            vcpuCount: report.cores,
+        });
+        if (!mrEnclave.equals(expectedMrEnclave))
+            throw new Error("Expected mrEnclave does not match the calculated one");
+        const singleCoreMrEnclave = await sev_snp_1.SevSNP.calcSnpMrEnclave({
+            ovmfPath: vmMeasure.ovmfFilePath,
+            kernelHash: vmMeasure.kernelHash,
+            initrdHash: vmMeasure.initrdHash,
+            cmdLineHash: report.cmdLineHash,
+            vcpuSig: sev_snp_1.SevSNP.getCpuSig(sev_snp_1.AMD_EPYC_MILAN_CPUINFO),
+            vcpuCount: 1,
+        });
+        return singleCoreMrEnclave;
+    }
+    async downloadAsset(assetUrl) {
+        const { retryInterval, retryMax } = this;
+        const response = await sdk_js_1.helpers.tryWithInterval({
+            checkResult(response) {
+                return { isResultOk: response.status === 200 };
+            },
+            handler: async () => {
+                return this.axiosInstance.get(assetUrl, {
+                    responseType: "arraybuffer",
+                });
+            },
+            checkError(err) {
+                if (axios_1.default.isAxiosError(err) && err.response) {
+                    const status = err.response.status;
+                    return { retryable: status < 400 || status >= 500 || status === 429 };
+                }
+                return { retryable: axios_1.default.isAxiosError(err) };
+            },
+            retryInterval,
+            retryMax,
+        });
+        return response.data;
+    }
+    extractVMData(data) {
+        const vm = JSON.parse(data.toString("utf-8"));
+        const kernelHash = vm.kernel?.sha256;
+        if (!kernelHash) {
+            throw new Error("kernel hash is missing");
+        }
+        const initrdHash = vm.initrd?.sha256;
+        const OVMF = vm.bios_amd || vm.bios;
+        if (!OVMF) {
+            throw new Error("Neither bios_amd nor bios is available");
+        }
+        const { sha256, bucket, prefix, filename } = OVMF;
+        if (!sha256 || !bucket || !prefix || !filename) {
+            throw new Error("Missing one or more required fields in OVMF");
+        }
+        return {
+            kernelHash: Buffer.from(kernelHash, "hex"),
+            initrdHash: initrdHash ? Buffer.from(initrdHash, "hex") : undefined,
+            ovmfHash: Buffer.from(sha256, "hex"),
+            ovmfBucket: bucket,
+            ovmfPrefix: prefix,
+            ovmfFilename: filename,
+        };
+    }
+    static calcHashStream(alg = "sha256") {
+        const hash = (0, crypto_1.createHash)(alg);
+        return {
+            process: new stream_1.Transform({
+                transform: (data, encoding, done) => {
+                    hash.update(data);
+                    done(null, data);
+                },
+            }),
+            get: () => hash.digest(),
+        };
+    }
+    static async fileExist(filePath) {
+        try {
+            await fsAsync.access(filePath);
+            return true;
+        }
+        catch (err) {
+            return false;
+        }
+    }
+    async getAssetUrl(build) {
+        const { retryInterval, retryMax } = this;
+        const response = await sdk_js_1.helpers.tryWithInterval({
+            checkResult(response) {
+                return { isResultOk: response.status === 200 };
+            },
+            handler: async () => {
+                return this.axiosInstance.get(`https://api.github.com/repos/${this.vmRepoOwner}/${this.vmRepo}/releases/tags/${build}`);
+            },
+            checkError(err) {
+                if (axios_1.default.isAxiosError(err) && err.response) {
+                    const status = err.response.status;
+                    return { retryable: status < 400 || status >= 500 || status === 429 };
+                }
+                return { retryable: axios_1.default.isAxiosError(err) };
+            },
+            retryInterval,
+            retryMax,
+        });
+        const { data } = response;
+        const asset = data.assets.find((asset) => asset.name === this.releaseAsset);
+        return asset.browser_download_url;
+    }
+    async downloadVM(build) {
+        let fromCache = false;
+        let vmFiles;
+        const vmInfo = this.vmInfoCache.get(build);
+        if (vmInfo) {
+            fromCache = true;
+            vmFiles = vmInfo;
+        }
+        else {
+            try {
+                const assetUrl = await this.getAssetUrl(build);
+                const vm = await this.downloadAsset(assetUrl);
+                vmFiles = this.extractVMData(vm);
+            }
+            catch (error) {
+                const vmInfo = this.vmInfoCache.get(build, true);
+                if (vmInfo) {
+                    fromCache = true;
+                    vmFiles = vmInfo;
+                }
+                else {
+                    throw error;
+                }
+            }
+        }
+        const ovmfPath = path.join(this.cacheFolder, `${vmFiles.ovmfHash.toString("hex")}_OVMF.fd`);
+        let fileExistAndCorrect = false;
+        if (await SNPMrEnclaveCalculator.fileExist(ovmfPath)) {
+            const fileStream = fs.createReadStream(ovmfPath);
+            const hash = await sdk_js_1.Crypto.createHash(fileStream, {
+                algo: dto_js_1.HashAlgorithm.SHA256,
+                encoding: dto_js_1.Encoding.hex,
+            });
+            if (vmFiles.ovmfHash.toString("hex") === hash.hash) {
+                fileExistAndCorrect = true;
+            }
+        }
+        if (fileExistAndCorrect !== true) {
+            await this.downloadOvmf(vmFiles, ovmfPath);
+        }
+        if (fromCache !== true) {
+            this.vmInfoCache.set(build, vmFiles);
+        }
+        return {
+            initrdHash: vmFiles.initrdHash,
+            kernelHash: vmFiles.kernelHash,
+            ovmfFilePath: ovmfPath,
+        };
+    }
+    async downloadOvmf(vmFiles, ovmfPath) {
+        const credentials = {
+            ...this.storageCredentials,
+            bucket: vmFiles.ovmfBucket,
+            prefix: vmFiles.ovmfPrefix.endsWith("/") ? vmFiles.ovmfPrefix : `${vmFiles.ovmfPrefix}/`,
+        };
+        const access = {
+            storageType: this.storageType,
+            credentials,
+        };
+        const storageProvider = (0, sdk_js_1.getStorageProvider)(access);
+        const downloaderStream = await storageProvider.downloadFile(vmFiles.ovmfFilename, {});
+        const { process: hashStream, get: getStreamHash } = SNPMrEnclaveCalculator.calcHashStream("sha256");
+        await stream_1.promises.pipeline(downloaderStream, hashStream, fs.createWriteStream(ovmfPath));
+        if (!vmFiles.ovmfHash.equals(getStreamHash())) {
+            throw new Error("The downloaded OVMF-file does not match the expected checksum");
+        }
+    }
+}
+exports.SNPMrEnclaveCalculator = SNPMrEnclaveCalculator;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2V2LXNucC1tcmVuY2xhdmUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvc2V2LXNucC1tcmVuY2xhdmUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSx1Q0FBeUI7QUFDekIscURBQXVDO0FBQ3ZDLDJDQUE2QjtBQUM3Qix1Q0FBeUI7QUFDekIsdUNBQXNFO0FBQ3RFLGtEQUE2QztBQUM3QyxtREFBMEc7QUFDMUcsbURBTWdDO0FBQ2hDLG1DQUFvQztBQUNwQyxtQ0FBNkM7QUFrQzdDLE1BQU0sYUFBYTtJQUlmLFlBQVksTUFBYyxDQUFDLEdBQUcsRUFBRSxHQUFHLElBQUk7UUFIL0IsVUFBSyxHQUE4RCxFQUFFLENBQUM7UUFJMUUsSUFBSSxDQUFDLEdBQUcsR0FBRyxHQUFHLENBQUM7SUFDbkIsQ0FBQztJQUVELEdBQUcsQ0FBQyxHQUFXLEVBQUUsS0FBZTtRQUM1QixNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDN0IsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsR0FBRztZQUNkLEtBQUs7WUFDTCxTQUFTO1NBQ1osQ0FBQztJQUNOLENBQUM7SUFFRCxHQUFHLENBQUMsR0FBVyxFQUFFLFFBQWlCLEtBQUs7UUFDbkMsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUUvQixJQUFJLE1BQU0sRUFBRSxDQUFDO1lBQ1QsSUFBSSxLQUFLLEtBQUssS0FBSyxFQUFFLENBQUM7Z0JBQ2xCLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztnQkFDdkIsSUFBSSxHQUFHLEdBQUcsTUFBTSxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7b0JBQ3BDLE9BQU8sSUFBSSxDQUFDO2dCQUNoQixDQUFDO1lBQ0wsQ0FBQztZQUVELE9BQU8sTUFBTSxDQUFDLEtBQUssQ0FBQztRQUN4QixDQUFDO1FBRUQsT0FBTyxJQUFJLENBQUM7SUFDaEIsQ0FBQztJQUVELEtBQUs7UUFDRCxJQUFJLENBQUMsS0FBSyxHQUFHLEVBQUUsQ0FBQztJQUNwQixDQUFDO0NBQ0o7QUFpQkQsTUFBYSxzQkFBc0I7SUFlL0IsWUFBWSxNQUFrQztRQVY3QixrQkFBYSxHQUFHLGVBQUssQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQU0vQix1QkFBa0IsR0FBZ0Q7WUFDL0UsS0FBSyxFQUFFLGdXQUFnVztTQUMxVyxDQUFDO1FBR0UsSUFBSSxDQUFDLFdBQVcsR0FBRyxNQUFNLENBQUMsV0FBVyxJQUFJLEVBQUUsQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsTUFBTSxFQUFFLEVBQUUsc0JBQXNCLENBQUMsQ0FBQyxDQUFDO1FBQ3hHLE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxXQUFXLElBQUksS0FBSyxDQUFDO1FBQ2hELElBQUksQ0FBQyxXQUFXLEdBQUcsTUFBTSxDQUFDLFdBQVcsSUFBSSxnQkFBZ0IsQ0FBQztRQUMxRCxJQUFJLENBQUMsTUFBTSxHQUFHLE1BQU0sQ0FBQyxNQUFNLElBQUksT0FBTyxDQUFDO1FBQ3ZDLElBQUksQ0FBQyxZQUFZLEdBQUcsTUFBTSxDQUFDLFlBQVksSUFBSSxTQUFTLENBQUM7UUFDckQsSUFBSSxDQUFDLGFBQWEsR0FBRyxNQUFNLENBQUMsMEJBQTBCLElBQUksSUFBSSxDQUFDO1FBQy9ELElBQUksQ0FBQyxRQUFRLEdBQUcsTUFBTSxDQUFDLHFCQUFxQixJQUFJLENBQUMsQ0FBQztRQUVsRCxJQUFJLENBQUMsTUFBTSxDQUFDLGtCQUFrQixJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUMsQ0FBQyxNQUFNLENBQUMsa0JBQWtCLElBQUksTUFBTSxDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUM7WUFDM0csTUFBTSxJQUFJLEtBQUssQ0FDWCw0RkFBNEYsQ0FDL0YsQ0FBQztRQUNOLENBQUM7UUFFRCxJQUFJLENBQUMsa0JBQWtCLEdBQUcsTUFBTSxDQUFDLGtCQUFrQixJQUFJLElBQUksQ0FBQyxrQkFBa0IsQ0FBQztRQUMvRSxJQUFJLENBQUMsV0FBVyxHQUFHLE1BQU0sQ0FBQyxXQUFXLElBQUksb0JBQVcsQ0FBQyxLQUFLLENBQUM7UUFFM0QsTUFBTSxlQUFlLEdBQUcsTUFBTSxDQUFDLGVBQWUsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQztRQUVoRSxJQUFJLFdBQVcsSUFBSSxFQUFFLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDO1lBQ2pELElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQztRQUMxQixDQUFDO1FBRUQsSUFBSSxDQUFDLEVBQUUsQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUM7WUFDbkMsRUFBRSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLEVBQUUsU0FBUyxFQUFFLElBQUksRUFBRSxDQUFDLENBQUM7UUFDeEQsQ0FBQztRQUVELElBQUksQ0FBQyxXQUFXLEdBQUcsSUFBSSxhQUFhLENBQUMsZUFBZSxDQUFDLENBQUM7SUFDMUQsQ0FBQztJQUVPLGNBQWM7UUFDbEIsRUFBRSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFO1lBQ3hCLFNBQVMsRUFBRSxJQUFJO1lBQ2YsS0FBSyxFQUFFLElBQUk7U0FDZCxDQUFDLENBQUM7SUFDUCxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNJLEtBQUssQ0FBQyxzQkFBc0IsQ0FBQyxNQUFpQjtRQUNqRCxNQUFNLFNBQVMsR0FBRyxNQUFNLGdCQUFNLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUMzRCxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ3RELE1BQU0saUJBQWlCLEdBQUcsTUFBTSxnQkFBTSxDQUFDLGdCQUFnQixDQUFDO1lBQ3BELFFBQVEsRUFBRSxTQUFTLENBQUMsWUFBWTtZQUNoQyxVQUFVLEVBQUUsU0FBUyxDQUFDLFVBQVU7WUFDaEMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxVQUFVO1lBQ2hDLFdBQVcsRUFBRSxNQUFNLENBQUMsV0FBVztZQUMvQixPQUFPLEVBQUUsTUFBTSxDQUFDLE1BQU07WUFDdEIsU0FBUyxFQUFFLE1BQU0sQ0FBQyxLQUFLO1NBQzFCLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLGlCQUFpQixDQUFDO1lBQ3BDLE1BQU0sSUFBSSxLQUFLLENBQUMsc0RBQXNELENBQUMsQ0FBQztRQUU1RSxNQUFNLG1CQUFtQixHQUFHLE1BQU0sZ0JBQU0sQ0FBQyxnQkFBZ0IsQ0FBQztZQUN0RCxRQUFRLEVBQUUsU0FBUyxDQUFDLFlBQVk7WUFDaEMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxVQUFVO1lBQ2hDLFVBQVUsRUFBRSxTQUFTLENBQUMsVUFBVTtZQUNoQyxXQUFXLEVBQUUsTUFBTSxDQUFDLFdBQVc7WUFDL0IsT0FBTyxFQUFFLGdCQUFNLENBQUMsU0FBUyxDQUFDLGdDQUFzQixDQUFDO1lBQ2pELFNBQVMsRUFBRSxDQUFDO1NBQ2YsQ0FBQyxDQUFDO1FBRUgsT0FBTyxtQkFBbUIsQ0FBQztJQUMvQixDQUFDO0lBRVMsS0FBSyxDQUFDLGFBQWEsQ0FBQyxRQUFnQjtRQUMxQyxNQUFNLEVBQUUsYUFBYSxFQUFFLFFBQVEsRUFBRSxHQUFHLElBQUksQ0FBQztRQUN6QyxNQUFNLFFBQVEsR0FBRyxNQUFNLGdCQUFVLENBQUMsZUFBZSxDQUFnQjtZQUM3RCxXQUFXLENBQUMsUUFBUTtnQkFDaEIsT0FBTyxFQUFFLFVBQVUsRUFBRSxRQUFRLENBQUMsTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDO1lBQ25ELENBQUM7WUFDRCxPQUFPLEVBQUUsS0FBSyxJQUFJLEVBQUU7Z0JBQ2hCLE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQUMsUUFBUSxFQUFFO29CQUNwQyxZQUFZLEVBQUUsYUFBYTtpQkFDOUIsQ0FBQyxDQUFDO1lBQ1AsQ0FBQztZQUNELFVBQVUsQ0FBQyxHQUFHO2dCQUNWLElBQUksZUFBSyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsSUFBSSxHQUFHLENBQUMsUUFBUSxFQUFFLENBQUM7b0JBQzFDLE1BQU0sTUFBTSxHQUFHLEdBQUcsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDO29CQUVuQyxPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sR0FBRyxHQUFHLElBQUksTUFBTSxJQUFJLEdBQUcsSUFBSSxNQUFNLEtBQUssR0FBRyxFQUFFLENBQUM7Z0JBQzFFLENBQUM7Z0JBRUQsT0FBTyxFQUFFLFNBQVMsRUFBRSxlQUFLLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDbEQsQ0FBQztZQUNELGFBQWE7WUFDYixRQUFRO1NBQ1gsQ0FBQyxDQUFDO1FBRUgsT0FBTyxRQUFRLENBQUMsSUFBSSxDQUFDO0lBQ3pCLENBQUM7SUFFUyxhQUFhLENBQUMsSUFBWTtRQUNoQyxNQUFNLEVBQUUsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQVcsQ0FBQztRQUN4RCxNQUFNLFVBQVUsR0FBRyxFQUFFLENBQUMsTUFBTSxFQUFFLE1BQU0sQ0FBQztRQUNyQyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDZCxNQUFNLElBQUksS0FBSyxDQUFDLHdCQUF3QixDQUFDLENBQUM7UUFDOUMsQ0FBQztRQUVELE1BQU0sVUFBVSxHQUFHLEVBQUUsQ0FBQyxNQUFNLEVBQUUsTUFBTSxDQUFDO1FBRXJDLE1BQU0sSUFBSSxHQUFHLEVBQUUsQ0FBQyxRQUFRLElBQUksRUFBRSxDQUFDLElBQUksQ0FBQztRQUNwQyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDUixNQUFNLElBQUksS0FBSyxDQUFDLHdDQUF3QyxDQUFDLENBQUM7UUFDOUQsQ0FBQztRQUVELE1BQU0sRUFBRSxNQUFNLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxRQUFRLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFFbEQsSUFBSSxDQUFDLE1BQU0sSUFBSSxDQUFDLE1BQU0sSUFBSSxDQUFDLE1BQU0sSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQzdDLE1BQU0sSUFBSSxLQUFLLENBQUMsNkNBQTZDLENBQUMsQ0FBQztRQUNuRSxDQUFDO1FBRUQsT0FBTztZQUNILFVBQVUsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxLQUFLLENBQUM7WUFDMUMsVUFBVSxFQUFFLFVBQVUsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVM7WUFDbkUsUUFBUSxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQztZQUNwQyxVQUFVLEVBQUUsTUFBTTtZQUNsQixVQUFVLEVBQUUsTUFBTTtZQUNsQixZQUFZLEVBQUUsUUFBUTtTQUN6QixDQUFDO0lBQ04sQ0FBQztJQUVTLE1BQU0sQ0FBQyxjQUFjLENBQUMsR0FBRyxHQUFHLFFBQVE7UUFDMUMsTUFBTSxJQUFJLEdBQUcsSUFBQSxtQkFBVSxFQUFDLEdBQUcsQ0FBQyxDQUFDO1FBRTdCLE9BQU87WUFDSCxPQUFPLEVBQUUsSUFBSSxrQkFBUyxDQUFDO2dCQUNuQixTQUFTLEVBQUUsQ0FBQyxJQUFJLEVBQUUsUUFBUSxFQUFFLElBQUksRUFBUSxFQUFFO29CQUN0QyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDO29CQUNsQixJQUFJLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO2dCQUNyQixDQUFDO2FBQ0osQ0FBQztZQUNGLEdBQUcsRUFBRSxHQUFHLEVBQUUsQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFO1NBQzNCLENBQUM7SUFDTixDQUFDO0lBRVMsTUFBTSxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUMsUUFBZ0I7UUFDN0MsSUFBSSxDQUFDO1lBQ0QsTUFBTSxPQUFPLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBRS9CLE9BQU8sSUFBSSxDQUFDO1FBQ2hCLENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ1gsT0FBTyxLQUFLLENBQUM7UUFDakIsQ0FBQztJQUNMLENBQUM7SUFFUyxLQUFLLENBQUMsV0FBVyxDQUFDLEtBQWE7UUFDckMsTUFBTSxFQUFFLGFBQWEsRUFBRSxRQUFRLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFDekMsTUFBTSxRQUFRLEdBQUcsTUFBTSxnQkFBVSxDQUFDLGVBQWUsQ0FBZ0I7WUFDN0QsV0FBVyxDQUFDLFFBQVE7Z0JBQ2hCLE9BQU8sRUFBRSxVQUFVLEVBQUUsUUFBUSxDQUFDLE1BQU0sS0FBSyxHQUFHLEVBQUUsQ0FBQztZQUNuRCxDQUFDO1lBQ0QsT0FBTyxFQUFFLEtBQUssSUFBSSxFQUFFO2dCQUNoQixPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUN6QixnQ0FBZ0MsSUFBSSxDQUFDLFdBQVcsSUFBSSxJQUFJLENBQUMsTUFBTSxrQkFBa0IsS0FBSyxFQUFFLENBQzNGLENBQUM7WUFDTixDQUFDO1lBQ0QsVUFBVSxDQUFDLEdBQUc7Z0JBQ1YsSUFBSSxlQUFLLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxRQUFRLEVBQUUsQ0FBQztvQkFDMUMsTUFBTSxNQUFNLEdBQUcsR0FBRyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUM7b0JBRW5DLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxHQUFHLEdBQUcsSUFBSSxNQUFNLElBQUksR0FBRyxJQUFJLE1BQU0sS0FBSyxHQUFHLEVBQUUsQ0FBQztnQkFDMUUsQ0FBQztnQkFFRCxPQUFPLEVBQUUsU0FBUyxFQUFFLGVBQUssQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUNsRCxDQUFDO1lBQ0QsYUFBYTtZQUNiLFFBQVE7U0FDWCxDQUFDLENBQUM7UUFDSCxNQUFNLEVBQUUsSUFBSSxFQUFFLEdBQUcsUUFBUSxDQUFDO1FBQzFCLE1BQU0sS0FBSyxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsS0FBdUIsRUFBRSxFQUFFLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUM7UUFFOUYsT0FBTyxLQUFLLENBQUMsb0JBQW9CLENBQUM7SUFDdEMsQ0FBQztJQUVTLEtBQUssQ0FBQyxVQUFVLENBQUMsS0FBYTtRQUNwQyxJQUFJLFNBQVMsR0FBRyxLQUFLLENBQUM7UUFDdEIsSUFBSSxPQUFpQixDQUFDO1FBRXRCLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQzNDLElBQUksTUFBTSxFQUFFLENBQUM7WUFDVCxTQUFTLEdBQUcsSUFBSSxDQUFDO1lBQ2pCLE9BQU8sR0FBRyxNQUFNLENBQUM7UUFDckIsQ0FBQzthQUFNLENBQUM7WUFDSixJQUFJLENBQUM7Z0JBQ0QsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLEtBQUssQ0FBQyxDQUFDO2dCQUMvQyxNQUFNLEVBQUUsR0FBRyxNQUFNLElBQUksQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLENBQUM7Z0JBQzlDLE9BQU8sR0FBRyxJQUFJLENBQUMsYUFBYSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBQ3JDLENBQUM7WUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO2dCQUNiLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxJQUFJLENBQUMsQ0FBQztnQkFDakQsSUFBSSxNQUFNLEVBQUUsQ0FBQztvQkFDVCxTQUFTLEdBQUcsSUFBSSxDQUFDO29CQUNqQixPQUFPLEdBQUcsTUFBTSxDQUFDO2dCQUNyQixDQUFDO3FCQUFNLENBQUM7b0JBQ0osTUFBTSxLQUFLLENBQUM7Z0JBQ2hCLENBQUM7WUFDTCxDQUFDO1FBQ0wsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxHQUFHLE9BQU8sQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUU1RixJQUFJLG1CQUFtQixHQUFHLEtBQUssQ0FBQztRQUNoQyxJQUFJLE1BQU0sc0JBQXNCLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7WUFDbkQsTUFBTSxVQUFVLEdBQUcsRUFBRSxDQUFDLGdCQUFnQixDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBQ2pELE1BQU0sSUFBSSxHQUFHLE1BQU0sZUFBTSxDQUFDLFVBQVUsQ0FBQyxVQUFVLEVBQUU7Z0JBQzdDLElBQUksRUFBRSxzQkFBYSxDQUFDLE1BQU07Z0JBQzFCLFFBQVEsRUFBRSxpQkFBUSxDQUFDLEdBQUc7YUFDekIsQ0FBQyxDQUFDO1lBRUgsSUFBSSxPQUFPLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsS0FBSyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7Z0JBQ2pELG1CQUFtQixHQUFHLElBQUksQ0FBQztZQUMvQixDQUFDO1FBQ0wsQ0FBQztRQUVELElBQUksbUJBQW1CLEtBQUssSUFBSSxFQUFFLENBQUM7WUFDL0IsTUFBTSxJQUFJLENBQUMsWUFBWSxDQUFDLE9BQU8sRUFBRSxRQUFRLENBQUMsQ0FBQztRQUMvQyxDQUFDO1FBRUQsSUFBSSxTQUFTLEtBQUssSUFBSSxFQUFFLENBQUM7WUFDckIsSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsS0FBSyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBQ3pDLENBQUM7UUFFRCxPQUFPO1lBQ0gsVUFBVSxFQUFFLE9BQU8sQ0FBQyxVQUFVO1lBQzlCLFVBQVUsRUFBRSxPQUFPLENBQUMsVUFBVTtZQUM5QixZQUFZLEVBQUUsUUFBUTtTQUN6QixDQUFDO0lBQ04sQ0FBQztJQUVTLEtBQUssQ0FBQyxZQUFZLENBQUMsT0FBaUIsRUFBRSxRQUFnQjtRQUM1RCxNQUFNLFdBQVcsR0FBNkI7WUFDMUMsR0FBRyxJQUFJLENBQUMsa0JBQWtCO1lBQzFCLE1BQU0sRUFBRSxPQUFPLENBQUMsVUFBVTtZQUMxQixNQUFNLEVBQUUsT0FBTyxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLEdBQUcsT0FBTyxDQUFDLFVBQVUsR0FBRztTQUMzRixDQUFDO1FBRUYsTUFBTSxNQUFNLEdBQWtCO1lBQzFCLFdBQVcsRUFBRSxJQUFJLENBQUMsV0FBVztZQUM3QixXQUFXO1NBQ2QsQ0FBQztRQUVGLE1BQU0sZUFBZSxHQUFHLElBQUEsMkJBQWtCLEVBQUMsTUFBTSxDQUFDLENBQUM7UUFDbkQsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLGVBQWUsQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDLFlBQVksRUFBRSxFQUFFLENBQUMsQ0FBQztRQUN0RixNQUFNLEVBQUUsT0FBTyxFQUFFLFVBQVUsRUFBRSxHQUFHLEVBQUUsYUFBYSxFQUFFLEdBQUcsc0JBQXNCLENBQUMsY0FBYyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3BHLE1BQU0saUJBQVEsQ0FBQyxRQUFRLENBQUMsZ0JBQWdCLEVBQUUsVUFBVSxFQUFFLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDO1FBRXRGLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxhQUFhLEVBQUUsQ0FBQyxFQUFFLENBQUM7WUFDNUMsTUFBTSxJQUFJLEtBQUssQ0FBQywrREFBK0QsQ0FBQyxDQUFDO1FBQ3JGLENBQUM7SUFDTCxDQUFDO0NBQ0o7QUE5UUQsd0RBOFFDIn0=

package/dist/sgx-native-module/sev-snp.d.ts

@@ -0,0 +1,134 @@
+/// <reference types="node" />
+import { CpuInfo } from "../../bindings/amd-sev-snp-napi-rs/";
+import { CertificateFormat } from "./pki.service";
+export declare enum SupportedAmdSevSnpGenerations {
+    Milan = "Milan",
+    Genoa = "Genoa"
+}
+export declare enum SevSNPCertType {
+    ARK = "ARK",
+    ASK = "ASK",
+    VCEK = "VCEK"
+}
+export interface SnpCert {
+    type: SevSNPCertType;
+    cert: Buffer | string;
+    format: CertificateFormat;
+}
+export interface SNPReport {
+    report: Buffer;
+    cpuSig: number;
+    cores: number;
+    cmdLineHash: Buffer;
+    build: string;
+}
+export interface SNPReportWithChain extends SNPReport {
+    certs: SnpCert[];
+}
+export interface CalcSnpMrEnclaveParams {
+    ovmfPath: string;
+    kernelHash: Buffer;
+    initrdHash?: Buffer;
+    cmdLineHash: Buffer;
+    vcpuSig: number;
+    vcpuCount: number;
+    vmpl?: number;
+    policy?: bigint;
+}
+export declare const AMD_EPYC_MILAN_CPUINFO: CpuInfo;
+export declare const EMPTY_INITRD_SHA256_HASH: Buffer;
+export type ArkHashes = {
+    [key: string]: Buffer;
+};
+export declare const ARK_MILAN = "-----BEGIN CERTIFICATE-----\nMIIGYzCCBBKgAwIBAgIDAQAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\nY2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTcyMzA1WhcNNDUxMDIy\nMTcyMzA1WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLU1pbGFuMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEA0Ld52RJOdeiJlqK2JdsVmD7FktuotWwX1fNg\nW41XY9Xz1HEhSUmhLz9Cu9DHRlvgJSNxbeYYsnJfvyjx1MfU0V5tkKiU1EesNFta\n1kTA0szNisdYc9isqk7mXT5+KfGRbfc4V/9zRIcE8jlHN61S1ju8X93+6dxDUrG2\nSzxqJ4BhqyYmUDruPXJSX4vUc01P7j98MpqOS95rORdGHeI52Naz5m2B+O+vjsC0\n60d37jY9LFeuOP4Meri8qgfi2S5kKqg/aF6aPtuAZQVR7u3KFYXP59XmJgtcog05\ngmI0T/OitLhuzVvpZcLph0odh/1IPXqx3+MnjD97A7fXpqGd/y8KxX7jksTEzAOg\nbKAeam3lm+3yKIcTYMlsRMXPcjNbIvmsBykD//xSniusuHBkgnlENEWx1UcbQQrs\n+gVDkuVPhsnzIRNgYvM48Y+7LGiJYnrmE8xcrexekBxrva2V9TJQqnN3Q53kt5vi\nQi3+gCfmkwC0F0tirIZbLkXPrPwzZ0M9eNxhIySb2npJfgnqz55I0u33wh4r0ZNQ\neTGfw03MBUtyuzGesGkcw+loqMaq1qR4tjGbPYxCvpCq7+OgpCCoMNit2uLo9M18\nfHz10lOMT8nWAUvRZFzteXCm+7PHdYPlmQwUw3LvenJ/ILXoQPHfbkH0CyPfhl1j\nWhJFZasCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSFrBrRQ/fI\nrFXUxR1BSKvVeErUUzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG\nKWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvTWlsYW4vY3JsMEYGCSqG\nSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI\nAWUDBAICBQCiAwIBMKMDAgEBA4ICAQC6m0kDp6zv4Ojfgy+zleehsx6ol0ocgVel\nETobpx+EuCsqVFRPK1jZ1sp/lyd9+0fQ0r66n7kagRk4Ca39g66WGTJMeJdqYriw\nSTjjDCKVPSesWXYPVAyDhmP5n2v+BYipZWhpvqpaiO+EGK5IBP+578QeW/sSokrK\ndHaLAxG2LhZxj9aF73fqC7OAJZ5aPonw4RE299FVarh1Tx2eT3wSgkDgutCTB1Yq\nzT5DuwvAe+co2CIVIzMDamYuSFjPN0BCgojl7V+bTou7dMsqIu/TW/rPCX9/EUcp\nKGKqPQ3P+N9r1hjEFY1plBg93t53OOo49GNI+V1zvXPLI6xIFVsh+mto2RtgEX/e\npmMKTNN6psW88qg7c1hTWtN6MbRuQ0vm+O+/2tKBF2h8THb94OvvHHoFDpbCELlq\nHnIYhxy0YKXGyaW1NjfULxrrmxVW4wcn5E8GddmvNa6yYm8scJagEi13mhGu4Jqh\n3QU3sf8iUSUr09xQDwHtOQUVIqx4maBZPBtSMf+qUDtjXSSq8lfWcd8bLr9mdsUn\nJZJ0+tuPMKmBnSH860llKk+VpVQsgqbzDIvOLvD6W1Umq25boxCYJ+TuBoa4s+HH\nCViAvgT9kf/rBq1d+ivj6skkHxuzcxbk1xv6ZGxrteJxVH7KlX7YRdZ6eARKwLe4\nAFZEAwoKCQ==\n-----END CERTIFICATE-----";
+export declare const ARK_GENOA = "-----BEGIN CERTIFICATE-----\nMIIGYzCCBBKgAwIBAgIDAgAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\nY2VzMRIwEAYDVQQDDAlBUkstR2Vub2EwHhcNMjIwMTI2MTUzNDM3WhcNNDcwMTI2\nMTUzNDM3WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLUdlbm9hMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEA3Cd95S/uFOuRIskW9vz9VDBF69NDQF79oRhL\n/L2PVQGhK3YdfEBgpF/JiwWFBsT/fXDhzA01p3LkcT/7LdjcRfKXjHl+0Qq/M4dZ\nkh6QDoUeKzNBLDcBKDDGWo3v35NyrxbA1DnkYwUKU5AAk4P94tKXLp80oxt84ahy\nHoLmc/LqsGsp+oq1Bz4PPsYLwTG4iMKVaaT90/oZ4I8oibSru92vJhlqWO27d/Rx\nc3iUMyhNeGToOvgx/iUo4gGpG61NDpkEUvIzuKcaMx8IdTpWg2DF6SwF0IgVMffn\nvtJmA68BwJNWo1E4PLJdaPfBifcJpuBFwNVQIPQEVX3aP89HJSp8YbY9lySS6PlV\nEqTBBtaQmi4ATGmMR+n2K/e+JAhU2Gj7jIpJhOkdH9firQDnmlA2SFfJ/Cc0mGNz\nW9RmIhyOUnNFoclmkRhl3/AQU5Ys9Qsan1jT/EiyT+pCpmnA+y9edvhDCbOG8F2o\nxHGRdTBkylungrkXJGYiwGrR8kaiqv7NN8QhOBMqYjcbrkEr0f8QMKklIS5ruOfq\nlLMCBw8JLB3LkjpWgtD7OpxkzSsohN47Uom86RY6lp72g8eXHP1qYrnvhzaG1S70\nvw6OkbaaC9EjiH/uHgAJQGxon7u0Q7xgoREWA/e7JcBQwLg80Hq/sbRuqesxz7wB\nWSY254cCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSfXfn+Ddjz\nWtAzGiXvgSlPvjGoWzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG\nKWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvR2Vub2EvY3JsMEYGCSqG\nSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI\nAWUDBAICBQCiAwIBMKMDAgEBA4ICAQAdIlPBC7DQmvH7kjlOznFx3i21SzOPDs5L\n7SgFjMC9rR07292GQCA7Z7Ulq97JQaWeD2ofGGse5swj4OQfKfVv/zaJUFjvosZO\nnfZ63epu8MjWgBSXJg5QE/Al0zRsZsp53DBTdA+Uv/s33fexdenT1mpKYzhIg/cK\ntz4oMxq8JKWJ8Po1CXLzKcfrTphjlbkh8AVKMXeBd2SpM33B1YP4g1BOdk013kqb\n7bRHZ1iB2JHG5cMKKbwRCSAAGHLTzASgDcXr9Fp7Z3liDhGu/ci1opGmkp12QNiJ\nuBbkTU+xDZHm5X8Jm99BX7NEpzlOwIVR8ClgBDyuBkBC2ljtr3ZSaUIYj2xuyWN9\n5KFY49nWxcz90CFa3Hzmy4zMQmBe9dVyls5eL5p9bkXcgRMDTbgmVZiAf4afe8DL\ndmQcYcMFQbHhgVzMiyZHGJgcCrQmA7MkTwEIds1wx/HzMcwU4qqNBAoZV7oeIIPx\ndqFXfPqHqiRlEbRDfX1TG5NFVaeByX0GyH6jzYVuezETzruaky6fp2bl2bczxPE8\nHdS38ijiJmm9vl50RGUeOAXjSuInGR4bsRufeGPB9peTa9BcBOeTWzstqTUB/F/q\naZCIZKr4X6TyfUuSDz/1JDAGl+lxdM0P9+lLaP9NahQjHCVf0zf1c1salVuGFk2w\n/wMz1R1BHg==\n-----END CERTIFICATE-----";
+export declare function getDefaultArkHashes(): ArkHashes;
+export declare class SevSNP {
+    static serializeSNPReport(report: SNPReportWithChain): Buffer;
+    static deserializeSNPReport(serialized: Buffer): SNPReportWithChain;
+    protected static convertCertToPem(cert: Buffer): string;
+    protected static convertPemToDer(cert: string): Buffer;
+    protected static splitCerts(certsPem: string): string[];
+    protected static readCmdLine(): Promise<string>;
+    /**
+     * Method for generation AMD SEV-SNP Report
+     * @param userData - The data that will be included in the report and will be signed
+     */
+    static generateSNPReport(userData: Buffer): Promise<SNPReport>;
+    /**
+     * Method for fetch certificates from AMD KDS
+     * @param report - report generated by the `generateSNPReport` method
+     * @param options - options for working with HTTP, allows you to configure repetitions and the interval between them,
+     *                  as well as the format of the returned certificates
+     */
+    static getReportChain(report: SNPReport, options?: {
+        retryMax?: number;
+        retryInterval?: number;
+        certFormat?: CertificateFormat;
+    }): Promise<SnpCert[]>;
+    /**
+     * Method for generation AMD SEV-SNP Report and fetching certificates
+     * @param userData - @see generateSNPReport
+     * @param options - @see getReportChain
+     */
+    static generateSNPReportWithChain(userData: Buffer, options?: {
+        retryMax?: number;
+        retryInterval?: number;
+        certFormat?: CertificateFormat;
+    }): Promise<SNPReportWithChain>;
+    protected static runSubProcess(binaryPath: string, args?: string[], options?: {
+        cwd?: string;
+        timeoutMs?: number;
+    }): Promise<{
+        exitCode: number;
+        stdout: string;
+        stderr: string;
+    }>;
+    static getCertHash(cert: SnpCert): Buffer;
+    protected static isValidArk(ARK: SnpCert, trustedHashes: ArkHashes): boolean;
+    /**
+     * AMD SEV-SNP verification method
+     * @param report - report with full certificate chain
+     * @param options - trustedHashes - map of trusted AMD ARK Certificates (CommonName as Key, Sha256 Hash of Der Certificate as Value) - optional
+     *                  timeoutMs - timeout of the utility snpnost in ms
+     *                  snpGuestBinaryPath - path for snpguest util
+     */
+    static verifyReport(report: SNPReportWithChain, options?: {
+        trustedHashes?: ArkHashes;
+        timeoutMs?: number;
+        snpGuestBinaryPath?: string;
+        tmpDir?: string;
+    }): Promise<void>;
+    protected static calcMrEnclave(measure: Buffer, vmpl: number, policy: bigint): Buffer;
+    /**
+     * Method for obtaining mrEnclave from report. MrEnclave includes report measure, report vmpl and report policy
+     * @param report - report without certificates
+     */
+    static getMrEnclave(report: Buffer): Buffer;
+    /**
+     * Method for obtaining reportData. This data was passed when generating the report
+     * @param report - report without certificates
+     */
+    static getReportData(report: Buffer): Promise<Buffer>;
+    /**
+     * Method for obtaining measure. Please do not confuse with mrenclave. Report measure is part of mrEnclave.
+     * @param report - report without certificates
+     */
+    static getReportMeasure(report: Buffer): Promise<Buffer>;
+    protected static calculateFileSha256(filePath: string): Promise<Buffer>;
+    protected static calculateCmdlineHash(cmdLine: string): Buffer;
+    /**
+     * The method allows to get the expected mrEnclave without generating a report
+     * @param params - @see CalcSnpMrEnclaveParams
+     */
+    static calcSnpMrEnclave(params: CalcSnpMrEnclaveParams): Promise<Buffer>;
+    protected static extractBuildFromCmdline(cmdLine: string, paramName?: string): string;
+    /**
+     * Compute the 32-bit CPUID signature from family, model, and stepping.
+     * This computation is described in AMD's CPUID Specification, publication #25481
+     * https://www.amd.com/system/files/TechDocs/25481.pdf
+     * See section: CPUID Fn0000_0001_EAX Family, Model, Stepping Identifiers
+     * @param cpuInfo - Structure containing family, model and stepping @see CpuInfo
+     */
+    static getCpuSig(cpuInfo: CpuInfo): number;
+}