@super-protocol/addons-tee 0.9.2 → 0.9.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bindings/amd-sev-snp-napi-rs/amd-sev-snp-napi-rs.linux-x64-gnu.node +0 -0
- package/bindings/amd-sev-snp-napi-rs/index.d.ts +27 -0
- package/bindings/amd-sev-snp-napi-rs/index.js +12 -1
- package/bindings/sp-sev/.github/workflows/lint.yml +3 -3
- package/bindings/sp-sev/.github/workflows/test.yml +163 -2
- package/bindings/sp-sev/Cargo.lock +521 -281
- package/bindings/sp-sev/Cargo.toml +11 -11
- package/bindings/sp-sev/tests/api.rs +9 -6
- package/bindings/sp-sev/tests/certs.rs +4 -5
- package/bindings/sp-sev/tests/guest.rs +2 -1
- package/bindings/sp-sev/tests/id-block.rs +9 -5
- package/bindings/sp-sev/tests/snp_launch.rs +1 -1
- package/bindings/utils/virtee/libsev.so +0 -0
- package/bindings/utils/virtee/snpguest +0 -0
- package/dist/proto/AmdSevSnp.d.ts +194 -0
- package/dist/proto/AmdSevSnp.js +363 -0
- package/dist/sgx-native-module/dcap-quote-verify.service.js +22 -3
- package/dist/sgx-native-module/index.d.ts +1 -0
- package/dist/sgx-native-module/index.js +2 -1
- package/dist/sgx-native-module/sev-snp-mrenclave.d.ts +2 -2
- package/dist/sgx-native-module/sev-snp-mrenclave.js +46 -11
- package/dist/sgx-native-module/sev-snp-schema.d.ts +22 -0
- package/dist/sgx-native-module/sev-snp-schema.js +24 -0
- package/dist/sgx-native-module/sev-snp.d.ts +20 -32
- package/dist/sgx-native-module/sev-snp.js +126 -177
- package/dto/src/AmdSevSnp.proto +31 -0
- package/dto/src/Compression.proto +11 -0
- package/dto/src/Hash.proto +6 -0
- package/dto/src/OrderReport.proto +21 -0
- package/dto/src/TRI.proto +22 -0
- package/dto/src/TeeDeviceInfo.proto +46 -0
- package/package.json +8 -3
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import { Static, TLiteral } from "@sinclair/typebox";
|
|
2
|
+
import { ImportantSecurityFields } from "../../bindings/amd-sev-snp-napi-rs";
|
|
3
|
+
export declare const CommonPolicyKeyName = "Common";
|
|
4
|
+
export declare const importantFieldNames: (keyof ImportantSecurityFields)[];
|
|
5
|
+
export declare enum RuleOperator {
|
|
6
|
+
Le = "le",
|
|
7
|
+
Eq = "eq",
|
|
8
|
+
Ge = "ge"
|
|
9
|
+
}
|
|
10
|
+
declare const PolicyRuleSchema: import("@sinclair/typebox").TObject<{
|
|
11
|
+
name: import("@sinclair/typebox").TUnion<[TLiteral<string>, ...TLiteral<string>[]]>;
|
|
12
|
+
operator: import("@sinclair/typebox").TUnion<TLiteral<RuleOperator>[]>;
|
|
13
|
+
value: import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TNumber, import("@sinclair/typebox").TBoolean]>;
|
|
14
|
+
}>;
|
|
15
|
+
export declare const PolicySetSchema: import("@sinclair/typebox").TObject<{
|
|
16
|
+
[x: string]: any;
|
|
17
|
+
}>;
|
|
18
|
+
export type PolicySet = Static<typeof PolicySetSchema>;
|
|
19
|
+
export type PolicyRule = Static<typeof PolicyRuleSchema> & {
|
|
20
|
+
name: keyof ImportantSecurityFields;
|
|
21
|
+
};
|
|
22
|
+
export {};
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.PolicySetSchema = exports.RuleOperator = exports.importantFieldNames = exports.CommonPolicyKeyName = void 0;
|
|
4
|
+
const typebox_1 = require("@sinclair/typebox");
|
|
5
|
+
const amd_sev_snp_napi_rs_1 = require("../../bindings/amd-sev-snp-napi-rs");
|
|
6
|
+
exports.CommonPolicyKeyName = "Common";
|
|
7
|
+
exports.importantFieldNames = Object.keys(amd_sev_snp_napi_rs_1.IMPORTANT_SECURITY_FIELDS_DUMMY);
|
|
8
|
+
const importantFieldLiterals = exports.importantFieldNames.map((k) => typebox_1.Type.Literal(k));
|
|
9
|
+
var RuleOperator;
|
|
10
|
+
(function (RuleOperator) {
|
|
11
|
+
RuleOperator["Le"] = "le";
|
|
12
|
+
RuleOperator["Eq"] = "eq";
|
|
13
|
+
RuleOperator["Ge"] = "ge";
|
|
14
|
+
})(RuleOperator || (exports.RuleOperator = RuleOperator = {}));
|
|
15
|
+
const PolicyRuleSchema = typebox_1.Type.Object({
|
|
16
|
+
name: typebox_1.Type.Union(importantFieldLiterals),
|
|
17
|
+
operator: typebox_1.Type.Union(Object.values(RuleOperator).map((op) => typebox_1.Type.Literal(op))),
|
|
18
|
+
value: typebox_1.Type.Union([typebox_1.Type.Number(), typebox_1.Type.Boolean()]),
|
|
19
|
+
});
|
|
20
|
+
exports.PolicySetSchema = typebox_1.Type.Partial(typebox_1.Type.Object(Object.fromEntries([
|
|
21
|
+
...Object.values(amd_sev_snp_napi_rs_1.WellKnownSnpCodeNames).map((key) => [key, typebox_1.Type.Array(PolicyRuleSchema)]),
|
|
22
|
+
[exports.CommonPolicyKeyName, typebox_1.Type.Array(PolicyRuleSchema)],
|
|
23
|
+
])), { additionalProperties: false });
|
|
24
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2V2LXNucC1zY2hlbWEuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvc2V2LXNucC1zY2hlbWEudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsK0NBQTJEO0FBQzNELDRFQUk0QztBQUUvQixRQUFBLG1CQUFtQixHQUFHLFFBQVEsQ0FBQztBQUUvQixRQUFBLG1CQUFtQixHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMscURBQStCLENBQXNDLENBQUM7QUFFckgsTUFBTSxzQkFBc0IsR0FBRywyQkFBbUIsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLGNBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBRzVFLENBQUM7QUFFRixJQUFZLFlBSVg7QUFKRCxXQUFZLFlBQVk7SUFDcEIseUJBQVMsQ0FBQTtJQUNULHlCQUFTLENBQUE7SUFDVCx5QkFBUyxDQUFBO0FBQ2IsQ0FBQyxFQUpXLFlBQVksNEJBQVosWUFBWSxRQUl2QjtBQUVELE1BQU0sZ0JBQWdCLEdBQUcsY0FBSSxDQUFDLE1BQU0sQ0FBQztJQUNqQyxJQUFJLEVBQUUsY0FBSSxDQUFDLEtBQUssQ0FBQyxzQkFBc0IsQ0FBQztJQUN4QyxRQUFRLEVBQUUsY0FBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFLENBQUMsY0FBSSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQy9FLEtBQUssRUFBRSxjQUFJLENBQUMsS0FBSyxDQUFDLENBQUMsY0FBSSxDQUFDLE1BQU0sRUFBRSxFQUFFLGNBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO0NBQ3JELENBQUMsQ0FBQztBQUVVLFFBQUEsZUFBZSxHQUFHLGNBQUksQ0FBQyxPQUFPLENBQ3ZDLGNBQUksQ0FBQyxNQUFNLENBQ1AsTUFBTSxDQUFDLFdBQVcsQ0FBQztJQUNmLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQywyQ0FBcUIsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsQ0FBQyxHQUFHLEVBQUUsY0FBSSxDQUFDLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDLENBQUM7SUFDekYsQ0FBQywyQkFBbUIsRUFBRSxjQUFJLENBQUMsS0FBSyxDQUFDLGdCQUFnQixDQUFDLENBQUM7Q0FDdEQsQ0FBQyxDQUNMLEVBQ0QsRUFBRSxvQkFBb0IsRUFBRSxLQUFLLEVBQUUsQ0FDbEMsQ0FBQyJ9
|
|
@@ -1,30 +1,7 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
|
-
import { CpuInfo } from "../../bindings/amd-sev-snp-napi-rs/";
|
|
3
|
-
import {
|
|
4
|
-
|
|
5
|
-
Milan = "Milan",
|
|
6
|
-
Genoa = "Genoa"
|
|
7
|
-
}
|
|
8
|
-
export declare enum SevSNPCertType {
|
|
9
|
-
ARK = "ARK",
|
|
10
|
-
ASK = "ASK",
|
|
11
|
-
VCEK = "VCEK"
|
|
12
|
-
}
|
|
13
|
-
export interface SnpCert {
|
|
14
|
-
type: SevSNPCertType;
|
|
15
|
-
cert: Buffer | string;
|
|
16
|
-
format: CertificateFormat;
|
|
17
|
-
}
|
|
18
|
-
export interface SNPReport {
|
|
19
|
-
report: Buffer;
|
|
20
|
-
cpuSig: number;
|
|
21
|
-
cores: number;
|
|
22
|
-
cmdLineHash: Buffer;
|
|
23
|
-
build: string;
|
|
24
|
-
}
|
|
25
|
-
export interface SNPReportWithChain extends SNPReport {
|
|
26
|
-
certs: SnpCert[];
|
|
27
|
-
}
|
|
2
|
+
import { CpuInfo, ImportantSecurityFields, WellKnownSnpCodeNames } from "../../bindings/amd-sev-snp-napi-rs/";
|
|
3
|
+
import { SnpCert, SevSnpCertificateFormat, SNPReport, SNPReportWithChain } from "../proto/AmdSevSnp";
|
|
4
|
+
import { PolicySet } from "./sev-snp-schema";
|
|
28
5
|
export interface CalcSnpMrEnclaveParams {
|
|
29
6
|
ovmfPath: string;
|
|
30
7
|
kernelHash: Buffer;
|
|
@@ -40,8 +17,6 @@ export declare const EMPTY_INITRD_SHA256_HASH: Buffer;
|
|
|
40
17
|
export type ArkHashes = {
|
|
41
18
|
[key: string]: Buffer;
|
|
42
19
|
};
|
|
43
|
-
export declare const ARK_MILAN = "-----BEGIN CERTIFICATE-----\nMIIGYzCCBBKgAwIBAgIDAQAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\nY2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTcyMzA1WhcNNDUxMDIy\nMTcyMzA1WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLU1pbGFuMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEA0Ld52RJOdeiJlqK2JdsVmD7FktuotWwX1fNg\nW41XY9Xz1HEhSUmhLz9Cu9DHRlvgJSNxbeYYsnJfvyjx1MfU0V5tkKiU1EesNFta\n1kTA0szNisdYc9isqk7mXT5+KfGRbfc4V/9zRIcE8jlHN61S1ju8X93+6dxDUrG2\nSzxqJ4BhqyYmUDruPXJSX4vUc01P7j98MpqOS95rORdGHeI52Naz5m2B+O+vjsC0\n60d37jY9LFeuOP4Meri8qgfi2S5kKqg/aF6aPtuAZQVR7u3KFYXP59XmJgtcog05\ngmI0T/OitLhuzVvpZcLph0odh/1IPXqx3+MnjD97A7fXpqGd/y8KxX7jksTEzAOg\nbKAeam3lm+3yKIcTYMlsRMXPcjNbIvmsBykD//xSniusuHBkgnlENEWx1UcbQQrs\n+gVDkuVPhsnzIRNgYvM48Y+7LGiJYnrmE8xcrexekBxrva2V9TJQqnN3Q53kt5vi\nQi3+gCfmkwC0F0tirIZbLkXPrPwzZ0M9eNxhIySb2npJfgnqz55I0u33wh4r0ZNQ\neTGfw03MBUtyuzGesGkcw+loqMaq1qR4tjGbPYxCvpCq7+OgpCCoMNit2uLo9M18\nfHz10lOMT8nWAUvRZFzteXCm+7PHdYPlmQwUw3LvenJ/ILXoQPHfbkH0CyPfhl1j\nWhJFZasCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSFrBrRQ/fI\nrFXUxR1BSKvVeErUUzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG\nKWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvTWlsYW4vY3JsMEYGCSqG\nSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI\nAWUDBAICBQCiAwIBMKMDAgEBA4ICAQC6m0kDp6zv4Ojfgy+zleehsx6ol0ocgVel\nETobpx+EuCsqVFRPK1jZ1sp/lyd9+0fQ0r66n7kagRk4Ca39g66WGTJMeJdqYriw\nSTjjDCKVPSesWXYPVAyDhmP5n2v+BYipZWhpvqpaiO+EGK5IBP+578QeW/sSokrK\ndHaLAxG2LhZxj9aF73fqC7OAJZ5aPonw4RE299FVarh1Tx2eT3wSgkDgutCTB1Yq\nzT5DuwvAe+co2CIVIzMDamYuSFjPN0BCgojl7V+bTou7dMsqIu/TW/rPCX9/EUcp\nKGKqPQ3P+N9r1hjEFY1plBg93t53OOo49GNI+V1zvXPLI6xIFVsh+mto2RtgEX/e\npmMKTNN6psW88qg7c1hTWtN6MbRuQ0vm+O+/2tKBF2h8THb94OvvHHoFDpbCELlq\nHnIYhxy0YKXGyaW1NjfULxrrmxVW4wcn5E8GddmvNa6yYm8scJagEi13mhGu4Jqh\n3QU3sf8iUSUr09xQDwHtOQUVIqx4maBZPBtSMf+qUDtjXSSq8lfWcd8bLr9mdsUn\nJZJ0+tuPMKmBnSH860llKk+VpVQsgqbzDIvOLvD6W1Umq25boxCYJ+TuBoa4s+HH\nCViAvgT9kf/rBq1d+ivj6skkHxuzcxbk1xv6ZGxrteJxVH7KlX7YRdZ6eARKwLe4\nAFZEAwoKCQ==\n-----END CERTIFICATE-----";
|
|
44
|
-
export declare const ARK_GENOA = "-----BEGIN CERTIFICATE-----\nMIIGYzCCBBKgAwIBAgIDAgAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\nY2VzMRIwEAYDVQQDDAlBUkstR2Vub2EwHhcNMjIwMTI2MTUzNDM3WhcNNDcwMTI2\nMTUzNDM3WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLUdlbm9hMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEA3Cd95S/uFOuRIskW9vz9VDBF69NDQF79oRhL\n/L2PVQGhK3YdfEBgpF/JiwWFBsT/fXDhzA01p3LkcT/7LdjcRfKXjHl+0Qq/M4dZ\nkh6QDoUeKzNBLDcBKDDGWo3v35NyrxbA1DnkYwUKU5AAk4P94tKXLp80oxt84ahy\nHoLmc/LqsGsp+oq1Bz4PPsYLwTG4iMKVaaT90/oZ4I8oibSru92vJhlqWO27d/Rx\nc3iUMyhNeGToOvgx/iUo4gGpG61NDpkEUvIzuKcaMx8IdTpWg2DF6SwF0IgVMffn\nvtJmA68BwJNWo1E4PLJdaPfBifcJpuBFwNVQIPQEVX3aP89HJSp8YbY9lySS6PlV\nEqTBBtaQmi4ATGmMR+n2K/e+JAhU2Gj7jIpJhOkdH9firQDnmlA2SFfJ/Cc0mGNz\nW9RmIhyOUnNFoclmkRhl3/AQU5Ys9Qsan1jT/EiyT+pCpmnA+y9edvhDCbOG8F2o\nxHGRdTBkylungrkXJGYiwGrR8kaiqv7NN8QhOBMqYjcbrkEr0f8QMKklIS5ruOfq\nlLMCBw8JLB3LkjpWgtD7OpxkzSsohN47Uom86RY6lp72g8eXHP1qYrnvhzaG1S70\nvw6OkbaaC9EjiH/uHgAJQGxon7u0Q7xgoREWA/e7JcBQwLg80Hq/sbRuqesxz7wB\nWSY254cCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSfXfn+Ddjz\nWtAzGiXvgSlPvjGoWzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG\nKWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvR2Vub2EvY3JsMEYGCSqG\nSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI\nAWUDBAICBQCiAwIBMKMDAgEBA4ICAQAdIlPBC7DQmvH7kjlOznFx3i21SzOPDs5L\n7SgFjMC9rR07292GQCA7Z7Ulq97JQaWeD2ofGGse5swj4OQfKfVv/zaJUFjvosZO\nnfZ63epu8MjWgBSXJg5QE/Al0zRsZsp53DBTdA+Uv/s33fexdenT1mpKYzhIg/cK\ntz4oMxq8JKWJ8Po1CXLzKcfrTphjlbkh8AVKMXeBd2SpM33B1YP4g1BOdk013kqb\n7bRHZ1iB2JHG5cMKKbwRCSAAGHLTzASgDcXr9Fp7Z3liDhGu/ci1opGmkp12QNiJ\nuBbkTU+xDZHm5X8Jm99BX7NEpzlOwIVR8ClgBDyuBkBC2ljtr3ZSaUIYj2xuyWN9\n5KFY49nWxcz90CFa3Hzmy4zMQmBe9dVyls5eL5p9bkXcgRMDTbgmVZiAf4afe8DL\ndmQcYcMFQbHhgVzMiyZHGJgcCrQmA7MkTwEIds1wx/HzMcwU4qqNBAoZV7oeIIPx\ndqFXfPqHqiRlEbRDfX1TG5NFVaeByX0GyH6jzYVuezETzruaky6fp2bl2bczxPE8\nHdS38ijiJmm9vl50RGUeOAXjSuInGR4bsRufeGPB9peTa9BcBOeTWzstqTUB/F/q\naZCIZKr4X6TyfUuSDz/1JDAGl+lxdM0P9+lLaP9NahQjHCVf0zf1c1salVuGFk2w\n/wMz1R1BHg==\n-----END CERTIFICATE-----";
|
|
45
20
|
export declare function getDefaultArkHashes(): ArkHashes;
|
|
46
21
|
export declare class SevSNP {
|
|
47
22
|
static serializeSNPReport(report: SNPReportWithChain): Buffer;
|
|
@@ -53,8 +28,9 @@ export declare class SevSNP {
|
|
|
53
28
|
/**
|
|
54
29
|
* Method for generation AMD SEV-SNP Report
|
|
55
30
|
* @param userData - The data that will be included in the report and will be signed
|
|
31
|
+
* @param vmpl - Optional VMPL value to pass to the firmware when requesting a report (default: 0)
|
|
56
32
|
*/
|
|
57
|
-
static generateSNPReport(userData: Buffer): Promise<SNPReport>;
|
|
33
|
+
static generateSNPReport(userData: Buffer, vmpl?: number): Promise<SNPReport>;
|
|
58
34
|
/**
|
|
59
35
|
* Method for fetch certificates from AMD KDS
|
|
60
36
|
* @param report - report generated by the `generateSNPReport` method
|
|
@@ -64,7 +40,7 @@ export declare class SevSNP {
|
|
|
64
40
|
static getReportChain(report: SNPReport, options?: {
|
|
65
41
|
retryMax?: number;
|
|
66
42
|
retryInterval?: number;
|
|
67
|
-
certFormat?:
|
|
43
|
+
certFormat?: SevSnpCertificateFormat;
|
|
68
44
|
}): Promise<SnpCert[]>;
|
|
69
45
|
/**
|
|
70
46
|
* Method for generation AMD SEV-SNP Report and fetching certificates
|
|
@@ -74,7 +50,7 @@ export declare class SevSNP {
|
|
|
74
50
|
static generateSNPReportWithChain(userData: Buffer, options?: {
|
|
75
51
|
retryMax?: number;
|
|
76
52
|
retryInterval?: number;
|
|
77
|
-
certFormat?:
|
|
53
|
+
certFormat?: SevSnpCertificateFormat;
|
|
78
54
|
}): Promise<SNPReportWithChain>;
|
|
79
55
|
protected static runSubProcess(binaryPath: string, args?: string[], options?: {
|
|
80
56
|
cwd?: string;
|
|
@@ -84,7 +60,7 @@ export declare class SevSNP {
|
|
|
84
60
|
stdout: string;
|
|
85
61
|
stderr: string;
|
|
86
62
|
}>;
|
|
87
|
-
static getCertHash(cert: SnpCert): Buffer;
|
|
63
|
+
static getCertHash(cert: Omit<SnpCert, "type">): Buffer;
|
|
88
64
|
protected static isValidArk(ARK: SnpCert, trustedHashes: ArkHashes): boolean;
|
|
89
65
|
/**
|
|
90
66
|
* AMD SEV-SNP verification method
|
|
@@ -131,4 +107,16 @@ export declare class SevSNP {
|
|
|
131
107
|
* @param cpuInfo - Structure containing family, model and stepping @see CpuInfo
|
|
132
108
|
*/
|
|
133
109
|
static getCpuSig(cpuInfo: CpuInfo): number;
|
|
110
|
+
static getReportImportantSecurityFields(report: Buffer): Promise<ImportantSecurityFields>;
|
|
111
|
+
static getReportCpuInfo(report: Buffer): Promise<CpuInfo>;
|
|
112
|
+
static getCpuGeneration(cpuInfo: CpuInfo): Promise<WellKnownSnpCodeNames>;
|
|
113
|
+
static parsePolicySet(jsonText: string): PolicySet;
|
|
114
|
+
private static checkRule;
|
|
115
|
+
/**
|
|
116
|
+
* Verify SNP report against a PolicySet.
|
|
117
|
+
* Throws an error if any rule fails.
|
|
118
|
+
* @param report - SNPReport
|
|
119
|
+
* @param policySet - PolicySet containing rules
|
|
120
|
+
*/
|
|
121
|
+
static verifyPolicy(report: Buffer, policySet?: PolicySet): Promise<void>;
|
|
134
122
|
}
|