go-tdx-qpl

module
v0.0.0-...-607ac61 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 29, 2025 License: AGPL-3.0

README

TDX Quote Provider Library

To generate and verify Intel SGX/TDX quotes, Intel provides a Quote Provider Library (QPL). This library comes in two parts:

  1. Quote Generation

    Generate an SGX/TDX quote using Intel's secure processor.

  2. Quote Verification

    Verify a quote issued by an SGX/TDX TEE

This repo provides a simple Go library to enable these features and is used by Constellation to enable TDX attestation.

Restrictions

  • The current version is based on DCAP 1.15. It has been tested with the kernel and libraries from the tdx-tools release 2023ww01. Given that the UAPI for TDX is yet to be finished and upstreamed, newer versions might not be supported.

  • This library only supports a subset of the PCS API v4. SGX and other versions of the API are not supported and currently out of scope.

In case you encounter any issues despite the known restrictions, feel free to open an issue.

Examples

An example quote can be found here. Other example and test data can also be found in the blobs directory, or alternatively directly from Intel's DCAP repo.

Quote generation

Take a look at the generate example.

Quote verification

Take a look at the verify example.

3rdparty licenses

This project is based on code from Intel(R) Software Guard Extensions Data Center Attestation Primitives, which is licensed under the BSD license.

Directories

Path Synopsis
Package blobs contains encoded blobs of TDX data used for testing.
 Package blobs contains encoded blobs of TDX data used for testing.
tdx
Package TDX provides functionality to interact with the Intel TDX guest device.
 Package TDX provides functionality to interact with the Intel TDX guest device.
tdxproto
testing
generate
parseQuote
pcs
verify
crypto
Package crypto implements common crypto operations used to verify TDX quotes.
 Package crypto implements common crypto operations used to verify TDX quotes.
pcs
Package pcs provides functions to retrieve information from Intel's PCS.
 Package pcs provides functions to retrieve information from Intel's PCS.
status
Package status contains status definitions for the TDX verification package.
 Package status contains status definitions for the TDX verification package.
types

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.