Go module for collecting TDX Quote from TDX enabled platform.
This library leverages Intel SGX DCAP for Quote generation: https://github.com/intel/SGXDataCenterAttestationPrimitives
Use go1.19 or newer. Follow https://go.dev/doc/install for installation of Go.
To run the tests, run cd go-tdx && go test ./... --tags=test
See the example test in go-tdx/crypto_test.go for an example of a test.
Create a new TDX adapter, then use the adapter to collect quote from TDX enabled platform. Optionally collect the eventlog as well for a TD by passing an eventlog parser in second argument.
import "github.com/intel/trustauthority-client/go-tdx"
adapter, err := tdx.NewEvidenceAdapter(tdHeldData, nil)
if err != nil {
return err
}
evidence, err := adapter.CollectEvidence(nonce)
if err != nil {
return err
}km := &tdx.KeyMetadata{
KeyLength: 3072,
}
privateKeyPem, publicKeyPem, err := tdx.GenerateKeyPair(km)
if err != nil {
fmt.Printf("Something bad happened: %s\n\n", err)
return err
}em := &tdx.EncryptionMetadata{
PrivateKeyLocation: privateKeyPath,
HashAlgorithm: "SHA256",
}
decryptedData, err := tdx.Decrypt(encryptedData, em)
if err != nil {
fmt.Printf("Something bad happened: %s\n\n", err)
return err
}Note that the TD should have exposed ACPI table for eventlog collection.
evLogParser := tdx.NewEventLogParser()
eventLog, err := evLogParser.GetEventLogs()
if err != nil {
return err
}This source is distributed under the BSD-style license found in the LICENSE file.