From 912a43636883ff9a0fe33cb12c0fff7e3843c56d Mon Sep 17 00:00:00 2001 From: yawangwang Date: Fri, 12 Jan 2024 16:57:32 +0000 Subject: [PATCH] Adding eventlog parsing logic (#404) --- cel/cos_tlv.go | 1 + proto/attest.proto | 6 + proto/attest/attest.pb.go | 337 +++++++++++++++++++++++--------------- server/eventlog.go | 5 + server/eventlog_test.go | 19 ++- server/verify_test.go | 13 +- 6 files changed, 245 insertions(+), 136 deletions(-) diff --git a/cel/cos_tlv.go b/cel/cos_tlv.go index fb4438ee2..5cbd2ccd8 100644 --- a/cel/cos_tlv.go +++ b/cel/cos_tlv.go @@ -31,6 +31,7 @@ const ( OverrideEnvType // EventContent is empty on success, or contains an error message on failure. LaunchSeparatorType + MemoryMonitorType ) // CosTlv is a specific event type created for the COS (Google Container-Optimized OS), diff --git a/proto/attest.proto b/proto/attest.proto index fae794322..0e3595a97 100644 --- a/proto/attest.proto +++ b/proto/attest.proto @@ -186,10 +186,16 @@ message SemanticVersion { uint32 patch = 3; } +message HealthMonitoringState { + // Whether memory monitoring is enabled. + bool memory_enabled = 1; +} + message AttestedCosState { ContainerState container = 1; SemanticVersion cos_version = 2; SemanticVersion launcher_version = 3; + HealthMonitoringState health_monitoring = 4; } message EfiApp { diff --git a/proto/attest/attest.pb.go b/proto/attest/attest.pb.go index 6de28cfaa..0a8000352 100644 --- a/proto/attest/attest.pb.go +++ b/proto/attest/attest.pb.go @@ -1169,20 +1169,69 @@ func (x *SemanticVersion) GetPatch() uint32 { return 0 } +type HealthMonitoringState struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Whether memory monitoring is enabled. + MemoryEnabled bool `protobuf:"varint,1,opt,name=memory_enabled,json=memoryEnabled,proto3" json:"memory_enabled,omitempty"` +} + +func (x *HealthMonitoringState) Reset() { + *x = HealthMonitoringState{} + if protoimpl.UnsafeEnabled { + mi := &file_attest_proto_msgTypes[12] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *HealthMonitoringState) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HealthMonitoringState) ProtoMessage() {} + +func (x *HealthMonitoringState) ProtoReflect() protoreflect.Message { + mi := &file_attest_proto_msgTypes[12] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HealthMonitoringState.ProtoReflect.Descriptor instead. +func (*HealthMonitoringState) Descriptor() ([]byte, []int) { + return file_attest_proto_rawDescGZIP(), []int{12} +} + +func (x *HealthMonitoringState) GetMemoryEnabled() bool { + if x != nil { + return x.MemoryEnabled + } + return false +} + type AttestedCosState struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Container *ContainerState `protobuf:"bytes,1,opt,name=container,proto3" json:"container,omitempty"` - CosVersion *SemanticVersion `protobuf:"bytes,2,opt,name=cos_version,json=cosVersion,proto3" json:"cos_version,omitempty"` - LauncherVersion *SemanticVersion `protobuf:"bytes,3,opt,name=launcher_version,json=launcherVersion,proto3" json:"launcher_version,omitempty"` + Container *ContainerState `protobuf:"bytes,1,opt,name=container,proto3" json:"container,omitempty"` + CosVersion *SemanticVersion `protobuf:"bytes,2,opt,name=cos_version,json=cosVersion,proto3" json:"cos_version,omitempty"` + LauncherVersion *SemanticVersion `protobuf:"bytes,3,opt,name=launcher_version,json=launcherVersion,proto3" json:"launcher_version,omitempty"` + HealthMonitoring *HealthMonitoringState `protobuf:"bytes,4,opt,name=health_monitoring,json=healthMonitoring,proto3" json:"health_monitoring,omitempty"` } func (x *AttestedCosState) Reset() { *x = AttestedCosState{} if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[12] + mi := &file_attest_proto_msgTypes[13] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1195,7 +1244,7 @@ func (x *AttestedCosState) String() string { func (*AttestedCosState) ProtoMessage() {} func (x *AttestedCosState) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[12] + mi := &file_attest_proto_msgTypes[13] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1208,7 +1257,7 @@ func (x *AttestedCosState) ProtoReflect() protoreflect.Message { // Deprecated: Use AttestedCosState.ProtoReflect.Descriptor instead. func (*AttestedCosState) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{12} + return file_attest_proto_rawDescGZIP(), []int{13} } func (x *AttestedCosState) GetContainer() *ContainerState { @@ -1232,6 +1281,13 @@ func (x *AttestedCosState) GetLauncherVersion() *SemanticVersion { return nil } +func (x *AttestedCosState) GetHealthMonitoring() *HealthMonitoringState { + if x != nil { + return x.HealthMonitoring + } + return nil +} + type EfiApp struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1244,7 +1300,7 @@ type EfiApp struct { func (x *EfiApp) Reset() { *x = EfiApp{} if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[13] + mi := &file_attest_proto_msgTypes[14] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1257,7 +1313,7 @@ func (x *EfiApp) String() string { func (*EfiApp) ProtoMessage() {} func (x *EfiApp) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[13] + mi := &file_attest_proto_msgTypes[14] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1270,7 +1326,7 @@ func (x *EfiApp) ProtoReflect() protoreflect.Message { // Deprecated: Use EfiApp.ProtoReflect.Descriptor instead. func (*EfiApp) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{13} + return file_attest_proto_rawDescGZIP(), []int{14} } func (x *EfiApp) GetDigest() []byte { @@ -1297,7 +1353,7 @@ type EfiState struct { func (x *EfiState) Reset() { *x = EfiState{} if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[14] + mi := &file_attest_proto_msgTypes[15] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1310,7 +1366,7 @@ func (x *EfiState) String() string { func (*EfiState) ProtoMessage() {} func (x *EfiState) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[14] + mi := &file_attest_proto_msgTypes[15] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1323,7 +1379,7 @@ func (x *EfiState) ProtoReflect() protoreflect.Message { // Deprecated: Use EfiState.ProtoReflect.Descriptor instead. func (*EfiState) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{14} + return file_attest_proto_rawDescGZIP(), []int{15} } func (x *EfiState) GetApps() []*EfiApp { @@ -1357,7 +1413,7 @@ type MachineState struct { func (x *MachineState) Reset() { *x = MachineState{} if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[15] + mi := &file_attest_proto_msgTypes[16] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1370,7 +1426,7 @@ func (x *MachineState) String() string { func (*MachineState) ProtoMessage() {} func (x *MachineState) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[15] + mi := &file_attest_proto_msgTypes[16] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1383,7 +1439,7 @@ func (x *MachineState) ProtoReflect() protoreflect.Message { // Deprecated: Use MachineState.ProtoReflect.Descriptor instead. func (*MachineState) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{15} + return file_attest_proto_rawDescGZIP(), []int{16} } func (x *MachineState) GetPlatform() *PlatformState { @@ -1463,7 +1519,7 @@ type PlatformPolicy struct { func (x *PlatformPolicy) Reset() { *x = PlatformPolicy{} if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[16] + mi := &file_attest_proto_msgTypes[17] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1476,7 +1532,7 @@ func (x *PlatformPolicy) String() string { func (*PlatformPolicy) ProtoMessage() {} func (x *PlatformPolicy) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[16] + mi := &file_attest_proto_msgTypes[17] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1489,7 +1545,7 @@ func (x *PlatformPolicy) ProtoReflect() protoreflect.Message { // Deprecated: Use PlatformPolicy.ProtoReflect.Descriptor instead. func (*PlatformPolicy) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{16} + return file_attest_proto_rawDescGZIP(), []int{17} } func (x *PlatformPolicy) GetAllowedScrtmVersionIds() [][]byte { @@ -1525,7 +1581,7 @@ type Policy struct { func (x *Policy) Reset() { *x = Policy{} if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[17] + mi := &file_attest_proto_msgTypes[18] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1538,7 +1594,7 @@ func (x *Policy) String() string { func (*Policy) ProtoMessage() {} func (x *Policy) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[17] + mi := &file_attest_proto_msgTypes[18] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1551,7 +1607,7 @@ func (x *Policy) ProtoReflect() protoreflect.Message { // Deprecated: Use Policy.ProtoReflect.Descriptor instead. func (*Policy) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{17} + return file_attest_proto_rawDescGZIP(), []int{18} } func (x *Policy) GetPlatform() *PlatformPolicy { @@ -1706,7 +1762,11 @@ var file_attest_proto_rawDesc = []byte{ 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x61, 0x74, 0x63, 0x68, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x0d, 0x52, 0x05, 0x70, 0x61, 0x74, 0x63, 0x68, 0x22, 0xc6, 0x01, 0x0a, 0x10, 0x41, 0x74, + 0x28, 0x0d, 0x52, 0x05, 0x70, 0x61, 0x74, 0x63, 0x68, 0x22, 0x3e, 0x0a, 0x15, 0x48, 0x65, 0x61, + 0x6c, 0x74, 0x68, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, + 0x74, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x5f, 0x65, 0x6e, 0x61, + 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6d, 0x65, 0x6d, 0x6f, + 0x72, 0x79, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x22, 0x92, 0x02, 0x0a, 0x10, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x73, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x34, 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, @@ -1719,73 +1779,78 @@ var file_attest_proto_rawDesc = []byte{ 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x53, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x65, 0x72, 0x56, 0x65, 0x72, 0x73, 0x69, - 0x6f, 0x6e, 0x22, 0x20, 0x0a, 0x06, 0x45, 0x66, 0x69, 0x41, 0x70, 0x70, 0x12, 0x16, 0x0a, 0x06, - 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x64, 0x69, - 0x67, 0x65, 0x73, 0x74, 0x22, 0x2e, 0x0a, 0x08, 0x45, 0x66, 0x69, 0x53, 0x74, 0x61, 0x74, 0x65, - 0x12, 0x22, 0x0a, 0x04, 0x61, 0x70, 0x70, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0e, - 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x45, 0x66, 0x69, 0x41, 0x70, 0x70, 0x52, 0x04, - 0x61, 0x70, 0x70, 0x73, 0x22, 0x80, 0x03, 0x0a, 0x0c, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, - 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x31, 0x0a, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, - 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, - 0x2e, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x08, - 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x12, 0x38, 0x0a, 0x0b, 0x73, 0x65, 0x63, 0x75, - 0x72, 0x65, 0x5f, 0x62, 0x6f, 0x6f, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, - 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, - 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0a, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x6f, - 0x6f, 0x74, 0x12, 0x2c, 0x0a, 0x0a, 0x72, 0x61, 0x77, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, - 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, - 0x45, 0x76, 0x65, 0x6e, 0x74, 0x52, 0x09, 0x72, 0x61, 0x77, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, - 0x12, 0x21, 0x0a, 0x04, 0x68, 0x61, 0x73, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0d, - 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x52, 0x04, 0x68, - 0x61, 0x73, 0x68, 0x12, 0x25, 0x0a, 0x04, 0x67, 0x72, 0x75, 0x62, 0x18, 0x05, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x11, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47, 0x72, 0x75, 0x62, 0x53, - 0x74, 0x61, 0x74, 0x65, 0x52, 0x04, 0x67, 0x72, 0x75, 0x62, 0x12, 0x3b, 0x0a, 0x0c, 0x6c, 0x69, - 0x6e, 0x75, 0x78, 0x5f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x18, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x4b, - 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0b, 0x6c, 0x69, 0x6e, 0x75, - 0x78, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x12, 0x2a, 0x0a, 0x03, 0x63, 0x6f, 0x73, 0x18, 0x07, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x41, 0x74, - 0x74, 0x65, 0x73, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x73, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x03, - 0x63, 0x6f, 0x73, 0x12, 0x22, 0x0a, 0x03, 0x65, 0x66, 0x69, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x10, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x45, 0x66, 0x69, 0x53, 0x74, 0x61, - 0x74, 0x65, 0x52, 0x03, 0x65, 0x66, 0x69, 0x22, 0xde, 0x01, 0x0a, 0x0e, 0x50, 0x6c, 0x61, 0x74, - 0x66, 0x6f, 0x72, 0x6d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x39, 0x0a, 0x19, 0x61, 0x6c, - 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x73, 0x63, 0x72, 0x74, 0x6d, 0x5f, 0x76, 0x65, 0x72, 0x73, - 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x16, 0x61, - 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x53, 0x63, 0x72, 0x74, 0x6d, 0x56, 0x65, 0x72, 0x73, 0x69, - 0x6f, 0x6e, 0x49, 0x64, 0x73, 0x12, 0x3f, 0x0a, 0x1c, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, - 0x5f, 0x67, 0x63, 0x65, 0x5f, 0x66, 0x69, 0x72, 0x6d, 0x77, 0x61, 0x72, 0x65, 0x5f, 0x76, 0x65, - 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x19, 0x6d, 0x69, 0x6e, - 0x69, 0x6d, 0x75, 0x6d, 0x47, 0x63, 0x65, 0x46, 0x69, 0x72, 0x6d, 0x77, 0x61, 0x72, 0x65, 0x56, - 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x50, 0x0a, 0x12, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, - 0x6d, 0x5f, 0x74, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x0e, 0x32, 0x21, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47, 0x43, 0x45, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x54, 0x65, 0x63, 0x68, 0x6e, - 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x52, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x54, 0x65, - 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x22, 0x3c, 0x0a, 0x06, 0x50, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x12, 0x32, 0x0a, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x50, 0x6c, - 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x08, 0x70, 0x6c, - 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2a, 0x62, 0x0a, 0x19, 0x47, 0x43, 0x45, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, - 0x6f, 0x67, 0x79, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a, - 0x07, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x41, 0x4d, - 0x44, 0x5f, 0x53, 0x45, 0x56, 0x5f, 0x45, 0x53, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x49, 0x4e, - 0x54, 0x45, 0x4c, 0x5f, 0x54, 0x44, 0x58, 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x41, 0x4d, 0x44, - 0x5f, 0x53, 0x45, 0x56, 0x5f, 0x53, 0x4e, 0x50, 0x10, 0x04, 0x2a, 0x62, 0x0a, 0x14, 0x57, 0x65, - 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, - 0x1c, 0x0a, 0x18, 0x4d, 0x53, 0x5f, 0x57, 0x49, 0x4e, 0x44, 0x4f, 0x57, 0x53, 0x5f, 0x50, 0x52, - 0x4f, 0x44, 0x5f, 0x50, 0x43, 0x41, 0x5f, 0x32, 0x30, 0x31, 0x31, 0x10, 0x01, 0x12, 0x1f, 0x0a, - 0x1b, 0x4d, 0x53, 0x5f, 0x54, 0x48, 0x49, 0x52, 0x44, 0x5f, 0x50, 0x41, 0x52, 0x54, 0x59, 0x5f, - 0x55, 0x45, 0x46, 0x49, 0x5f, 0x43, 0x41, 0x5f, 0x32, 0x30, 0x31, 0x31, 0x10, 0x02, 0x2a, 0x35, - 0x0a, 0x0d, 0x52, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, - 0x0a, 0x0a, 0x06, 0x41, 0x6c, 0x77, 0x61, 0x79, 0x73, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x4f, - 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x4e, 0x65, - 0x76, 0x65, 0x72, 0x10, 0x02, 0x42, 0x2d, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x67, 0x6f, 0x2d, 0x74, 0x70, - 0x6d, 0x2d, 0x74, 0x6f, 0x6f, 0x6c, 0x73, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x61, 0x74, - 0x74, 0x65, 0x73, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6f, 0x6e, 0x12, 0x4a, 0x0a, 0x11, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, 0x6d, 0x6f, 0x6e, + 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, + 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x4d, 0x6f, 0x6e, + 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x10, 0x68, 0x65, + 0x61, 0x6c, 0x74, 0x68, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x22, 0x20, + 0x0a, 0x06, 0x45, 0x66, 0x69, 0x41, 0x70, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, + 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, + 0x22, 0x2e, 0x0a, 0x08, 0x45, 0x66, 0x69, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x22, 0x0a, 0x04, + 0x61, 0x70, 0x70, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x61, 0x74, 0x74, + 0x65, 0x73, 0x74, 0x2e, 0x45, 0x66, 0x69, 0x41, 0x70, 0x70, 0x52, 0x04, 0x61, 0x70, 0x70, 0x73, + 0x22, 0x80, 0x03, 0x0a, 0x0c, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x53, 0x74, 0x61, 0x74, + 0x65, 0x12, 0x31, 0x0a, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x50, 0x6c, 0x61, + 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x08, 0x70, 0x6c, 0x61, 0x74, + 0x66, 0x6f, 0x72, 0x6d, 0x12, 0x38, 0x0a, 0x0b, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x62, + 0x6f, 0x6f, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, + 0x73, 0x74, 0x2e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x53, 0x74, 0x61, + 0x74, 0x65, 0x52, 0x0a, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x12, 0x2c, + 0x0a, 0x0a, 0x72, 0x61, 0x77, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x45, 0x76, 0x65, 0x6e, + 0x74, 0x52, 0x09, 0x72, 0x61, 0x77, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x21, 0x0a, 0x04, + 0x68, 0x61, 0x73, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x74, 0x70, 0x6d, + 0x2e, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x52, 0x04, 0x68, 0x61, 0x73, 0x68, 0x12, + 0x25, 0x0a, 0x04, 0x67, 0x72, 0x75, 0x62, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, + 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47, 0x72, 0x75, 0x62, 0x53, 0x74, 0x61, 0x74, 0x65, + 0x52, 0x04, 0x67, 0x72, 0x75, 0x62, 0x12, 0x3b, 0x0a, 0x0c, 0x6c, 0x69, 0x6e, 0x75, 0x78, 0x5f, + 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x61, + 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x4b, 0x65, 0x72, 0x6e, 0x65, + 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0b, 0x6c, 0x69, 0x6e, 0x75, 0x78, 0x4b, 0x65, 0x72, + 0x6e, 0x65, 0x6c, 0x12, 0x2a, 0x0a, 0x03, 0x63, 0x6f, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x18, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, + 0x65, 0x64, 0x43, 0x6f, 0x73, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x03, 0x63, 0x6f, 0x73, 0x12, + 0x22, 0x0a, 0x03, 0x65, 0x66, 0x69, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, + 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x45, 0x66, 0x69, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x03, + 0x65, 0x66, 0x69, 0x22, 0xde, 0x01, 0x0a, 0x0e, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, + 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x39, 0x0a, 0x19, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, + 0x64, 0x5f, 0x73, 0x63, 0x72, 0x74, 0x6d, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x5f, + 0x69, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x16, 0x61, 0x6c, 0x6c, 0x6f, 0x77, + 0x65, 0x64, 0x53, 0x63, 0x72, 0x74, 0x6d, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x49, 0x64, + 0x73, 0x12, 0x3f, 0x0a, 0x1c, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x67, 0x63, 0x65, + 0x5f, 0x66, 0x69, 0x72, 0x6d, 0x77, 0x61, 0x72, 0x65, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, + 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x19, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, + 0x47, 0x63, 0x65, 0x46, 0x69, 0x72, 0x6d, 0x77, 0x61, 0x72, 0x65, 0x56, 0x65, 0x72, 0x73, 0x69, + 0x6f, 0x6e, 0x12, 0x50, 0x0a, 0x12, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x74, 0x65, + 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x21, + 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47, 0x43, 0x45, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, + 0x79, 0x52, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, + 0x6c, 0x6f, 0x67, 0x79, 0x22, 0x3c, 0x0a, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x32, + 0x0a, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x16, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, + 0x72, 0x6d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, + 0x72, 0x6d, 0x2a, 0x62, 0x0a, 0x19, 0x47, 0x43, 0x45, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x12, + 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x41, 0x4d, 0x44, + 0x5f, 0x53, 0x45, 0x56, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, + 0x56, 0x5f, 0x45, 0x53, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x49, 0x4e, 0x54, 0x45, 0x4c, 0x5f, + 0x54, 0x44, 0x58, 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, + 0x5f, 0x53, 0x4e, 0x50, 0x10, 0x04, 0x2a, 0x62, 0x0a, 0x14, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, + 0x6f, 0x77, 0x6e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x0b, + 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x4d, + 0x53, 0x5f, 0x57, 0x49, 0x4e, 0x44, 0x4f, 0x57, 0x53, 0x5f, 0x50, 0x52, 0x4f, 0x44, 0x5f, 0x50, + 0x43, 0x41, 0x5f, 0x32, 0x30, 0x31, 0x31, 0x10, 0x01, 0x12, 0x1f, 0x0a, 0x1b, 0x4d, 0x53, 0x5f, + 0x54, 0x48, 0x49, 0x52, 0x44, 0x5f, 0x50, 0x41, 0x52, 0x54, 0x59, 0x5f, 0x55, 0x45, 0x46, 0x49, + 0x5f, 0x43, 0x41, 0x5f, 0x32, 0x30, 0x31, 0x31, 0x10, 0x02, 0x2a, 0x35, 0x0a, 0x0d, 0x52, 0x65, + 0x73, 0x74, 0x61, 0x72, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0a, 0x0a, 0x06, 0x41, + 0x6c, 0x77, 0x61, 0x79, 0x73, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x4f, 0x6e, 0x46, 0x61, 0x69, + 0x6c, 0x75, 0x72, 0x65, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x4e, 0x65, 0x76, 0x65, 0x72, 0x10, + 0x02, 0x42, 0x2d, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x67, 0x6f, 0x2d, 0x74, 0x70, 0x6d, 0x2d, 0x74, 0x6f, + 0x6f, 0x6c, 0x73, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, + 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1801,7 +1866,7 @@ func file_attest_proto_rawDescGZIP() []byte { } var file_attest_proto_enumTypes = make([]protoimpl.EnumInfo, 3) -var file_attest_proto_msgTypes = make([]protoimpl.MessageInfo, 20) +var file_attest_proto_msgTypes = make([]protoimpl.MessageInfo, 21) var file_attest_proto_goTypes = []interface{}{ (GCEConfidentialTechnology)(0), // 0: attest.GCEConfidentialTechnology (WellKnownCertificate)(0), // 1: attest.WellKnownCertificate @@ -1818,24 +1883,25 @@ var file_attest_proto_goTypes = []interface{}{ (*SecureBootState)(nil), // 12: attest.SecureBootState (*ContainerState)(nil), // 13: attest.ContainerState (*SemanticVersion)(nil), // 14: attest.SemanticVersion - (*AttestedCosState)(nil), // 15: attest.AttestedCosState - (*EfiApp)(nil), // 16: attest.EfiApp - (*EfiState)(nil), // 17: attest.EfiState - (*MachineState)(nil), // 18: attest.MachineState - (*PlatformPolicy)(nil), // 19: attest.PlatformPolicy - (*Policy)(nil), // 20: attest.Policy - nil, // 21: attest.ContainerState.EnvVarsEntry - nil, // 22: attest.ContainerState.OverriddenEnvVarsEntry - (*tpm.Quote)(nil), // 23: tpm.Quote - (*sevsnp.Attestation)(nil), // 24: sevsnp.Attestation - (*tdx.QuoteV4)(nil), // 25: tdx.QuoteV4 - (tpm.HashAlgo)(0), // 26: tpm.HashAlgo + (*HealthMonitoringState)(nil), // 15: attest.HealthMonitoringState + (*AttestedCosState)(nil), // 16: attest.AttestedCosState + (*EfiApp)(nil), // 17: attest.EfiApp + (*EfiState)(nil), // 18: attest.EfiState + (*MachineState)(nil), // 19: attest.MachineState + (*PlatformPolicy)(nil), // 20: attest.PlatformPolicy + (*Policy)(nil), // 21: attest.Policy + nil, // 22: attest.ContainerState.EnvVarsEntry + nil, // 23: attest.ContainerState.OverriddenEnvVarsEntry + (*tpm.Quote)(nil), // 24: tpm.Quote + (*sevsnp.Attestation)(nil), // 25: sevsnp.Attestation + (*tdx.QuoteV4)(nil), // 26: tdx.QuoteV4 + (tpm.HashAlgo)(0), // 27: tpm.HashAlgo } var file_attest_proto_depIdxs = []int32{ - 23, // 0: attest.Attestation.quotes:type_name -> tpm.Quote + 24, // 0: attest.Attestation.quotes:type_name -> tpm.Quote 3, // 1: attest.Attestation.instance_info:type_name -> attest.GCEInstanceInfo - 24, // 2: attest.Attestation.sev_snp_attestation:type_name -> sevsnp.Attestation - 25, // 3: attest.Attestation.tdx_attestation:type_name -> tdx.QuoteV4 + 25, // 2: attest.Attestation.sev_snp_attestation:type_name -> sevsnp.Attestation + 26, // 3: attest.Attestation.tdx_attestation:type_name -> tdx.QuoteV4 0, // 4: attest.PlatformState.technology:type_name -> attest.GCEConfidentialTechnology 3, // 5: attest.PlatformState.instance_info:type_name -> attest.GCEInstanceInfo 6, // 6: attest.GrubState.files:type_name -> attest.GrubFile @@ -1845,27 +1911,28 @@ var file_attest_proto_depIdxs = []int32{ 11, // 10: attest.SecureBootState.dbx:type_name -> attest.Database 11, // 11: attest.SecureBootState.authority:type_name -> attest.Database 2, // 12: attest.ContainerState.restart_policy:type_name -> attest.RestartPolicy - 21, // 13: attest.ContainerState.env_vars:type_name -> attest.ContainerState.EnvVarsEntry - 22, // 14: attest.ContainerState.overridden_env_vars:type_name -> attest.ContainerState.OverriddenEnvVarsEntry + 22, // 13: attest.ContainerState.env_vars:type_name -> attest.ContainerState.EnvVarsEntry + 23, // 14: attest.ContainerState.overridden_env_vars:type_name -> attest.ContainerState.OverriddenEnvVarsEntry 13, // 15: attest.AttestedCosState.container:type_name -> attest.ContainerState 14, // 16: attest.AttestedCosState.cos_version:type_name -> attest.SemanticVersion 14, // 17: attest.AttestedCosState.launcher_version:type_name -> attest.SemanticVersion - 16, // 18: attest.EfiState.apps:type_name -> attest.EfiApp - 5, // 19: attest.MachineState.platform:type_name -> attest.PlatformState - 12, // 20: attest.MachineState.secure_boot:type_name -> attest.SecureBootState - 9, // 21: attest.MachineState.raw_events:type_name -> attest.Event - 26, // 22: attest.MachineState.hash:type_name -> tpm.HashAlgo - 7, // 23: attest.MachineState.grub:type_name -> attest.GrubState - 8, // 24: attest.MachineState.linux_kernel:type_name -> attest.LinuxKernelState - 15, // 25: attest.MachineState.cos:type_name -> attest.AttestedCosState - 17, // 26: attest.MachineState.efi:type_name -> attest.EfiState - 0, // 27: attest.PlatformPolicy.minimum_technology:type_name -> attest.GCEConfidentialTechnology - 19, // 28: attest.Policy.platform:type_name -> attest.PlatformPolicy - 29, // [29:29] is the sub-list for method output_type - 29, // [29:29] is the sub-list for method input_type - 29, // [29:29] is the sub-list for extension type_name - 29, // [29:29] is the sub-list for extension extendee - 0, // [0:29] is the sub-list for field type_name + 15, // 18: attest.AttestedCosState.health_monitoring:type_name -> attest.HealthMonitoringState + 17, // 19: attest.EfiState.apps:type_name -> attest.EfiApp + 5, // 20: attest.MachineState.platform:type_name -> attest.PlatformState + 12, // 21: attest.MachineState.secure_boot:type_name -> attest.SecureBootState + 9, // 22: attest.MachineState.raw_events:type_name -> attest.Event + 27, // 23: attest.MachineState.hash:type_name -> tpm.HashAlgo + 7, // 24: attest.MachineState.grub:type_name -> attest.GrubState + 8, // 25: attest.MachineState.linux_kernel:type_name -> attest.LinuxKernelState + 16, // 26: attest.MachineState.cos:type_name -> attest.AttestedCosState + 18, // 27: attest.MachineState.efi:type_name -> attest.EfiState + 0, // 28: attest.PlatformPolicy.minimum_technology:type_name -> attest.GCEConfidentialTechnology + 20, // 29: attest.Policy.platform:type_name -> attest.PlatformPolicy + 30, // [30:30] is the sub-list for method output_type + 30, // [30:30] is the sub-list for method input_type + 30, // [30:30] is the sub-list for extension type_name + 30, // [30:30] is the sub-list for extension extendee + 0, // [0:30] is the sub-list for field type_name } func init() { file_attest_proto_init() } @@ -2019,7 +2086,7 @@ func file_attest_proto_init() { } } file_attest_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AttestedCosState); i { + switch v := v.(*HealthMonitoringState); i { case 0: return &v.state case 1: @@ -2031,7 +2098,7 @@ func file_attest_proto_init() { } } file_attest_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EfiApp); i { + switch v := v.(*AttestedCosState); i { case 0: return &v.state case 1: @@ -2043,7 +2110,7 @@ func file_attest_proto_init() { } } file_attest_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EfiState); i { + switch v := v.(*EfiApp); i { case 0: return &v.state case 1: @@ -2055,7 +2122,7 @@ func file_attest_proto_init() { } } file_attest_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MachineState); i { + switch v := v.(*EfiState); i { case 0: return &v.state case 1: @@ -2067,7 +2134,7 @@ func file_attest_proto_init() { } } file_attest_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PlatformPolicy); i { + switch v := v.(*MachineState); i { case 0: return &v.state case 1: @@ -2079,6 +2146,18 @@ func file_attest_proto_init() { } } file_attest_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PlatformPolicy); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_attest_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Policy); i { case 0: return &v.state @@ -2109,7 +2188,7 @@ func file_attest_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_attest_proto_rawDesc, NumEnums: 3, - NumMessages: 20, + NumMessages: 21, NumExtensions: 0, NumServices: 0, }, diff --git a/server/eventlog.go b/server/eventlog.go index d39cee8b3..b1d2ce0b2 100644 --- a/server/eventlog.go +++ b/server/eventlog.go @@ -120,6 +120,7 @@ func contains(set [][]byte, value []byte) bool { func getVerifiedCosState(coscel cel.CEL) (*pb.AttestedCosState, error) { cosState := &pb.AttestedCosState{} cosState.Container = &pb.ContainerState{} + cosState.HealthMonitoring = &pb.HealthMonitoringState{} cosState.Container.Args = make([]string, 0) cosState.Container.EnvVars = make(map[string]string) cosState.Container.OverriddenEnvVars = make(map[string]string) @@ -198,6 +199,10 @@ func getVerifiedCosState(coscel cel.CEL) (*pb.AttestedCosState, error) { cosState.Container.OverriddenEnvVars[envName] = envVal case cel.LaunchSeparatorType: seenSeparator = true + case cel.MemoryMonitorType: + if len(cosTlv.EventContent) == 1 && cosTlv.EventContent[0] == uint8(1) { + cosState.HealthMonitoring.MemoryEnabled = true + } default: return nil, fmt.Errorf("found unknown COS Event Type %v", cosTlv.EventType) } diff --git a/server/eventlog_test.go b/server/eventlog_test.go index 34a39b332..95220fb9d 100644 --- a/server/eventlog_test.go +++ b/server/eventlog_test.go @@ -644,6 +644,7 @@ func TestParsingCELEventLog(t *testing.T) { coscel := &cel.CEL{} emptyCosState := attestpb.ContainerState{} + emptyHealthMonitoringState := attestpb.HealthMonitoringState{} var buf bytes.Buffer // First, encode an empty CEL and try to parse it. @@ -672,7 +673,10 @@ func TestParsingCELEventLog(t *testing.T) { t.Errorf("expecting no error from parseCanonicalEventLog(), but get %v", err) } if diff := cmp.Diff(msState.Cos.Container, &emptyCosState, protocmp.Transform()); diff != "" { - t.Errorf("unexpected difference:\n%v", diff) + t.Errorf("unexpected container state difference:\n%v", diff) + } + if diff := cmp.Diff(msState.Cos.HealthMonitoring, &emptyHealthMonitoringState, protocmp.Transform()); diff != "" { + t.Errorf("unexpected health monitoring difference:\n%v", diff) } } @@ -693,6 +697,7 @@ func TestParsingCELEventLog(t *testing.T) { {cel.ArgType, cel.CosEventPCR, []byte("--x")}, {cel.ArgType, cel.CosEventPCR, []byte("--y")}, {cel.ArgType, cel.CosEventPCR, []byte("")}, + {cel.MemoryMonitorType, cel.CosEventPCR, []byte{1}}, } expectedEnvVars := make(map[string]string) @@ -701,7 +706,7 @@ func TestParsingCELEventLog(t *testing.T) { expectedEnvVars["baz"] = "foo=bar" expectedEnvVars["empty"] = "" - want := attestpb.ContainerState{ + wantContainerState := attestpb.ContainerState{ ImageReference: string(testCELEvents[0].eventPayload), ImageDigest: string(testCELEvents[1].eventPayload), RestartPolicy: attestpb.RestartPolicy_Always, @@ -709,6 +714,9 @@ func TestParsingCELEventLog(t *testing.T) { EnvVars: expectedEnvVars, Args: []string{string(testCELEvents[8].eventPayload), string(testCELEvents[9].eventPayload), string(testCELEvents[10].eventPayload)}, } + wantHealthMonitoringState := attestpb.HealthMonitoringState{ + MemoryEnabled: true, + } for _, testEvent := range testCELEvents { cos := cel.CosTlv{EventType: testEvent.cosNestedEventType, EventContent: testEvent.eventPayload} if err := coscel.AppendEvent(tpm, testEvent.pcr, implementedHashes, cos); err != nil { @@ -727,8 +735,11 @@ func TestParsingCELEventLog(t *testing.T) { if msState, err := parseCanonicalEventLog(buf.Bytes(), bank); err != nil { t.Errorf("expecting no error from parseCanonicalEventLog(), but get %v", err) } else { - if diff := cmp.Diff(msState.Cos.Container, &want, protocmp.Transform()); diff != "" { - t.Errorf("unexpected difference:\n%v", diff) + if diff := cmp.Diff(msState.Cos.Container, &wantContainerState, protocmp.Transform()); diff != "" { + t.Errorf("unexpected container state difference:\n%v", diff) + } + if diff := cmp.Diff(msState.Cos.HealthMonitoring, &wantHealthMonitoringState, protocmp.Transform()); diff != "" { + t.Errorf("unexpected health monitoring state difference:\n%v", diff) } } } diff --git a/server/verify_test.go b/server/verify_test.go index a8a6f9a10..fab393f6b 100644 --- a/server/verify_test.go +++ b/server/verify_test.go @@ -452,6 +452,7 @@ func TestVerifyAttestationWithCEL(t *testing.T) { {cel.ArgType, cel.CosEventPCR, []byte("--y")}, {cel.OverrideArgType, cel.CosEventPCR, []byte("--x")}, {cel.OverrideEnvType, cel.CosEventPCR, []byte("empty=")}, + {cel.MemoryMonitorType, cel.CosEventPCR, []byte{1}}, } for _, testEvent := range testEvents { cos := cel.CosTlv{EventType: testEvent.cosNestedEventType, EventContent: testEvent.eventPayload} @@ -489,7 +490,7 @@ func TestVerifyAttestationWithCEL(t *testing.T) { expectedOverriddenEnvVars := make(map[string]string) expectedOverriddenEnvVars["empty"] = "" - want := attestpb.ContainerState{ + wantContainerState := attestpb.ContainerState{ ImageReference: string(testEvents[0].eventPayload), ImageDigest: string(testEvents[1].eventPayload), RestartPolicy: attestpb.RestartPolicy_Never, @@ -499,8 +500,14 @@ func TestVerifyAttestationWithCEL(t *testing.T) { OverriddenEnvVars: expectedOverriddenEnvVars, OverriddenArgs: []string{string(testEvents[10].eventPayload)}, } - if diff := cmp.Diff(state.Cos.Container, &want, protocmp.Transform()); diff != "" { - t.Errorf("unexpected difference:\n%v", diff) + wantHealthMonitoringState := attestpb.HealthMonitoringState{ + MemoryEnabled: true, + } + if diff := cmp.Diff(state.Cos.Container, &wantContainerState, protocmp.Transform()); diff != "" { + t.Errorf("unexpected container state difference:\n%v", diff) + } + if diff := cmp.Diff(state.Cos.HealthMonitoring, &wantHealthMonitoringState, protocmp.Transform()); diff != "" { + t.Errorf("unexpected health monitoring state difference:\n%v", diff) } }