dev-docs: Go package docs (#958)

* Remove unused package * Add Go package docs to most packages Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Fabian Kammel <fk@edgeless.systems> Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2025-09-20 04:54:46 -04:00 · 2023-01-19 15:57:50 +01:00 · 2023-01-19 15:57:50 +01:00 · 690b50b29d
commit 690b50b29d
parent b7740723ac
118 changed files with 735 additions and 750 deletions
--- a/internal/attestation/aws/aws.go
+++ b/internal/attestation/aws/aws.go
@ -0,0 +1,30 @@
+/*
+Copyright (c) Edgeless Systems GmbH
+
+SPDX-License-Identifier: AGPL-3.0-only
+*/
+
+/*
+# Amazon Web Services attestation
+
+Attestation for AWS using [NitroTPM].
+
+AWS currently does not support confidential VMs, but offers a TPM 2.0 compliant vTPM integration.
+We use this to enable a TPM based measured boot Constellation deployment.
+
+# Issuer
+
+The TPM attestation is signed by the NitroTPM's RSA attestation key.
+Additionally to the TPM attestation, we attach a node's [instance identity document] to the attestation document.
+
+# Validator
+
+Currently, the NitroTPM provides no endorsement certificate for its attestation key, nor does AWS offer a secondary of of verifying it.
+For now we have to blindly trust the key.
+
+Additionally to verifying the TPM attestation, we also check the instance identity document for consistency.
+
+[NitroTPM]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html
+[instance identity document]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html
+*/
+package aws