package qemu import ( "crypto" "github.com/edgelesssys/constellation/internal/attestation/vtpm" "github.com/edgelesssys/constellation/internal/oid" "github.com/google/go-tpm/tpm2" ) // Validator for QEMU VM attestation. type Validator struct { oid.QEMU *vtpm.Validator } // NewValidator initializes a new qemu validator with the provided PCR values. func NewValidator(pcrs map[uint32][]byte, enforcedPCRs []uint32) *Validator { return &Validator{ Validator: vtpm.NewValidator( pcrs, enforcedPCRs, unconditionalTrust, func(attestation vtpm.AttestationDocument) error { return nil }, vtpm.VerifyPKCS1v15, ), } } // unconditionalTrust returns the given public key as the trusted attestation key. func unconditionalTrust(akPub, instanceInfo []byte) (crypto.PublicKey, error) { pubArea, err := tpm2.DecodePublic(akPub) if err != nil { return nil, err } return pubArea.Key() }