mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-29 01:16:12 -05:00
b3486fc32b
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
37 lines
976 B
Go
37 lines
976 B
Go
/*
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
/*
|
|
# Azure attestation
|
|
|
|
Constellation supports multiple attestation technologies on Azure.
|
|
|
|
- SEV - Secure Nested Paging (SEV-SNP)
|
|
|
|
TPM attestation verified using an SEV-SNP attestation statement.
|
|
|
|
- Trusted Launch
|
|
|
|
Basic TPM attestation.
|
|
*/
|
|
package azure
|
|
|
|
import (
|
|
"github.com/edgelesssys/constellation/v2/internal/atls"
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/azure/snp"
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/azure/trustedlaunch"
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
|
|
)
|
|
|
|
// NewIssuer returns an SNP issuer if it can successfully read the idkeydigest from the TPM.
|
|
// Otherwise returns a Trusted Launch issuer.
|
|
func NewIssuer(log vtpm.AttestationLogger) atls.Issuer {
|
|
if _, err := snp.GetIDKeyDigest(vtpm.OpenVTPM); err == nil {
|
|
return snp.NewIssuer(log)
|
|
}
|
|
return trustedlaunch.NewIssuer(log)
|
|
}
|