runtime: pkg/sev: Add kbs utility package for SEV pre-attestation

Supports both online and offline modes of interaction with simple-kbs for SEV/SEV-ES confidential guests. Fixes: #6795 Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
2025-04-29 12:14:48 +00:00 · 2023-05-08 10:23:52 +03:00 · 2023-05-08 10:23:52 +03:00 · dd7562522a
commit dd7562522a
parent 05de7b2607
1 changed files with 33 additions and 0 deletions
--- a/src/runtime/pkg/sev/kbs/kbs.go
+++ b/src/runtime/pkg/sev/kbs/kbs.go
@ -0,0 +1,33 @@
+// Copyright contributors to AMD SEV/-ES in Go
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+// Package kbs can be used interact with simple-kbs, the key broker
+// server for SEV and SEV-ES pre-attestation
+
+package kbs
+
+const (
+	Offline           = "offline"
+	OfflineSecretType = "bundle"
+	OfflineSecretGuid = "e6f5a162-d67f-4750-a67c-5d065f2a9910"
+	Online            = "online"
+	OnlineBootParam   = "online_sev_kbc"
+	OnlineSecretType  = "connection"
+	OnlineSecretGuid  = "1ee27366-0c87-43a6-af48-28543eaf7cb0"
+)
+
+type GuestPreAttestationConfig struct {
+	Proxy            string
+	Keyset           string
+	LaunchId         string
+	KernelPath       string
+	InitrdPath       string
+	FwPath           string
+	KernelParameters string
+	CertChainPath    string
+	SecretType       string
+	SecretGuid       string
+	Policy           uint32
+}