attest_prove/
lib.rs

1//! CVM attestation evidence generation
2
3#[cfg(feature = "azure")]
4pub mod azure;
5pub mod ccel;
6pub mod platform;
7
8use thiserror::Error;
9use types::{AttestationEvidence, AttestationType};
10
11/// Generate an attestation for the current CVM and gather platform metadata
12pub fn prove(input_data: [u8; 64]) -> Result<AttestationEvidence, ProveError> {
13    let platform = platform::metadata()?;
14    let quote = match platform.attestation_type {
15        AttestationType::GcpTdx | AttestationType::SelfHostedTdx => {
16            configfs_tsm::create_tdx_quote(input_data)?
17        }
18        AttestationType::AzureTdx => {
19            #[cfg(not(feature = "azure"))]
20            return Err(ProveError::AzureFeatureDisabled);
21            #[cfg(feature = "azure")]
22            azure::create_quote(input_data)?
23        }
24        AttestationType::None => unreachable!("platform::detect rejects bare metal"),
25    };
26    Ok(AttestationEvidence { quote, platform })
27}
28
29#[derive(Error, Debug)]
30pub enum ProveError {
31    #[error("Not running in a TEE")]
32    NotInTee,
33    #[error("Unrecognized platform: {0}")]
34    UnknownPlatform(String),
35    #[cfg(not(feature = "azure"))]
36    #[error("Azure attestation requested but `azure` feature is not enabled")]
37    AzureFeatureDisabled,
38    #[error("DCAP quote: {0}")]
39    DcapQuote(#[from] configfs_tsm::QuoteGenerationError),
40    #[error("I/O: {0}")]
41    Io(#[from] std::io::Error),
42    #[error("Parsing /proc/meminfo")]
43    MemInfoParse,
44    #[error("CCEL: {0:#}")]
45    Ccel(anyhow::Error),
46    #[cfg(feature = "azure")]
47    #[error("Azure: {0}")]
48    Azure(#[from] azure::AzureError),
49}
attest_prove/lib.rs

attest_prove/
lib.rs
