pub trait TeeBackend: Send + Sync {
// Required methods
fn is_available() -> bool
where Self: Sized;
fn initialize_primary_key(&mut self) -> Result<()>;
fn generate_data_key(&mut self) -> Result<WrappedKey>;
fn seal(&mut self, key: &WrappedKey, data: &[u8]) -> Result<Vec<u8>>;
fn unseal(&mut self, key: &WrappedKey, sealed: &[u8]) -> Result<Vec<u8>>;
fn backend_type(&self) -> BackendType;
}Expand description
TEE backend unified interface. TDX/SEV/Secure Enclave backends will implement this same trait in Phase 2+.
Required Methods§
Sourcefn is_available() -> boolwhere
Self: Sized,
fn is_available() -> boolwhere
Self: Sized,
Check if this backend is available on the current system.
Sourcefn initialize_primary_key(&mut self) -> Result<()>
fn initialize_primary_key(&mut self) -> Result<()>
Initialize the Primary Key (load if exists, create + persist if not). Called once per device.
Sourcefn generate_data_key(&mut self) -> Result<WrappedKey>
fn generate_data_key(&mut self) -> Result<WrappedKey>
Generate a Data Key and wrap it with the Primary Key. The returned WrappedKey blob cannot be unwrapped without the TEE.
Sourcefn seal(&mut self, key: &WrappedKey, data: &[u8]) -> Result<Vec<u8>>
fn seal(&mut self, key: &WrappedKey, data: &[u8]) -> Result<Vec<u8>>
Unwrap the Data Key, encrypt data, and seal with PCR policy.
Sourcefn unseal(&mut self, key: &WrappedKey, sealed: &[u8]) -> Result<Vec<u8>>
fn unseal(&mut self, key: &WrappedKey, sealed: &[u8]) -> Result<Vec<u8>>
Unseal data. Fails if PCR values have changed.
Sourcefn backend_type(&self) -> BackendType
fn backend_type(&self) -> BackendType
Return the backend type identifier.