diff --git a/.bazelversion b/.bazelversion new file mode 100644 index 000000000..6da4de57d --- /dev/null +++ b/.bazelversion @@ -0,0 +1 @@ +8.4.1 diff --git a/.gitignore b/.gitignore index ba65e9150..5262d8dca 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +bazel-* launcher/launcher/launcher *.test *.test.exe diff --git a/BUILD.bazel b/BUILD.bazel new file mode 100644 index 000000000..18c761d15 --- /dev/null +++ b/BUILD.bazel @@ -0,0 +1,20 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +load("@bazel_gazelle//:def.bzl", "gazelle") + +# gazelle:go_grpc_compilers @io_bazel_rules_go//proto:go_grpc_v2, @io_bazel_rules_go//proto:go_proto +# gazelle:proto_import_prefix github.com/google/go-tpm-tools +# gazelle:prefix github.com/google/go-tpm-tools +gazelle(name = "gazelle") diff --git a/MODULE.bazel b/MODULE.bazel new file mode 100644 index 000000000..77a3089c4 --- /dev/null +++ b/MODULE.bazel @@ -0,0 +1,20 @@ +module( + name = "go-tpm-tools", + version = "0.0.0", +) + +bazel_dep(name = "gazelle", version = "0.45.0", repo_name = "bazel_gazelle") +bazel_dep(name = "grpc", version = "1.74.1", repo_name = "com_github_grpc_grpc") +bazel_dep(name = "protobuf", version = "33.1", repo_name = "com_google_protobuf") +bazel_dep(name = "rules_cc", version = "0.2.14", repo_name = "io_bazel_rules_cc") +bazel_dep(name = "rules_go", version = "0.59.0", repo_name = "io_bazel_rules_go") +bazel_dep(name = "openssl", version = "3.3.1.bcr.9", repo_name = "com_github_openssl_openssl") + +go_sdk = use_extension("@io_bazel_rules_go//go:extensions.bzl", "go_sdk") +go_sdk.download(version = "1.25.1") + +go_deps = use_extension("@bazel_gazelle//:extensions.bzl", "go_deps") +go_deps.from_file(go_mod = "//:go.mod") +use_repo(go_deps, "com_github_google_go_attestation", "com_github_google_go_cmp", "com_github_google_go_configfs_tsm", "com_github_google_go_eventlog", "com_github_google_go_sev_guest", "com_github_google_go_tdx_guest", "com_github_google_go_tpm", "com_github_google_logger", "org_golang_google_protobuf") + +go_deps_dev = use_extension("@bazel_gazelle//:extensions.bzl", "go_deps", dev_dependency = True) diff --git a/cel/BUILD.bazel b/cel/BUILD.bazel new file mode 100644 index 000000000..53ca32fad --- /dev/null +++ b/cel/BUILD.bazel @@ -0,0 +1,41 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "cel", + srcs = [ + "canonical_eventlog.go", + "cos_tlv.go", + ], + importpath = "github.com/google/go-tpm-tools/cel", + visibility = ["//visibility:public"], + deps = [ + "//client", + "@com_github_google_go_configfs_tsm//configfs/configfsi", + "@com_github_google_go_eventlog//register", + "@com_github_google_go_tdx_guest//rtmr", + "@com_github_google_go_tpm//legacy/tpm2", + "@com_github_google_go_tpm//tpmutil", + ], +) + +go_test( + name = "cel_test", + srcs = [ + "canonical_eventlog_test.go", + "cos_tlv_test.go", + ], + embed = [":cel"], + deps = [ + "//client", + "//internal/test", + "//proto/attest", + "@com_github_google_go_cmp//cmp", + "@com_github_google_go_configfs_tsm//configfs/configfsi", + "@com_github_google_go_configfs_tsm//configfs/fakertmr", + "@com_github_google_go_configfs_tsm//rtmr", + "@com_github_google_go_eventlog//proto/state", + "@com_github_google_go_eventlog//register", + "@com_github_google_go_tpm//legacy/tpm2", + "@com_github_google_go_tpm//tpmutil", + ], +) diff --git a/client/BUILD.bazel b/client/BUILD.bazel new file mode 100644 index 000000000..45df0721c --- /dev/null +++ b/client/BUILD.bazel @@ -0,0 +1,72 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "client", + srcs = [ + "attest.go", + "close.go", + "eventlog.go", + "eventlog_linux.go", + "eventlog_other.go", + "handles.go", + "import.go", + "import_certify.go", + "keys.go", + "pcr.go", + "session.go", + "signer.go", + "template.go", + ], + importpath = "github.com/google/go-tpm-tools/client", + visibility = ["//visibility:public"], + deps = [ + "//internal", + "//proto/attest", + "//proto/tpm", + "@com_github_google_go_sev_guest//abi", + "@com_github_google_go_sev_guest//client", + "@com_github_google_go_tdx_guest//client", + "@com_github_google_go_tdx_guest//client/linuxabi", + "@com_github_google_go_tdx_guest//proto/tdx", + "@com_github_google_go_tpm//legacy/tpm2", + "@com_github_google_go_tpm//tpm2", + "@com_github_google_go_tpm//tpm2/transport", + "@com_github_google_go_tpm//tpmutil", + ], +) + +go_test( + name = "client_test", + srcs = [ + "attest_network_test.go", + "attest_test.go", + "example_test.go", + "handles_test.go", + "import_certify_test.go", + "keys_test.go", + "pcr_test.go", + "quote_test.go", + "seal_test.go", + "signer_test.go", + ], + embed = [":client"], + deps = [ + "//internal", + "//internal/test", + "//proto/attest", + "//proto/tpm", + "//server", + "//simulator", + "@com_github_google_go_attestation//attest", + "@com_github_google_go_sev_guest//testing", + "@com_github_google_go_sev_guest//testing/client", + "@com_github_google_go_tdx_guest//testing", + "@com_github_google_go_tdx_guest//testing/client", + "@com_github_google_go_tdx_guest//testing/testdata", + "@com_github_google_go_tpm//legacy/tpm2", + "@com_github_google_go_tpm//tpm2", + "@com_github_google_go_tpm//tpm2/transport", + "@com_github_google_go_tpm//tpmutil", + "@org_golang_google_protobuf//proto", + ], +) diff --git a/cmd/BUILD.bazel b/cmd/BUILD.bazel new file mode 100644 index 000000000..964871283 --- /dev/null +++ b/cmd/BUILD.bazel @@ -0,0 +1,104 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "cmd", + srcs = [ + "attest.go", + "attest_svsm.go", + "fake_cloudlogging_server.go", + "flags.go", + "flush.go", + "open.go", + "open_other.go", + "open_windows.go", + "pubkey.go", + "read.go", + "register.go", + "root.go", + "seal.go", + "token.go", + "verify.go", + "verify_sev.go", + "verify_svsm.go", + "verify_tdx.go", + ], + importpath = "github.com/google/go-tpm-tools/cmd", + visibility = ["//visibility:public"], + deps = [ + "//client", + "//internal", + "//proto/attest", + "//proto/tpm", + "//server", + "//verifier", + "//verifier/models", + "//verifier/util", + "@com_github_golang_jwt_jwt_v4//:go_default_library", + "@com_github_golang_protobuf//ptypes/timestamp", + "@com_github_google_gce_tcb_verifier//extract:go_default_library", + "@com_github_google_gce_tcb_verifier//proto/endorsement:go_default_library", + "@com_github_google_gce_tcb_verifier//verify:go_default_library", + "@com_github_google_gce_tcb_verifier_gcetcbendorsement//:go_default_library", + "@com_github_google_go_configfs_tsm//configfs/configfsi", + "@com_github_google_go_configfs_tsm//configfs/linuxtsm", + "@com_github_google_go_configfs_tsm//report", + "@com_github_google_go_sev_guest//abi", + "@com_github_google_go_sev_guest//proto/sevsnp", + "@com_github_google_go_sev_guest//validate", + "@com_github_google_go_sev_guest//verify", + "@com_github_google_go_sev_guest//verify/trust", + "@com_github_google_go_tdx_guest//abi", + "@com_github_google_go_tdx_guest//proto/tdx", + "@com_github_google_go_tdx_guest//validate", + "@com_github_google_go_tdx_guest//verify", + "@com_github_google_go_tpm//legacy/tpm2", + "@com_github_google_go_tpm//tpm2", + "@com_github_google_go_tpm//tpm2/transport", + "@com_github_google_go_tpm//tpmutil", + "@com_github_spf13_cobra//:go_default_library", + "@com_google_cloud_go_compute_metadata//:go_default_library", + "@com_google_cloud_go_logging//:go_default_library", + "@com_google_cloud_go_logging//apiv2/loggingpb:go_default_library", + "@org_golang_google_api//option:go_default_library", + "@org_golang_google_grpc//:grpc", + "@org_golang_google_grpc//credentials/insecure", + "@org_golang_google_protobuf//encoding/prototext", + "@org_golang_google_protobuf//proto", + ], +) + +go_test( + name = "cmd_test", + srcs = [ + "attest_test.go", + "flush_test.go", + "seal_test.go", + "svsm_test.go", + "token_test.go", + "verify_test.go", + ], + embed = [":cmd"], + deps = [ + "//client", + "//internal/test", + "//proto/attest", + "//verifier/util", + "@com_github_google_gce_tcb_verifier//proto/endorsement:go_default_library", + "@com_github_google_go_configfs_tsm//configfs/configfsi", + "@com_github_google_go_configfs_tsm//configfs/faketsm", + "@com_github_google_go_sev_guest//abi", + "@com_github_google_go_sev_guest//proto/sevsnp", + "@com_github_google_go_sev_guest//testing", + "@com_github_google_go_sev_guest//testing/client", + "@com_github_google_go_sev_guest//validate", + "@com_github_google_go_tdx_guest//testing", + "@com_github_google_go_tdx_guest//testing/client", + "@com_github_google_go_tdx_guest//testing/testdata", + "@com_github_google_go_tpm//legacy/tpm2", + "@com_github_google_go_tpm//tpmutil", + "@org_golang_google_protobuf//encoding/prototext", + "@org_golang_google_protobuf//proto", + "@org_golang_x_oauth2//:go_default_library", + "@org_golang_x_oauth2//google:go_default_library", + ], +) diff --git a/go.mod b/go.mod index adfea8a73..8f19ca70d 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843 github.com/google/go-tpm v0.9.6 github.com/google/logger v1.1.1 - google.golang.org/protobuf v1.35.1 + google.golang.org/protobuf v1.36.3 ) require ( diff --git a/internal/BUILD.bazel b/internal/BUILD.bazel new file mode 100644 index 000000000..b6f06ca9a --- /dev/null +++ b/internal/BUILD.bazel @@ -0,0 +1,32 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "internal", + srcs = [ + "cert.go", + "pcrs.go", + "public.go", + "quote.go", + ], + importpath = "github.com/google/go-tpm-tools/internal", + visibility = ["//:__subpackages__"], + deps = [ + "//proto/tpm", + "@com_github_google_go_tpm//legacy/tpm2", + "@com_github_google_go_tpm//tpmutil", + ], +) + +go_test( + name = "internal_test", + srcs = [ + "cert_test.go", + "pcrs_test.go", + ], + embed = [":internal"], + deps = [ + "//internal/test", + "//proto/tpm", + "@com_github_google_go_tpm//legacy/tpm2", + ], +) diff --git a/internal/test/BUILD.bazel b/internal/test/BUILD.bazel new file mode 100644 index 000000000..6a4bf9961 --- /dev/null +++ b/internal/test/BUILD.bazel @@ -0,0 +1,59 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "test", + srcs = [ + "load_random_external_key.go", + "test_cert.go", + "test_data.go", + "test_other.go", + "test_tpm.go", + "test_windows.go", + ], + embedsrcs = [ + "attestations/gce-cos-85-no-nonce.pb", + "attestations/gce-cos-85-nonce9009.pb", + "certificates/pca_tpm_ecc_enc_cert.pem", + "certificates/pca_tpm_ecc_sign_cert.pem", + "certificates/pca_tpm_rsa_enc_cert.pem", + "certificates/pca_tpm_rsa_sign_cert.pem", + "certificates/uca_tpm_ecc_enc_cert.pem", + "certificates/uca_tpm_ecc_sign_cert.pem", + "certificates/uca_tpm_rsa_enc_cert.pem", + "certificates/uca_tpm_rsa_sign_cert.pem", + "eventlogs/arch-linux-workstation.bin", + "eventlogs/confidential-gke-debug-251000_eventlog.bin", + "eventlogs/cos-101-amd-sev.bin", + "eventlogs/cos-85-amd-sev.bin", + "eventlogs/cos-93-amd-sev.bin", + "eventlogs/debian-10.bin", + "eventlogs/eventlogwithsp800155.bin", + "eventlogs/gdc-host.bin", + "eventlogs/glinux-alex.bin", + "eventlogs/rhel8-uefi.bin", + "eventlogs/ubuntu-1804-amd-sev.bin", + "eventlogs/ubuntu-2104-no-dbx.bin", + "eventlogs/ubuntu-2104-no-secure-boot.bin", + "eventlogs/ubuntu-2404-amd-sevsnp.bin", + "tdx_test_files/tdxReportData.bin", + ], + importpath = "github.com/google/go-tpm-tools/internal/test", + visibility = ["//:__subpackages__"], + deps = [ + "//simulator", + "@com_github_google_go_attestation//attest", + "@com_github_google_go_tpm//legacy/tpm2", + "@com_github_google_go_tpm//tpm2", + "@com_github_google_go_tpm//tpmutil", + ], +) + +go_test( + name = "test_test", + srcs = ["simulate_test.go"], + embed = [":test"], + deps = [ + "//client", + "//server", + ], +) diff --git a/launcher/BUILD.bazel b/launcher/BUILD.bazel new file mode 100644 index 000000000..c4a59c141 --- /dev/null +++ b/launcher/BUILD.bazel @@ -0,0 +1,75 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "launcher", + srcs = [ + "container_runner.go", + "errors.go", + "util.go", + ], + importpath = "github.com/google/go-tpm-tools/launcher", + visibility = ["//visibility:public"], + deps = [ + "//cel", + "//client", + "//launcher/agent", + "//launcher/internal/healthmonitoring/nodeproblemdetector", + "//launcher/internal/logging", + "//launcher/internal/signaturediscovery", + "//launcher/launcherfile", + "//launcher/registryauth", + "//launcher/spec", + "//launcher/teeserver", + "//verifier", + "//verifier/fake", + "//verifier/ita", + "//verifier/util", + "@com_github_cenkalti_backoff_v4//:go_default_library", + "@com_github_containerd_containerd//:go_default_library", + "@com_github_containerd_containerd//cio:go_default_library", + "@com_github_containerd_containerd//containers:go_default_library", + "@com_github_containerd_containerd//content:go_default_library", + "@com_github_containerd_containerd//images:go_default_library", + "@com_github_containerd_containerd//oci:go_default_library", + "@com_github_containerd_containerd//remotes:go_default_library", + "@com_github_golang_jwt_jwt_v4//:go_default_library", + "@com_github_google_go_tpm//legacy/tpm2", + "@com_github_opencontainers_image_spec//specs-go/v1:go_default_library", + "@com_github_opencontainers_runtime_spec//specs-go:go_default_library", + "@com_google_cloud_go_compute_metadata//:go_default_library", + "@org_golang_google_api//impersonate:go_default_library", + "@org_golang_google_api//option:go_default_library", + "@org_golang_x_oauth2//:go_default_library", + ], +) + +go_test( + name = "launcher_test", + srcs = [ + "container_runner_test.go", + "util_test.go", + ], + embed = [":launcher"], + deps = [ + "//cel", + "//client", + "//internal/test", + "//launcher/agent", + "//launcher/internal/logging", + "//launcher/launcherfile", + "//launcher/spec", + "//verifier", + "@com_github_cenkalti_backoff_v4//:go_default_library", + "@com_github_containerd_containerd//:go_default_library", + "@com_github_containerd_containerd//defaults:go_default_library", + "@com_github_containerd_containerd//namespaces:go_default_library", + "@com_github_containerd_containerd//oci:go_default_library", + "@com_github_golang_jwt_jwt_v4//:go_default_library", + "@com_github_google_go_cmp//cmp", + "@com_github_opencontainers_go_digest//:go_default_library", + "@com_github_opencontainers_image_spec//specs-go/v1:go_default_library", + "@com_github_opencontainers_runtime_spec//specs-go:go_default_library", + "@org_golang_google_api//option:go_default_library", + "@org_golang_x_oauth2//:go_default_library", + ], +) diff --git a/launcher/agent/BUILD.bazel b/launcher/agent/BUILD.bazel new file mode 100644 index 000000000..7181d515e --- /dev/null +++ b/launcher/agent/BUILD.bazel @@ -0,0 +1,49 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "agent", + srcs = ["agent.go"], + importpath = "github.com/google/go-tpm-tools/launcher/agent", + visibility = ["//visibility:public"], + deps = [ + "//cel", + "//client", + "//internal", + "//launcher/internal/logging", + "//launcher/internal/signaturediscovery", + "//launcher/spec", + "//proto/attest", + "//verifier", + "//verifier/models", + "//verifier/oci", + "//verifier/util", + "@com_github_cenkalti_backoff_v4//:go_default_library", + "@com_github_google_go_configfs_tsm//configfs/configfsi", + "@com_github_google_go_configfs_tsm//configfs/linuxtsm", + "@com_github_google_go_tdx_guest//client", + "@com_github_google_go_tdx_guest//client/linuxabi", + ], +) + +go_test( + name = "agent_test", + srcs = ["agent_test.go"], + embed = [":agent"], + deps = [ + "//cel", + "//client", + "//internal/test", + "//launcher/internal/logging", + "//launcher/internal/signaturediscovery", + "//launcher/spec", + "//proto/attest", + "//verifier", + "//verifier/fake", + "//verifier/oci", + "//verifier/oci/cosign", + "@com_github_cenkalti_backoff_v4//:go_default_library", + "@com_github_golang_jwt_jwt_v4//:go_default_library", + "@com_github_google_go_cmp//cmp", + "@org_golang_google_protobuf//encoding/protojson", + ], +) diff --git a/launcher/image/testworkloads/basic/BUILD.bazel b/launcher/image/testworkloads/basic/BUILD.bazel new file mode 100644 index 000000000..b2295e68a --- /dev/null +++ b/launcher/image/testworkloads/basic/BUILD.bazel @@ -0,0 +1,15 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") + +go_library( + name = "basic_lib", + srcs = ["main.go"], + importpath = "github.com/google/go-tpm-tools/launcher/image/testworkloads/basic", + visibility = ["//visibility:private"], + deps = ["@com_github_golang_jwt_jwt_v4//:go_default_library"], +) + +go_binary( + name = "basic", + embed = [":basic_lib"], + visibility = ["//visibility:public"], +) diff --git a/launcher/image/testworkloads/customtoken/happypath/BUILD.bazel b/launcher/image/testworkloads/customtoken/happypath/BUILD.bazel new file mode 100644 index 000000000..1db97b97a --- /dev/null +++ b/launcher/image/testworkloads/customtoken/happypath/BUILD.bazel @@ -0,0 +1,18 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") + +go_library( + name = "happypath_lib", + srcs = ["main.go"], + importpath = "github.com/google/go-tpm-tools/launcher/image/testworkloads/customtoken/happypath", + visibility = ["//visibility:private"], + deps = [ + "//verifier/fake", + "@com_github_golang_jwt_jwt_v4//:go_default_library", + ], +) + +go_binary( + name = "happypath", + embed = [":happypath_lib"], + visibility = ["//visibility:public"], +) diff --git a/launcher/internal/BUILD.bazel b/launcher/internal/BUILD.bazel new file mode 100644 index 000000000..dc731c420 --- /dev/null +++ b/launcher/internal/BUILD.bazel @@ -0,0 +1,14 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_test") + +go_test( + name = "internal_test", + srcs = ["rest_network_test.go"], + deps = [ + "//proto/attest", + "//verifier", + "//verifier/util", + "@com_github_containerd_containerd//namespaces:go_default_library", + "@org_golang_x_oauth2//:go_default_library", + "@org_golang_x_oauth2//google:go_default_library", + ], +) diff --git a/launcher/internal/experiments/BUILD.bazel b/launcher/internal/experiments/BUILD.bazel new file mode 100644 index 000000000..285b62580 --- /dev/null +++ b/launcher/internal/experiments/BUILD.bazel @@ -0,0 +1,15 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "experiments", + srcs = ["experiments.go"], + importpath = "github.com/google/go-tpm-tools/launcher/internal/experiments", + visibility = ["//launcher:__subpackages__"], +) + +go_test( + name = "experiments_test", + srcs = ["experiments_test.go"], + embed = [":experiments"], + deps = ["@com_github_google_go_cmp//cmp"], +) diff --git a/launcher/internal/healthmonitoring/nodeproblemdetector/BUILD.bazel b/launcher/internal/healthmonitoring/nodeproblemdetector/BUILD.bazel new file mode 100644 index 000000000..06dc74ece --- /dev/null +++ b/launcher/internal/healthmonitoring/nodeproblemdetector/BUILD.bazel @@ -0,0 +1,19 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "nodeproblemdetector", + srcs = ["systemstats_config.go"], + importpath = "github.com/google/go-tpm-tools/launcher/internal/healthmonitoring/nodeproblemdetector", + visibility = ["//launcher:__subpackages__"], + deps = [ + "//launcher/internal/logging", + "//launcher/internal/systemctl", + ], +) + +go_test( + name = "nodeproblemdetector_test", + srcs = ["systemstats_config_test.go"], + embed = [":nodeproblemdetector"], + deps = ["@com_github_google_go_cmp//cmp"], +) diff --git a/launcher/internal/launchermount/BUILD.bazel b/launcher/internal/launchermount/BUILD.bazel new file mode 100644 index 000000000..760b7032b --- /dev/null +++ b/launcher/internal/launchermount/BUILD.bazel @@ -0,0 +1,22 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "launchermount", + srcs = [ + "mount.go", + "tmpfs.go", + ], + importpath = "github.com/google/go-tpm-tools/launcher/internal/launchermount", + visibility = ["//launcher:__subpackages__"], + deps = ["@com_github_opencontainers_runtime_spec//specs-go:go_default_library"], +) + +go_test( + name = "launchermount_test", + srcs = ["tmpfs_test.go"], + embed = [":launchermount"], + deps = [ + "@com_github_google_go_cmp//cmp", + "@com_github_opencontainers_runtime_spec//specs-go:go_default_library", + ], +) diff --git a/launcher/internal/logging/BUILD.bazel b/launcher/internal/logging/BUILD.bazel new file mode 100644 index 000000000..f7b81ba81 --- /dev/null +++ b/launcher/internal/logging/BUILD.bazel @@ -0,0 +1,24 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "logging", + srcs = ["logging.go"], + importpath = "github.com/google/go-tpm-tools/launcher/internal/logging", + visibility = ["//launcher:__subpackages__"], + deps = [ + "@com_google_cloud_go_compute_metadata//:go_default_library", + "@com_google_cloud_go_logging//:go_default_library", + "@org_golang_google_genproto_googleapis_api//monitoredres", + ], +) + +go_test( + name = "logging_test", + srcs = ["logging_test.go"], + embed = [":logging"], + deps = [ + "@com_github_google_go_cmp//cmp", + "@com_google_cloud_go_logging//:go_default_library", + "@org_golang_google_genproto_googleapis_api//monitoredres", + ], +) diff --git a/launcher/internal/signaturediscovery/BUILD.bazel b/launcher/internal/signaturediscovery/BUILD.bazel new file mode 100644 index 000000000..4df158e33 --- /dev/null +++ b/launcher/internal/signaturediscovery/BUILD.bazel @@ -0,0 +1,35 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "signaturediscovery", + srcs = [ + "client.go", + "fakeclient.go", + ], + importpath = "github.com/google/go-tpm-tools/launcher/internal/signaturediscovery", + visibility = ["//launcher:__subpackages__"], + deps = [ + "//verifier/oci", + "//verifier/oci/cosign", + "@com_github_containerd_containerd//:go_default_library", + "@com_github_containerd_containerd//content:go_default_library", + "@com_github_containerd_containerd//images:go_default_library", + "@com_github_containerd_containerd//remotes:go_default_library", + "@com_github_opencontainers_image_spec//specs-go/v1:go_default_library", + ], +) + +go_test( + name = "signaturediscovery_test", + srcs = ["client_test.go"], + embed = [":signaturediscovery"], + deps = [ + "//launcher/registryauth", + "@com_github_containerd_containerd//:go_default_library", + "@com_github_containerd_containerd//defaults:go_default_library", + "@com_github_containerd_containerd//namespaces:go_default_library", + "@com_github_containerd_containerd//remotes:go_default_library", + "@com_github_google_go_cmp//cmp", + "@com_github_opencontainers_image_spec//specs-go/v1:go_default_library", + ], +) diff --git a/launcher/internal/systemctl/BUILD.bazel b/launcher/internal/systemctl/BUILD.bazel new file mode 100644 index 000000000..854a49f03 --- /dev/null +++ b/launcher/internal/systemctl/BUILD.bazel @@ -0,0 +1,15 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "systemctl", + srcs = ["systemctl.go"], + importpath = "github.com/google/go-tpm-tools/launcher/internal/systemctl", + visibility = ["//launcher:__subpackages__"], + deps = ["@com_github_coreos_go_systemd_v22//dbus:go_default_library"], +) + +go_test( + name = "systemctl_test", + srcs = ["systemctl_test.go"], + embed = [":systemctl"], +) diff --git a/launcher/launcher/BUILD.bazel b/launcher/launcher/BUILD.bazel new file mode 100644 index 000000000..947779f90 --- /dev/null +++ b/launcher/launcher/BUILD.bazel @@ -0,0 +1,37 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library", "go_test") + +go_library( + name = "launcher_lib", + srcs = ["main.go"], + importpath = "github.com/google/go-tpm-tools/launcher/launcher", + visibility = ["//visibility:private"], + deps = [ + "//client", + "//launcher", + "//launcher/internal/logging", + "//launcher/launcherfile", + "//launcher/registryauth", + "//launcher/spec", + "@com_github_containerd_containerd//:go_default_library", + "@com_github_containerd_containerd//defaults:go_default_library", + "@com_github_containerd_containerd//namespaces:go_default_library", + "@com_github_google_go_tpm//legacy/tpm2", + "@com_google_cloud_go_compute_metadata//:go_default_library", + ], +) + +go_binary( + name = "launcher", + embed = [":launcher_lib"], + visibility = ["//visibility:public"], +) + +go_test( + name = "launcher_test", + srcs = ["main_test.go"], + embed = [":launcher_lib"], + deps = [ + "//launcher", + "//launcher/spec", + ], +) diff --git a/launcher/launcherfile/BUILD.bazel b/launcher/launcherfile/BUILD.bazel new file mode 100644 index 000000000..958d9e188 --- /dev/null +++ b/launcher/launcherfile/BUILD.bazel @@ -0,0 +1,8 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "launcherfile", + srcs = ["launcherfile.go"], + importpath = "github.com/google/go-tpm-tools/launcher/launcherfile", + visibility = ["//visibility:public"], +) diff --git a/launcher/registryauth/BUILD.bazel b/launcher/registryauth/BUILD.bazel new file mode 100644 index 000000000..7f0bd92c0 --- /dev/null +++ b/launcher/registryauth/BUILD.bazel @@ -0,0 +1,14 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "registryauth", + srcs = ["auth.go"], + importpath = "github.com/google/go-tpm-tools/launcher/registryauth", + visibility = ["//visibility:public"], + deps = [ + "@com_github_containerd_containerd//remotes:go_default_library", + "@com_github_containerd_containerd//remotes/docker:go_default_library", + "@com_google_cloud_go_compute_metadata//:go_default_library", + "@org_golang_x_oauth2//:go_default_library", + ], +) diff --git a/launcher/spec/BUILD.bazel b/launcher/spec/BUILD.bazel new file mode 100644 index 000000000..d38403045 --- /dev/null +++ b/launcher/spec/BUILD.bazel @@ -0,0 +1,38 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "spec", + srcs = [ + "launch_policy.go", + "launch_spec.go", + ], + importpath = "github.com/google/go-tpm-tools/launcher/spec", + visibility = ["//visibility:public"], + deps = [ + "//cel", + "//launcher/internal/experiments", + "//launcher/internal/launchermount", + "//launcher/internal/logging", + "//launcher/launcherfile", + "//verifier", + "//verifier/util", + "@com_github_containerd_containerd_v2//pkg/cap:go_default_library", + "@com_google_cloud_go_compute_metadata//:go_default_library", + ], +) + +go_test( + name = "spec_test", + srcs = [ + "launch_policy_test.go", + "launch_spec_test.go", + ], + embed = [":spec"], + deps = [ + "//launcher/internal/experiments", + "//launcher/internal/launchermount", + "//launcher/internal/logging", + "//verifier", + "@com_github_google_go_cmp//cmp", + ], +) diff --git a/launcher/teeserver/BUILD.bazel b/launcher/teeserver/BUILD.bazel new file mode 100644 index 000000000..3634c45b4 --- /dev/null +++ b/launcher/teeserver/BUILD.bazel @@ -0,0 +1,33 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "teeserver", + srcs = ["tee_server.go"], + importpath = "github.com/google/go-tpm-tools/launcher/teeserver", + visibility = ["//visibility:public"], + deps = [ + "//launcher/agent", + "//launcher/internal/logging", + "//launcher/spec", + "//verifier", + "//verifier/models", + "@org_golang_google_grpc//codes", + "@org_golang_google_grpc//status", + ], +) + +go_test( + name = "teeserver_test", + srcs = ["tee_server_test.go"], + embed = [":teeserver"], + deps = [ + "//cel", + "//launcher/agent", + "//launcher/internal/logging", + "//verifier", + "//verifier/models", + "@com_github_google_go_cmp//cmp", + "@org_golang_google_grpc//codes", + "@org_golang_google_grpc//status", + ], +) diff --git a/proto/BUILD.bazel b/proto/BUILD.bazel new file mode 100644 index 000000000..5c2c598de --- /dev/null +++ b/proto/BUILD.bazel @@ -0,0 +1,8 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "proto", + srcs = ["doc.go"], + importpath = "github.com/google/go-tpm-tools/proto", + visibility = ["//visibility:public"], +) diff --git a/proto/attest/BUILD.bazel b/proto/attest/BUILD.bazel new file mode 100644 index 000000000..55d998d1a --- /dev/null +++ b/proto/attest/BUILD.bazel @@ -0,0 +1,15 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "attest", + srcs = ["attest.pb.go"], + importpath = "github.com/google/go-tpm-tools/proto/attest", + visibility = ["//visibility:public"], + deps = [ + "//proto/tpm", + "@com_github_google_go_sev_guest//proto/sevsnp", + "@com_github_google_go_tdx_guest//proto/tdx", + "@org_golang_google_protobuf//reflect/protoreflect", + "@org_golang_google_protobuf//runtime/protoimpl", + ], +) diff --git a/proto/tpm/BUILD.bazel b/proto/tpm/BUILD.bazel new file mode 100644 index 000000000..950b03a7b --- /dev/null +++ b/proto/tpm/BUILD.bazel @@ -0,0 +1,12 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "tpm", + srcs = ["tpm.pb.go"], + importpath = "github.com/google/go-tpm-tools/proto/tpm", + visibility = ["//visibility:public"], + deps = [ + "@org_golang_google_protobuf//reflect/protoreflect", + "@org_golang_google_protobuf//runtime/protoimpl", + ], +) diff --git a/server/BUILD.bazel b/server/BUILD.bazel new file mode 100644 index 000000000..8faf62a09 --- /dev/null +++ b/server/BUILD.bazel @@ -0,0 +1,82 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "server", + srcs = [ + "ecc_utils.go", + "eventlog.go", + "grouped_error.go", + "import.go", + "import_certify.go", + "instance_info.go", + "key_conversion.go", + "policy.go", + "policy_constants.go", + "verify.go", + ], + embedsrcs = [ + "ca-certs/gcp_ek_ak_ca_intermediate_v3.crt", + "ca-certs/gcp_ek_ak_ca_root.crt", + "ca-certs/tpm_ek_intermediate_2.crt", + "ca-certs/tpm_ek_intermediate_3.crt", + "ca-certs/tpm_ek_root_1.cer", + "secure-boot/GcePk.crt", + "secure-boot/MicCorKEKCA2011_2011-06-24.crt", + "secure-boot/MicCorUEFCA2011_2011-06-27.crt", + "secure-boot/MicWinProPCA2011_2011-10-19.crt", + "secure-boot/canonical-boothole.crt", + "secure-boot/cisco-boothole.crt", + "secure-boot/debian-boothole.crt", + ], + importpath = "github.com/google/go-tpm-tools/server", + visibility = ["//visibility:public"], + deps = [ + "//cel", + "//client", + "//internal", + "//proto/attest", + "//proto/tpm", + "@com_github_google_go_attestation//attest", + "@com_github_google_go_eventlog//register", + "@com_github_google_go_sev_guest//verify/trust", + "@com_github_google_go_tpm//legacy/tpm2", + "@com_github_google_go_tpm//tpm2", + "@com_github_google_go_tpm//tpmutil", + "@org_golang_google_protobuf//proto", + ], +) + +go_test( + name = "server_test", + srcs = [ + "certificate_test.go", + "eventlog_test.go", + "example_test.go", + "grouped_error_test.go", + "import_test.go", + "key_conversion_test.go", + "policy_constants_test.go", + "policy_test.go", + "verify_test.go", + ], + embed = [":server"], + deps = [ + "//cel", + "//client", + "//internal", + "//internal/test", + "//proto/attest", + "//proto/tpm", + "//simulator", + "@com_github_google_go_cmp//cmp", + "@com_github_google_go_configfs_tsm//configfs/fakertmr", + "@com_github_google_go_configfs_tsm//rtmr", + "@com_github_google_go_eventlog//proto/state", + "@com_github_google_go_eventlog//register", + "@com_github_google_go_tpm//legacy/tpm2", + "@com_github_google_go_tpm//tpmutil", + "@com_github_google_logger//:logger", + "@org_golang_google_protobuf//proto", + "@org_golang_google_protobuf//testing/protocmp", + ], +) diff --git a/simulator/BUILD.bazel b/simulator/BUILD.bazel new file mode 100644 index 000000000..a1910771f --- /dev/null +++ b/simulator/BUILD.bazel @@ -0,0 +1,22 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "simulator", + srcs = ["simulator.go"], + importpath = "github.com/google/go-tpm-tools/simulator", + visibility = ["//visibility:public"], + deps = [ + "@com_github_google_go_tpm//legacy/tpm2", + "//simulator/internal", + ], +) + +go_test( + name = "simulator_test", + srcs = ["simulator_test.go"], + embed = [":simulator"], + deps = [ + "@com_github_google_go_tpm//legacy/tpm2", + "//client", + ], +) diff --git a/simulator/internal/BUILD.bazel b/simulator/internal/BUILD.bazel new file mode 100644 index 000000000..5cadbb228 --- /dev/null +++ b/simulator/internal/BUILD.bazel @@ -0,0 +1,17 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "internal", + importpath = "github.com/google/go-tpm-tools/simulator/internal", + visibility = ["//visibility:public"], + srcs = [ + "doc.go", + "internal_cgo.go", + "internal_cross.go", + ], + cgo = True, + cdeps = [ + "//simulator/ms-tpm-20-ref:mstpm20", + "//simulator/ms-tpm-20-ref:tpm", + ], +) diff --git a/simulator/ms-tpm-20-ref/BUILD.bazel b/simulator/ms-tpm-20-ref/BUILD.bazel new file mode 100644 index 000000000..5c700fe6e --- /dev/null +++ b/simulator/ms-tpm-20-ref/BUILD.bazel @@ -0,0 +1,85 @@ +load("@io_bazel_rules_cc//cc:defs.bzl", "cc_library") + +# Add any overrides to TpmBuildSwitches.h or TpmProfile.h here +defines = [ + # We want a debuggable simulator + "DEBUG=YES", + # !!!INSECURE!!! + # This *must* be set to SIMULATION=NO for use outside of tests as it causes + # the DRNG to be deterministic. + "SIMULATION=YES", + # These 2 checks are cheep, so we might as well keep them. + "COMPILER_CHECKS=DEBUG", + "RUNTIME_SIZE_CHECKS=DEBUG", + # Not needed as our NVRAM reads/writes always succeed + "USE_DA_USED=NO", + # Avoids the need for an additional platform stub + "CERTIFYX509_DEBUG=NO", + # Enable P224/P521 ECC curves + "ECC_NIST_P224=YES", + "ECC_NIST_P521=YES", + # Enable SHA512 + "ALG_SHA512=ALG_YES", + "MAX_CONTEXT_SIZE=1360", +] + +cc_library( + name = "mstpm20", + visibility = ["//visibility:public"], + srcs = ["Samples/Google/Run.c"], + hdrs = ["Samples/Google/Platform.h"], + deps = [ + ":platform", + ":tpm", + ], +) + +cc_library( + name = "tpm", + visibility = ["//visibility:public"], + srcs = glob(["TPMCmd/tpm/src/**/*.c"]), + copts = [ + "-Wno-empty-body", + "-fno-sanitize=null", + ], + textual_hdrs = glob([ + "TPMCmd/tpm/include/*.h", + "TPMCmd/tpm/include/Ossl/*.h", + "TPMCmd/tpm/include/prototypes/*.h", + ]), + deps = [ + ":base", + ":platform", + "@com_github_openssl_openssl//:crypto", + ], +) + +cc_library( + name = "platform", + srcs = [ + "Samples/Google/Clock.c", + "Samples/Google/Entropy.c", + "Samples/Google/NVMem.c", + ], + hdrs = [ + "Samples/Google/PlatformData.h", + "Samples/Google/Platform_fp.h", + ], + deps = [ + ":base", + "@com_github_openssl_openssl//:crypto", + ], +) + +cc_library( + name = "base", + hdrs = [ + "TPMCmd/tpm/include/TpmProfile.h", + ], + defines = defines, + includes = [ + "Samples/Google", + "TPMCmd/tpm/include", + "TPMCmd/tpm/include/prototypes", + ], +) diff --git a/testutil/BUILD.bazel b/testutil/BUILD.bazel new file mode 100644 index 000000000..10b46946a --- /dev/null +++ b/testutil/BUILD.bazel @@ -0,0 +1,9 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "testutil", + srcs = ["utils.go"], + importpath = "github.com/google/go-tpm-tools/testutil", + visibility = ["//visibility:public"], + deps = ["//internal/test"], +) diff --git a/verifier/BUILD.bazel b/verifier/BUILD.bazel new file mode 100644 index 000000000..fd782e482 --- /dev/null +++ b/verifier/BUILD.bazel @@ -0,0 +1,13 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "verifier", + srcs = ["client.go"], + importpath = "github.com/google/go-tpm-tools/verifier", + visibility = ["//visibility:public"], + deps = [ + "//proto/attest", + "//verifier/models", + "@org_golang_google_genproto_googleapis_rpc//status", + ], +) diff --git a/verifier/fake/BUILD.bazel b/verifier/fake/BUILD.bazel new file mode 100644 index 000000000..887a196ed --- /dev/null +++ b/verifier/fake/BUILD.bazel @@ -0,0 +1,30 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "fake", + srcs = [ + "fakeclaims.go", + "fakeverifier.go", + "testkeys.go", + ], + embedsrcs = [ + "signer_rsa", + "signer_rsa.pub", + ], + importpath = "github.com/google/go-tpm-tools/verifier/fake", + visibility = ["//visibility:public"], + deps = [ + "//proto/attest", + "//proto/tpm", + "//server", + "//verifier", + "//verifier/oci", + "@com_github_golang_jwt_jwt_v4//:go_default_library", + "@com_github_google_go_eventlog//proto/state", + "@com_github_google_go_eventlog//register", + "@com_github_google_go_tpm//legacy/tpm2", + "@org_golang_google_genproto_googleapis_rpc//code", + "@org_golang_google_genproto_googleapis_rpc//status", + "@org_golang_google_protobuf//encoding/protojson", + ], +) diff --git a/verifier/ita/BUILD.bazel b/verifier/ita/BUILD.bazel new file mode 100644 index 000000000..33e8a7630 --- /dev/null +++ b/verifier/ita/BUILD.bazel @@ -0,0 +1,23 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "ita", + srcs = [ + "client.go", + "evidence.go", + ], + importpath = "github.com/google/go-tpm-tools/verifier/ita", + visibility = ["//visibility:public"], + deps = ["//verifier"], +) + +go_test( + name = "ita_test", + srcs = ["client_test.go"], + embed = [":ita"], + deps = [ + "//verifier", + "//verifier/models", + "@com_github_google_go_cmp//cmp", + ], +) diff --git a/verifier/models/BUILD.bazel b/verifier/models/BUILD.bazel new file mode 100644 index 000000000..8c1d15177 --- /dev/null +++ b/verifier/models/BUILD.bazel @@ -0,0 +1,8 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "models", + srcs = ["token_options.go"], + importpath = "github.com/google/go-tpm-tools/verifier/models", + visibility = ["//visibility:public"], +) diff --git a/verifier/oci/BUILD.bazel b/verifier/oci/BUILD.bazel new file mode 100644 index 000000000..62d3d038c --- /dev/null +++ b/verifier/oci/BUILD.bazel @@ -0,0 +1,8 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "oci", + srcs = ["interface.go"], + importpath = "github.com/google/go-tpm-tools/verifier/oci", + visibility = ["//visibility:public"], +) diff --git a/verifier/oci/cosign/BUILD.bazel b/verifier/oci/cosign/BUILD.bazel new file mode 100644 index 000000000..c8b4935d9 --- /dev/null +++ b/verifier/oci/cosign/BUILD.bazel @@ -0,0 +1,26 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "cosign", + srcs = [ + "fakesignature.go", + "signature.go", + ], + importpath = "github.com/google/go-tpm-tools/verifier/oci/cosign", + visibility = ["//visibility:public"], + deps = [ + "//verifier/oci", + "@com_github_opencontainers_go_digest//:go_default_library", + "@com_github_opencontainers_image_spec//specs-go/v1:go_default_library", + ], +) + +go_test( + name = "cosign_test", + srcs = ["signature_test.go"], + embed = [":cosign"], + deps = [ + "@com_github_opencontainers_go_digest//:go_default_library", + "@com_github_opencontainers_image_spec//specs-go/v1:go_default_library", + ], +) diff --git a/verifier/rest/BUILD.bazel b/verifier/rest/BUILD.bazel new file mode 100644 index 000000000..54ebc11d9 --- /dev/null +++ b/verifier/rest/BUILD.bazel @@ -0,0 +1,51 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "rest", + srcs = [ + "errors.go", + "rest.go", + ], + importpath = "github.com/google/go-tpm-tools/verifier/rest", + visibility = ["//visibility:public"], + deps = [ + "//verifier", + "//verifier/models", + "//verifier/oci", + "@com_github_google_go_sev_guest//abi", + "@com_github_google_go_sev_guest//proto/sevsnp", + "@com_github_google_go_tdx_guest//abi", + "@com_github_google_go_tdx_guest//proto/tdx", + "@com_github_googleapis_gax_go_v2//:go_default_library", + "@com_google_cloud_go_confidentialcomputing//apiv1:go_default_library", + "@com_google_cloud_go_confidentialcomputing//apiv1/confidentialcomputingpb:go_default_library", + "@org_golang_google_api//iterator:go_default_library", + "@org_golang_google_api//option:go_default_library", + "@org_golang_google_genproto//googleapis/cloud/location", + "@org_golang_google_grpc//codes", + ], +) + +go_test( + name = "rest_test", + srcs = ["rest_test.go"], + embed = [":rest"], + deps = [ + "//proto/attest", + "//proto/tpm", + "//verifier", + "//verifier/models", + "@com_github_google_go_cmp//cmp", + "@com_github_google_go_cmp//cmp/cmpopts", + "@com_github_google_go_sev_guest//abi", + "@com_github_google_go_sev_guest//proto/sevsnp", + "@com_github_google_go_tdx_guest//abi", + "@com_github_google_go_tdx_guest//proto/tdx", + "@com_github_google_go_tdx_guest//testing/testdata", + "@com_github_google_uuid//:uuid", + "@com_google_cloud_go_confidentialcomputing//apiv1/confidentialcomputingpb:go_default_library", + "@org_golang_google_genproto_googleapis_rpc//status", + "@org_golang_google_protobuf//encoding/prototext", + "@org_golang_google_protobuf//testing/protocmp", + ], +) diff --git a/verifier/util/BUILD.bazel b/verifier/util/BUILD.bazel new file mode 100644 index 000000000..bf25dd447 --- /dev/null +++ b/verifier/util/BUILD.bazel @@ -0,0 +1,35 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "util", + srcs = [ + "fake_attestation_server.go", + "fake_metadata.go", + "fake_oauth2_server.go", + "util.go", + ], + importpath = "github.com/google/go-tpm-tools/verifier/util", + visibility = ["//visibility:public"], + deps = [ + "//client", + "//verifier", + "//verifier/rest", + "@com_github_golang_jwt_jwt_v4//:go_default_library", + "@com_google_cloud_go_compute_metadata//:go_default_library", + "@com_google_cloud_go_confidentialcomputing//apiv1/confidentialcomputingpb:go_default_library", + "@org_golang_google_api//option:go_default_library", + "@org_golang_google_protobuf//encoding/protojson", + "@org_golang_x_net//http2", + "@org_golang_x_oauth2//google:go_default_library", + ], +) + +go_test( + name = "util_test", + srcs = ["util_test.go"], + embed = [":util"], + deps = [ + "@com_github_google_go_cmp//cmp", + "@com_google_cloud_go_compute_metadata//:go_default_library", + ], +)