Skip to content

Confidential Containers Guest Tools and Components

License

Notifications You must be signed in to change notification settings

arronwy/guest-components

Repository files navigation

Confidential Container Tools and Components

FOSSA Status

This repository includes tools and components for confidential container images.

Components

Attestation Agent An agent for facilitating attestation protocols. Can be built as a library to run in a process-based enclave or built as a process that runs inside a confidential vm.

image-rs Rust implementation of the container image management library.

ocicrypt-rs Rust implementation of the OCI image encryption library.

api-server-rest CoCo Restful API server.

coco-keyprovider CoCo Keyprovider. Used to encrypt the container images.

Build

A Makefile is provided to quickly build Attestation Agent/Api Server Rest/Confidential Data Hub for a given platform.

make build TEE_PLATFORM=$(TEE_PLATFORM)
make install DESTDIR=/usr/local/bin

The TEE_PLATFORM parameter can be

  • none: for tests with non-confidential guests
  • fs: for platforms with encrypted root filesystems (i.e. s390x)
  • tdx: for Intel TDX
  • az-tdx-vtpm: for Intel TDX with Azure vTPM
  • sev: for AMD SEV(-ES)
  • snp: for AMD SEV-SNP
  • az-snp-vtpm: for AMD SEV-SNP with Azure vTPM

License

FOSSA Status

About

Confidential Containers Guest Tools and Components

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Rust 96.7%
  • Go 1.3%
  • Makefile 1.1%
  • Other 0.9%