interface.go

package carrier

import "github.com/containerd/containerd/runtime/v2/task"

type BuildUnsignedEnclaveArgs struct {
	// Bundle is the directory of unpacked container image.
	Bundle string
}

type CommonArgs struct {
	// Enclave is the enclave file to be signed.
	Enclave string

	// Key is the public key.
	//   For SignGenData args, a optional key specifies the public key of payload.
	//   For SignCatSig args, a required key specifies the public key of the enclave signing key.
	Key string

	// Config is the the configuration for the enclave.
	Config string
}

type CascadeEnclaveSignatureArgs struct {
	CommonArgs

	// SigningMaterial the enclave signing material generated by "SignGenData()".
	SigningMaterial string

	//Signature is the signature file for the enclave signing material.
	Signature string
}

// Carrier is a factory that leverages libOS to build a TEE for native container applications.
type Carrier interface {
	// Name returns the name of carrier.
	Name() string

	// BuildUnsignedEnclave builds a unsigned libOS enclave for application.
	BuildUnsignedEnclave(req *task.CreateTaskRequest, args *BuildUnsignedEnclaveArgs) (unsignedEnclave string, err error)

	// GenerateSigningMaterial generates enclave signing material to be signed.
	GenerateSigningMaterial(req *task.CreateTaskRequest, args *CommonArgs) (signingMaterial string, err error)

	// CascadeEnclaveSignature generates the signed enclave with the input signature file, the public key and
	//   the enclave signing material.
	CascadeEnclaveSignature(req *task.CreateTaskRequest, args *CascadeEnclaveSignatureArgs) (signedEnclave string, err error)

	// Cleanup cleans all files and directories generated by carrier.
	Cleanup() error
}