go-tdx-guest offers a library to wrap the /dev/tdx-guest device in Linux, as well as a library for attestation verification of fundamental components of an attestation quote.
The go-tdx-guest tool is tightly dependent on TDX quote V4 format and soon it would be moving to QuoteV5 format. So updating current APIs to be generic, and support any Quote format without needing changes in these APIs from our customers. Recently added APIs - GetQuoteViaProvider() & GetRawQuoteViaProvider() - have been removed and the logic has been combined with same old APIs - GetRawQuote() & GetQuote() - with the help of ‘any’ interface. Most of the unit tests use QuoteV4 for testing so when the tool moves to other quote formats, then these unit tests would be updated holistically. go-tpm-tools need a type-cast to QuoteV4 in its attest package.
Breaking changes in go-tdx-guest :-
abi
QuoteToAbiBytes(quote any) ([]byte, error) : If a nil quote is provided then returned error would be ErrQuoteNil and not ErrQuoteV4Nil. If a customer is doing some error handling specific to this error then it needs to be modified.
client
GetRawQuote(quoteProvider any, reportData [64]byte) ([]uint8, error) : Removed the size/length from the return response. Error message should be sufficient for handling.
GetQuote(quoteProvider any, reportData [64]byte) (any, error) : It can now take in any input - device or quote provider - to fetch attestation quote and return any valid TDX quote format. A customer would be required to type cast it to V4, if directly using go-tdx-guest’s client package to fetch quote and perform verification without using go-tdx-guest’s tools.
The go-tdx-guest tool is tightly dependent on TDX quote V4 format and soon it would be moving to QuoteV5 format. So updating current APIs to be generic, and support any Quote format without needing changes in these APIs from our customers. Recently added APIs - GetQuoteViaProvider() & GetRawQuoteViaProvider() - have been removed and the logic has been combined with same old APIs - GetRawQuote() & GetQuote() - with the help of ‘any’ interface. Most of the unit tests use QuoteV4 for testing so when the tool moves to other quote formats, then these unit tests would be updated holistically. go-tpm-tools need a type-cast to QuoteV4 in its attest package.
Breaking changes in go-tdx-guest :-
abi
QuoteToAbiBytes(quote any) ([]byte, error) : If a nil quote is provided then returned error would be ErrQuoteNil and not ErrQuoteV4Nil. If a customer is doing some error handling specific to this error then it needs to be modified. client
GetRawQuote(quoteProvider any, reportData [64]byte) ([]uint8, error) : Removed the size/length from the return response. Error message should be sufficient for handling. GetQuote(quoteProvider any, reportData [64]byte) (any, error) : It can now take in any input - device or quote provider - to fetch attestation quote and return any valid TDX quote format. A customer would be required to type cast it to V4, if directly using go-tdx-guest’s client package to fetch quote and perform verification without using go-tdx-guest’s tools.