From c1aa2039b57f05604eba19213d0fad2ff08e42f8 Mon Sep 17 00:00:00 2001 From: Michael Zhang Date: Thu, 23 Apr 2026 02:36:26 +0000 Subject: [PATCH 1/3] Tidy up code for consistency. --- server/service/service.go | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/server/service/service.go b/server/service/service.go index 976e670..217dfcf 100644 --- a/server/service/service.go +++ b/server/service/service.go @@ -127,7 +127,7 @@ type streamSessionV1 struct { hmacKey []byte // For TPM 1.2 EK challenge } -// TPM_ASYM_CA_CONTENTS structure for TPM 1.2 EK challenge. +// TPMAsymCAContents is the TPM_ASYM_CA_CONTENTS structure defined in the TPM 1.2 specification. // We have to define this structure as a fixed size struct for easy serialization using binary.Encode(). type TPMAsymCAContents struct { AlgID uint32 @@ -515,8 +515,8 @@ func (s *Service) BootstrapStreamV1(stream bpb.Bootstrap_BootstrapStreamV1Server return status.Errorf(codes.FailedPrecondition, "received unexpected TPM20HMAC challenge response") } // Verify HMAC challenge response. - hmac := challengeResponse.GetTpm20Hmac().GetHmac() - tpm2BAttest, err := tpm2.Unmarshal[tpm2.TPM2BAttest](hmac.GetIakCertifyInfo()) + mac := challengeResponse.GetTpm20Hmac().GetHmac() + tpm2BAttest, err := tpm2.Unmarshal[tpm2.TPM2BAttest](mac.GetIakCertifyInfo()) if err != nil { return status.Errorf(codes.InvalidArgument, "failed to unmarshal IAK Certify Info into TPM2B_ATTEST: %v", err) } @@ -524,12 +524,12 @@ func (s *Service) BootstrapStreamV1(stream bpb.Bootstrap_BootstrapStreamV1Server if err != nil { return status.Errorf(codes.InvalidArgument, "failed to get IAK Certify Info contents: %v", err) } - if err = s.tpm20.VerifyHMAC(tpm2.Marshal(iakCertifyInfo), hmac.GetIakCertifyInfoSignature(), session.hmacSensitive); err != nil { + if err = s.tpm20.VerifyHMAC(tpm2.Marshal(iakCertifyInfo), mac.GetIakCertifyInfoSignature(), session.hmacSensitive); err != nil { log.Errorf("Tpm20Hmac challenge HMAC verification failed for device %s, error: %v", session.chassis.ActiveSerial, err) return status.Errorf(codes.InvalidArgument, "Tpm20Hmac challenge HMAC verification failed: %v", err) } // Verify IAK public key attributes. - iakPubKey, err := s.tpm20.VerifyIAKAttributes(hmac.GetIakPub()) + iakPubKey, err := s.tpm20.VerifyIAKAttributes(mac.GetIakPub()) if err != nil { log.Errorf("Tpm20Hmac challenge public key verification failed for device %s, error: %v", session.chassis.ActiveSerial, err) return status.Errorf(codes.InvalidArgument, "Tpm20Hmac challenge public key verification failed: %v", err) @@ -563,9 +563,8 @@ func (s *Service) BootstrapStreamV1(stream bpb.Bootstrap_BootstrapStreamV1Server serializedTransportKey = challengeResponse.GetTpm12Ek().GetSerializedTransportKey() mac := hmac.New(sha256.New, session.hmacKey) mac.Write(serializedTransportKey) - hash := mac.Sum(nil) - if subtle.ConstantTimeCompare(challengeResponse.GetTpm12Ek().GetHash(), hash) != 1 { - log.Errorf("Tpm12Ek challenge verification failed: wrong HMAC hash for device %s, expected: %x, received: %x", session.chassis.ActiveSerial, hash, challengeResponse.GetTpm12Ek().GetHash()) + if subtle.ConstantTimeCompare(challengeResponse.GetTpm12Ek().GetHash(), mac.Sum(nil)) != 1 { + log.Errorf("Tpm12Ek challenge verification failed: wrong HMAC hash for device %s", session.chassis.ActiveSerial) return status.Errorf(codes.InvalidArgument, "Tpm12Ek challenge response HMAC hash verification failed") } log.Infof("Tpm12Ek challenge verification succeeded for device %s", session.chassis.ActiveSerial) From 9c5075dd3b43408212012d9bb67591f3af045f00 Mon Sep 17 00:00:00 2001 From: Michael Zhang Date: Thu, 23 Apr 2026 08:12:54 +0000 Subject: [PATCH 2/3] Minor optimization for allocating blob buffer. --- server/service/service.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/server/service/service.go b/server/service/service.go index 217dfcf..38e7b31 100644 --- a/server/service/service.go +++ b/server/service/service.go @@ -770,7 +770,11 @@ func (s *Service) createChallengeRequest(session *streamSessionV1, message proto Key: [32]byte(hmacKey), IDDigest: [20]byte(aikPubDigest), } - blob := make([]byte, 4+2+2+32+20) // size of TPM_ASYM_CA_CONTENTS + asymSize := binary.Size(asym) + if asymSize <= 0 { + return nil, status.Errorf(codes.Internal, "failed to get the size of TPM_ASYM_CA_CONTENTS structure") + } + blob := make([]byte, asymSize) if _, err = binary.Encode(blob, binary.BigEndian, asym); err != nil { return nil, status.Errorf(codes.Internal, "failed to serialize TPM_ASYM_CA_CONTENTS to the blob: %v", err) } From 2e0984d3a632b9afe5b502bad498cd966a4cb41e Mon Sep 17 00:00:00 2001 From: Michael Zhang Date: Mon, 18 May 2026 09:47:16 +0000 Subject: [PATCH 3/3] Add server/config package. --- server/proto/BUILD.bazel | 53 ++++ server/proto/config.proto | 87 ++++++ server/proto/config/config.pb.go | 461 +++++++++++++++++++++++++++++++ 3 files changed, 601 insertions(+) create mode 100644 server/proto/BUILD.bazel create mode 100644 server/proto/config.proto create mode 100755 server/proto/config/config.pb.go diff --git a/server/proto/BUILD.bazel b/server/proto/BUILD.bazel new file mode 100644 index 0000000..b723c64 --- /dev/null +++ b/server/proto/BUILD.bazel @@ -0,0 +1,53 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +load("@com_google_protobuf//bazel:proto_library.bzl", "proto_library") +load("@io_bazel_rules_go//go:def.bzl", "go_library") +load("@io_bazel_rules_go//proto:def.bzl", "go_proto_library") + +package(default_visibility = ["//visibility:public"]) + +proto_library( + name = "config_proto", + srcs = ["config.proto"], + import_prefix = "github.com/openconfig/bootz", + deps = [ + "//proto:bootz_proto", + "@openconfig_attestz//proto:tpm_enrollz_proto", + "@openconfig_gnsi//authz:authz_proto", + "@openconfig_gnsi//pathz:pathz_proto", + ], +) + +############################################################################## +# Go +############################################################################## + +go_proto_library( + name = "config_go_proto", + importpath = "github.com/openconfig/bootz/server/proto/config", + proto = ":config_proto", + deps = [ + "//proto:bootz", + "@openconfig_attestz//proto:tpm_enrollz_go", + "@openconfig_gnsi//authz", + "@openconfig_gnsi//pathz", + ], +) + +go_library( + name = "config", + embed = [":config_go_proto"], + importpath = "github.com/openconfig/bootz/server/proto/config", +) diff --git a/server/proto/config.proto b/server/proto/config.proto new file mode 100644 index 0000000..6708d21 --- /dev/null +++ b/server/proto/config.proto @@ -0,0 +1,87 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package config; + +import "github.com/openconfig/attestz/proto/tpm_enrollz.proto"; +import "github.com/openconfig/bootz/proto/bootz.proto"; +import "github.com/openconfig/gnsi/authz/authz.proto"; +import "github.com/openconfig/gnsi/pathz/pathz.proto"; + +option go_package = "github.com/openconfig/bootz/server/proto/config"; + +// A binding configuration for Bootz server. +message Config { + // Bootz server address (IP:port). + string server_address = 1; + // Bootz server trust anchor cert key pair. + CertKeyPair trust_anchor = 2; + // Owner certificate key pair. + CertKeyPair owner_certificate = 3; + // Based64 encoding of ASN.1 DER vendor CA certificates. + repeated string vendor_ca_certs = 4; + // Chassis owned by the organization. + repeated Chassis chassis = 5; +} + +message CertKeyPair { + // Base64 encoding of ASN.1 DER certificate. + string cert = 1; + // Base64 encoding of PKCS#8 DER private key. + string key = 2; +} + +message Chassis { + // Chassis manufacturer. + string manufacturer = 1; + // For fixed form factor chassis, populate only 1 control card to represent + // the chassis itself. For modular form factor chassis, populate 2 control + // cards. + repeated ControlCard control_cards = 2; + // The intended hostname of the chassis. + string hostname = 3; + // Boot mode defines the boot mode that can be secure or insecure. + bootz.BootMode boot_mode = 4; + // Whether Streaming Bootz is supported or not. + bool streaming_supported = 5; + // Software image to be loaded on the chassis. + bootz.SoftwareImage intended_image = 6; + // Bootloader password. + string boot_password_hash = 7; + // Boot config to be loaded on the chassis. + bootz.BootConfig boot_config = 8; + // Credentials. + bootz.Credentials credentials = 9; + // Pathz. + gnsi.pathz.v1.UploadRequest pathz = 10; + // Authz. + gnsi.authz.v1.UploadRequest authz = 11; + // Certz profiles. + bootz.CertzProfiles certz_profiles = 12; +} + +message ControlCard { + // Serial number of the control card. + string serial_number = 1; + // Base64 encoding of ownership voucher. + string ownership_voucher = 2; + // Base64 encoding of PKIX DER EK/PPK public key. + // This field is not populated for control cards having IDevID. + string public_key = 3; + // Public key type: EK or PPK. + // This field is not populated for control cards having IDevID. + openconfig.attestz.Key public_key_type = 4; +} diff --git a/server/proto/config/config.pb.go b/server/proto/config/config.pb.go new file mode 100755 index 0000000..34c9670 --- /dev/null +++ b/server/proto/config/config.pb.go @@ -0,0 +1,461 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.11 +// protoc v7.34.1 +// source: github.com/openconfig/bootz/server/proto/config.proto + +package config + +import ( + tpm_enrollz "github.com/openconfig/attestz/proto/tpm_enrollz" + bootz "github.com/openconfig/bootz/proto/bootz" + authz "github.com/openconfig/gnsi/authz" + pathz "github.com/openconfig/gnsi/pathz" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" + unsafe "unsafe" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type Config struct { + state protoimpl.MessageState `protogen:"open.v1"` + ServerAddress string `protobuf:"bytes,1,opt,name=server_address,json=serverAddress,proto3" json:"server_address,omitempty"` + TrustAnchor *CertKeyPair `protobuf:"bytes,2,opt,name=trust_anchor,json=trustAnchor,proto3" json:"trust_anchor,omitempty"` + OwnerCertificate *CertKeyPair `protobuf:"bytes,3,opt,name=owner_certificate,json=ownerCertificate,proto3" json:"owner_certificate,omitempty"` + VendorCaCerts []string `protobuf:"bytes,4,rep,name=vendor_ca_certs,json=vendorCaCerts,proto3" json:"vendor_ca_certs,omitempty"` + Chassis []*Chassis `protobuf:"bytes,5,rep,name=chassis,proto3" json:"chassis,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Config) Reset() { + *x = Config{} + mi := &file_github_com_openconfig_bootz_server_proto_config_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Config) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Config) ProtoMessage() {} + +func (x *Config) ProtoReflect() protoreflect.Message { + mi := &file_github_com_openconfig_bootz_server_proto_config_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Config.ProtoReflect.Descriptor instead. +func (*Config) Descriptor() ([]byte, []int) { + return file_github_com_openconfig_bootz_server_proto_config_proto_rawDescGZIP(), []int{0} +} + +func (x *Config) GetServerAddress() string { + if x != nil { + return x.ServerAddress + } + return "" +} + +func (x *Config) GetTrustAnchor() *CertKeyPair { + if x != nil { + return x.TrustAnchor + } + return nil +} + +func (x *Config) GetOwnerCertificate() *CertKeyPair { + if x != nil { + return x.OwnerCertificate + } + return nil +} + +func (x *Config) GetVendorCaCerts() []string { + if x != nil { + return x.VendorCaCerts + } + return nil +} + +func (x *Config) GetChassis() []*Chassis { + if x != nil { + return x.Chassis + } + return nil +} + +type CertKeyPair struct { + state protoimpl.MessageState `protogen:"open.v1"` + Cert string `protobuf:"bytes,1,opt,name=cert,proto3" json:"cert,omitempty"` + Key string `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *CertKeyPair) Reset() { + *x = CertKeyPair{} + mi := &file_github_com_openconfig_bootz_server_proto_config_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *CertKeyPair) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CertKeyPair) ProtoMessage() {} + +func (x *CertKeyPair) ProtoReflect() protoreflect.Message { + mi := &file_github_com_openconfig_bootz_server_proto_config_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CertKeyPair.ProtoReflect.Descriptor instead. +func (*CertKeyPair) Descriptor() ([]byte, []int) { + return file_github_com_openconfig_bootz_server_proto_config_proto_rawDescGZIP(), []int{1} +} + +func (x *CertKeyPair) GetCert() string { + if x != nil { + return x.Cert + } + return "" +} + +func (x *CertKeyPair) GetKey() string { + if x != nil { + return x.Key + } + return "" +} + +type Chassis struct { + state protoimpl.MessageState `protogen:"open.v1"` + Manufacturer string `protobuf:"bytes,1,opt,name=manufacturer,proto3" json:"manufacturer,omitempty"` + ControlCards []*ControlCard `protobuf:"bytes,2,rep,name=control_cards,json=controlCards,proto3" json:"control_cards,omitempty"` + Hostname string `protobuf:"bytes,3,opt,name=hostname,proto3" json:"hostname,omitempty"` + BootMode bootz.BootMode `protobuf:"varint,4,opt,name=boot_mode,json=bootMode,proto3,enum=bootz.BootMode" json:"boot_mode,omitempty"` + StreamingSupported bool `protobuf:"varint,5,opt,name=streaming_supported,json=streamingSupported,proto3" json:"streaming_supported,omitempty"` + IntendedImage *bootz.SoftwareImage `protobuf:"bytes,6,opt,name=intended_image,json=intendedImage,proto3" json:"intended_image,omitempty"` + BootPasswordHash string `protobuf:"bytes,7,opt,name=boot_password_hash,json=bootPasswordHash,proto3" json:"boot_password_hash,omitempty"` + BootConfig *bootz.BootConfig `protobuf:"bytes,8,opt,name=boot_config,json=bootConfig,proto3" json:"boot_config,omitempty"` + Credentials *bootz.Credentials `protobuf:"bytes,9,opt,name=credentials,proto3" json:"credentials,omitempty"` + Pathz *pathz.UploadRequest `protobuf:"bytes,10,opt,name=pathz,proto3" json:"pathz,omitempty"` + Authz *authz.UploadRequest `protobuf:"bytes,11,opt,name=authz,proto3" json:"authz,omitempty"` + CertzProfiles *bootz.CertzProfiles `protobuf:"bytes,12,opt,name=certz_profiles,json=certzProfiles,proto3" json:"certz_profiles,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Chassis) Reset() { + *x = Chassis{} + mi := &file_github_com_openconfig_bootz_server_proto_config_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Chassis) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Chassis) ProtoMessage() {} + +func (x *Chassis) ProtoReflect() protoreflect.Message { + mi := &file_github_com_openconfig_bootz_server_proto_config_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Chassis.ProtoReflect.Descriptor instead. +func (*Chassis) Descriptor() ([]byte, []int) { + return file_github_com_openconfig_bootz_server_proto_config_proto_rawDescGZIP(), []int{2} +} + +func (x *Chassis) GetManufacturer() string { + if x != nil { + return x.Manufacturer + } + return "" +} + +func (x *Chassis) GetControlCards() []*ControlCard { + if x != nil { + return x.ControlCards + } + return nil +} + +func (x *Chassis) GetHostname() string { + if x != nil { + return x.Hostname + } + return "" +} + +func (x *Chassis) GetBootMode() bootz.BootMode { + if x != nil { + return x.BootMode + } + return bootz.BootMode(0) +} + +func (x *Chassis) GetStreamingSupported() bool { + if x != nil { + return x.StreamingSupported + } + return false +} + +func (x *Chassis) GetIntendedImage() *bootz.SoftwareImage { + if x != nil { + return x.IntendedImage + } + return nil +} + +func (x *Chassis) GetBootPasswordHash() string { + if x != nil { + return x.BootPasswordHash + } + return "" +} + +func (x *Chassis) GetBootConfig() *bootz.BootConfig { + if x != nil { + return x.BootConfig + } + return nil +} + +func (x *Chassis) GetCredentials() *bootz.Credentials { + if x != nil { + return x.Credentials + } + return nil +} + +func (x *Chassis) GetPathz() *pathz.UploadRequest { + if x != nil { + return x.Pathz + } + return nil +} + +func (x *Chassis) GetAuthz() *authz.UploadRequest { + if x != nil { + return x.Authz + } + return nil +} + +func (x *Chassis) GetCertzProfiles() *bootz.CertzProfiles { + if x != nil { + return x.CertzProfiles + } + return nil +} + +type ControlCard struct { + state protoimpl.MessageState `protogen:"open.v1"` + SerialNumber string `protobuf:"bytes,1,opt,name=serial_number,json=serialNumber,proto3" json:"serial_number,omitempty"` + OwnershipVoucher string `protobuf:"bytes,2,opt,name=ownership_voucher,json=ownershipVoucher,proto3" json:"ownership_voucher,omitempty"` + PublicKey string `protobuf:"bytes,3,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` + PublicKeyType tpm_enrollz.Key `protobuf:"varint,4,opt,name=public_key_type,json=publicKeyType,proto3,enum=openconfig.attestz.Key" json:"public_key_type,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ControlCard) Reset() { + *x = ControlCard{} + mi := &file_github_com_openconfig_bootz_server_proto_config_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ControlCard) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ControlCard) ProtoMessage() {} + +func (x *ControlCard) ProtoReflect() protoreflect.Message { + mi := &file_github_com_openconfig_bootz_server_proto_config_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ControlCard.ProtoReflect.Descriptor instead. +func (*ControlCard) Descriptor() ([]byte, []int) { + return file_github_com_openconfig_bootz_server_proto_config_proto_rawDescGZIP(), []int{3} +} + +func (x *ControlCard) GetSerialNumber() string { + if x != nil { + return x.SerialNumber + } + return "" +} + +func (x *ControlCard) GetOwnershipVoucher() string { + if x != nil { + return x.OwnershipVoucher + } + return "" +} + +func (x *ControlCard) GetPublicKey() string { + if x != nil { + return x.PublicKey + } + return "" +} + +func (x *ControlCard) GetPublicKeyType() tpm_enrollz.Key { + if x != nil { + return x.PublicKeyType + } + return tpm_enrollz.Key(0) +} + +var File_github_com_openconfig_bootz_server_proto_config_proto protoreflect.FileDescriptor + +const file_github_com_openconfig_bootz_server_proto_config_proto_rawDesc = "" + + "\n" + + "5github.com/openconfig/bootz/server/proto/config.proto\x12\x06config\x1a5github.com/openconfig/attestz/proto/tpm_enrollz.proto\x1a-github.com/openconfig/bootz/proto/bootz.proto\x1a,github.com/openconfig/gnsi/authz/authz.proto\x1a,github.com/openconfig/gnsi/pathz/pathz.proto\"\xfc\x01\n" + + "\x06Config\x12%\n" + + "\x0eserver_address\x18\x01 \x01(\tR\rserverAddress\x126\n" + + "\ftrust_anchor\x18\x02 \x01(\v2\x13.config.CertKeyPairR\vtrustAnchor\x12@\n" + + "\x11owner_certificate\x18\x03 \x01(\v2\x13.config.CertKeyPairR\x10ownerCertificate\x12&\n" + + "\x0fvendor_ca_certs\x18\x04 \x03(\tR\rvendorCaCerts\x12)\n" + + "\achassis\x18\x05 \x03(\v2\x0f.config.ChassisR\achassis\"3\n" + + "\vCertKeyPair\x12\x12\n" + + "\x04cert\x18\x01 \x01(\tR\x04cert\x12\x10\n" + + "\x03key\x18\x02 \x01(\tR\x03key\"\xdc\x04\n" + + "\aChassis\x12\"\n" + + "\fmanufacturer\x18\x01 \x01(\tR\fmanufacturer\x128\n" + + "\rcontrol_cards\x18\x02 \x03(\v2\x13.config.ControlCardR\fcontrolCards\x12\x1a\n" + + "\bhostname\x18\x03 \x01(\tR\bhostname\x12,\n" + + "\tboot_mode\x18\x04 \x01(\x0e2\x0f.bootz.BootModeR\bbootMode\x12/\n" + + "\x13streaming_supported\x18\x05 \x01(\bR\x12streamingSupported\x12;\n" + + "\x0eintended_image\x18\x06 \x01(\v2\x14.bootz.SoftwareImageR\rintendedImage\x12,\n" + + "\x12boot_password_hash\x18\a \x01(\tR\x10bootPasswordHash\x122\n" + + "\vboot_config\x18\b \x01(\v2\x11.bootz.BootConfigR\n" + + "bootConfig\x124\n" + + "\vcredentials\x18\t \x01(\v2\x12.bootz.CredentialsR\vcredentials\x122\n" + + "\x05pathz\x18\n" + + " \x01(\v2\x1c.gnsi.pathz.v1.UploadRequestR\x05pathz\x122\n" + + "\x05authz\x18\v \x01(\v2\x1c.gnsi.authz.v1.UploadRequestR\x05authz\x12;\n" + + "\x0ecertz_profiles\x18\f \x01(\v2\x14.bootz.CertzProfilesR\rcertzProfiles\"\xbf\x01\n" + + "\vControlCard\x12#\n" + + "\rserial_number\x18\x01 \x01(\tR\fserialNumber\x12+\n" + + "\x11ownership_voucher\x18\x02 \x01(\tR\x10ownershipVoucher\x12\x1d\n" + + "\n" + + "public_key\x18\x03 \x01(\tR\tpublicKey\x12?\n" + + "\x0fpublic_key_type\x18\x04 \x01(\x0e2\x17.openconfig.attestz.KeyR\rpublicKeyTypeB1Z/github.com/openconfig/bootz/server/proto/configb\x06proto3" + +var ( + file_github_com_openconfig_bootz_server_proto_config_proto_rawDescOnce sync.Once + file_github_com_openconfig_bootz_server_proto_config_proto_rawDescData []byte +) + +func file_github_com_openconfig_bootz_server_proto_config_proto_rawDescGZIP() []byte { + file_github_com_openconfig_bootz_server_proto_config_proto_rawDescOnce.Do(func() { + file_github_com_openconfig_bootz_server_proto_config_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_github_com_openconfig_bootz_server_proto_config_proto_rawDesc), len(file_github_com_openconfig_bootz_server_proto_config_proto_rawDesc))) + }) + return file_github_com_openconfig_bootz_server_proto_config_proto_rawDescData +} + +var file_github_com_openconfig_bootz_server_proto_config_proto_msgTypes = make([]protoimpl.MessageInfo, 4) +var file_github_com_openconfig_bootz_server_proto_config_proto_goTypes = []any{ + (*Config)(nil), // 0: config.Config + (*CertKeyPair)(nil), // 1: config.CertKeyPair + (*Chassis)(nil), // 2: config.Chassis + (*ControlCard)(nil), // 3: config.ControlCard + (bootz.BootMode)(0), // 4: bootz.BootMode + (*bootz.SoftwareImage)(nil), // 5: bootz.SoftwareImage + (*bootz.BootConfig)(nil), // 6: bootz.BootConfig + (*bootz.Credentials)(nil), // 7: bootz.Credentials + (*pathz.UploadRequest)(nil), // 8: gnsi.pathz.v1.UploadRequest + (*authz.UploadRequest)(nil), // 9: gnsi.authz.v1.UploadRequest + (*bootz.CertzProfiles)(nil), // 10: bootz.CertzProfiles + (tpm_enrollz.Key)(0), // 11: openconfig.attestz.Key +} +var file_github_com_openconfig_bootz_server_proto_config_proto_depIdxs = []int32{ + 1, // 0: config.Config.trust_anchor:type_name -> config.CertKeyPair + 1, // 1: config.Config.owner_certificate:type_name -> config.CertKeyPair + 2, // 2: config.Config.chassis:type_name -> config.Chassis + 3, // 3: config.Chassis.control_cards:type_name -> config.ControlCard + 4, // 4: config.Chassis.boot_mode:type_name -> bootz.BootMode + 5, // 5: config.Chassis.intended_image:type_name -> bootz.SoftwareImage + 6, // 6: config.Chassis.boot_config:type_name -> bootz.BootConfig + 7, // 7: config.Chassis.credentials:type_name -> bootz.Credentials + 8, // 8: config.Chassis.pathz:type_name -> gnsi.pathz.v1.UploadRequest + 9, // 9: config.Chassis.authz:type_name -> gnsi.authz.v1.UploadRequest + 10, // 10: config.Chassis.certz_profiles:type_name -> bootz.CertzProfiles + 11, // 11: config.ControlCard.public_key_type:type_name -> openconfig.attestz.Key + 12, // [12:12] is the sub-list for method output_type + 12, // [12:12] is the sub-list for method input_type + 12, // [12:12] is the sub-list for extension type_name + 12, // [12:12] is the sub-list for extension extendee + 0, // [0:12] is the sub-list for field type_name +} + +func init() { file_github_com_openconfig_bootz_server_proto_config_proto_init() } +func file_github_com_openconfig_bootz_server_proto_config_proto_init() { + if File_github_com_openconfig_bootz_server_proto_config_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_github_com_openconfig_bootz_server_proto_config_proto_rawDesc), len(file_github_com_openconfig_bootz_server_proto_config_proto_rawDesc)), + NumEnums: 0, + NumMessages: 4, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_github_com_openconfig_bootz_server_proto_config_proto_goTypes, + DependencyIndexes: file_github_com_openconfig_bootz_server_proto_config_proto_depIdxs, + MessageInfos: file_github_com_openconfig_bootz_server_proto_config_proto_msgTypes, + }.Build() + File_github_com_openconfig_bootz_server_proto_config_proto = out.File + file_github_com_openconfig_bootz_server_proto_config_proto_goTypes = nil + file_github_com_openconfig_bootz_server_proto_config_proto_depIdxs = nil +}