github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/run/scripts/domain_template.pb

github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/run/scripts/domain_template.pb (about)

     1  config: {
     2    domain_info: {
     3      name: "Demo"
     4      policy_keys_path: "policy_keys"
     5      guard_type: "REPLACE_WITH_DOMAIN_GUARD_TYPE"
     6    }
     7  
     8    x509_info: {
     9      common_name: "Test"
    10      country: "US"
    11      state: "WA"
    12      organization: "CloudProxy"
    13    }
    14  
    15    acl_guard_info: {
    16      signed_acls_path: "acls"
    17    }
    18  
    19    datalog_guard_info: {
    20      signed_rules_path: "rules"
    21    }
    22  
    23    tpm_info: {
    24      tpm_path: "/dev/tpm0"
    25      aik_path: "aikblob"
    26      pcrs: "17,18"
    27    }
    28  
    29    tpm2_info: {
    30      tpm2_device: "/dev/tpm0"
    31      tpm2_pcrs: "17,18"
    32    }
    33  }
    34  
    35  datalog_rules: "(forall P: forall Host: forall Hash: TrustedHost(Host) and TrustedProgramHash(Hash) and Subprin(P, Host, Hash) implies MemberProgram(P))"
    36  datalog_rules: "(forall P: forall Host: forall Hash: TrustedHost(Host) and TrustedContainerHash(Hash) and Subprin(P, Host, Hash) implies MemberProgram(P))"
    37  
    38  datalog_rules: "(forall P: forall VM: forall Guard: TrustedHost(VM) and TrustedGuard(Guard) and Subprin(P, VM, Guard) implies TrustedHost(P))"
    39  
    40  datalog_rules: "(forall P: forall VM: forall Host: TrustedHost(Host) and TrustedVMImage(VM) and Subprin(P, Host, VM) implies TrustedVM(P))"
    41  datalog_rules: "(forall P: forall VM: forall Hash: TrustedVM(VM) and TrustedHost(Hash) and Subprin(P, VM, Hash) implies TrustedHost(P))"
    42  
    43  datalog_rules: "(forall T: forall PCRs: forall P: TrustedTPM(T) and TrustedOS(PCRs) and Subprin(P, T, PCRs) implies TrustedHost(P))"
    44  
    45  datalog_rules: "(forall P: TrustedHost(P) implies Authorized(P, \"Execute\"))"
    46  datalog_rules: "(forall P: MemberProgram(P) implies Authorized(P, \"Execute\"))"
    47  
    48  host_predicate_name: "TrustedHost"
    49  
    50  program_paths: "mixnet_router"
    51  program_paths: "demo_server"
    52  program_paths: "demo_client"
    53  program_predicate_name: "TrustedProgramHash"
    54  
    55  container_paths: "demo_server.img.tgz"
    56  container_paths: "demo_client.img.tgz"
    57  container_predicate_name: "TrustedContainerHash"
    58  
    59  vm_paths: "coreos_production_qemu_image.img"
    60  vm_predicate_name: "TrustedVMImage"
    61  
    62  linux_host_paths: "linux_host.img.tgz"
    63  linux_host_predicate_name: "TrustedHost"
    64  
    65  guard_predicate_name: "TrustedGuard"
    66  tpm_predicate_name: "TrustedTPM"
    67  os_predicate_name: "TrustedOS"
    68  tpm2_predicate_name: "TrustedTPM2"