⚠️ VeridianOS Kernel Documentation - This is low-level kernel code. All functions are unsafe unless explicitly marked otherwise. no_std

BootChainVerifier

veridian_kernel::verification::boot_chain

Struct BootChainVerifier 

Source 
pub struct BootChainVerifier { /* private fields */ }
Expand description

Boot chain verifier that checks invariants

Implementations§

Source§

impl BootChainVerifier

Source

pub fn new() -> Self

Create a new boot chain verifier

Source

pub fn measure( &mut self, stage: BootStage, pcr_index: usize, digest: [u8; 32], component: MeasuredComponent, ) -> Result<(), BootVerifyError>

Record a boot measurement

Source

pub fn set_expected_pcr(&mut self, pcr_index: usize, expected: [u8; 32])

Set an expected PCR value for policy checking

Source

pub fn verify_pcr_monotonicity(&self) -> Result<(), BootVerifyError>

Verify PCR monotonicity: PCR values only change via extend, never reset

This is verified structurally: the PcrState API only allows extend(), and extend() always changes the value (unless the implementation is broken).

Source

pub fn verify_measurement_completeness(&self) -> Result<(), BootVerifyError>

Verify measurement completeness: all boot stages have been measured

Source

pub fn verify_hash_chain(&self) -> Result<(), BootVerifyError>

Verify hash chain integrity: each measurement properly chains

Source

pub fn verify_boot_policy(&self) -> Result<PolicyDecision, BootVerifyError>

Verify boot policy: PCR values match expected values

Source

pub fn verify_log_ordering(&self) -> Result<(), BootVerifyError>

Verify measurement log is chronologically ordered

Source

pub fn verify_measurement_count(&self) -> Result<(), BootVerifyError>

Verify measurement count matches PCR extend counts

Source

pub fn status(&self) -> BootStatus

Get current boot status

Source

pub fn set_status( &mut self, new_status: BootStatus, ) -> Result<(), BootVerifyError>

Transition boot status

Trait Implementations§

Source§

impl Debug for BootChainVerifier

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for BootChainVerifier

Source§

fn default() -> BootChainVerifier

Returns the “default value” for a type. Read more

Auto Trait Implementations§

§

impl Freeze for BootChainVerifier

§

impl RefUnwindSafe for BootChainVerifier

§

impl Send for BootChainVerifier

§

impl Sync for BootChainVerifier

§

impl Unpin for BootChainVerifier

§

impl UnwindSafe for BootChainVerifier

Blanket Implementations§

§

impl<T> Any for T
where T: 'static + ?Sized,

§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
§

impl<T> Borrow<T> for T
where T: ?Sized,

§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
§

impl<T> BorrowMut<T> for T
where T: ?Sized,

§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
§

impl<T> From<T> for T

§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T, U> Into<U> for T
where U: From<T>,

§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of [From]<T> for U chooses to do.

§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.