src/pqc_hypervisor_attestation/backends/base.py
| 1 | """Attestation backend interface. |
| 2 | |
| 3 | A backend knows how to (1) enumerate MemoryRegions for a workload and |
| 4 | (2) snapshot a region's bytes into a RegionSnapshot. The library is |
| 5 | backend-agnostic — real implementations wrap AMD SEV-SNP, Intel TDX, or |
| 6 | userland ptrace-based shims. |
| 7 | """ |
| 8 | |
| 9 | from __future__ import annotations |
| 10 | |
| 11 | from abc import ABC, abstractmethod |
| 12 | |
| 13 | from pqc_hypervisor_attestation.region import MemoryRegion, RegionSnapshot |
| 14 | |
| 15 | |
| 16 | class AttestationBackend(ABC): |
| 17 | """Base class all attestation backends inherit from.""" |
| 18 | |
| 19 | name: str = "" |
| 20 | platform: str = "" # "amd-sev-snp" | "intel-tdx" | "in-memory" | ... |
| 21 | |
| 22 | @abstractmethod |
| 23 | def list_regions(self, workload_id: str) -> list[MemoryRegion]: |
| 24 | """Return the memory regions the workload owns.""" |
| 25 | |
| 26 | @abstractmethod |
| 27 | def snapshot(self, region: MemoryRegion) -> RegionSnapshot: |
| 28 | """Take a fresh SHA3-256 snapshot of the region's current bytes.""" |
| 29 | |