yzz127
diff --git a/‎README.md
Lines changed: 47 additions & 17 deletions b/‎README.md
Lines changed: 47 additions & 17 deletions
diff --git a/‎go-aztdx/README.md
Lines changed: 2 additions & 5 deletions b/‎go-aztdx/README.md
Lines changed: 2 additions & 5 deletions
diff --git a/‎go-connector/README.md
Lines changed: 20 additions & 130 deletions b/‎go-connector/README.md
Lines changed: 20 additions & 130 deletions
@@ -1,32 +1,62 @@
----
-last_updated: 18 October 2024
----
+# Intel® Trust Authority Client for Go
+
+<p style="font-size: 0.875em;">· 10/14/2024 ·</p>
+
+[Intel® Trust Authority](https://www.intel.com/content/www/us/en/security/trust-authority.html) [Client for Go](https://docs.trustauthority.intel.com/main/articles/integrate-go-client.html) ("the client") provides a set of Go modules and a command line interface (CLI) for attesting different TEEs with Intel Trust Authority. The attestation client API and [attestation client CLI](https://docs.trustauthority.intel.com/main/articles/integrate-go-tdx-cli.html) can be used by both attesters and relying parties, in either Passport or Background-check attestation mode. 
+
+> [!NOTE]
+> This is the General Availability (GA) release code for the Intel TDX host , Azure CVM\* with Intel TDX+vTPM , and GCP CVM with Intel TDX adapters are now consolidated in the **main** branch in the [`go-tdx`](./go-tdx/) directory. 
+<br> <p style="font-size: 0.875em;">**\*** CVM = Confidential Virtual Machine</p>
+
+> [!NOTE]
+> The following preview branches are deprecated in this release: **azure-tdx-preview**, **tpm-preview**, and **gcp-tdx-preview**. These branches will be removed in the next release.
 
-# Intel® Trust Authority Client
+## Supported TEEs and Platforms
+The Intel Trust Authority Client for Go works with the following TEEs and platforms:
 
-[Intel® Trust Authority](https://www.intel.com/content/www/us/en/security/trust-authority.html) Client for Go ("the Client") provides a set of Go modules and command line interfaces (CLI) for attesting different TEEs with Intel Trust Authority. The Client can be used by both attesters and relying parties, in either Passport or Background-check attestation mode. You can import the Go modules into your application, or you can directly invoke the CLI for Intel® TDX attestation from your application or workflow.
+| TEE or Platform | Status | Repo Branch | Notes |
+| --- | --- | --- | --- |
+| Intel® Software Guard Extensions (Intel® SGX) | GA | [**main**](https://github.com/intel/trustauthority-client-for-go/tree/main/go-sgx) | Bare metal host/on-premises. |
+| Intel® Trust Domain Extensions (Intel® TDX) | GA | [**main**](https://github.com/intel/trustauthority-client-for-go/tree/main/go-tdx) | Bare metal hosts & cloud VMs that support configfs, such as GCP. See the notes above this table. |
+| Azure\* confidential VMs with Intel TDX | GA | [**main**](https://github.com/intel/trustauthority-client-for-go/tree/main/go-aztdx) | Moved from Preview to GA status. See notes.|
+| Azure\* confidential VMs with Intel TDX and vTPM | GA | [**main**](https://github.com/intel/trustauthority-client-for-go/tree/go-tpm) | Moved from Preview to GA status. See notes.|
+| Google Cloud Platform\* (GCP) confidential VMs on Intel CPUs with Intel TDX | GA | [**main**](https://github.com/intel/trustauthority-client-for-go/tree/main/go-tdx) | Moved from Preview to GA status. See notes. |
+| AMD Secure Encrypted Virtualization - Secure Nested Paging\* (AMD SEV-SNP\*) | Preview | [**sevsnp-preview**](https://github.com/intel/trustauthority-client-for-go/tree/sevsnp-preview) | Pilot environment only |
+| Physical TPM | Preview | [**physical-tpm-preview**](https://github.com/intel/trustauthority-client-for-go/tree/physical-tpm-preview) | Pilot environment only |
 
-Supported TEEs include [Intel® Software Guard Extensions](https://www.intel.com/content/www/us/en/products/docs/accelerator-engines/software-guard-extensions.html) (Intel® SGX) and [Intel® Trust Domain Extensions](https://www.intel.com/content/www/us/en/developer/tools/trust-domain-extensions/overview.html) (Intel® TDX), [Azure confidential VMs with Intel TDX](https://azure.microsoft.com/en-us/updates/confidential-vms-with-intel-tdx-dcesv5-ecesv5-public-preview/) (Preview), and Google Cloud Platform (GCP) [Confidential VMs on Intel CPUs with Intel TDX](https://cloud.google.com/blog/products/identity-security/confidential-vms-on-intel-cpus-your-datas-new-intelligent-defense) (Preview). Eventually, other platforms may be added. 
+Platforms with status **GA** are available and supported in the US and EU production environments. **Preview** TEEs and platforms are in limited-access preview status in the pilot environments only. Details of implementation and usage may change before general availability. The corresponding Intel Trust Authority attestation services for preview features are not available in the production environment. Contact your Intel representative for more information about the pilot program.
 
-For more information about the Client for Go and CLI for Intel TDX, see [Client integration reference](https://docs.trustauthority.intel.com/main/articles/integrate-overview.html) in the Intel Trust Authority documentation.
+You can use the clients to collect the reference values needed for attestation policies. For example, you can create a known-good state for your TEE, use the client CLI to collect evidence, and then use the collected evidence values to create an [attestation policy](https://docs.trustauthority.intel.com/main/articles/concept-policy-v2.html) for Intel Trust Authority. 
 
-## Methods of Integration
+Client libraries require **Go 1.22 or newer**. See https://go.dev/doc/install for installation of Go.
 
-The Client provides the following modules that can be imported by an application to attest Intel® SGX and Intel® TDX TEEs by using Intel Trust Authority. 
+## Repo Structure
 
-1. [go-connector](./go-connector): Provides an HTTPClient interface to communicate with Intel Trust Authority via REST APIs for remote attestations services, and functions to verify an attestation token and download the JWKS of token signing certificates. The Connector can be used by attesters or relying parties.
-1. [go-sgx](./go-sgx): Implements an adapter interface to Intel® SGX DCAP to collect evidence from an Intel SGX enclave for attestation by Intel Trust Authority. 
-1. [go-tdx](./go-tdx): Implements an adapter interface to collect evidence from an Intel TDX trust domain (TD) for attestation by Intel Trust Authority. The go-tdx adapter also implements utility functions to decrypt a blob or create a new RSA key pair. 
-1. [go-tpm](./go-tpm): Implements an adapter interface to collect evidence from a Trusted Platform Module (TPM) for attestation by Intel Trust Authority. 
-1. [go-aztdx](./go-aztdx): Implements an adapter interface to collect evidence from a Azure Confidential Virtual Machine (CVM) with Intel TDX for attestation by Intel Trust Authority. 
+The repository **main** branch contains the following principal directories:
 
-Intel Trust Authority CLI for Intel TDX [tdx-cli](./tdx-cli) provides a CLI to attest an Intel TDX TD with Intel Trust Authority. tdx-cli requires go-connector and go-tdx. See the [README](./tdx-cli/README.md) for details.
+- **go-connector**: Go modules for connecting to Intel Trust Authority services. This is the core library.
+- **go-sgx**: Go modules for attesting an Intel SGX enclave. 
+- **go-tdx**: Go modules for attesting Intel TDX trust domains.
+- **tdx-cli**: Attestation client command line interface (CLI). 
+- **go-tpm**: Go modules for attesting a TPM.
+- **go-aztdx**: Go modules for attesting an Azure confidential VM with Intel TDX and vTPM.
+- **release**: Scripts for installing the client CLI for different platforms. Usage is described in the README files for the platform.
 
-## Go Requirement
+Preview branches are added as needed for preview versions of new TEE or platform adapters and features. The preview branches are named for the TEE or platform they support. Preview branches are based on **main**, with modifications as required. The README files in each branch describe the prerequisites and installation for the platform. 
 
-Requires **Go 1.22 or newer**. See https://go.dev/doc/install for installation of Go.
+The primary documentation for all of the client adapters including preview versions is available in the Intel Trust Authority documentation [Client integration reference](https://docs.trustauthority.intel.com/main/articles/integrate-overview.html).
+
+## Code of Conduct and Contributing
+
+See the [CONTRIBUTING](./CONTRIBUTING.md) file for information on how to contribute to this project. The project follows the [ Code of Conduct](./CODE_OF_CONDUCT.md).
 
 ## License
 
 This library is distributed under the BSD-style license found in the [LICENSE](./LICENSE)
 file.
+
+<br><br>
+---
+**\*** Other names and brands may be claimed as the property of others.
+
+<!--- links --->
@@ -1,14 +1,11 @@
-Intel Trust Authority Azure CVM Intel TDX with vTPM Adapter for Go
+Intel Trust Authority Azure CVM Intel TDX for Go
 
 <p style="font-size: 0.875em;">· 08/22/2024 ·</p>
 
-> [!NOTE]
-> Intel® Trust Authority Azure confidential VM (CVM) with Intel TDX and vTPM Adapter for Go is in limited preview status. Details of implementation and usage may change before general availability. Preview features are only available on the Intel Trust Authority pilot environment. Contact your Intel representative for access.
-
 
 ## Usage
 
-Import the **go-aztdx** package into your project to attest an Azure confidential VM with Intel TDX and vTPM. The following import statements includes the **go-connector**, which provides the core functionality for attestation, and **go-tpm**, which provides the TPM adapter for interacting with the vTPM.
+Import the **go-aztdx** package into your project to collect TDX evidence from an Azure confidential VM. The following import statements includes the **go-connector**, which provides the core functionality for attestation, and **go-tpm**, which is used to collect TDX evidence from Azure's vTPM.
 
 ```go
 
 
@@ -1,14 +1,21 @@
----
-last_updated: 30 January 2024
----
+# Intel® Trust Authority Client Go Connector
 
-# Intel® Trust Authority Connector
+<p style="font-size: 0.875em;">· 10/18/2024 ·</p>
 
-The [Intel® Trust Authority](https://www.intel.com/content/www/us/en/security/trust-authority.html) **go-connector** module is the main component of the integration client. The go-connector provides attestation and verification functions, and it can be used by an attester in a supported TEE, or by a relying party. A relying party can run the go-connector as a standalone module; it does not require Intel® SGX DCAP or a TEE adapter. A confidential computing workload (the attester) running in a supported TEE requires the go-connector and a TEE adapter module to collect evidence (a quote) from the TEE. 
+The [Intel® Trust Authority](https://www.intel.com/content/www/us/en/security/trust-authority.html) **go-connector** module is the main component of the remote attestation client. The go-connector provides a set of Go modules for connecting to Intel Trust Authority services. The go-connector API is designed to be used by both attesters and relying parties, in either Passport or Background-check attestation mode. Go-connector relies on _TEE adapters_ to interact with the underlying host platform. 
 
-For more information about the Client for Go and CLI for Intel TDX, see [Client integration reference](https://docs.trustauthority.intel.com/main/articles/integrate-overview.html) in the Intel Trust Authority documentation.
+There are two options for using **go-connector**: you can import the Go modules into your Go application, or you can execute the [attestation client CLI](https://docs.trustauthority.intel.com/main/articles/integrate-go-tdx-cli.html) from your application or workflow. The CLI is a wrapper around the go-connector that provides a command-line interface the core functionality of the go-connector, plus additional features exposed by TEE adapters.
 
-## Download
+**go-connector** requires configuration information to connect to the Intel Trust Authority service. The configuration information includes the URL of the Intel Trust Authority service for your region, the API key, TLS configuration, and optional connection retry parameters. For more information, see the [sample configuration code](https://docs.trustauthority.intel.com/main/articles/integrate-go-client.html#go-connector-api).
+
+For more information about **go-connector** and related topics, see the following resources:
+- [Intel Trust Authority Go Connector Reference](https://docs.trustauthority.intel.com/main/articles/integrate-go-client.html) — Detailed documentation for the go-connector API. 
+- [Intel Trust Authority Attestation Client CLI](https://docs.trustauthority.intel.com/main/articles/integrate-go-tdx-cli.html) — Documentation for the attestation client CLI.
+- [Intel Trust Authority Documentation](https://docs.trustauthority.intel.com/main/) —The primary documentation for Intel Trust Authority.
+- [Intel Trust Authority Client README](../README.md) — The main README for this branch.
+
+
+## Download **go-connector**
 
 Download the latest version of the module with the following command.
 
@@ -22,135 +29,18 @@ Use **Go 1.22 or newer**. See https://go.dev/doc/install for installation of Go.
 
 ## Unit Tests
 
-To run the tests, run `cd go-connector && go test ./...`
-
-See the example test in `go-connector/token_test.go` for an example of a test.
+To run the tests, run `cd go-connector && go test ./...`. See the example test in `go-connector/token_test.go` for an example of a test.
 
 ## Usage
 
-Create a new Connector instance, and then use the exposed interfaces to
-access different parts of the Intel Trust Authority API.
-
-```go
-import "github.com/intel/trustauthority-client/go-connector"
-
-cfg := connector.Config{
-        // Intel Trust Authority base URL
-        BaseUrl: "https://portal.trustauthority.intel.com",
-        // Intel Trust Authority API URL
-        ApiUrl: "https://api.trustauthority.intel.com",
-        // Provide TLS config
-        TlsCfg: &tls.Config{},
-        // Replace TRUSTAUTHORITY_API_KEY with an **attestation** API key
-        ApiKey: "TRUSTAUTHORITY_API_KEY",
-        // Provide Retry config 
-        RClient: &connector.RetryConfig{},
-}
-
-retryCfg := connector.RetryConfig{
-        // Minimum time to wait between retries, default is 2s.
-        RetryWaitMin:
-        // Maximum time to wait between retries, default is 10s.
-        RetryWaitMax:
-        // Maximum number of retries, default is 2.
-        RetryMax:
-        // CheckRetry specifies the policy for handling retries, and is called
-        // after each request. Default retries when http status code is one of 500, 503, or 504,
-        // and when there is a client timeout or if a service is unavailable.
-        CheckRetry:
-        // Backoff specifies the policy for how long to wait between retries, default is DefaultBackoff, which 
-        // provides a default callback for Backoff that will perform an exponential backoff based on the attempt
-        // number and limited by the provided minimum and maximum durations.
-        BackOff:
-}
-
-connector, err := connector.New(&cfg)
-if err != nil {
-    fmt.Printf("Something bad happened: %s\n\n", err)
-    return err
-}
-```
-
-### To get an Intel Trust Authority signed nonce
+For usage information, see the [Intel Trust Authority Go Connector Reference](https://docs.trustauthority.intel.com/main/articles/integrate-go-client.html).
 
-**GetNonce()** accepts an optional [RequestID](https://docs.trustauthority.intel.com/main/articles/glossary.html#request-id) that you can use to track API requests. If successful, GetNonce() returns the nonce and HTTP response headers, or an error if unsuccessful. 
+## Code of Conduct and Contributing
 
-```go
-req := connector.GetNonceArgs{
-    RequestId: reqId,
-}
-resp, err := connector.GetNonce(req)
-if err != nil {
-    fmt.Printf("Something bad happened: %s\n\n", err)
-    return err
-}
-```
-
-### To get Intel Trust Authority attestation token
-
-There are two methods for requesting an attestation token: **Attest()** and **GetToken()**. Attest() is the simplest method to implement for Passport attestation. GetToken() supports the Background-check attestation model. The following code fragment assumes that you have previously obtained a nonce and a quote. 
-
-If successful, GetToken() returns an Intel Trust Authority attestation token (JWT) and the HTTP response headers, or an error if unsuccessful. 
-
-```go
-req := connector.GetTokenArgs{
-    Nonce:     nonce,
-    Evidence:  evidence,
-    PolicyIds: policyIds,
-    RequestId: reqId,
-    TokenSigningAlg: alg,
-    PolicyMustMatch: matchFlag,
-}
-resp, err := connector.GetToken(req)
-if err != nil {
-    fmt.Printf("Something bad happened: %s\n\n", err)
-    return err
-}
-```
-
-### To verify an attestation token
-
-**VerifyToken()** takes an attestation token as input, and then checks the token format and verifies that it was signed with a genuine Intel Trust Authority certificate, and that the public key can be extracted from the certificate. VerifyToken() does not validate claims in the JWT body. VerifyToken() returns a parsed token in JWT format if successful, or an error if unsuccessful. 
-
-```go
-parsedToken, err := connector.VerifyToken(string(token))
-if err != nil {
-    fmt.Printf("Something bad happened: %s\n\n", err)
-    return err
-}
-```
-
-### To download Intel Trust Authority token signing certificates
-
-**GetTokenSigningCertificates()** gets the JWKS of certificates used by Intel Trust Authority to sign attestation tokens. To get the signing certificate for a given token, search the JWKS for the ID contained in the attestation token's **kid** claim.
-
-```go
-jwks, err := connector.GetTokenSigningCertificates()
-if err != nil {
-    fmt.Printf("Something bad happened: %s\n\n", err)
-    return err
-}
-```
-
-### To attest a TEE using Attest()
-
-**Attest()** provides an all-in-one method for getting a nonce, collecting a quote from a TEE, and then requesting a attestation token from Intel Trust Authority. You need to create a Connector and a TEE adapter before calling Attest(). The sample above shows how to create a Connector. 
-
-For more information about TEE adapters, see [go-sgx](../go-sgx/README.md) or [go-tdx](../go-tdx/README.md).
-
-```go
-req := connector.AttestArgs{
-    Adapter:   adapter,
-    PolicyIds: policyIds,
-    RequestId: reqId,
-}
-resp, err := connector.Attest(req)
-if err != nil {
-    return err
-}
-```
+See the [CONTRIBUTING](../CONTRIBUTING.md) file for information on how to contribute to this project. The project follows the [ Code of Conduct](../CODE_OF_CONDUCT.md).
 
 ## License
 
-This source is distributed under the BSD-style license found in the [LICENSE](../LICENSE)
+This library is distributed under the BSD-style license found in the [LICENSE](../LICENSE)
 file.
+