import { BinaryReader, BinaryWriter } from "@bufbuild/protobuf/wire";
export declare const protobufPackage = "state";
/** The type of UEFI firmware log. */
export declare const LogType: {
    readonly LOG_TYPE_UNDEFINED: 0;
    /**
     * LOG_TYPE_TCG2 - The log used by EFI_TCG2_PROTOCOL and defined in the TCG PC Client
     * Platform Firmware Profile Specification
     */
    readonly LOG_TYPE_TCG2: 1;
    /**
     * LOG_TYPE_CC - The log used by EFI_CC_MEASUREMENT_PROTOCOL and defined in the UEFI spec:
     * https://uefi.org/specs/UEFI/2.10/38_Confidential_Computing.html.
     */
    readonly LOG_TYPE_CC: 2;
    readonly UNRECOGNIZED: -1;
};
export type LogType = typeof LogType[keyof typeof LogType];
export declare namespace LogType {
    type LOG_TYPE_UNDEFINED = typeof LogType.LOG_TYPE_UNDEFINED;
    type LOG_TYPE_TCG2 = typeof LogType.LOG_TYPE_TCG2;
    type LOG_TYPE_CC = typeof LogType.LOG_TYPE_CC;
    type UNRECOGNIZED = typeof LogType.UNRECOGNIZED;
}
export declare function logTypeFromJSON(object: any): LogType;
export declare function logTypeToJSON(object: LogType): string;
/** Type of hardware technology used to protect this instance */
export declare const GCEConfidentialTechnology: {
    readonly NONE: 0;
    readonly AMD_SEV: 1;
    readonly AMD_SEV_ES: 2;
    readonly INTEL_TDX: 3;
    readonly AMD_SEV_SNP: 4;
    readonly UNRECOGNIZED: -1;
};
export type GCEConfidentialTechnology = typeof GCEConfidentialTechnology[keyof typeof GCEConfidentialTechnology];
export declare namespace GCEConfidentialTechnology {
    type NONE = typeof GCEConfidentialTechnology.NONE;
    type AMD_SEV = typeof GCEConfidentialTechnology.AMD_SEV;
    type AMD_SEV_ES = typeof GCEConfidentialTechnology.AMD_SEV_ES;
    type INTEL_TDX = typeof GCEConfidentialTechnology.INTEL_TDX;
    type AMD_SEV_SNP = typeof GCEConfidentialTechnology.AMD_SEV_SNP;
    type UNRECOGNIZED = typeof GCEConfidentialTechnology.UNRECOGNIZED;
}
export declare function gCEConfidentialTechnologyFromJSON(object: any): GCEConfidentialTechnology;
export declare function gCEConfidentialTechnologyToJSON(object: GCEConfidentialTechnology): string;
/** Common, publicly-listed certificates by different vendors. */
export declare const WellKnownCertificate: {
    readonly UNKNOWN: 0;
    /**
     * MS_WINDOWS_PROD_PCA_2011 - Microsoft certs:
     * https://go.microsoft.com/fwlink/p/?linkid=321192
     */
    readonly MS_WINDOWS_PROD_PCA_2011: 1;
    /** MS_THIRD_PARTY_UEFI_CA_2011 - https://go.microsoft.com/fwlink/p/?linkid=321194 */
    readonly MS_THIRD_PARTY_UEFI_CA_2011: 2;
    /** MS_THIRD_PARTY_KEK_CA_2011 - https://go.microsoft.com/fwlink/p/?linkid=321185 */
    readonly MS_THIRD_PARTY_KEK_CA_2011: 3;
    /** GCE_DEFAULT_PK - GCE certs: */
    readonly GCE_DEFAULT_PK: 4;
    readonly UNRECOGNIZED: -1;
};
export type WellKnownCertificate = typeof WellKnownCertificate[keyof typeof WellKnownCertificate];
export declare namespace WellKnownCertificate {
    type UNKNOWN = typeof WellKnownCertificate.UNKNOWN;
    type MS_WINDOWS_PROD_PCA_2011 = typeof WellKnownCertificate.MS_WINDOWS_PROD_PCA_2011;
    type MS_THIRD_PARTY_UEFI_CA_2011 = typeof WellKnownCertificate.MS_THIRD_PARTY_UEFI_CA_2011;
    type MS_THIRD_PARTY_KEK_CA_2011 = typeof WellKnownCertificate.MS_THIRD_PARTY_KEK_CA_2011;
    type GCE_DEFAULT_PK = typeof WellKnownCertificate.GCE_DEFAULT_PK;
    type UNRECOGNIZED = typeof WellKnownCertificate.UNRECOGNIZED;
}
export declare function wellKnownCertificateFromJSON(object: any): WellKnownCertificate;
export declare function wellKnownCertificateToJSON(object: WellKnownCertificate): string;
/** Enum values come from the TCG Algorithm Registry - v1.27 - Table 3. */
export declare const HashAlgo: {
    readonly HASH_INVALID: 0;
    readonly SHA1: 4;
    readonly SHA256: 11;
    readonly SHA384: 12;
    readonly SHA512: 13;
    readonly UNRECOGNIZED: -1;
};
export type HashAlgo = typeof HashAlgo[keyof typeof HashAlgo];
export declare namespace HashAlgo {
    type HASH_INVALID = typeof HashAlgo.HASH_INVALID;
    type SHA1 = typeof HashAlgo.SHA1;
    type SHA256 = typeof HashAlgo.SHA256;
    type SHA384 = typeof HashAlgo.SHA384;
    type SHA512 = typeof HashAlgo.SHA512;
    type UNRECOGNIZED = typeof HashAlgo.UNRECOGNIZED;
}
export declare function hashAlgoFromJSON(object: any): HashAlgo;
export declare function hashAlgoToJSON(object: HashAlgo): string;
/**
 * Information uniquely identifying a GCE instance. Can be used to create an
 * instance URL, which can then be used with GCE APIs. Formatted like:
 *   https://www.googleapis.com/compute/v1/projects/{project_id}/zones/{zone}/instances/{instance_name}
 */
export interface GCEInstanceInfo {
    zone: string;
    projectId: string;
    projectNumber: bigint;
    instanceName: string;
    instanceId: bigint;
}
/** The platform/firmware state for this instance */
export interface PlatformState {
    /** Raw S-CRTM version identifier (EV_S_CRTM_VERSION) */
    scrtmVersionId?: Uint8Array | undefined;
    /** Virtual GCE firmware version (parsed from S-CRTM version id) */
    gceVersion?: number | undefined;
    /** Set to NONE on non-GCE instances or non-Confidential Shielded GCE instances */
    technology: GCEConfidentialTechnology;
    /**
     * Only set for GCE instances.
     * Included for backcompat. go-eventlog should NOT set this field.
     */
    instanceInfo: GCEInstanceInfo | undefined;
}
export interface GrubFile {
    /** The digest of the file (pulled from the raw event digest). */
    digest: Uint8Array;
    /** The event data. This is not measured, so it is untrusted. */
    untrustedFilename: Uint8Array;
}
export interface GrubState {
    /** All GRUB-read and measured files, including grub.cfg. */
    files: GrubFile[];
    /**
     * A list of executed GRUB commands and command lines passed to the kernel
     * and kernel modules.
     */
    commands: string[];
}
/**
 * The state of the Linux kernel.
 * At the moment, parsing LinuxKernelState relies on parsing the GrubState.
 * To do so, use ExtractOpts{Loader: GRUB} when calling ParseMachineState.
 */
export interface LinuxKernelState {
    /** The kernel command line. */
    commandLine: string;
}
/**
 * A parsed event from the source firmware event log. This can be from either
 * the firmware TPM event log, the Confidential Computing event log, or any
 * other TCG-like event log used by firmware to record its measurements.
 */
export interface Event {
    /**
     * The register this event was extended into. Can be PCR, RTMR, etc.
     * Named pcr_index for backcompat reasons.
     */
    pcrIndex: number;
    /**
     * The type of this event. Note that this value is not verified, so it should
     * only be used as a hint during event parsing.
     */
    untrustedType: number;
    /**
     * The raw data associated to this event. The meaning of this data is
     * specific to the type of the event.
     */
    data: Uint8Array;
    /**
     * The event digest actually extended into the TPM. This is often the hash of
     * the data field, but in some cases it may have a type-specific calculation.
     */
    digest: Uint8Array;
    /** This is true if hash(data) == digest. */
    digestVerified: boolean;
}
export interface Certificate {
    /** DER representation of the certificate. */
    der?: Uint8Array | undefined;
    wellKnown?: WellKnownCertificate | undefined;
}
/**
 * A Secure Boot database containing lists of hashes and certificates,
 * as defined by section 32.4.1 Signature Database in the UEFI spec.
 */
export interface Database {
    certs: Certificate[];
    hashes: Uint8Array[];
}
/** The Secure Boot state for this instance. */
export interface SecureBootState {
    /** Whether Secure Boot is enabled. */
    enabled: boolean;
    /** The Secure Boot signature (allowed) database. */
    db: Database | undefined;
    /** The Secure Boot revoked signature (forbidden) database. */
    dbx: Database | undefined;
    /**
     * Authority events post-separator. Pre-separator authorities
     * are currently not supported.
     */
    authority: Database | undefined;
    /** The Secure Boot Platform key, used to sign key exchange keys. */
    pk: Database | undefined;
    /** The Secure Boot Key Exchange Keys, used to sign db and dbx updates. */
    kek: Database | undefined;
}
export interface EfiApp {
    /**
     * The PE/COFF digest of the EFI application (pulled from the raw event digest).
     * This can also represent digest of the EFI boot/runtime service drivers.
     */
    digest: Uint8Array;
}
/**
 * The verified state of EFI Drivers and Applications. Policy usage on this machine state
 * should check the entire set of EFI App digests matches, not a subset.
 */
export interface EfiState {
    /**
     * UEFI's OS Loader code is required to measure attempts to load and execute
     * UEFI applications.
     * UEFI applications are typically bootloaders such as shim and GRUB.
     * These run and are measured using the UEFI LoadImage() service.
     */
    apps: EfiApp[];
    /**
     * The EFI drivers,
     * obtained from https://trustedcomputinggroup.org/wp-content/uploads/TCG_EFI_Platform_1_22_Final_-v15.pdf#page=22.
     * The EFI Boot Services Drivers from adapter or loaded bydriver in adapter.
     */
    bootServicesDrivers: EfiApp[];
    /** The EFI Runtime Drivers from adapter or loaded bydriver in adapter. */
    runtimeServicesDrivers: EfiApp[];
}
/**
 * The verified state of a booted machine, obtained from a UEFI event log.
 * The state is extracted from either EFI_TCG2_PROTOCOL or
 * EFI_CC_MEASUREMENT_PROTOCOL. Both of these follow the TCG-defined format
 * in https://trustedcomputinggroup.org/resource/tcg-efi-protocol-specification/
 * The TCG2-related (TPM) logs are structured using TCG_PCR_EVENT (SHA1 format)
 * or TCG_PCR_EVENT2 (Crypto Agile format).
 * The CC logs are structured using CC_EVENT.
 */
export interface FirmwareLogState {
    platform: PlatformState | undefined;
    secureBoot: SecureBootState | undefined;
    /**
     * The complete parsed Firmware Event Log, including those events used to
     * create this MachineState.
     */
    rawEvents: Event[];
    /** The hash algorithm used to calculate event digests to verify a log entry. */
    hash: HashAlgo;
    grub: GrubState | undefined;
    linuxKernel: LinuxKernelState | undefined;
    efi: EfiState | undefined;
    logType: LogType;
}
/** The verified state of Google measurements on the machine. */
export interface GMESState {
    bmcFirmware: string;
    bios: string;
    hostKernel: string;
    mbm: string;
}
export declare const GCEInstanceInfo: MessageFns<GCEInstanceInfo>;
export declare const PlatformState: MessageFns<PlatformState>;
export declare const GrubFile: MessageFns<GrubFile>;
export declare const GrubState: MessageFns<GrubState>;
export declare const LinuxKernelState: MessageFns<LinuxKernelState>;
export declare const Event: MessageFns<Event>;
export declare const Certificate: MessageFns<Certificate>;
export declare const Database: MessageFns<Database>;
export declare const SecureBootState: MessageFns<SecureBootState>;
export declare const EfiApp: MessageFns<EfiApp>;
export declare const EfiState: MessageFns<EfiState>;
export declare const FirmwareLogState: MessageFns<FirmwareLogState>;
export declare const GMESState: MessageFns<GMESState>;
type Builtin = Date | Function | Uint8Array | string | number | boolean | bigint | undefined;
export type DeepPartial<T> = T extends Builtin ? T : T extends globalThis.Array<infer U> ? globalThis.Array<DeepPartial<U>> : T extends ReadonlyArray<infer U> ? ReadonlyArray<DeepPartial<U>> : T extends {} ? {
    [K in keyof T]?: DeepPartial<T[K]>;
} : Partial<T>;
export interface MessageFns<T> {
    encode(message: T, writer?: BinaryWriter): BinaryWriter;
    decode(input: BinaryReader | Uint8Array, length?: number): T;
    fromJSON(object: any): T;
    toJSON(message: T): unknown;
    create(base?: DeepPartial<T>): T;
    fromPartial(object: DeepPartial<T>): T;
}
export {};
