diff --git a/oak_containers/proto/interfaces.proto b/oak_containers/proto/interfaces.proto index 704845919ba..4cde02521d0 100644 --- a/oak_containers/proto/interfaces.proto +++ b/oak_containers/proto/interfaces.proto @@ -17,69 +17,11 @@ syntax = "proto3"; // TODO(#4392): Remove this file once the migration is complete. -// This file is deprecated. The relevant functionality is available in -// `proto/containers/application_interfaces.proto` & `proto/containers/launcher.proto`. DO NOT -// MODIFY THIS FILE, DO NOT ADD NEW DEPENDENCIES ON IT. +// This file is deprecated. The relevant functionality is available in the +// publicly imported protos instead. Do not add new dependencies on this file. package oak.containers; -import "google/protobuf/empty.proto"; -import "oak_crypto/proto/v1/crypto.proto"; -import "proto/attestation/endorsement.proto"; -import "proto/attestation/evidence.proto"; -import "proto/session/messages.proto"; - -// As images can be large (hundreds of megabytes), the launcher chunks up the response into smaller -// pieces to respect proto/gRPC limits. The image needs to be reassembled in the stage1 or the -// orchestrator. -message GetImageResponse { - bytes image_chunk = 1; -} - -message GetApplicationConfigResponse { - // Arbitrary config that the container can retrieve from the orchestrator. - // Included in the attestation measurements conducted by the orchestrator. - bytes config = 1; -} - -message SendAttestationEvidenceRequest { - oak.session.v1.AttestationEvidence evidence = 1 [deprecated = true]; - oak.attestation.v1.Evidence dice_evidence = 2; -} - -// Defines the service exposed by the launcher, that can be invoked by the stage1 and the -// orchestrator. -service Launcher { - // Provides stage1 with the Oak system image (which contains the Linux distribution and the - // orchestrator binary). - rpc GetOakSystemImage(google.protobuf.Empty) returns (stream GetImageResponse) {} - - // Provides orchestrator with the trusted container image. - rpc GetContainerBundle(google.protobuf.Empty) returns (stream GetImageResponse) {} - - // This method is used by the orchestrator to load and measure the trusted - // application config. The orchestrator will later, separately expose this - // config to the application. - rpc GetApplicationConfig(google.protobuf.Empty) returns (GetApplicationConfigResponse) {} - - // Sends Attestation Evidence containing the Attestation Report with corresponding measurements - // and public keys to the Launcher. - // This API is called exactly once after the Attestation Evidence is generated. Calling this API - // a second time will result in an error. - rpc SendAttestationEvidence(SendAttestationEvidenceRequest) returns (google.protobuf.Empty) {} - - // Notifies the launcher that the trusted app is ready to serve requests and listening on the - // pre-arranged port (8080). - rpc NotifyAppReady(google.protobuf.Empty) returns (google.protobuf.Empty) {} -} - -// Defines the service exposed by the orchestrator, that can be invoked by the application. -service Orchestrator { - // Exposes the previously loaded trusted application config to the application, - // which may choose to retrieve it. - rpc GetApplicationConfig(google.protobuf.Empty) returns (GetApplicationConfigResponse) {} - - // Notifies the orchestrator that the trusted app is ready to serve requests and listening on the - // pre-arranged port (8080). - rpc NotifyAppReady(google.protobuf.Empty) returns (google.protobuf.Empty) {} -} +import public "proto/containers/common.proto"; +import public "proto/containers/launcher.proto"; +import public "proto/containers/application_interfaces.proto";