Skip to content

Add windows_backend_description() with VM and Hello detection (v0.2.7)#202

Merged
jgowdy-godaddy merged 2 commits into
mainfrom
feature/windows-backend-description
Jun 4, 2026
Merged

Add windows_backend_description() with VM and Hello detection (v0.2.7)#202
jgowdy-godaddy merged 2 commits into
mainfrom
feature/windows-backend-description

Conversation

@jgowdy-godaddy

Copy link
Copy Markdown
Contributor

Summary

Adds hardware_enclave::diagnostics::windows_backend_description() -> &'static str for use by consuming apps (gocode-dev) in status/doctor output.

Returns one of three labels based on cached, one-time-per-process detection:

Condition Label
Non-VM, Hello/PIN configured ✓ Windows TPM 2.0 ECDH P-256 ECIES, Windows Hello gate
Non-VM, no Hello ✓ Windows TPM 2.0 ECDH P-256 ECIES, password gate
VM environment ✓ Windows ECIES P-256, Windows Data Protection API (user-bound)

VM detection uses the existing collect_vm_diagnostics().vm_detected field. Hello detection uses the existing hello_gate::is_available(). Both are cached via OnceLock so they run exactly once per process.

Test plan

  • All three CI platforms pass
  • Windows CI exercises the non-VM + Hello/password branches

Returns one of three labels based on cached one-time detection:
- Non-VM + Hello/PIN:  TPM 2.0 ECDH P-256 ECIES, Windows Hello gate
- Non-VM + no Hello:   TPM 2.0 ECDH P-256 ECIES, password gate
- VM environment:      ECIES P-256, Windows Data Protection API (user-bound)

VM and Hello checks run once per process via OnceLock.
@jgowdy-godaddy jgowdy-godaddy merged commit acf3167 into main Jun 4, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant