Comments (1)
deeglaze
commented on July 28, 2024
Are you looking to use the libraries or the CLI tools?
The report binary is not enough to verify it, since you need the versioned chip endorsement key certificate. The verify library can download that for you, but that depends on AMD's service that's not beholden to customer reliability requirements. You're best off gathering certificates at the time of acquiring the report by using the GetExtendedReport function. The host machine will need to have installed the cached certificates to be delivered to the VM. That's the machine operator's job.
If you just have the raw report, say report_bytes, you can use the library function verify.SnpReport(report_bytes, &verify.Options{}) to use the built-in AMD root certificates and the default network fetcher to get the certificates from AMD's service.
The check CLI tool has examples in its README
from go-sev-guest.
Related Issues (20)
- deprecate functions to be removed HOT 1
- New GetRawQuote API fails if hypervisor does not call SNP_SET_EXT_CONFIG HOT 3
- Issue when running attestation on Genoa CPU HOT 7
- Sharp edges when using GetQuoteProto when extended report is not available HOT 6
- Deprecate QuoteProvider Product
- Deprecate "Product" where "ProductLine" is meant
- AMD KDS productName sometimes conflicts with host CPUID
- Replace obsolete dependency HOT 1
- Build fails on GOARCH=386 HOT 2
- Limited Product Support HOT 2
- Improve error when fetching certificates HOT 1
- AMD KDS is queried with wrong TCB version
- Certificate chain gets overwritten when attesting HOT 1
- Global certificate cache cause flaky tests
- A small suggestion about compatibility HOT 2
- ProductName: Unknown HOT 5
- Malfunctioning SEV-SNP device results in nil-pointer exception HOT 6
- Is there a plan to support the legacy SEV report handling? HOT 1
- Deeply nested SNP Report type HOT 3
- warning/error when using embedded AMD root of trust HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-sev-guest.