Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verify guest report #43

Closed
pegahnikbakht opened this issue Apr 20, 2023 · 1 comment
Closed

Verify guest report #43

pegahnikbakht opened this issue Apr 20, 2023 · 1 comment

Comments

@pegahnikbakht
Copy link

How verify function needs to be run by having the binary report and which files should be provided, can you provide the example command?
@deeglaze
Copy link
Collaborator

Are you looking to use the libraries or the CLI tools?

The report binary is not enough to verify it, since you need the versioned chip endorsement key certificate. The verify library can download that for you, but that depends on AMD's service that's not beholden to customer reliability requirements. You're best off gathering certificates at the time of acquiring the report by using the GetExtendedReport function. The host machine will need to have installed the cached certificates to be delivered to the VM. That's the machine operator's job.

If you just have the raw report, say report_bytes, you can use the library function verify.SnpReport(report_bytes, &verify.Options{}) to use the built-in AMD root certificates and the default network fetcher to get the certificates from AMD's service.

The check CLI tool has examples in its README

@deeglaze deeglaze closed this as completed May 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@deeglaze @pegahnikbakht