go-sev-guest offers a library to wrap the /dev/sev-guest device in Linux, as well as a library for attestation verification of fundamental components of an attestation report.
Apache License 2.0
45
stars
19
forks
source link
AMD KDS productName sometimes conflicts with host CPUID #115
This issue is to track the mismatch between cpuid(1).eax & 0xf and the VCEK certificate extension 1.3.6.1.4.1.3704.1.2 (productName). AMD EPYC 7B13 has stepping: 1, but the certificate claims Milan-B0, which corresponds to stepping: 0.
Until KDS fixes its CHIP_ID -> stepping/productName mapping, we need to skip the cross-check of stepping values from CPUID and the certificate extension.
This issue is to track the mismatch between
cpuid(1).eax & 0xfand the VCEK certificate extension 1.3.6.1.4.1.3704.1.2 (productName). AMD EPYC 7B13 has stepping: 1, but the certificate claims Milan-B0, which corresponds to stepping: 0.Until KDS fixes its CHIP_ID -> stepping/productName mapping, we need to skip the cross-check of stepping values from CPUID and the certificate extension.