go-sev-guest offers a library to wrap the /dev/sev-guest device in Linux, as well as a library for attestation verification of fundamental components of an attestation report.
The host is permitted to provide any number of certificates in the data buffer returned by an extended request. Account for a fourth certificate that is specific to the firmware of the VM. The given GUID is that which GCE uses for indicating its own firmware endorsement document.
This certificate is to be injected on the VM granularity instead of the machine granularity, by using the KVM_SEV_SNP_SET_CERTS ioctl.
Endorsement document format and verification code to come, but first the representation.
The host is permitted to provide any number of certificates in the data buffer returned by an extended request. Account for a fourth certificate that is specific to the firmware of the VM. The given GUID is that which GCE uses for indicating its own firmware endorsement document.
This certificate is to be injected on the VM granularity instead of the machine granularity, by using the KVM_SEV_SNP_SET_CERTS ioctl.
Endorsement document format and verification code to come, but first the representation.