go-sev-guest offers a library to wrap the /dev/sev-guest device in Linux, as well as a library for attestation verification of fundamental components of an attestation report.
The change from VCEK checked-by ASK to VCEK checked-by ProductCerts.X509Options caused the bad root test to succeed unexpectedly in go-tpm-tools. Add a test here for the same condition and remove ASK from the bad root entirely so the VCEK can't be verified in the bad root tests.
The change from VCEK checked-by ASK to VCEK checked-by ProductCerts.X509Options caused the bad root test to succeed unexpectedly in go-tpm-tools. Add a test here for the same condition and remove ASK from the bad root entirely so the VCEK can't be verified in the bad root tests.