Add SEV-SNP policy for signed UEFI measurements

google / go-tpm-tools

Go packages built on go-tpm providing a high-level API for using TPMs

Apache License 2.0

229 stars 71 forks source link

Add SEV-SNP policy for signed UEFI measurements #446

Closed deeglaze closed 4 months ago

deeglaze commented 6 months ago

Depends on PR#445

This adds an extra validation check beyond well-formedness that the verification step checks. If the reference values are available within the SEV-SNP attestation certificate chain, then verify the signature and check the report measurement against the golden values.

deeglaze commented 5 months ago

/gcbrun

deeglaze commented 5 months ago

@jkl73 not sure what to make of the CS presubmit failure.

jkl73 commented 5 months ago

@jkl73 not sure what to make of the CS presubmit failure.

just ignore the error now.. I'm still trying to fix the the build

jkl73 commented 5 months ago

@jkl73 not sure what to make of the CS presubmit failure.

just ignore the error now.. I'm still trying to fix the the build

@deeglaze could you rebase this PR and run the CS presubmit again, I think I fixed it (hopefully..)

jkl73 commented 5 months ago

/gcbrun

deeglaze commented 4 months ago

/gcbrun

deeglaze commented 4 months ago

/gcbrun