Documentation ¶
Overview ¶
SNP ¶
Attestation based on TPM and SEV-SNP attestation. The TPM is used to generate runtime measurements and signed by an attestation key that can be verified using the SEV-SNP attestation report.
Issuer ¶
Generates a TPM attestation using an attestation key saved in the TPM. Additionally loads the SEV-SNP attestation report and AMD VCEK certificate chain, and adds them to the attestation document.
Validator ¶
Verifies the attestation key used by first verifying the VCEK certificate chain and the SNP attestation report.
Glossary ¶
This section explains abbreviations used in SNP implementation.
Attestation Key (AK)
AMD Root Key (ARK)
AMD Signing Key (ASK)
Versioned Chip Endorsement Key (VCEK)
For more information see SNP WhitePaper
Host (Hardware?) Compatibility Layer (HCL)
No public information. Azure compute API has a field `isHostCompatibilityLayerVm`, with only a single sentence of documentation.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Issuer ¶
type Issuer struct { variant.AzureSEVSNP *vtpm.Issuer // contains filtered or unexported fields }
Issuer for Azure TPM attestation.
func NewIssuer ¶
func NewIssuer(log vtpm.AttestationLogger) *Issuer
NewIssuer initializes a new Azure Issuer.
type Validator ¶
type Validator struct { variant.AzureSEVSNP *vtpm.Validator // contains filtered or unexported fields }
Validator for Azure confidential VM attestation.
func NewValidator ¶
func NewValidator(pcrs measurements.M, idKeyConf idkeydigest.Config, log vtpm.AttestationLogger) *Validator
NewValidator initializes a new Azure validator with the provided PCR values.