About func GetExtendedReport()

[shuk777]

Hi @deeglaze, I'm currently trying to embed this repo to my snp attestation workflow. When using GetExtendedReport(), it seems that i should first set ark/ask/vcek on host platform. So I have the following questions:

1. How to get vcek on host? Since chip_id and tcb_version are required to derive vcek from amd sev kds. As far as I know, they are presented in attestation report, but the report cannot be directly accessed by host.
2. How to set ark/ask/vcek on host? Is there any tool available now?(I found a rust repo snphost)

[deeglaze]

You have to use a different device to set the certificate data blob, since it's a host-side operation. That's out of scope for this repository, but it does look like the snphost repo is using the right command to /dev/sev, which is SNP_SET_EXT_CONFIG.

The GUID table data structure is really quite simple, as you can see from the abi package. I don't have a Marshal function to go from the cert proto to the ABI format, but it would be an easy addition. So you could combine the kds and abi packages of go-sev-guest to produce the data structure you'd need to pass to SNP_SET_EXT_CONFIG. I'd review a PR for such a marshal function (and tests).

To address your question of how to get the CHIP_ID (AKA HWID) and REPORTED_TCB_VERSION, that again is a /dev/sev device command, SNP_GET_EXT_CONFIG, which gets the CHIP_ID and REPORTED_TCB_VERSION from the secure processor firmware, without necessarily needing to have the certificates installed already. With those two values, you can construct a GET query to KDS and get your VCEK certificate.

While we have a tool internally for provisioning certificates from the KDS to install them on host machines, we haven't planned to open source it since that's more of a fleet management tool than an attestation verification tool. What we do will be rather specialized to how machines are initialized and scheduled, etc.