Verify guest report

[pegahnikbakht]

How verify function needs to be run by having the binary report and which files should be provided, can you provide the example command?

[deeglaze]

Are you looking to use the libraries or the CLI tools?

The report binary is not enough to verify it, since you need the versioned chip endorsement key certificate. The verify library can download that for you, but that depends on AMD's service that's not beholden to customer reliability requirements. You're best off gathering certificates at the time of acquiring the report by using the GetExtendedReport function. The host machine will need to have installed the cached certificates to be delivered to the VM. That's the machine operator's job.

If you just have the raw report, say report_bytes, you can use the library function verify.SnpReport(report_bytes, &verify.Options{}) to use the built-in AMD root certificates and the default network fetcher to get the certificates from AMD's service.

The check CLI tool has examples in its README