A minimalistic tool for generating AMD SEV-SNP attestation reports with embedded challenges.
Host:
- AMD EPYC processor with SEV-SNP support.
- Docker.
Run the following in your AMD SEV-SNP enabled host, replacing <hex-challenge> with your challenge:
docker run \
--privileged \
--rm \
-v /lib/modules:/lib/modules \
-v /boot:/boot \
ghcr.io/proofofcloud/amd-attester:0.2.1@sha256:eee07287e235b7de3de7016bd18e91e28f3dd99e8e4f88ea0e47cfdc59fd789e \
<hex-challenge>The Docker container will do the following:
- Start a virtual machine via QEMU.
- Generate an attestation report inside the VM.
- Stop the virtual machine.
- Validate the attestation report.
- Print the raw attestation report and the chip id.
The verify.sh script allows verifying a report file generated by the docker image. Invoke it as follows:
./verify.sh report.txt <expected-challenge>
# For example:
# ./verify.sh report-xyz.txt bada7755d