azure-snp-report-verify

command

v0.0.0-...-811ccc8 Latest Latest Go to latest Published: Sep 21, 2022 License: AGPL-3.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

README ¶

Obtain current Azure SNP ID key digest & firmware versions

On Azure, Constellation verifies that the SNP attestation report contains Azure's ID key digest. Additionally, some firmware security version numbers (SVNs) are validated. Currently, the only way to verify the digest's origin is to perform guest attestation with the help of the Microsoft Azure Attestation (MAA) service. There's a sample on how to do this, but it's not straightforward. So we created tooling to make things easier.

Perform the following steps to get the ID key digest & firmware versions:

Create an Ubuntu CVM on Azure with secure boot enabled and ssh into it.

Run

docker run --rm --privileged -v/sys/kernel/security:/sys/kernel/security ghcr.io/edgelesssys/constellation/azure-snp-reporter

This executes the guest attestation and prints the JWT received from the MAA. (It's the long base64 blob.)

Copy the JWT and run on your local trusted machine:
```
go run verify.go <jwt>
```
On success it prints the ID key digest and relevant firmware SVNs.

Documentation ¶

Overview ¶

Verify verifies an MAA JWT and prints the SNP ID key digest on success.

Source Files ¶

View all Source files

verify.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL