From 18be3b742a695768b43cffd89892b5704e2a36f2 Mon Sep 17 00:00:00 2001 From: Zixi Chen Date: Tue, 3 Dec 2024 17:22:45 +0800 Subject: [PATCH] Add snp attestation guest test script Signed-off-by: Zixi Chen --- qemu/deps/sev-snp/regular_attestation_workflow.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 qemu/deps/sev-snp/regular_attestation_workflow.sh diff --git a/qemu/deps/sev-snp/regular_attestation_workflow.sh b/qemu/deps/sev-snp/regular_attestation_workflow.sh new file mode 100644 index 0000000000..5487ec63ad --- /dev/null +++ b/qemu/deps/sev-snp/regular_attestation_workflow.sh @@ -0,0 +1,14 @@ +#!/bin/bash +set -e +# Verify regular attestation workflow on snp guest +snpguest report attestation-report.bin request-data.txt --random +snpguest display report attestation-report.bin +# get cpu model +cpu_familly_id=$(cat /proc/cpuinfo | grep 'cpu family' | head -1 | cut -d ":" -f 2 | tr -d " ") +model_id=$(cat /proc/cpuinfo | grep 'model' | head -1 | cut -d ":" -f 2 | tr -d " ") +dict_cpu=([251]="milan" [2517]="genoa") +cpu_model=${dict_cpu[${cpu_familly_id}${model_id}]} +snpguest fetch ca pem ${cpu_model} ./ -e vcek +snpguest fetch vcek pem ${cpu_model} ./ attestation-report.bin +snpguest verify certs ./ +snpguest verify attestation ./ attestation-report.bin