feat(verifier/snp): support report v3-5, Genoa/Turin and on-demand VCEK from KDS#186
Merged
jialez0 merged 1 commit intoJun 30, 2026
Merged
Conversation
Collaborator
|
@jialez0 ,您好,您的请求已接收,请耐心等待结果。 |
Collaborator
|
@jialez0 ,您好,未检测到有镜像需要构建,如需重新检测请评论 /start 。 |
Collaborator
|
@jialez0 ,您好,您的请求已接收,请耐心等待结果。 |
Collaborator
|
@jialez0 ,您好,未检测到有镜像需要构建,如需重新检测请评论 /start 。 |
9374694 to
3d45d33
Compare
Collaborator
|
@jialez0 ,您好,您的请求已接收,请耐心等待结果。 |
Collaborator
|
@jialez0 ,您好,未检测到有镜像需要构建,如需重新检测请评论 /start 。 |
Collaborator
|
@jialez0 ,您好,您的请求已接收,请耐心等待结果。 |
Collaborator
|
@jialez0 ,您好,未检测到有镜像需要构建,如需重新检测请评论 /start 。 |
…EK from KDS The bare-metal SNP verifier only accepted report version 2, only bundled the Milan ASK/ARK/ASVK chain, and required the evidence to already contain the cert chain. On modern hosts (Genoa/Turin, report v5) that do not provision the VCEK cert table in the extended report, this rejects every real attestation with "Cert chain is unset" / "Unexpected report version". This change keeps the `sev` crate at 4.0.0 (so MSRV 1.76 is preserved) and: - accepts report versions 2..=5 - derives the processor generation (Milan/Genoa/Turin) from the report CPUID family/model bytes - bundles the Genoa and Turin ASK/ARK/ASVK chains and selects per generation - fetches the VCEK from the AMD KDS on demand when the evidence has no cert chain (reusing the crate's existing reqwest dependency) - reads reported_tcb from the raw report bytes with a generation-aware layout, fixing Turin's FMC-shifted TCB that the sev 4.x struct misreads, and checks the Turin FMC SPL and 8-byte HWID Verified end-to-end on a real AMD EPYC 9T25 (Turin) SEV-SNP guest: the guest-components SNP attester produces a v5 report that this verifier now accepts (VCEK fetched from KDS, ECDSA P-384 signature validated, measurement and TCB claims emitted). Adds offline Turin report + VCEK test vectors. Signed-off-by: Jiale Zhang <zhangjiale@linux.alibaba.com>
3d45d33 to
e1f090f
Compare
Collaborator
|
@jialez0 ,您好,您的请求已接收,请耐心等待结果。 |
Collaborator
|
@jialez0 ,您好,未检测到有镜像需要构建,如需重新检测请评论 /start 。 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The bare-metal SEV-SNP verifier (
deps/verifier/src/snp) currently:report.version != 2→ error), but modern AMD CPUs emit v5 reports;bail!("Cert chain is unset")) and has no KDS fallback, so it fails on hosts that do not provision the VCEK cert table in the extended report.On a real AMD EPYC 9T25 (Turin) SEV-SNP guest, every genuine attestation is rejected at
Cert chain is unset(and would also fail the version / Milan-only checks).Change
Keeps the
sevcrate at 4.0.0 (so MSRV 1.76 is preserved — no dependency bump), and:reqwestdependency);reported_tcbfrom the raw report bytes with a generation-aware layout, fixing Turin's FMC-shifted TCB that thesev4.x struct misreads, and checks the Turin FMC SPL and 8-byte HWID.Because
sev4.0.0 round-trips a v5 report byte-for-byte, the existingbincode-based signature reconstruction stays valid; only the offset-based fields (CPUID, Turin TCB) are read from the raw bytes.Validation
Verified end-to-end on a real AMD EPYC 9T25 (Turin) SEV-SNP guest:
guest-componentsSNP attester produces a v5 report with an empty cert chain;measurement+reported_tcb(bl=3, tee=2, snp=5, microcode=97, fmc=1) claims emitted.Adds offline Turin report + VCEK test vectors and 3 unit tests; all 17 snp tests pass,
clippyclean, MSRV 1.76 build clean.