Skip to content
/ sev-guest_device_mock Public

Mock implementation of the SEV-SNP processor firmware interface

3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Daviiap/sev-guest_device_mock

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

74 Commits

keys_gen

keys_gen

 
 

src

src

 
 

.gitignore

.gitignore

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

configure

configure

 
 

go.mod

go.mod

 
 

main.go

main.go

 
 

sev-guest.yaml

sev-guest.yaml

 
 

Repository files navigation

SEV-GUEST DEVICE MOCK (Go Module)

This repository contains an implementation of a sev-guest character device mock using CUSE (Character device in user space) to be used on Golang codes. The sev-guest character device is typically exposed inside AMD SEV-SNP guests VMs, allowing the guest to make requests to the AMD Secure Processor.

Please note that this mock implementation does not interact with the actual AMD Secure Processor and is intended for testing or educational purposes only.

Implemented Requests

Currently, the following request is implemented in this mock sev-guest chardev:

  • GET_REPORT: This request retrieves a report containing information about the AMD Secure Processor and the Guest VM. The implementation provides a mock report for testing purposes.

  • GET_EXT_REPORT: This request retrieves a report containing information about the AMD Secure Processor and the Guest VM and the Certificate used to sign this report.

Build Instructions

To build the code, follow these steps:

  1. Clone this repository to your local machine:
git clone https://github.com/Daviiap/sev-guest_device_mock.git
  1. Change into the cloned directory:
cd sev-guest_device_mock
  1. Run the configure script:
./configure

To run the configure script, you need to have root privileges. This script will install the dependencies and generate dummy VCEK and VLEK, along with the respective cert_chain for both keys. Once generated, the script will move these files to the /etc/sev-guest directory.

To verify the signature of the report, you can use the ./keys_gen/keys/vcek.crt file. It contains the essential certificate required for signature validation. Furthermore, you can rely on the ./keys_gen/keys/cert_chain.pem file to verify the signature of the vcek.crt certificate. This chain file guarantees the authenticity and integrity of the certificate by including all the necessary intermediate certificates in the validation process, similar to an authentic AMD environment.

Usage

To use the package on your Golang code, you must get it running:

go get github.com/Daviiap/sev-guest_device_mock

An example of code using the mock:

package main

import (
	"fmt"
	"log"

	sevguest "github.com/Daviiap/sev-guest_device_mock/src"
	"github.com/google/go-sev-guest/client"
)

func main() {
	device_mock := sevguest.New()
	device_mock.Start()
	defer device_mock.Stop()

	device, _ := client.OpenDevice()
	defer device.Close()

	rawReport, err := client.GetRawReport(device, [64]byte{})

	if err != nil {
		log.Fatal(err)
	}
	fmt.Println(rawReport)
}

Ref

SEV Secure Nested Paging Firmware ABI Specification

Future work

  • Use a configuration file to define the report fields;

About

Mock implementation of the SEV-SNP processor firmware interface

Topics

amd secure snp tee sev sev-es sev-snp

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

7 tags

Packages

No packages published

Languages