Add SEVSNP plugin for Veraison server #333

jraman567 · 2025-09-03T15:52:38Z

This PR implements the SEVSNP scheme for Veraison.

scheme/sevsnp/README.md

scheme/sevsnp/common.go

scheme/sevsnp/evidence_handler.go

yogeshbdeshpande

in middle of review, just started today

yogeshbdeshpande · 2025-09-30T10:52:56Z

As we are adding new scheme, please refer to https://github.com/veraison/services/blob/main/README.md

Insert Sev-snp support in the suitable place for the text pertaining to Provisioning
Insert Sev-snp support in the suitable place for the text pertaining to Verification

Also remember to check the suitable places in docs repo and the Veraison book, to check where this comment is applicable.

yogeshbdeshpande

Left some further comments.

scheme/sevsnp/common.go

scheme/sevsnp/evidence_handler.go

scheme/sevsnp/evidence_handler_test.go

yogeshbdeshpande · 2025-09-30T11:36:32Z

Also, I feel somewhere in the documentation of the Scheme, we should refer to the documentation on the Evidence Profile and also preferably the Reference Value Profile document, we have used to build this scheme!

thomas-fossati

Thanks, this is great.

I have left a few comments inline.

scheme/sevsnp/README.md

scheme/sevsnp/evidence_handler.go

scheme/sevsnp/store_handler.go

Add amd-kds and nvidia coserv plugins to the spec file Signed-off-by: Jagannathan Raman <[email protected]>

define SEV-SNP scheme for Veraison. Signed-off-by: Jagannathan Raman <[email protected]>

store the trust anchors and reference values in the CoMID's "Attest Key Triple" and "Reference Value Triple" formats. Signed-off-by: Jagannathan Raman <[email protected]>

accept CoRIM endorsements, reference values & trust anchors, and save them in the database. Signed-off-by: Jagannathan Raman <[email protected]>

jraman567 · 2025-11-19T17:19:50Z

As we are adding new scheme, please refer to https://github.com/veraison/services/blob/main/README.md

Insert Sev-snp support in the suitable place for the text pertaining to Provisioning

Insert Sev-snp support in the suitable place for the text pertaining to Verification

Also remember to check the suitable places in docs repo and the Veraison book, to check where this comment is applicable.

Done

jraman567 · 2025-11-19T18:02:18Z

Also, I feel somewhere in the documentation of the Scheme, we should refer to the documentation on the Evidence Profile and also preferably the Reference Value Profile document, we have used to build this scheme!

OK, I'll add this to the scheme's README.

implement parts of the store handler that synthesize keys from trust anchors and reference values. Signed-off-by: Jagannathan Raman <[email protected]>

scheme/sevsnp/evidence_handler.go

yogeshbdeshpande

Approved, subjecting to checking whether two minor comments have been incorporated or not..?

jraman567 · 2025-11-25T15:24:00Z

Approved, subjecting to checking whether two minor comments have been incorporated or not..?

Thank you so much, @yogeshbdeshpande!

The lint error is because we're not using the return value of errors.New(). I'll update it quickly.

yogeshbdeshpande · 2025-11-25T15:49:05Z

me know about the unresolved, so I can address them and close out this PR. Thank you so much! :)

Yes, we can resolve the same and move quickly, this PR has been waiting for some time now.
I believe most of the comments you have already addressed!

thomas-fossati · 2025-11-25T15:49:50Z

Hi @yogeshbdeshpande and @thomas-fossati , I've addressed most of your comments. The ones I needed more clarification aren't resolved.

Please let me know about the unresolved, so I can address them and close out this PR. Thank you so much! :)

I have a couple of comments that should probably be acted upon. They are both very simple.

jraman567 · 2025-11-25T15:55:24Z

Hi @yogeshbdeshpande and @thomas-fossati , I've addressed most of your comments. The ones I needed more clarification aren't resolved.
Please let me know about the unresolved, so I can address them and close out this PR. Thank you so much! :)

I have a couple of comments that should probably be acted upon. They are both very simple.

I'm working on your comments, @thomas-fossati . Will update the PR shortly. Thank you!

scheme/sevsnp/evidence_handler.go

yogeshbdeshpande

LGTM!

Implement an evidence handler to extract claims from the evidence token and store them in an internal representation format ( CoRIM for SEV-SNP). Signed-off-by: Jagannathan Raman <[email protected]>

Update the store handler to get Trust Anchor and Reference Value keys from evidence. Add helper routines to parse the TSM report's auxblob to extract AMD keys. Signed-off-by: Jagannathan Raman <[email protected]>

Implement the ValidateEvidenceIntegrity routine of the EvidenceHandler interface. Ensure the root key in auxblob matches the ARK in provisioned trust anchors. Confirm the integrity of the certificate chain in the auxblob and the validity of the signature in the evidence. Signed-off-by: Jagannathan Raman <[email protected]>

Implement the AppraiseEvidence routine in the EvidenceHandler interface to confirm the claims match with the evidence. Signed-off-by: Jagannathan Raman <[email protected]>

Add unit tests for endorsement, evidence and storage handlers Signed-off-by: Jagannathan Raman <[email protected]>

scheme/sevsnp/README.md

Add README document for SEVSNP scheme Signed-off-by: Jagannathan Raman <[email protected]>

Allow SEVSNP scheme to accept evidence in CMW collection format Signed-off-by: Jagannathan Raman <[email protected]>

REPORTED_TCB is a bitfield of versions. Extract individual versions for comparison. REPORTED_TCB in evidence should be greater than or equal to the reference value. Signed-off-by: Jagannathan Raman <[email protected]>

Some claims in the SEV-SNP profile aren't relevant for verification, so skipping them Signed-off-by: Jagannathan Raman <[email protected]>

The nonce in the evidence must match the session nonce that veraison generated Signed-off-by: Jagannathan Raman <[email protected]>

Add TSM report evidence in JSON & CBOR formats for testing Signed-off-by: Jagannathan Raman <[email protected]>

Add global variables to log errors in the compareTcb function Signed-off-by: Yogesh Deshpande <[email protected]> Signed-off-by: Jagannathan Raman <[email protected]>

yogeshbdeshpande

Thank you for incorporating my comments!
LGTM!

yogeshbdeshpande · 2025-11-25T17:35:40Z

@thomas-fossati : Please give a final look and provide your approval...

thomas-fossati

Thanks a lot for the execellent contribution!

jraman567 · 2025-11-26T15:15:08Z

Thank you so much for reviewing, @yogeshbdeshpande and @thomas-fossati !

jraman567 requested review from setrofim, thomas-fossati and yogeshbdeshpande September 3, 2025 15:52

jraman567 mentioned this pull request Sep 3, 2025

Add SEVSNP plugin for Veraison server #307

Closed

jraman567 force-pushed the upstream/sevsnp branch 2 times, most recently from f0bc831 to 80ddda3 Compare September 3, 2025 18:38