scratchpad on starting up a GCP AMD-SEV instance
using go-sev-guest and virtee
# create instance
gcloud beta compute instances create snp-instance \
--machine-type=n2d-standard-4 \
--min-cpu-platform="AMD Milan" \
--zone=us-central1-a \
--confidential-compute-type=SEV_SNP \
--maintenance-policy=TERMINATE
# verify
$ stat /dev/sev-guest
File: /dev/sev-guest
Size: 0 Blocks: 0 IO Block: 4096 character special file
Device: 5h/5d Inode: 156 Links: 1 Device type: a,7b
Access: (0600/crw-------) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2024-01-23 00:38:25.324000418 +0000
Modify: 2024-01-23 00:38:25.324000418 +0000
Change: 2024-01-23 00:38:25.324000418 +0000
Birth: 2024-01-23 00:38:05.536000000 +0000
$ dmesg | grep -i SEV
[ 1.337830] Memory Encryption Features active: AMD SEV SEV-ES SEV-SNP
[ 1.727108] SEV: Using SNP CPUID table, 56 entries present.
[ 2.164440] SEV: SNP guest platform device initialized.
[ 2.358501] sev-guest sev-guest: Initialized SEV guest driver (using vmpck_id 0)
following will print out a report, verify it and print the chipID
# go run main.go
VB0K4fbcL/6Ah0Rfv1AeyEt/LBF6eVaOkdJqtHCl3QUVy9jcDhkM6bK7sOzRete1u2jpVyjp9mAXVhAmAsJyIQ==
ReportDataVB0K4fbcL/6Ah0Rfv1AeyEt/LBF6eVaOkdJqtHCl3QUVy9jcDhkM6bK7sOzRete1u2jpVyjp9mAXVhAmAsJyIQ==
Product SEV_PRODUCT_MILAN
Chip 245c23f4649ac27e69b02e30c89c4c6b381f5641d620d372b58f8629d4f58bf4989d31d00360c5d5bcf621a6fb9906830a691ddff1d9855e7922566724d77f22
Verifiedpackage main
import (
"crypto/rand"
"encoding/base64"
"encoding/hex"
"flag"
"fmt"
"github.com/google/go-sev-guest/client"
"github.com/google/go-sev-guest/verify"
)
var ()
const ()
func main() {
flag.Parse()
var t [64]byte
rand.Read(t[:])
fmt.Printf("%s\n", base64.StdEncoding.EncodeToString(t[:]))
//r, err := client.GetQuoteProto(&client.LinuxConfigFsQuoteProvider{}, t)
r, err := client.GetQuoteProto(&client.LinuxIoctlQuoteProvider{}, t)
if err != nil {
panic(err)
}
fmt.Printf("ReportData%s\n", base64.StdEncoding.EncodeToString(r.Report.ReportData))
fmt.Printf("Product %s\n", r.Product.GetName().String())
fmt.Printf("Chip %s\n", hex.EncodeToString(r.GetReport().ChipId))
err = verify.SnpReport(r.GetReport(), &verify.Options{})
if err != nil {
panic(err)
}
fmt.Println("Verified")
}following will do the full flow for reports using virtee/snpguest
git clone https://github.com/virtee/snpguest
export PATH=$PATH:/root/snpguest/target/release/
mkdir certs_remote certs att
snpguest report att/attestation-report.bin att/random-request-file.txt --random
# remote
snpguest fetch ca PEM milan certs_remote/
snpguest fetch vcek pem milan certs_remote/ att/attestation-report.bin
snpguest verify certs certs_remote/
snpguest verify attestation certs_remote/ att/attestation-report.bin
# local
snpguest certificates pem ./certsnote, 1.3.6.1.4.1.3704.1.4 is the chipID
# from the go-sev-guest:
<< chipID b62f209f0432fff1ef7c3637ade8efc7334b992a50f6102711c61a342d0527175e7bc744de48bf2624e573b92f2ca52dcf4514f7a5c903d109ca1afa4b94a283
# by asn1 decoding the vcek.pem below you'll see the chipid
extnValue OCTET STRING (64 byte) B62F209F0432FFF1EF7C3637ADE8EFC7334B992A50F6102711C61A342D0527175E7BC7…# openssl x509 -in ark.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 65536 (0x10000)
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x30
Trailer Field: 0x01
Issuer: OU = Engineering, C = US, L = Santa Clara, ST = CA, O = Advanced Micro Devices, CN = ARK-Milan
Validity
Not Before: Oct 22 17:23:05 2020 GMT
Not After : Oct 22 17:23:05 2045 GMT
Subject: OU = Engineering, C = US, L = Santa Clara, ST = CA, O = Advanced Micro Devices, CN = ARK-Milan
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:d0:b7:79:d9:12:4e:75:e8:89:96:a2:b6:25:db:
15:98:3e:c5:92:db:a8:b5:6c:17:d5:f3:60:5b:8d:
57:63:d5:f3:d4:71:21:49:49:a1:2f:3f:42:bb:d0:
c7:46:5b:e0:25:23:71:6d:e6:18:b2:72:5f:bf:28:
f1:d4:c7:d4:d1:5e:6d:90:a8:94:d4:47:ac:34:5b:
5a:d6:44:c0:d2:cc:cd:8a:c7:58:73:d8:ac:aa:4e:
e6:5d:3e:7e:29:f1:91:6d:f7:38:57:ff:73:44:87:
04:f2:39:47:37:ad:52:d6:3b:bc:5f:dd:fe:e9:dc:
43:52:b1:b6:4b:3c:6a:27:80:61:ab:26:26:50:3a:
ee:3d:72:52:5f:8b:d4:73:4d:4f:ee:3f:7c:32:9a:
8e:4b:de:6b:39:17:46:1d:e2:39:d8:d6:b3:e6:6d:
81:f8:ef:af:8e:c0:b4:eb:47:77:ee:36:3d:2c:57:
ae:38:fe:0c:7a:b8:bc:aa:07:e2:d9:2e:64:2a:a8:
3f:68:5e:9a:3e:db:80:65:05:51:ee:ed:ca:15:85:
cf:e7:d5:e6:26:0b:5c:a2:0d:39:82:62:34:4f:f3:
a2:b4:b8:6e:cd:5b:e9:65:c2:e9:87:4a:1d:87:fd:
48:3d:7a:b1:df:e3:27:8c:3f:7b:03:b7:d7:a6:a1:
9d:ff:2f:0a:c5:7e:e3:92:c4:c4:cc:03:a0:6c:a0:
1e:6a:6d:e5:9b:ed:f2:28:87:13:60:c9:6c:44:c5:
cf:72:33:5b:22:f9:ac:07:29:03:ff:fc:52:9e:2b:
ac:b8:70:64:82:79:44:34:45:b1:d5:47:1b:41:0a:
ec:fa:05:43:92:e5:4f:86:c9:f3:21:13:60:62:f3:
38:f1:8f:bb:2c:68:89:62:7a:e6:13:cc:5c:ad:ec:
5e:90:1c:6b:bd:ad:95:f5:32:50:aa:73:77:43:9d:
e4:b7:9b:e2:42:2d:fe:80:27:e6:93:00:b4:17:4b:
62:ac:86:5b:2e:45:cf:ac:fc:33:67:43:3d:78:dc:
61:23:24:9b:da:7a:49:7e:09:ea:cf:9e:48:d2:ed:
f7:c2:1e:2b:d1:93:50:79:31:9f:c3:4d:cc:05:4b:
72:bb:31:9e:b0:69:1c:c3:e9:68:a8:c6:aa:d6:a4:
78:b6:31:9b:3d:8c:42:be:90:aa:ef:e3:a0:a4:20:
a8:30:d8:ad:da:e2:e8:f4:cd:7c:7c:7c:f5:d2:53:
8c:4f:c9:d6:01:4b:d1:64:5c:ed:79:70:a6:fb:b3:
c7:75:83:e5:99:0c:14:c3:72:ef:7a:72:7f:20:b5:
e8:40:f1:df:6e:41:f4:0b:23:df:86:5d:63:5a:12:
45:65:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Key Identifier:
85:AC:1A:D1:43:F7:C8:AC:55:D4:C5:1D:41:48:AB:D5:78:4A:D4:53
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 CRL Distribution Points:
Full Name:
URI:https://kdsintf.amd.com/vcek/v1/Milan/crl
Signature Algorithm: rsassaPss
Signature Value:
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x30
Trailer Field: 0x01
ba:9b:49:03:a7:ac:ef:e0:e8:df:83:2f:b3:95:e7:a1:b3:1e:
a8:97:4a:1c:81:57:a5:11:3a:1b:a7:1f:84:b8:2b:2a:54:54:
4f:2b:58:d9:d6:ca:7f:97:27:7d:fb:47:d0:d2:be:ba:9f:b9:
1a:81:19:38:09:ad:fd:83:ae:96:19:32:4c:78:97:6a:62:b8:
b0:49:38:e3:0c:22:95:3d:27:ac:59:76:0f:54:0c:83:86:63:
f9:9f:6b:fe:05:88:a9:65:68:69:be:aa:5a:88:ef:84:18:ae:
48:04:ff:b9:ef:c4:1e:5b:fb:12:a2:4a:ca:74:76:8b:03:11:
b6:2e:16:71:8f:d6:85:ef:77:ea:0b:b3:80:25:9e:5a:3e:89:
f0:e1:11:36:f7:d1:55:6a:b8:75:4f:1d:9e:4f:7c:12:82:40:
e0:ba:d0:93:07:56:2a:cd:3e:43:bb:0b:c0:7b:e7:28:d8:22:
15:23:33:03:6a:66:2e:48:58:cf:37:40:42:82:88:e5:ed:5f:
9b:4e:8b:bb:74:cb:2a:22:ef:d3:5b:fa:cf:09:7f:7f:11:47:
29:28:62:aa:3d:0d:cf:f8:df:6b:d6:18:c4:15:8d:69:94:18:
3d:de:de:77:38:ea:38:f4:63:48:f9:5d:73:bd:73:cb:23:ac:
48:15:5b:21:fa:6b:68:d9:1b:60:11:7f:de:a6:63:0a:4c:d3:
7a:a6:c5:bc:f2:a8:3b:73:58:53:5a:d3:7a:31:b4:6e:43:4b:
e6:f8:ef:bf:da:d2:81:17:68:7c:4c:76:fd:e0:eb:ef:1c:7a:
05:0e:96:c2:10:b9:6a:1e:72:18:87:1c:b4:60:a5:c6:c9:a5:
b5:36:37:d4:2f:1a:eb:9b:15:56:e3:07:27:e4:4f:06:75:d9:
af:35:ae:b2:62:6f:2c:70:96:a0:12:2d:77:9a:11:ae:e0:9a:
a1:dd:05:37:b1:ff:22:51:25:2b:d3:dc:50:0f:01:ed:39:05:
15:22:ac:78:99:a0:59:3c:1b:52:31:ff:aa:50:3b:63:5d:24:
aa:f2:57:d6:71:df:1b:2e:bf:66:76:c5:27:25:92:74:fa:db:
8f:30:a9:81:9d:21:fc:eb:49:65:2a:4f:95:a5:54:2c:82:a6:
f3:0c:8b:ce:2e:f0:fa:5b:55:26:ab:6e:5b:a3:10:98:27:e4:
ee:06:86:b8:b3:e1:c7:09:58:80:be:04:fd:91:ff:eb:06:ad:
5d:fa:2b:e3:ea:c9:24:1f:1b:b3:73:16:e4:d7:1b:fa:64:6c:
6b:b5:e2:71:54:7e:ca:95:7e:d8:45:d6:7a:78:04:4a:c0:b7:
b8:00:56:44:03:0a:0a:09
# openssl x509 -in ask.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 65537 (0x10001)
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x30
Trailer Field: 0x01
Issuer: OU = Engineering, C = US, L = Santa Clara, ST = CA, O = Advanced Micro Devices, CN = ARK-Milan
Validity
Not Before: Oct 22 18:24:20 2020 GMT
Not After : Oct 22 18:24:20 2045 GMT
Subject: OU = Engineering, C = US, L = Santa Clara, ST = CA, O = Advanced Micro Devices, CN = SEV-Milan
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:9d:4d:9d:ae:b3:53:7d:b8:4d:40:89:65:7f:e5:
b6:cb:e4:4e:09:b4:b3:21:dd:5a:29:97:ed:d9:3f:
73:8d:94:0e:ce:31:9c:72:5d:7b:8b:59:88:29:69:
7b:35:37:01:d1:56:17:b7:72:71:65:2c:ce:66:3b:
23:2c:d5:40:10:dd:8c:1a:3f:53:89:e7:4b:f9:07:
b0:29:95:f4:26:64:04:b9:88:e6:f9:62:a4:b0:bb:
71:81:d2:e9:f4:4e:c4:64:dc:0d:0e:a5:75:af:4a:
91:3f:9b:41:f0:e5:a4:c9:06:c8:74:b7:ae:e1:a0:
b3:ee:3f:d2:97:51:64:07:2b:5e:bf:db:1b:14:6c:
ed:ed:cc:27:8f:38:bd:9b:b9:e8:aa:c9:3e:b9:15:
41:a7:7f:88:9f:7e:50:3d:d7:23:f1:87:e5:12:69:
c7:04:db:ee:50:32:61:2c:22:4c:5b:c2:8e:8c:fe:
be:f8:f8:5b:b3:78:82:8a:d2:5c:00:d1:2d:5b:8a:
93:34:5a:0a:5b:70:87:95:b7:12:0a:34:cc:f0:ab:
0d:6d:4c:77:03:c7:a4:e4:45:4b:8d:95:87:d6:9b:
7d:13:74:df:a5:1e:97:c9:f4:0a:9d:8e:a4:97:96:
84:20:fc:1d:5b:77:85:61:aa:82:14:fa:c8:a3:da:
50:4f:a5:ae:0d:23:f8:24:26:09:6d:99:de:28:a2:
1b:66:3c:d7:90:9b:77:35:01:b7:d8:4b:a4:60:89:
81:6f:d4:82:92:6f:7e:7d:2e:4b:64:58:3d:a2:3c:
ee:6c:c5:f7:f8:d9:01:a1:25:c8:ec:e3:ef:9c:73:
31:8e:ea:7d:9b:0e:6c:7b:a4:14:57:b1:aa:a4:20:
36:4c:dc:a9:a2:59:ae:43:e7:00:6b:15:7b:26:a1:
c4:f1:d9:7d:a5:67:fe:63:76:ab:6f:ef:62:88:50:
b0:16:de:25:02:52:70:e4:3d:02:4d:14:c2:d5:8e:
58:58:50:c1:0a:b0:3f:bc:69:e6:4e:7a:86:f0:2f:
a3:8d:40:12:ed:c8:e3:47:ca:b8:38:f8:72:0e:62:
51:3e:76:82:fd:91:b9:b8:fd:0a:d3:3e:86:a0:ef:
f7:b9:e9:fd:c2:ab:21:0a:e1:de:80:b4:e9:39:e1:
c4:25:12:ab:40:5a:f8:3d:52:30:54:e0:74:f9:e6:
ce:e4:58:28:c8:ec:38:de:7c:85:0f:95:0a:04:3c:
44:07:80:4a:a3:fd:2e:02:22:87:2d:1b:ef:80:b6:
ce:45:b5:3c:28:04:48:b3:51:28:a8:48:e6:17:c5:
2d:ae:64:16:57:68:54:8f:0c:ea:c2:f1:c5:7a:2f:
2b:3f:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:C6:6E:18:2A:C3:FD:3D:62:64:48:9B:E3:B7:47:2C:B4:FC:BF:F8
X509v3 Authority Key Identifier:
85:AC:1A:D1:43:F7:C8:AC:55:D4:C5:1D:41:48:AB:D5:78:4A:D4:53
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Key Usage: critical
Certificate Sign
X509v3 CRL Distribution Points:
Full Name:
URI:https://kdsintf.amd.com/vcek/v1/Milan/crl
Signature Algorithm: rsassaPss
Signature Value:
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x30
Trailer Field: 0x01
88:1e:51:04:9c:01:fd:e5:0d:8a:a0:59:4d:55:b6:50:db:98:
83:7c:4b:67:42:e6:49:90:ce:c6:7f:1e:d0:23:42:72:c4:3c:
8d:63:87:78:09:6c:bc:4b:ea:07:f7:2b:c8:f1:72:dc:ce:5a:
79:18:71:b7:5f:30:e3:ab:db:c2:93:df:92:1a:01:1d:b4:ad:
e9:0a:44:5a:6d:4c:78:5e:f8:31:6b:dc:01:73:64:b0:c3:ed:
c5:8a:db:df:c6:a4:f8:ad:3c:90:ca:0a:f2:3b:03:85:20:d3:
aa:e4:ec:9d:33:05:ed:5f:cf:fa:9e:e2:2d:bf:17:5d:ab:bd:
fc:02:19:88:5c:47:13:f2:ed:01:77:ab:c7:d1:e8:60:89:74:
1d:54:43:94:a5:c0:28:c5:c4:3e:2e:7b:35:11:ce:d2:25:20:
08:cc:92:de:c3:16:f2:91:87:ed:b3:2b:ee:69:95:51:86:16:
c8:c3:26:d3:33:da:e7:7d:cb:4a:6f:38:4e:23:dd:d1:f9:21:
6f:63:1b:16:92:19:2b:6a:36:b6:9b:9e:7a:45:db:7e:84:4e:
bd:7f:6b:8d:db:f0:51:4a:2f:94:0d:9a:df:15:af:dc:67:5d:
1a:73:9e:a0:91:be:a8:eb:fa:45:6b:6f:a7:65:7e:e4:e5:96:
25:de:41:33:25:06:84:56:14:93:91:2f:c0:1c:04:9c:46:67:
82:b6:99:77:ed:97:58:d4:e5:32:de:87:92:97:2f:d3:56:ed:
af:ea:00:e2:14:b3:61:62:3a:1a:ab:b7:30:21:25:18:3d:22:
3f:10:91:0f:4f:93:e7:0a:1b:3c:3a:12:5d:d3:de:41:6b:12:
0e:b3:93:19:af:32:e6:9b:64:eb:1d:29:f4:64:59:f8:47:d9:
92:9c:4e:50:df:98:7d:47:d3:3a:b4:43:66:c6:de:eb:da:55:
d8:82:b4:56:35:2e:55:b2:07:7f:09:4b:67:cd:b1:1f:cf:cb:
ab:79:6e:b1:09:08:53:6f:cd:a0:e4:cb:a2:9e:0b:88:a8:9f:
f7:15:81:46:a2:ef:3c:d2:dd:b1:90:5b:32:83:29:4d:f9:4a:
a3:54:d9:69:0f:23:cc:42:67:4d:16:b4:88:8a:28:59:d7:59:
44:31:be:52:a6:9a:06:41:21:83:de:d3:5c:c3:d0:df:1a:b4:
5c:66:5a:24:a7:7c:99:7a:f7:40:7d:ac:9a:4d:47:f7:c8:6a:
3c:42:5b:74:9e:8b:0b:3a:af:56:66:fa:d0:ae:55:b3:22:36:
da:52:f5:38:63:35:7e:2e:bd:ee:6d:87:27:c4:d8:38:28:c5:
11:6f:63:50:ac:a0:5e:4c
$ openssl x509 -in ask.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 65537 (0x10001)
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x30
Trailer Field: 0x01
Issuer: OU = Engineering, C = US, L = Santa Clara, ST = CA, O = Advanced Micro Devices, CN = ARK-Milan
Validity
Not Before: Oct 22 18:24:20 2020 GMT
Not After : Oct 22 18:24:20 2045 GMT
Subject: OU = Engineering, C = US, L = Santa Clara, ST = CA, O = Advanced Micro Devices, CN = SEV-Milan
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:9d:4d:9d:ae:b3:53:7d:b8:4d:40:89:65:7f:e5:
b6:cb:e4:4e:09:b4:b3:21:dd:5a:29:97:ed:d9:3f:
73:8d:94:0e:ce:31:9c:72:5d:7b:8b:59:88:29:69:
7b:35:37:01:d1:56:17:b7:72:71:65:2c:ce:66:3b:
23:2c:d5:40:10:dd:8c:1a:3f:53:89:e7:4b:f9:07:
b0:29:95:f4:26:64:04:b9:88:e6:f9:62:a4:b0:bb:
71:81:d2:e9:f4:4e:c4:64:dc:0d:0e:a5:75:af:4a:
91:3f:9b:41:f0:e5:a4:c9:06:c8:74:b7:ae:e1:a0:
b3:ee:3f:d2:97:51:64:07:2b:5e:bf:db:1b:14:6c:
ed:ed:cc:27:8f:38:bd:9b:b9:e8:aa:c9:3e:b9:15:
41:a7:7f:88:9f:7e:50:3d:d7:23:f1:87:e5:12:69:
c7:04:db:ee:50:32:61:2c:22:4c:5b:c2:8e:8c:fe:
be:f8:f8:5b:b3:78:82:8a:d2:5c:00:d1:2d:5b:8a:
93:34:5a:0a:5b:70:87:95:b7:12:0a:34:cc:f0:ab:
0d:6d:4c:77:03:c7:a4:e4:45:4b:8d:95:87:d6:9b:
7d:13:74:df:a5:1e:97:c9:f4:0a:9d:8e:a4:97:96:
84:20:fc:1d:5b:77:85:61:aa:82:14:fa:c8:a3:da:
50:4f:a5:ae:0d:23:f8:24:26:09:6d:99:de:28:a2:
1b:66:3c:d7:90:9b:77:35:01:b7:d8:4b:a4:60:89:
81:6f:d4:82:92:6f:7e:7d:2e:4b:64:58:3d:a2:3c:
ee:6c:c5:f7:f8:d9:01:a1:25:c8:ec:e3:ef:9c:73:
31:8e:ea:7d:9b:0e:6c:7b:a4:14:57:b1:aa:a4:20:
36:4c:dc:a9:a2:59:ae:43:e7:00:6b:15:7b:26:a1:
c4:f1:d9:7d:a5:67:fe:63:76:ab:6f:ef:62:88:50:
b0:16:de:25:02:52:70:e4:3d:02:4d:14:c2:d5:8e:
58:58:50:c1:0a:b0:3f:bc:69:e6:4e:7a:86:f0:2f:
a3:8d:40:12:ed:c8:e3:47:ca:b8:38:f8:72:0e:62:
51:3e:76:82:fd:91:b9:b8:fd:0a:d3:3e:86:a0:ef:
f7:b9:e9:fd:c2:ab:21:0a:e1:de:80:b4:e9:39:e1:
c4:25:12:ab:40:5a:f8:3d:52:30:54:e0:74:f9:e6:
ce:e4:58:28:c8:ec:38:de:7c:85:0f:95:0a:04:3c:
44:07:80:4a:a3:fd:2e:02:22:87:2d:1b:ef:80:b6:
ce:45:b5:3c:28:04:48:b3:51:28:a8:48:e6:17:c5:
2d:ae:64:16:57:68:54:8f:0c:ea:c2:f1:c5:7a:2f:
2b:3f:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:C6:6E:18:2A:C3:FD:3D:62:64:48:9B:E3:B7:47:2C:B4:FC:BF:F8
X509v3 Authority Key Identifier:
85:AC:1A:D1:43:F7:C8:AC:55:D4:C5:1D:41:48:AB:D5:78:4A:D4:53
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Key Usage: critical
Certificate Sign
X509v3 CRL Distribution Points:
Full Name:
URI:https://kdsintf.amd.com/vcek/v1/Milan/crl
Signature Algorithm: rsassaPss
Signature Value:
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x30
Trailer Field: 0x01
88:1e:51:04:9c:01:fd:e5:0d:8a:a0:59:4d:55:b6:50:db:98:
83:7c:4b:67:42:e6:49:90:ce:c6:7f:1e:d0:23:42:72:c4:3c:
8d:63:87:78:09:6c:bc:4b:ea:07:f7:2b:c8:f1:72:dc:ce:5a:
79:18:71:b7:5f:30:e3:ab:db:c2:93:df:92:1a:01:1d:b4:ad:
e9:0a:44:5a:6d:4c:78:5e:f8:31:6b:dc:01:73:64:b0:c3:ed:
c5:8a:db:df:c6:a4:f8:ad:3c:90:ca:0a:f2:3b:03:85:20:d3:
aa:e4:ec:9d:33:05:ed:5f:cf:fa:9e:e2:2d:bf:17:5d:ab:bd:
fc:02:19:88:5c:47:13:f2:ed:01:77:ab:c7:d1:e8:60:89:74:
1d:54:43:94:a5:c0:28:c5:c4:3e:2e:7b:35:11:ce:d2:25:20:
08:cc:92:de:c3:16:f2:91:87:ed:b3:2b:ee:69:95:51:86:16:
c8:c3:26:d3:33:da:e7:7d:cb:4a:6f:38:4e:23:dd:d1:f9:21:
6f:63:1b:16:92:19:2b:6a:36:b6:9b:9e:7a:45:db:7e:84:4e:
bd:7f:6b:8d:db:f0:51:4a:2f:94:0d:9a:df:15:af:dc:67:5d:
1a:73:9e:a0:91:be:a8:eb:fa:45:6b:6f:a7:65:7e:e4:e5:96:
25:de:41:33:25:06:84:56:14:93:91:2f:c0:1c:04:9c:46:67:
82:b6:99:77:ed:97:58:d4:e5:32:de:87:92:97:2f:d3:56:ed:
af:ea:00:e2:14:b3:61:62:3a:1a:ab:b7:30:21:25:18:3d:22:
3f:10:91:0f:4f:93:e7:0a:1b:3c:3a:12:5d:d3:de:41:6b:12:
0e:b3:93:19:af:32:e6:9b:64:eb:1d:29:f4:64:59:f8:47:d9:
92:9c:4e:50:df:98:7d:47:d3:3a:b4:43:66:c6:de:eb:da:55:
d8:82:b4:56:35:2e:55:b2:07:7f:09:4b:67:cd:b1:1f:cf:cb:
ab:79:6e:b1:09:08:53:6f:cd:a0:e4:cb:a2:9e:0b:88:a8:9f:
f7:15:81:46:a2:ef:3c:d2:dd:b1:90:5b:32:83:29:4d:f9:4a:
a3:54:d9:69:0f:23:cc:42:67:4d:16:b4:88:8a:28:59:d7:59:
44:31:be:52:a6:9a:06:41:21:83:de:d3:5c:c3:d0:df:1a:b4:
5c:66:5a:24:a7:7c:99:7a:f7:40:7d:ac:9a:4d:47:f7:c8:6a:
3c:42:5b:74:9e:8b:0b:3a:af:56:66:fa:d0:ae:55:b3:22:36:
da:52:f5:38:63:35:7e:2e:bd:ee:6d:87:27:c4:d8:38:28:c5:
11:6f:63:50:ac:a0:5e:4c$ openssl x509 -in vcek.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x30
Trailer Field: 0x01
Issuer: OU = Engineering, C = US, L = Santa Clara, ST = CA, O = Advanced Micro Devices, CN = SEV-Milan
Validity
Not Before: Jan 27 13:28:52 2024 GMT
Not After : Jan 27 13:28:52 2031 GMT
Subject: OU = Engineering, C = US, L = Santa Clara, ST = CA, O = Advanced Micro Devices, CN = SEV-VCEK
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:92:46:4e:76:66:4b:56:1a:cd:da:82:c0:0a:b1:
cf:02:84:70:19:98:16:b7:c8:a9:c9:ac:70:80:01:
e7:54:9b:71:a2:96:f7:04:79:6e:7a:1b:a1:96:3b:
b1:01:6b:88:c7:cd:ec:67:77:b1:67:66:fe:a9:43:
23:bc:b1:35:bb:4a:cf:a2:d9:dd:b9:74:38:88:42:
ac:1b:f0:8c:42:8b:a6:8b:74:08:e0:33:8f:9e:05:
bc:13:97:df:3a:5d:56
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
1.3.6.1.4.1.3704.1.1:
...
1.3.6.1.4.1.3704.1.2:
..Milan-B0
1.3.6.1.4.1.3704.1.3.1:
...
1.3.6.1.4.1.3704.1.3.2:
...
1.3.6.1.4.1.3704.1.3.4:
...
1.3.6.1.4.1.3704.1.3.5:
...
1.3.6.1.4.1.3704.1.3.6:
...
1.3.6.1.4.1.3704.1.3.7:
...
1.3.6.1.4.1.3704.1.3.3:
...
1.3.6.1.4.1.3704.1.3.8:
....
1.3.6.1.4.1.3704.1.4:
./ ..2...|67....3K.*P..'...4-.'.^{.D.H.&$.s./,.-.E..........K...
Signature Algorithm: rsassaPss
Signature Value:
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x30
Trailer Field: 0x01
65:cf:d0:a6:83:39:c1:60:55:52:3e:17:d7:22:c8:a1:3d:02:
f2:b2:52:d7:8b:23:c4:4e:77:0e:5c:09:dc:31:23:89:ae:21:
66:dd:7c:9c:fa:c4:2d:44:34:67:ee:fe:e6:e6:e7:1f:b3:91:
bc:77:84:7e:c3:41:17:4e:13:aa:0a:fe:9b:81:3a:9b:28:2f:
ec:c4:8c:26:3d:f1:a1:c9:96:62:67:a2:63:71:a4:1c:21:c5:
ca:9f:db:a0:7d:12:3d:38:25:43:70:c5:bc:04:4f:12:9b:08:
0f:a0:12:33:ae:b7:6b:6e:bc:ec:6b:ee:b2:f5:3a:73:5f:b0:
c6:9e:8a:92:7b:b5:b6:13:57:d7:5c:86:3f:96:4d:39:5a:ab:
80:9d:aa:b3:6d:d8:73:fa:69:c4:00:ac:bd:e0:85:69:28:b7:
9a:28:56:bd:cd:8e:1c:82:e0:9f:90:a1:01:d3:cd:19:22:04:
50:c1:67:c8:c2:b2:be:db:66:00:0d:3c:01:97:67:6c:75:c9:
32:ca:af:32:7f:6a:a6:49:de:4d:49:f9:21:47:bd:64:a6:aa:
ab:ab:bc:c0:f8:40:3c:67:f1:c9:95:e4:a2:29:eb:64:81:93:
5c:63:a1:e8:e6:61:c8:8e:ad:ec:70:81:14:54:5c:12:15:a2:
7b:20:14:a2:e4:d9:f6:89:5a:41:be:54:17:16:0c:ed:25:e3:
02:48:88:17:03:76:58:1f:43:d8:f7:a3:ff:c4:ef:af:5f:65:
fe:07:31:6c:08:86:ce:47:75:c2:1c:df:95:34:19:ca:7f:3c:
d5:42:f9:a8:4b:6d:a9:80:06:98:d0:0f:af:07:98:df:76:e5:
fc:e4:3f:53:a0:75:15:a4:23:ed:cf:86:54:3e:25:18:3e:eb:
30:33:ff:5c:d2:6c:66:2b:41:d1:4a:9f:0c:b4:e4:b1:1d:0d:
a0:b8:60:c1:24:d9:57:dd:29:08:e2:28:81:bb:f2:c0:94:20:
ee:3b:c4:db:65:fd:b5:c5:15:18:73:10:58:f9:33:fa:12:df:
5c:63:98:e1:cf:29:b2:a9:bf:14:cb:3b:20:cc:d8:5e:6a:f6:
65:5a:8b:f6:c6:51:fa:53:ec:a1:99:db:51:fa:a6:6e:b4:9b:
63:8f:68:72:ae:08:0f:32:bc:ef:f7:92:a3:1d:c5:8c:c4:28:
55:77:00:7c:17:ff:3f:74:21:35:2d:47:b3:e7:16:fb:c1:fb:
ca:0b:ad:73:7c:f2:5b:86:d0:f8:e1:a9:d5:75:16:e3:af:ca:
d6:1a:27:a2:5d:55:76:7d:fe:df:b0:e7:5e:da:56:e5:d0:28:
cb:21:9d:b4:04:02:d6:83- vcek.pem
-----BEGIN CERTIFICATE-----
MIIFTTCCAvygAwIBAgIBADBGBgkqhkiG9w0BAQowOaAPMA0GCWCGSAFlAwQCAgUA
oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogMCATCjAwIBATB7MRQwEgYD
VQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDASBgNVBAcMC1NhbnRhIENs
YXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5jZWQgTWljcm8gRGV2aWNl
czESMBAGA1UEAwwJU0VWLU1pbGFuMB4XDTI0MDEyNzEzMjg1MloXDTMxMDEyNzEz
Mjg1MlowejEUMBIGA1UECwwLRW5naW5lZXJpbmcxCzAJBgNVBAYTAlVTMRQwEgYD
VQQHDAtTYW50YSBDbGFyYTELMAkGA1UECAwCQ0ExHzAdBgNVBAoMFkFkdmFuY2Vk
IE1pY3JvIERldmljZXMxETAPBgNVBAMMCFNFVi1WQ0VLMHYwEAYHKoZIzj0CAQYF
K4EEACIDYgAEkkZOdmZLVhrN2oLACrHPAoRwGZgWt8ipyaxwgAHnVJtxopb3BHlu
ehuhljuxAWuIx83sZ3exZ2b+qUMjvLE1u0rPotnduXQ4iEKsG/CMQoumi3QI4DOP
ngW8E5ffOl1Wo4IBFzCCARMwEAYJKwYBBAGceAEBBAMCAQAwFwYJKwYBBAGceAEC
BAoWCE1pbGFuLUIwMBEGCisGAQQBnHgBAwEEAwIBAzARBgorBgEEAZx4AQMCBAMC
AQAwEQYKKwYBBAGceAEDBAQDAgEAMBEGCisGAQQBnHgBAwUEAwIBADARBgorBgEE
AZx4AQMGBAMCAQAwEQYKKwYBBAGceAEDBwQDAgEAMBEGCisGAQQBnHgBAwMEAwIB
FDASBgorBgEEAZx4AQMIBAQCAgDRME0GCSsGAQQBnHgBBARAti8gnwQy//HvfDY3
rejvxzNLmSpQ9hAnEcYaNC0FJxdee8dE3ki/JiTlc7kvLKUtz0UU96XJA9EJyhr6
S5SigzBGBgkqhkiG9w0BAQowOaAPMA0GCWCGSAFlAwQCAgUAoRwwGgYJKoZIhvcN
AQEIMA0GCWCGSAFlAwQCAgUAogMCATCjAwIBAQOCAgEAZc/QpoM5wWBVUj4X1yLI
oT0C8rJS14sjxE53DlwJ3DEjia4hZt18nPrELUQ0Z+7+5ubnH7ORvHeEfsNBF04T
qgr+m4E6mygv7MSMJj3xocmWYmeiY3GkHCHFyp/boH0SPTglQ3DFvARPEpsID6AS
M663a2687GvusvU6c1+wxp6Kknu1thNX11yGP5ZNOVqrgJ2qs23Yc/ppxACsveCF
aSi3mihWvc2OHILgn5ChAdPNGSIEUMFnyMKyvttmAA08AZdnbHXJMsqvMn9qpkne
TUn5IUe9ZKaqq6u8wPhAPGfxyZXkoinrZIGTXGOh6OZhyI6t7HCBFFRcEhWieyAU
ouTZ9olaQb5UFxYM7SXjAkiIFwN2WB9D2Pej/8Tvr19l/gcxbAiGzkd1whzflTQZ
yn881UL5qEttqYAGmNAPrweY33bl/OQ/U6B1FaQj7c+GVD4lGD7rMDP/XNJsZitB
0UqfDLTksR0NoLhgwSTZV90pCOIogbvywJQg7jvE22X9tcUVGHMQWPkz+hLfXGOY
4c8psqm/FMs7IMzYXmr2ZVqL9sZR+lPsoZnbUfqmbrSbY49ocq4IDzK87/eSox3F
jMQoVXcAfBf/P3QhNS1Hs+cW+8H7ygutc3zyW4bQ+OGp1XUW46/K1honol1Vdn3+
37DnXtpW5dAoyyGdtAQC1oM=
-----END CERTIFICATE-----