Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-143940

snpguest verify attestation fails on Turin

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-10.2
    • snpguest
    • No
    • Important
    • rhel-virt-confidential-virt
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • x86_64
    • None

      What were you trying to do that didn't work?

      snpguest verify attestation on Turin with snp guest

      What is the impact of this issue to you?

      cannot verify attestation in snp guest

      Please provide the package NVR for which the bug is seen:

      snpguest-0.8.3-1.el10

      How reproducible is this bug?:

      100%

      Steps to reproduce

      1. Boot an AMD SEV-SNP enabled guest
      2. Generate an attestation report: snpguest report attestation-report.bin request-data.txt --random
      3. Fetch the VCEK certificate using the report: snpguest fetch vcek pem turin ./ attestation-report.bin
      4. Verify the certificate chain and attestation report: snpguest verify certs ./ snpguest verify attestation ./ attestation-report.bin

      Expected results

      VEK signed the Attestation Report!

      Actual results

      ERROR: VEK did NOT sign the Attestation Report!
      Error: VEK did NOT sign the Attestation Report!
      Error: Failed to verify attestation.

      additonal info

      With upstream snpguest version: snpguest-0.10.0, cannot reproduce this issue.

              tfanelli@redhat.com Tyler Fanelli
              jinl@redhat.com Jin Liu
              Tyler Fanelli Tyler Fanelli
              Jin Liu Jin Liu
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: