pvattest - create, perform, and verify attestation measurements

Description

       Create, perform, and verify attestation measurements for IBM Secure Execution guest systems.

Examples

       For details refer to the man page of the command.

       Create the request on a trusted system.

            trusted:~$ pvattest create -k hkd.crt --cert CA.crt --cert ibmsk.crt --arpk arp.key -o attreq.bin

       On the SE-guest, perform the attestation.

            seguest:~$ pvattest perform attreq.bin attresp.bin

       On a trusted system, verify that the response is correct. Here, the protection key from the creation and
       the SE-guest’s header is used to verify the measurement.

            trusted:~$ pvattest verify -i attresp.bin --arpk arp.key --hdr se_guest.hdr
            trusted:~$ echo $?
            0

       If the measurements do not match pvattest exits with code 2 and emits an error message. The SE-guest
       attestation failed.

            trusted:~$ pvattest verify -i wrongresp.bin --arpk arp.key --hdr se_guest.hdr
            ERROR: Attestation measurement verification failed:
                   Calculated and received attestation measurement are not the same.
            trusted:~$ echo $?
            2

Name

pvattest - create, perform, and verify attestation measurements

Options

       -v, --verbose
           Provide more detailed output.

       -q, --quiet
           Provide less output.

       --version
           Print version information and exit.

       -h, --help
           Print help (see a summary with '-h').

Pvattest Commands

create
           Create an attestation measurement request

       perform
           Send the attestation request to the Ultravisor

       verify
           Verify an attestation response

       check
           Check if the attestation result matches defined policies