Feature: Boot the CVM based on the COCONUT-SVSM and fetch the attestation report #351

danko-miladinovic · 2025-01-10T14:09:10Z

Is your feature request related to a problem? Please describe.

We are moving forward with vTPM support. We will use COCONUT-SVSM for vTPM. The goal of this task to fetch the vTPM attestation along with SEV-SNP attestation, and to understand the values of PCR registers. Try to fetch the vTPM attestation using go-tpm-tools.

Describe the feature you are requesting, as well as the possible use case(s) for it.

The vTPM will be used to store the hashes of OVMF, kernel, initramfs and kernel command line. The hashes will be stored in PCR registers. The first step is to boot a confidential VM (CVM) with the vTPM and interact with the vTPM.

Deliverable

Successful boot of CVM with coconut-SVSM vTPM support
Code using go-tpm tools to connect to vTPM, retrieve attestation, and read PCR values
Document PCR values and possible challenges

Indicate the importance of this feature to you.

Must-have

Anything else?

No response

danko-miladinovic assigned dorcaslitunya Jan 10, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Feature: Boot the CVM based on the COCONUT-SVSM and fetch the attestation report #351

Feature: Boot the CVM based on the COCONUT-SVSM and fetch the attestation report #351

danko-miladinovic commented Jan 10, 2025 •

edited by SammyOina

Loading

Feature: Boot the CVM based on the COCONUT-SVSM and fetch the attestation report #351

Feature: Boot the CVM based on the COCONUT-SVSM and fetch the attestation report #351

Comments

danko-miladinovic commented Jan 10, 2025 • edited by SammyOina Loading

Is your feature request related to a problem? Please describe.

Describe the feature you are requesting, as well as the possible use case(s) for it.

Deliverable

Indicate the importance of this feature to you.

Anything else?

danko-miladinovic commented Jan 10, 2025 •

edited by SammyOina

Loading