ClawHub

sev-attestation

v1.0.2

Perform AMD SEV-SNP remote attestation to cryptographically verify VM identity and integrity. Use when proving a VM is running in a genuine AMD SEV-SNP confidential computing environment, verifying VM integrity before trusting it with secrets, checking SEV-SNP availability, generating attestation reports, validating AMD certificate chains (ARK/ASK/VCEK), or debugging attestation failures.

1· 1.8k·0 current·0 all-time
by@xinyuwang
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included scripts: detection, report generation (via /dev/sev-guest), fetching AMD certificates from KDS, chain verification, and report signature verification. Required operations (accessing /dev/sev-guest, using snpguest, openssl, curl, xxd/python3) are appropriate for SEV‑SNP attestation and nothing in the files asks for unrelated cloud credentials or services.
Instruction Scope
SKILL.md and the scripts constrain actions to the attestation workflow: checking device/module, invoking snpguest or using OpenSSL to validate signatures, fetching certificates from AMD's KDS, and writing results to a local output directory. The instructions do not attempt to read unrelated user files or environment variables beyond optional debug/proxy settings. They do, however, parse and send chip-specific identifiers when fetching VCEK (expected for this task).
Install Mechanism
This is instruction-only (no automated install spec). The README/SKILL.md recommend installing snpguest via cargo and using common system tools (openssl, curl). Those recommendations are expected for the workflow; there are no opaque downloads from untrusted servers in the skill bundle itself. Installing snpguest will pull code from crates.io (standard practice) — review that package if you have supply-chain concerns.
Credentials
The skill declares no required environment variables or external credentials. It requires root or membership in the sev group to access /dev/sev-guest (legitimate for generating reports) and network access to AMD's KDS (kdsintf.amd.com) to fetch VCEK/ARK/ASK. The scripts do not request unrelated secrets or long lists of credentials.
Persistence & Privilege
The skill does not request persistent installation or force inclusion (always:false). It performs on-demand local operations and writes output to the specified output directory only. It does require elevated privileges to access the kernel device, which is appropriate for the stated purpose but means the user must run scripts as root or with proper device permissions.
Assessment
This skill appears to do exactly what it says: local SEV‑SNP attestation using /dev/sev-guest, snpguest or OpenSSL, and AMD's KDS. Before running it: 1) review the scripts (they are included) and confirm you are comfortable running them as root; 2) expect the fetch step to send chip identifiers and TCB fields to AMD's KDS (this is required to obtain the VCEK and may reveal hardware identifiers); 3) installing snpguest via cargo will pull code from crates.io—inspect that package if you have supply-chain concerns; 4) run in a trusted environment (attestation involves hardware identifiers and privileged device access) and, if using cloud VMs, check provider policies. If you want stricter assurance, run the manual OpenSSL verification path included so you can audit each step and avoid installing extra tooling.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cvzxayf9n5zs16wm6w2s0nn80d4dq
1.8kdownloads
1stars
3versions
Updated 1mo ago
v1.0.2
MIT-0
@xinyuwang
latest
Download

sev-attestation

AMD SEV-SNP remote attestation for cryptographic VM identity verification.

Description

Perform AMD SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging) remote attestation to cryptographically verify VM identity and integrity. Use this skill when:

  • Proving a VM is running in a genuine AMD SEV-SNP confidential computing environment
  • Verifying the integrity of a confidential VM before trusting it with secrets
  • Checking if SEV-SNP is available and properly configured
  • Generating attestation reports for remote verification
  • Validating AMD certificate chains (ARK → ASK → VCEK)
  • Debugging attestation failures or certificate issues

Keywords: SEV-SNP, attestation, confidential computing, AMD, VCEK, certificate chain, remote attestation, VM identity, TCB, measurement

Workflow

┌─────────────────────────────────────────────────────────────────┐
│                    SEV-SNP Attestation Flow                      │
└─────────────────────────────────────────────────────────────────┘
                              │
                              ▼
                    ┌─────────────────┐
                    │  1. Detection    │
                    │  Is SEV-SNP      │
                    │  available?      │
                    └────────┬────────┘
                             │
              ┌──────────────┴──────────────┐
              │                             │
              ▼                             ▼
        ┌─────────┐                   ┌─────────┐
        │   YES   │                   │   NO    │
        └────┬────┘                   └────┬────┘
             │                              │
             ▼                              ▼
    ┌─────────────────┐             ┌─────────────────┐
    │ 2. Generate     │             │ Exit with       │
    │    Report       │             │ helpful error   │
    └────────┬────────┘             └─────────────────┘
             │
             ▼
    ┌─────────────────┐
    │ 3. Display      │
    │    Report Info  │
    └────────┬────────┘
             │
             ▼
    ┌─────────────────┐
    │ 4. Fetch AMD    │
    │    Certificates │
    │ (ARK, ASK, VCEK)│
    └────────┬────────┘
             │
             ▼
    ┌─────────────────┐
    │ 5. Verify       │
    │    Cert Chain   │
    └────────┬────────┘
             │
             ▼
    ┌─────────────────┐
    │ 6. Verify       │
    │    Report Sig   │
    └────────┬────────┘
             │
             ▼
    ┌─────────────────┐
    │   PASSED or     │
    │   FAILED        │
    └─────────────────┘

Quick Start

Check if SEV-SNP is Available

./scripts/detect-sev-snp.sh

Run Full Attestation

./scripts/full-attestation.sh [output_dir]

This runs the complete 6-step attestation workflow and outputs PASSED or FAILED.

Individual Steps

Each step can be run independently for debugging or custom workflows:

ScriptPurpose
scripts/detect-sev-snp.shCheck SEV-SNP availability
scripts/generate-report.sh <output_dir>Generate attestation report with nonce
scripts/fetch-certificates.sh <report_file> <output_dir>Fetch AMD certificates from KDS
scripts/verify-chain.sh <certs_dir>Verify certificate chain
scripts/verify-report.sh <report_file> <certs_dir>Verify report signature

Prerequisites

  • snpguest: Rust CLI from virtee/snpguest
  • openssl: For certificate operations
  • curl: For fetching certificates from AMD KDS
  • Root access: Required to access /dev/sev-guest

Install snpguest:

cargo install snpguest

Reference Documentation

Technical Details

  • AMD KDS URL: https://kdsintf.amd.com
  • Certificate Chain: ARK (self-signed) → ASK → VCEK
  • Report Signature: ECDSA P-384
  • Device: /dev/sev-guest (requires root or sev group membership)

Comments

Loading comments...