Skip to content

fix(verify): verify SNP report signature + VCEK chain (cmcp#370)#386

Draft
imran-siddique wants to merge 2 commits into
mainfrom
fix/verify-report-signatures-370
Draft

fix(verify): verify SNP report signature + VCEK chain (cmcp#370)#386
imran-siddique wants to merge 2 commits into
mainfrom
fix/verify-report-signatures-370

Conversation

@imran-siddique

Copy link
Copy Markdown
Contributor

Draft. Closes the keystone hole from our attested-TLS POV review: the report_data binding was unfalsifiable because we never verified the report was silicon-signed.

What this does (SNP, fail-closed)

Tests

tests/unit/test_snp_signature_verify.py: 5 pass (valid verifies; tampered report fails closed; wrong pinned ARK fails closed), 1 skipped pending a real Azure SNP fixture (capture script: Product/Platform/attestation-capture/capture-snp-azure.sh in the notes store).

Not in this PR (follow-ups)

  • TDX DCAP verification + the real-quote report_data offset (cmcp#371) — needs the Azure TDX fixture.
  • TPM EK chain.

Note: the original implementation run stalled mid-stream; I reviewed the diff and ran the tests before committing.

…cp#370)

Previously cmcp bound a confirmation key into report_data and checked that
binding, but never verified the attestation report was genuinely silicon-signed,
so the binding was unfalsifiable. This adds, fail-closed:
  1. SNP report ECDSA-P384/SHA-384 signature verification against the VCEK, and
  2. VCEK -> ASK -> ARK cert-chain verification up to a caller-pinned AMD ARK.
No network at verify time: the VCEK/ASK/ARK chain travels with the claim
(passport model); the ARK is pinned out of band via trusted_ark_pem.

Tested against a synthetic ARK/ASK/VCEK chain: valid verifies, tampered report
fails closed, wrong pinned ARK fails closed. One test skipped pending a real
Azure SNP fixture (capture script in the notes store).

TDX (DCAP) and TPM EK paths are follow-ups; TDX also needs the real-quote
report_data offset for cmcp#371.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
… behavior (cmcp#370)

The chain is no longer 'always unverified'; with no cert chain + pinned ARK it
stays unverified with the new detail string, and with them supplied it now
verifies (test_snp_signature_verify.py). Adjust the stale assertion.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant