pvattest - Man Page
create, perform, and verify attestation measurements
Synopsis
pvattest [OPTIONS] <COMMAND>
Description
Create, perform, and verify attestation measurements for IBM Secure Execution guest systems.
Pvattest Commands
- create
Create an attestation measurement request
- perform
Send the attestation request to the Ultravisor
- verify
Verify an attestation response
- check
Check if the attestation result matches defined policies
Options
- -v, --verbose
Provide more detailed output.
- -q, --quiet
Provide less output.
- --version
Print version information and exit.
- -h, --help
Print help (see a summary with '-h').
Examples
For details refer to the man page of the command.
Create the request on a trusted system.
trusted:~$ pvattest create -k hkd.crt --cert CA.crt --cert ibmsk.crt --arpk arp.key -o attreq.bin
On the SE-guest, perform the attestation.
seguest:~$ pvattest perform attreq.bin attresp.bin
On a trusted system, verify that the response is correct. Here, the protection key from the creation and the SE-guest’s header is used to verify the measurement.
trusted:~$ pvattest verify -i attresp.bin --arpk arp.key --hdr se_guest.hdr trusted:~$ echo $? 0
If the measurements do not match pvattest exits with code 2 and emits an error message. The SE-guest attestation failed.
trusted:~$ pvattest verify -i wrongresp.bin --arpk arp.key --hdr se_guest.hdr ERROR: Attestation measurement verification failed: Calculated and received attestation measurement are not the same. trusted:~$ echo $? 2
See Also
pvattest-create(1) pvattest-perform(1) pvattest-verify(1) pvattest-check(1)
Referenced By
pvattest-check(1), pvattest-create(1), pvattest-perform(1), pvattest-verify(1).