Sponsor:

Your company here — click to reach over 10,000 unique daily visitors

pvattest - Man Page

create, perform, and verify attestation measurements

Synopsis

pvattest [OPTIONS] <COMMAND>

Description

Create, perform, and verify attestation measurements for IBM Secure Execution guest systems.

Pvattest Commands

create

Create an attestation measurement request

perform

Send the attestation request to the Ultravisor

verify

Verify an attestation response

version

Print version information and exit

Options

-v,  --verbose

Provide more detailed output.

--version

Print version information and exit.

-h,  --help

Print help (see a summary with '-h').

Examples

For details refer to the man page of the command.

Create the request on a trusted system.

	trusted:~$ pvattest create -k hkd.crt --cert CA.crt --cert ibmsk.crt --arpk arp.key -o attreq.bin

On the SE-guest, perform the attestation.

	seguest:~$ pvattest perform attreq.bin attresp.bin

On a trusted system, verify that the response is correct. Here, the protection key from the creation and the SE-guest’s header is used to verify the measurement.

	trusted:~$ pvattest verify -i attresp.bin --arpk arp.key --hdr se_guest.hdr
	trusted:~$ echo $?
	0

If the measurements do not match pvattest exits with code 2 and emits an error message. The SE-guest attestation failed.

	trusted:~$ pvattest verify -i wrongresp.bin --arpk arp.key --hdr se_guest.hdr
	ERROR: Attestation measurement verification failed:
	       Calculated and received attestation measurement are not the same.
	trusted:~$ echo $?
	2

See Also

pvattest-create(1) pvattest-perform(1) pvattest-verify(1)

Referenced By

pvattest-create(1), pvattest-perform(1), pvattest-verify(1).

2024-05-15 s390-tools Attestation Manual