pvattest - Man Page

pvattest [OPTIONS] <COMMAND>

Create, perform, and verify attestation measurements for IBM Secure Execution guest systems.

pvattest-create(1)

Create an attestation measurement request

pvattest-perform(1)

Send the attestation request to the Ultravisor

pvattest-verify(1)

Verify an attestation response

pvattest-check(1)

Check if the attestation result matches defined policies

-v,  --verbose

Provide more detailed output.

-q,  --quiet

Provide less output.

--version

Print version information and exit.

-h,  --help

Print help (see a summary with -h).

For details refer to the man page of the command.

Create the request on a trusted system.

	trusted:~$ pvattest create -k hkd.crt --cert CA.crt --cert ibmsk.crt --arpk arp.key -o attreq.bin

On the SE-guest, perform the attestation.

	seguest:~$ pvattest perform attreq.bin attresp.bin

On a trusted system, verify that the response is correct. Here, the protection key from the creation and the SE-guest’s header is used to verify the measurement.

	trusted:~$ pvattest verify -i attresp.bin --arpk arp.key --hdr se_guest.hdr
	trusted:~$ echo $?
	0

If the measurements do not match pvattest exits with code 2 and emits an error message. The SE-guest attestation failed.

	trusted:~$ pvattest verify -i wrongresp.bin --arpk arp.key --hdr se_guest.hdr
	ERROR: Attestation measurement verification failed:
	       Calculated and received attestation measurement are not the same.
	trusted:~$ echo $?
	2

pvattest-create(1) pvattest-perform(1) pvattest-verify(1) pvattest-check(1)

pvattest-check(1), pvattest-create(1), pvattest-perform(1), pvattest-verify(1).