这是indexloc提供的服务,不要输入任何密码
Skip to content

add support for SEV-SNP mitigation vector verification #179

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 13, 2025
Merged

add support for SEV-SNP mitigation vector verification #179

merged 1 commit into from
Nov 13, 2025

Conversation

@onlyshawn
Copy link
Collaborator

@onlyshawn onlyshawn commented Nov 11, 2025

This change updates the AttestationReport ABI to expose the LaunchMitigationVector (offset 0x1F8) and CurrentMitigationVector (offset 0x200) fields, as defined in recent AMD SEV-SNP specifications.

It also introduces new verification options:

  • MinimumLaunchMitigationVector
  • MinimumCurrentMitigationVector

These options allow users to enforce a minimum set of required security mitigations during report verification.

Also added unit tests to validate the new checks.

thomasten
thomasten suggested changes Nov 11, 2025
View reviewed changes
Copy link

@thomasten thomasten left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding this! Let's keep the logical separation between verify and validate.

@onlyshawn onlyshawn force-pushed the feature/add_mitigation_vector_check branch 3 times, most recently from 47c67a1 to fd477be Compare November 11, 2025 17:41
thomasten
thomasten approved these changes Nov 12, 2025
View reviewed changes
@onlyshawn onlyshawn force-pushed the feature/add_mitigation_vector_check branch from fd477be to 3b8ce63 Compare November 12, 2025 20:47
@onlyshawn onlyshawn requested a review from kongoshuu November 13, 2025 00:13
@onlyshawn onlyshawn merged commit e05a9e4 into google:main Nov 13, 2025
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kongoshuu kongoshuu kongoshuu approved these changes

+1 more reviewer

@thomasten thomasten thomasten approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@onlyshawn @kongoshuu @thomasten