Verifying a SecretVM
Last updated
Was this helpful?
Last updated
Was this helpful?
Clone the repository and follow instructions to build the four artifacts.
The following artifacts will be required:
ovmf.fd
- the OVMF-based firmware
bzImage
- the OS Kernel
initramfs.cpio.gz
- the compressed initial RAM filesystem (initramfs) image
rootfs.cpio
- the archive file containing the root file system
The source code for all the components is available in their respective repositories that can be found in Yocto Recipe files.
Alternatively, the artifacts can be downloaded from github .
We provide the tool (based on Phala's and Oasis' ) to perform the calculation of the relevant attestation report fields from the artifacts.
Run reproduce-mr passing all the necessary parameters to independently calculate the MRTD, RTMR0, RTMR1, RTMR2 and RTMR3 registers of the Attestation Report.
Example:
./reproduce-mr -fw ovmf.fd -kernel bzImage -initrd auto/initramfs.cpio.gz -dockercompose config/docker-compose.yaml -rootfs rootfs.iso -memory 2G -cpu 1 -cmdline "console=ttyS0 loglevel=7 clearcpuid=mtrr,rtmr ro initrd=initrd"
Sample output:
MRTD: ba87a347454466680bfd267446df89d8117c04ea9f28234dd3d84e1a8a957d5adaf02d4aa88433b559fb13bd40f0109e RTMR0: b6941a8c47be7050bdba6220b915e141c5e33b9c32d9446f743fe5e73cc7612f55acfa662262d1ea2b8017e519c07a7c RTMR1: 4afcac4edf01c068d1a623ec69519c9c3a7abc91e3e71a578a5ba346e60c02316d3eeee3a4237e9a4278f2af592211ec RTMR2: c8f67a1007adb5759cbb5d57b2136bcc54c2d2e4d3bac763b9de4cab78729752d4dff1f054bfbcb38443fa71460e37a2 RTMR3: 9959d12cfe7a120fe363e47e7accb9bd15fba4665bdb8b5186a2b57d7bf1999664a8295d51944f0227eb8ceaeefde133 MR_AGGREGATED: c3c786f51c9d0af4c05a695f84294860af80aed7a643e865b080c3be56fdbcc6 MR_IMAGE: efae035908324f4583713a3c9af4f30b1b87c33ec88ed29681742e13acb9e879