@super-protocol/addons-tee 0.9.10 → 2.0.0

package/bindings/sp-sev/docs/attestation/process.msc

@@ -1,60 +0,0 @@
-# Commits which modify this file MUST generate the new .png!
-msc {
-  tenant     [textbgcolor="green"],
-  host       [textbgcolor="red"],
-  bios       [textbgcolor="orange"],
-  bootloader [textbgcolor="orange"],
-  kernel     [textbgcolor="orange"],
-  psp        [textbgcolor="yellow"];
-
-  tenant=>host [label="cert chain request"];
-  host=>psp [label="cert chain request"];
-  psp=>host [label="cert chain reply\n(w/ firmware version)"];
-  host=>tenant [label="cert chain reply\n(w/ firmware version)"];
-
-  ...;
-
-  tenant box tenant [label="validate cert chain"];
-  tenant box tenant [label="validate fw version"];
-  tenant box tenant [label="craft exec policy"];
-  tenant box tenant [label="random cdh keypair"];
-  tenant box tenant [label="random tek/tik"];
-
-
-  tenant box tenant [label="DH(cdh, pdh) => z"];
-  tenant box tenant [label="KDF(z) => master"];
-  tenant box tenant [label="KDF(master) => kek"];
-  tenant box tenant [label="KDF(master) => kik"];
-
-  tenant => host [label="CDH, MAC(tik, policy),\nMAC(kik, ENC(kek, tek||tik))"];
-  host => psp [label="CDH, MAC(tik, policy),\nMAC(kik, ENC(kek, tek||tik))"];
-
-  psp box psp [label="DH(cdh, pdh) => z"];
-  psp box psp [label="KDF(z) => master"];
-  psp box psp [label="KDF(master) => kek"];
-  psp box psp [label="KDF(master) => kik"];
-
-  psp box psp [label="check MAC(kik, ...)"];
-  psp box psp [label="DEC(kek, tek||tik)"];
-
-  host => psp [label="guest pages"];
-  psp box psp [label="measure guest pages"];
-
-  psp => host [label="MAC(tik, measurement)"];
-  host => tenant [label="MAC(tik, measurement)"];
-
-  tenant box tenant [label="validate measure"];
-  tenant box tenant [label="prepare metadata"];
-  tenant => host [label="enc = ENC(tek, metadata)\nMAC(tik, enc)"];
-  host => psp [label="enc = ENC(tek, metadata)\nMAC(tik, enc)"];
-
-  psp => bios [label="decrypt metadata into guest memory"];
-
-  --- [label="VM START"];
-
-  bios => bootloader [label="metadata"];
-  bootloader => kernel [label="metadata"];
-  kernel box kernel [label="unlock volume"];
-
-  --- [label="BOOT COMPLETE"];
-}

package/bindings/sp-sev/docs/attestation/protections.md

@@ -1,53 +0,0 @@
-# Protections
-
-An SEV-enabled guest will be protected from a number of potential threats.
-
-These threats are broadly categorized like so:
-
-**Confidentiality**: Anything that could disclose and/or read the contents of the virtual machine without
-its explicit permission is a threat to the virtual machine's confidentiality.
-
-**Integrity**: The virtual machine must always see the data that it last wrote. If this invariant is broken,
-then the integrity of the virtual machine is compromised.
-
-**Physical Access Attacks**: An attacker with a substantial level of access to the physical hardware may use
-this access to conduct attacks on the system and virtual machines running on it.
-
-**Miscellaneous**: An attack which doesn't fit in as nicely to any of the other above categories.
-
-Table legend:
-
-* :heavy\_check\_mark:: indicates that this attack is thwarted by an SEV feature.
-
-* :star2:: indicates that this mitigation may be optionally enabled.
-
-* : an empty cell indicates that the attack is *not* mitigated by that technology.
-
-| **Confidentiality** | **SEV** | **SEV-ES** | **SEV-SNP** |
-| ------------------: | :-----: | :--------: | :---------: |
-| VM Memory (*ex: Hypervisor reads private VM memory*) | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: |
-| VM Register State (*ex: Hypervisor attempts to read VM register context*) | | :heavy\_check\_mark: | :heavy\_check\_mark: |
-| DMA Protection (*ex: Device attempts to read VM memory*) | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: |
-| **Integrity** | **SEV** | **SEV-ES** | **SEV-SNP** |
-| Replay Protection (*ex: VM memory is replaced with an old copy*) | | | :heavy\_check\_mark: |
-| Data Corruption (*ex: VM memory is replaced with junk data*) | | | :heavy\_check\_mark: |
-| Memory Aliasing (*ex: Hypervisor maps two guest pages to same DRAM page*) | | | :heavy\_check\_mark: |
-| Memory Re-mapping (*ex: Hypervisor switches DRAM page mapped to a guest page*) | | | :heavy\_check\_mark: |
-| **Availability** | **SEV** | **SEV-ES** | **SEV-SNP** |
-| Guest to Host Denial of Service (*ex: Guest refuses to yield/exit*) | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: |
-| Host to Guest Denial of Service (*ex: Host refuses to run guest*) | | | |
-| **Physical Access Attacks** | **SEV** | **SEV-ES** | **SEV-SNP** |
-| Offline DRAM analysis (*ex: Cold boot*) | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: |
-| Active DRAM corruption (*ex: Manipulate DDR bus while VM is running*) | | | |
-| **Miscellaneous Attacks** | **SEV** | **SEV-ES** | **SEV-SNP** |
-| TCB Rollback (*ex: AMD-SP firmware is reverted to older version*) | | | :heavy\_check\_mark: |
-| Malicious Interrupt/Exception Injection (*ex: interrupt injected while RFLAGS.IF=0*) | | | :star2: |
-| Indirect Branch Predictor Poisoning (*ex: Poison BTB from hypervisor*) | | | :star2: |
-| Secure Hardware Debug Registers (*ex: Breakpoints changed during debugging*) | | | :star2: |
-| Trusted CPUID Information (*ex: Hypervisor lies about platform capabilities*) | | | :star2: |
-| Architectural Side Channels (*ex: PRIME+PROBE to track VM accesses*) | | | |
-| Page-level Side Channels (*ex: Track VM access patterns through page tables*) | | | |
-| Performance Counter Tracking (*ex: Fingerprint VM workloads by performance data*) | | | |
-
-*The table above was taken directly from the [AMD SEV-SNP Whitepaper (Table 1: Threat Model)](
-https://www.amd.com/system/files/TechDocs/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf).*

package/bindings/sp-sev/package-version.py

@@ -1,11 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-
-#!/usr/bin/env python3
-import json
-import subprocess
-
-try:
-    out = subprocess.check_output(["cargo", "read-manifest"])
-    print(json.loads(out)["version"])
-except FileNotFoundError:
-    print("unknown")

package/bindings/sp-sev/tests/api.rs

@@ -1,194 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0
-
-#[cfg(all(feature = "sev", target_os = "linux"))]
-mod sev {
-    #[cfg(feature = "dangerous_hw_tests")]
-    use serial_test::serial;
-    #[cfg(feature = "dangerous_hw_tests")]
-    use sev::cached_chain;
-    use sev::{
-        certs::sev::sev::Usage,
-        firmware::host::{Build, Firmware, Version},
-    };
-
-    #[cfg(feature = "dangerous_hw_tests")]
-    #[cfg_attr(not(host), ignore)]
-    #[test]
-    #[serial]
-    fn platform_reset() {
-        let mut fw = Firmware::open().unwrap();
-        fw.platform_reset().unwrap();
-        cached_chain::rm_cached_chain();
-    }
-
-    #[cfg_attr(not(host), ignore)]
-    #[test]
-    fn platform_status() {
-        let mut fw = Firmware::open().unwrap();
-        let status = fw.platform_status().unwrap();
-        assert!(
-            status.build
-                > Build {
-                    version: Version {
-                        major: 0,
-                        minor: 14
-                    },
-                    ..Default::default()
-                }
-        );
-    }
-
-    #[cfg(feature = "dangerous_hw_tests")]
-    #[cfg_attr(not(host), ignore)]
-    #[test]
-    #[serial]
-    fn pek_generate() {
-        let mut fw = Firmware::open().unwrap();
-        fw.pek_generate().unwrap();
-        cached_chain::rm_cached_chain();
-    }
-
-    #[cfg_attr(not(host), ignore)]
-    #[test]
-    fn pek_csr() {
-        let mut fw = Firmware::open().unwrap();
-        let pek = fw.pek_csr().unwrap();
-        assert_eq!(pek, Usage::PEK);
-    }
-
-    #[cfg(feature = "dangerous_hw_tests")]
-    #[cfg_attr(not(host), ignore)]
-    #[test]
-    #[serial]
-    fn pdh_generate() {
-        let mut fw = Firmware::open().unwrap();
-        fw.pdh_generate().unwrap();
-        cached_chain::rm_cached_chain();
-    }
-
-    #[cfg(feature = "openssl")]
-    #[cfg_attr(not(host), ignore)]
-    #[test]
-    fn pdh_cert_export() {
-        use sev::certs::sev::Verifiable;
-
-        let mut fw = Firmware::open().unwrap();
-        let chain = fw.pdh_cert_export().unwrap();
-
-        assert_eq!(chain.pdh, Usage::PDH);
-        assert_eq!(chain.pek, Usage::PEK);
-        assert_eq!(chain.oca, Usage::OCA);
-        assert_eq!(chain.cek, Usage::CEK);
-
-        chain.verify().unwrap();
-    }
-
-    #[cfg(all(feature = "openssl", feature = "dangerous_hw_tests"))]
-    #[cfg_attr(not(host), ignore)]
-    #[test]
-    #[serial]
-    fn pek_cert_import() {
-        use sev::certs::sev::{sev::Certificate, Signer, Verifiable};
-
-        let mut fw = Firmware::open().unwrap();
-
-        let (mut oca, key) = Certificate::generate(Usage::OCA).unwrap();
-        key.sign(&mut oca).unwrap();
-
-        let mut pek = fw.pek_csr().unwrap();
-        key.sign(&mut pek).unwrap();
-
-        fw.pek_cert_import(&pek, &oca).unwrap();
-
-        let chain = fw.pdh_cert_export().unwrap();
-        assert_eq!(oca, chain.oca);
-        chain.verify().unwrap();
-
-        fw.platform_reset().unwrap();
-    }
-
-    #[cfg_attr(not(host), ignore)]
-    #[test]
-    fn get_identifier() {
-        let mut fw = Firmware::open().unwrap();
-        let id = fw.get_identifier().unwrap();
-        assert_ne!(Vec::from(id), vec![0u8; 64]);
-    }
-}
-
-#[cfg(all(feature = "snp", target_os = "linux"))]
-mod snp {
-    use serial_test::serial;
-    use sev::firmware::host::{Config, Firmware, MaskId, SnpPlatformStatus, TcbVersion};
-
-    #[cfg_attr(not(host), ignore)]
-    #[test]
-    fn get_identifier() {
-        let mut fw = Firmware::open().unwrap();
-        let id = fw.get_identifier().unwrap();
-        assert_ne!(Vec::from(id), vec![0u8; 64]);
-    }
-
-    #[cfg_attr(not(host), ignore)]
-    #[test]
-    fn platform_status() {
-        let mut fw: Firmware = Firmware::open().unwrap();
-        let status: SnpPlatformStatus = fw.snp_platform_status().unwrap();
-
-        println!(
-            "Platform status ioctl results:
-              version (major, minor): {}.{}
-              build id: {}
-              guests: {}
-              platform tcb microcode version: {}
-              platform tcb snp version: {}
-              platform tcb tee version: {}
-              platform tcb bootloader version: {}
-              reported tcb microcode version: {}
-              reported tcb snp version: {}
-              reported tcb tee version: {}
-              reported tcb bootloader version: {}
-              state: {}",
-            status.version.0,
-            status.version.1,
-            status.build_id,
-            status.guest_count,
-            status.platform_tcb_version.microcode,
-            status.platform_tcb_version.snp,
-            status.platform_tcb_version.tee,
-            status.platform_tcb_version.bootloader,
-            status.reported_tcb_version.microcode,
-            status.reported_tcb_version.snp,
-            status.reported_tcb_version.tee,
-            status.reported_tcb_version.bootloader,
-            status.state
-        );
-    }
-
-    #[cfg_attr(not(all(host, feature = "dangerous_hw_tests")), ignore)]
-    #[test]
-    #[serial]
-    fn commit_snp() {
-        let mut fw: Firmware = Firmware::open().unwrap();
-        fw.snp_commit().unwrap();
-    }
-
-    #[cfg_attr(not(all(host, feature = "dangerous_hw_tests")), ignore)]
-    #[test]
-    #[serial]
-    fn set_config_generation() {
-        let mut fw: Firmware = Firmware::open().unwrap();
-
-        fw.snp_set_config(Config::default()).unwrap();
-    }
-
-    #[cfg_attr(not(all(host, feature = "dangerous_hw_tests")), ignore)]
-    #[test]
-    #[serial]
-    fn test_host_fw_error() {
-        let mut fw: Firmware = Firmware::open().unwrap();
-        let invalid_config = Config::new(TcbVersion::new(None, 100, 100, 100, 100), MaskId(31));
-        let fw_error = fw.snp_set_config(invalid_config).unwrap_err().to_string();
-        assert_eq!(fw_error, "Firmware Error Encountered: Known SEV FW Error: Status Code: 0x16: Given parameter is invalid.")
-    }
-}

package/bindings/sp-sev/tests/certs.rs

@@ -1,142 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0
-
-#[cfg(feature = "sev")]
-mod naples;
-
-#[cfg(feature = "sev")]
-mod rome;
-
-#[cfg(all(feature = "openssl", feature = "sev"))]
-mod sev {
-    use super::*;
-
-    #[test]
-    fn test_for_verify_false_positive() {
-        use ::sev::certs::sev::*;
-        use codicon::Decoder;
-
-        // https://github.com/enarx/enarx/issues/520
-        let naples_cek = sev::Certificate::decode(&mut &naples::CEK[..], ()).unwrap();
-        let rome_ask = ca::Certificate::decode(&mut &builtin::rome::ASK[..], ()).unwrap();
-        assert!((&rome_ask, &naples_cek).verify().is_err());
-    }
-}
-
-#[cfg(all(feature = "snp", any(feature = "openssl", feature = "crypto_nossl")))]
-mod snp {
-
-    use sev::certs::snp::{builtin::milan, ca, Certificate, Chain, Verifiable};
-
-    const TEST_MILAN_VCEK_DER: &[u8] = include_bytes!("certs_data/vcek_milan.der");
-
-    #[cfg(feature = "openssl")]
-    const TEST_TURIN_VCEK_DER: &[u8] = include_bytes!("certs_data/vcek_turin.der");
-
-    const TEST_MILAN_ATTESTATION_REPORT: &[u8] = include_bytes!("certs_data/report_milan.hex");
-
-    #[cfg(feature = "openssl")]
-    const TEST_MILAN_CA: &[u8] = include_bytes!("certs_data/cert_chain_milan");
-
-    #[cfg(feature = "openssl")]
-    const TEST_TURIN_CA: &[u8] = include_bytes!("certs_data/cert_chain_turin");
-
-    #[test]
-    fn milan_chain() {
-        let ark = milan::ark().unwrap();
-        let ask = milan::ask().unwrap();
-        let vcek = Certificate::from_der(TEST_MILAN_VCEK_DER).unwrap();
-
-        let ca = ca::Chain { ark, ask };
-
-        let chain = Chain {
-            ca,
-            vek: vcek.clone(),
-        };
-
-        assert_eq!(chain.verify().ok(), Some(&vcek));
-    }
-
-    #[test]
-    fn milan_chain_invalid() {
-        let ark = milan::ark().unwrap();
-        let ask = milan::ask().unwrap();
-        let vcek = {
-            let mut buf = TEST_MILAN_VCEK_DER.to_vec();
-            buf[40] ^= 0xff;
-            Certificate::from_der(&buf).unwrap()
-        };
-
-        let ca = ca::Chain { ark, ask };
-
-        let chain = Chain { ca, vek: vcek };
-
-        assert_eq!(chain.verify().ok(), None);
-    }
-
-    #[test]
-    fn milan_report() {
-        use sev::firmware::guest::AttestationReport;
-
-        let ark = milan::ark().unwrap();
-        let ask = milan::ask().unwrap();
-        let vcek = Certificate::from_der(TEST_MILAN_VCEK_DER).unwrap();
-
-        let ca = ca::Chain { ark, ask };
-
-        let chain = Chain { ca, vek: vcek };
-
-        let report_bytes = hex::decode(TEST_MILAN_ATTESTATION_REPORT).unwrap();
-        let report: AttestationReport = AttestationReport::from_bytes(&report_bytes).unwrap();
-
-        assert_eq!((&chain, &report).verify().ok(), Some(()));
-    }
-
-    #[test]
-    fn milan_report_invalid() {
-        use sev::firmware::guest::AttestationReport;
-
-        let ark = milan::ark().unwrap();
-        let ask = milan::ask().unwrap();
-        let vcek = Certificate::from_der(TEST_MILAN_VCEK_DER).unwrap();
-
-        let ca = ca::Chain { ark, ask };
-
-        let chain = Chain { ca, vek: vcek };
-
-        let mut report_bytes = hex::decode(TEST_MILAN_ATTESTATION_REPORT).unwrap();
-        report_bytes[21] ^= 0x80;
-        let report = AttestationReport::from_bytes(&report_bytes).unwrap();
-
-        assert_eq!((&chain, &report).verify().ok(), None);
-    }
-
-    #[cfg(feature = "openssl")]
-    #[test]
-    fn milan_ca_stack() {
-        let vcek = Certificate::from_der(TEST_MILAN_VCEK_DER).unwrap();
-
-        let ca = ca::Chain::from_pem_bytes(TEST_MILAN_CA).unwrap();
-
-        let chain = Chain {
-            ca,
-            vek: vcek.clone(),
-        };
-
-        assert_eq!(chain.verify().ok(), Some(&vcek));
-    }
-
-    #[cfg(feature = "openssl")]
-    #[test]
-    fn turin_ca_stack() {
-        let vcek = Certificate::from_der(TEST_TURIN_VCEK_DER).unwrap();
-
-        let ca = ca::Chain::from_pem_bytes(TEST_TURIN_CA).unwrap();
-
-        let chain = Chain {
-            ca,
-            vek: vcek.clone(),
-        };
-
-        assert_eq!(chain.verify().ok(), Some(&vcek));
-    }
-}

package/bindings/sp-sev/tests/certs_data/cert_chain_milan

@@ -1,74 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIGiTCCBDigAwIBAgIDAQABMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC
-BQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS
-BgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg
-Q2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp
-Y2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTgyNDIwWhcNNDUxMDIy
-MTgyNDIwWjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS
-BgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j
-ZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJU0VWLU1pbGFuMIICIjANBgkqhkiG
-9w0BAQEFAAOCAg8AMIICCgKCAgEAnU2drrNTfbhNQIllf+W2y+ROCbSzId1aKZft
-2T9zjZQOzjGccl17i1mIKWl7NTcB0VYXt3JxZSzOZjsjLNVAEN2MGj9TiedL+Qew
-KZX0JmQEuYjm+WKksLtxgdLp9E7EZNwNDqV1r0qRP5tB8OWkyQbIdLeu4aCz7j/S
-l1FkBytev9sbFGzt7cwnjzi9m7noqsk+uRVBp3+In35QPdcj8YflEmnHBNvuUDJh
-LCJMW8KOjP6++Phbs3iCitJcANEtW4qTNFoKW3CHlbcSCjTM8KsNbUx3A8ek5EVL
-jZWH1pt9E3TfpR6XyfQKnY6kl5aEIPwdW3eFYaqCFPrIo9pQT6WuDSP4JCYJbZne
-KKIbZjzXkJt3NQG32EukYImBb9SCkm9+fS5LZFg9ojzubMX3+NkBoSXI7OPvnHMx
-jup9mw5se6QUV7GqpCA2TNypolmuQ+cAaxV7JqHE8dl9pWf+Y3arb+9iiFCwFt4l
-AlJw5D0CTRTC1Y5YWFDBCrA/vGnmTnqG8C+jjUAS7cjjR8q4OPhyDmJRPnaC/ZG5
-uP0K0z6GoO/3uen9wqshCuHegLTpOeHEJRKrQFr4PVIwVOB0+ebO5FgoyOw43nyF
-D5UKBDxEB4BKo/0uAiKHLRvvgLbORbU8KARIs1EoqEjmF8UtrmQWV2hUjwzqwvHF
-ei8rPxMCAwEAAaOBozCBoDAdBgNVHQ4EFgQUO8ZuGCrD/T1iZEib47dHLLT8v/gw
-HwYDVR0jBBgwFoAUhawa0UP3yKxV1MUdQUir1XhK1FMwEgYDVR0TAQH/BAgwBgEB
-/wIBADAOBgNVHQ8BAf8EBAMCAQQwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cHM6Ly9r
-ZHNpbnRmLmFtZC5jb20vdmNlay92MS9NaWxhbi9jcmwwRgYJKoZIhvcNAQEKMDmg
-DzANBglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKID
-AgEwowMCAQEDggIBAIgeUQScAf3lDYqgWU1VtlDbmIN8S2dC5kmQzsZ/HtAjQnLE
-PI1jh3gJbLxL6gf3K8jxctzOWnkYcbdfMOOr28KT35IaAR20rekKRFptTHhe+DFr
-3AFzZLDD7cWK29/GpPitPJDKCvI7A4Ug06rk7J0zBe1fz/qe4i2/F12rvfwCGYhc
-RxPy7QF3q8fR6GCJdB1UQ5SlwCjFxD4uezURztIlIAjMkt7DFvKRh+2zK+5plVGG
-FsjDJtMz2ud9y0pvOE4j3dH5IW9jGxaSGStqNrabnnpF236ETr1/a43b8FFKL5QN
-mt8Vr9xnXRpznqCRvqjr+kVrb6dlfuTlliXeQTMlBoRWFJORL8AcBJxGZ4K2mXft
-l1jU5TLeh5KXL9NW7a/qAOIUs2FiOhqrtzAhJRg9Ij8QkQ9Pk+cKGzw6El3T3kFr
-Eg6zkxmvMuabZOsdKfRkWfhH2ZKcTlDfmH1H0zq0Q2bG3uvaVdiCtFY1LlWyB38J
-S2fNsR/Py6t5brEJCFNvzaDky6KeC4ion/cVgUai7zzS3bGQWzKDKU35SqNU2WkP
-I8xCZ00WtIiKKFnXWUQxvlKmmgZBIYPe01zD0N8atFxmWiSnfJl690B9rJpNR/fI
-ajxCW3Seiws6r1Zm+tCuVbMiNtpS9ThjNX4uve5thyfE2DgoxRFvY1CsoF5M
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIGYzCCBBKgAwIBAgIDAQAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC
-BQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS
-BgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg
-Q2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp
-Y2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTcyMzA1WhcNNDUxMDIy
-MTcyMzA1WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS
-BgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j
-ZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLU1pbGFuMIICIjANBgkqhkiG
-9w0BAQEFAAOCAg8AMIICCgKCAgEA0Ld52RJOdeiJlqK2JdsVmD7FktuotWwX1fNg
-W41XY9Xz1HEhSUmhLz9Cu9DHRlvgJSNxbeYYsnJfvyjx1MfU0V5tkKiU1EesNFta
-1kTA0szNisdYc9isqk7mXT5+KfGRbfc4V/9zRIcE8jlHN61S1ju8X93+6dxDUrG2
-SzxqJ4BhqyYmUDruPXJSX4vUc01P7j98MpqOS95rORdGHeI52Naz5m2B+O+vjsC0
-60d37jY9LFeuOP4Meri8qgfi2S5kKqg/aF6aPtuAZQVR7u3KFYXP59XmJgtcog05
-gmI0T/OitLhuzVvpZcLph0odh/1IPXqx3+MnjD97A7fXpqGd/y8KxX7jksTEzAOg
-bKAeam3lm+3yKIcTYMlsRMXPcjNbIvmsBykD//xSniusuHBkgnlENEWx1UcbQQrs
-+gVDkuVPhsnzIRNgYvM48Y+7LGiJYnrmE8xcrexekBxrva2V9TJQqnN3Q53kt5vi
-Qi3+gCfmkwC0F0tirIZbLkXPrPwzZ0M9eNxhIySb2npJfgnqz55I0u33wh4r0ZNQ
-eTGfw03MBUtyuzGesGkcw+loqMaq1qR4tjGbPYxCvpCq7+OgpCCoMNit2uLo9M18
-fHz10lOMT8nWAUvRZFzteXCm+7PHdYPlmQwUw3LvenJ/ILXoQPHfbkH0CyPfhl1j
-WhJFZasCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSFrBrRQ/fI
-rFXUxR1BSKvVeErUUzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG
-KWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvTWlsYW4vY3JsMEYGCSqG
-SIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI
-AWUDBAICBQCiAwIBMKMDAgEBA4ICAQC6m0kDp6zv4Ojfgy+zleehsx6ol0ocgVel
-ETobpx+EuCsqVFRPK1jZ1sp/lyd9+0fQ0r66n7kagRk4Ca39g66WGTJMeJdqYriw
-STjjDCKVPSesWXYPVAyDhmP5n2v+BYipZWhpvqpaiO+EGK5IBP+578QeW/sSokrK
-dHaLAxG2LhZxj9aF73fqC7OAJZ5aPonw4RE299FVarh1Tx2eT3wSgkDgutCTB1Yq
-zT5DuwvAe+co2CIVIzMDamYuSFjPN0BCgojl7V+bTou7dMsqIu/TW/rPCX9/EUcp
-KGKqPQ3P+N9r1hjEFY1plBg93t53OOo49GNI+V1zvXPLI6xIFVsh+mto2RtgEX/e
-pmMKTNN6psW88qg7c1hTWtN6MbRuQ0vm+O+/2tKBF2h8THb94OvvHHoFDpbCELlq
-HnIYhxy0YKXGyaW1NjfULxrrmxVW4wcn5E8GddmvNa6yYm8scJagEi13mhGu4Jqh
-3QU3sf8iUSUr09xQDwHtOQUVIqx4maBZPBtSMf+qUDtjXSSq8lfWcd8bLr9mdsUn
-JZJ0+tuPMKmBnSH860llKk+VpVQsgqbzDIvOLvD6W1Umq25boxCYJ+TuBoa4s+HH
-CViAvgT9kf/rBq1d+ivj6skkHxuzcxbk1xv6ZGxrteJxVH7KlX7YRdZ6eARKwLe4
-AFZEAwoKCQ==
------END CERTIFICATE-----

package/bindings/sp-sev/tests/certs_data/cert_chain_turin

@@ -1,74 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIGiTCCBDigAwIBAgIDAwABMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC
-BQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS
-BgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg
-Q2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp
-Y2VzMRIwEAYDVQQDDAlBUkstVHVyaW4wHhcNMjMwNTE1MjAyNTIxWhcNNDgwNTE1
-MjAyNTIxWjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS
-BgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j
-ZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJU0VWLVR1cmluMIICIjANBgkqhkiG
-9w0BAQEFAAOCAg8AMIICCgKCAgEAnvg5Grv2Emd9lAhKdO64RXU3UESb6JTm0Hhz
-evx1PyxinxYqJL329qTJM0XmdozLYb7rsHxgM5I2pU18M8gect2pN/YB2LQ1/bIq
-37TPDbg7ym0MN6KkZ6aERxAX0voYtdDyNxjDAUjpRpCe1FccAev/Es2n/Fz1G1Tm
-C2XepTQqaKpmt6mnDWSCHCVsQoY0gSibeaG6doM6OiNUCbKXaC7KHH5b/96BD1DJ
-84M+JHqPClFhHqUJwzKF5Qxj4wgWAZzK8UPhiNGjrF6+TBdlFGdSzEqw1jOrCTHd
-uYyLK+5OQ3OIw4S+vZeOVoxJajTIWdsqYP2DLc0HkL0qWOumEOrrc2/4DeETShB0
-MyIpH05kSalyQN2eN5P6ptOB84hddCdbJPEepnD+FqQap1ukw3K8uBcgeBSAF23r
-6UtT8Uc5h7MsWX3MoZiEHcSkDQQ8IedTk7CLjsK6S7b/lfKqfYiRhKgGkRvsEd/M
-DNcumHZKIgzasJwgagzSggiUo9jXp3EWm84fqyxNXzSutPB7qD5P/ULAB+q9Qgvr
-zC8XneaLP0MNrHhM80UejmsBTIktMvFoWVIelYDLdcoi0eMD5DRccfsgrYaY6h/+
-/qf9tgg+mX09UJpuSPRF38oyqnNNFMl5v/tWLgUsChPU6NCQC17Qaqr8mu2ynyyu
-HEs5JVUCAwEAAaOBozCBoDAdBgNVHQ4EFgQUbYJXt6v2sMgUALjxD0WvG9aq628w
-HwYDVR0jBBgwFoAUZKBfceMMCmTYO3XlAVmeK+4GA0QwEgYDVR0TAQH/BAgwBgEB
-/wIBADAOBgNVHQ8BAf8EBAMCAQQwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cHM6Ly9r
-ZHNpbnRmLmFtZC5jb20vdmNlay92MS9UdXJpbi9jcmwwRgYJKoZIhvcNAQEKMDmg
-DzANBglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKID
-AgEwowMCAQEDggIBAAXWJ3DPahralt5kXLPMm9oKlFRqeU3HcS7kA+VBlBA1lQRU
-hXkbXnTvW1GZcgdZvNCB/VlET61KbCzoFIhPIESVjjb/xWX2kg3X0HHmh1EtCDbH
-aUFM5rq6l+S1h7qOauRZebvrwApDzAANvW0LTHRumfGm/kqh9NDtVCIWPUZ1VQIg
-Gx1T3dwmgOK8ncT1J3W5xIyS0Xu3KC6w7oBlq8G2pPgTcCBJ4JBCTXCEXiAAGaTR
-/TJIaSzoZFLhxYhCMjP8WQGToPGDK2i/lZhkcGHnJOQ+lgrXfpLGqBtLlS3QODyV
-P0MomczG4dqw3THP3Y8Aq9c2KE7SylAKsS/bBKCqkj4OrABkDSkMQEz3BBoFD63a
-D5ZG/Qiz+tmhnptyPVcweC9uJlSWYm25KiV4lT52uBjxatDZKQcrpdgcU8+ozzKU
-8ICnZPOwfWeyuNMq/juyd/rzg5IePyyvt+13aJ5MlZBXZxJKoxCYIMKUwZigf0Xs
-BteT8gw10/xk5smIFIB2ERtTQPMuTENgrPTUjOeiqmBg663c2dLVol+MDiT4ltqf
-Em4Kl/cc4f+H6bEwhj1QKAN2ipRf+mP0NfzJb+6ZHNsOvyq/WByYpLXV9JJoiDW/
-8RZwPU/Mn7IuQBauCy78G7FS0ta3q1et74faYBBgeJ6awEasa25CvmsmlU0R
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIGYzCCBBKgAwIBAgIDAwAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC
-BQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS
-BgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg
-Q2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp
-Y2VzMRIwEAYDVQQDDAlBUkstVHVyaW4wHhcNMjMwNTE1MjAwMzEyWhcNNDgwNTE1
-MjAwMzEyWjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS
-BgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j
-ZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLVR1cmluMIICIjANBgkqhkiG
-9w0BAQEFAAOCAg8AMIICCgKCAgEAwaAriB7EIuVc4ZB1wD3YfDxL+9eyS7+izm0J
-j3W772NINCWl8Bj3w/JD2ZjmbRxWdIq/4d9iarCKorXloJUB1jRdgxqccTx1aOoi
-g4+2w1XhVVJT7K457wT5ZLNJgQaxqa9Etkwjd6+9sOhlCDE9l43kQ0R2BikVJa/u
-yyVOSwEk5w5tXKOuG9jvq6QtAMJasW38wlqRDaKEGtZ9VUgGon27ZuL4sTJuC/az
-z9/iQBw8kEilzOl95AiTkeY5jSEBDWbAqnZk5qlM7kISKG20kgQm14mhNKDI2p2o
-ua+zuAG7i52epoRF2GfU0TYk/yf+vCNB2tnechFQuP2e8bLk95ZdqPi9/UWw4JXj
-tdEA4u2JYplSSUPQVAXKt6LVqujtJcM59JKr2u0XQ75KwxcMp15gSXhBfInvPAwu
-AY4dEwwGqT8oIg4esPHwEsmChhYeDIxPG9R4fx9O0q6p8Gb+HXlTiS47P9YNeOpi
-dOUKzDl/S1OvyhDtSL8LJc24QATFydo/iD/KUdvFTRlD0crkAMkZLoWQ8hLDGc6B
-ZJXsdd7Zf2e4UW3tI/1oh/2t23Ot3zyhTcv5gDbABu0LjVe98uRnS15SMwK//lJt
-9e5BqKvgABkSoABf+B4VFtPVEX0ygrYaFaI9i5ABrxnVBmzXpRb21iI1NlNCfOGU
-PIhVpWECAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRkoF9x4wwK
-ZNg7deUBWZ4r7gYDRDAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG
-KWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvVHVyaW4vY3JsMEYGCSqG
-SIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI
-AWUDBAICBQCiAwIBMKMDAgEBA4ICAQA/i6Mz4IETMK8YU/HxP7Bfej5i4aXhenJo
-TuiDX0nqx5CDJm9ELhskxAkJ/oLA1O92UoLybfFk4gEpKFtyfiUYex9LogZj5ix0
-sb2qfSSy9CRnOktGqfpel4e3KAhLgF5n2qZrqyq/8EPPldtSjEXn78sZMlIlUcQK
-SnnNCQZVFpktDfDiEiGNuitux3ghHUrcVuxSbZcrXDbsbMF7NDdfLUUS9TijrL33
-lrCXJs7m8kggGyCusiRQKHli1AEswiA4xU+8xsZrByYTopiGYtbJK8s0UCCXylyO
-uKSubvdAnMDJ5GDD0+DX46LSfv7fgGNSG+LOBWdif7KoQf9cIhKJtxGxZCn/tvHm
-wMzu4Jnx8N2vRnT+8DpBqhxtNvdXmrZUelSeQakx4djMKvmTR8Gd25EnC4RppCkj
-bmPxY3zPd1X7raalTn34EOF9DeLsC9JfzkDuojxpHWMm30wKnDo20mlDQk/zKCDa
-2Zc+YjtsTZCrTbvdgCukTKNZOUUVlWRu+sO/OwrmS2p16seHTIqHEbE1LntPv3gk
-CcHGDSUAKx9c0Aol+Dj9xpb2nmGqoDeJ59Ja6REkHCdw5TduXyqqMqfD1AX0/QDN
-devCMKlWBRCQ7DFlog3H1a+r/kuMUZ/Ij9yyKlSgYZMJ4VgNKDgTQdcsAL0MCEMr
-zpacMwFusA==
------END CERTIFICATE-----

package/bindings/sp-sev/tests/certs_data/report_milan.hex

@@ -1 +0,0 @@
-0200000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000030000000000087301000000000000000000000000000000D447B55D197491BFE15CF298F9DE9986B7A7C4BE2468B4F6E2D53B71D7C645810B0F2CDFCA0040433BE063FC1A8293F0F3F8DAE7B79FECB3D1CD82BD6A93EBFD7A1E5C266C0108DBC9BB94FA926951320940915D0AAFB42464BD88B579EA158D3E1A0DC39B2C60BD95B9C480CD81841F000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000092B3B47D59F0A2A10A74C5678868A80238CF593C01A82F3CFFB878E904C28D5BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0300000000000873000000000000000000000000000000000000000000000000D49554EC717F4E5B0FE6B143BCF0405BD7AE304727EDF46603F2A76AEF6A3ABC15D7AF38DB757039029F0EFACFD08E244324884738C72B082E2F87A44D541EB603000000000008730434010004340100030000000000087300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000061AB4F11AA661997625F233DF42A4AD54440EEB7A96EA63DE170CBC29C37C005CB54054881EC7D2BEE569B02D07F8272000000000000000000000000000000000000000000000000209D7EB9BE919A1D0BAF1D57FE6EBFEABBC53B778C6E977E40B15CA931BB6D44C5AB9E30CFDC7346CB41AC083B90BF490000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

package/bindings/sp-sev/tests/guest.rs

@@ -1,57 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0
-
-#![cfg(all(feature = "snp", target_os = "linux"))]
-
-use sev::firmware::guest::*;
-
-#[cfg_attr(not(guest), ignore)]
-#[test]
-fn get_report() {
-    let unique_data = [0u8; 64];
-
-    let mut fw = Firmware::open().unwrap();
-
-    fw.get_report(None, Some(unique_data), None).unwrap();
-}
-
-#[cfg_attr(not(guest), ignore)]
-#[test]
-fn get_ext_report() {
-    let unique_data = [0u8; 64];
-
-    let mut fw = Firmware::open().unwrap();
-
-    fw.get_ext_report(None, Some(unique_data), None).unwrap();
-}
-
-#[cfg_attr(not(guest), ignore)]
-#[test]
-fn get_derived_key() {
-    let derived_key = DerivedKey::new(false, GuestFieldSelect(1), 0, 0, 0, None);
-
-    let mut fw = Firmware::open().unwrap();
-
-    fw.get_derived_key(None, derived_key).unwrap();
-}
-
-#[cfg_attr(not(guest), ignore)]
-#[test]
-fn guest_fw_error() {
-    let derived_key = DerivedKey::new(
-        false,
-        GuestFieldSelect(48),
-        0xFFFFFFFF,
-        0xFFFFFFFF,
-        0xFFFFFFFFFFFFFFFF,
-        Some(0xFFFFFFFFFFFFFFFF),
-    );
-
-    let mut fw = Firmware::open().unwrap();
-
-    let fw_err = fw
-        .get_derived_key(None, derived_key)
-        .unwrap_err()
-        .to_string();
-
-    assert_eq!(fw_err, "Firmware Error Encountered: Known SEV FW Error: Status Code: 0x16: Given parameter is invalid.")
-}