sevctl 0.2.0

Administrative utility for AMD SEV
sevctl-0.2.0 is not a library.

Workflow Status Average time to resolve an issue Percentage of issues still open Maintenance

sevctl

sevctl is a command line utility for managing the AMD Secure Encrypted Virtualization (SEV) platform. It currently supports the entire management API for the Naples generation of processors.

Usage

help

Every sevctl (sub)command comes with a quick --help option for a reference on its use. For example:

$ sevctl --help

or

$ sevctl show --help

export

Exports the SEV certificate chain to the provided file path.

$ sevctl export /path/to/where/you/want/the-certificate

generate

Generates a new (self-signed) OCA certificate and key.

$ sevctl generate ~/my-cert ~/my-key

ok

Probes processor, sysfs, and KVM for AMD SEV, SEV-ES, and SEV-SNP related features on the host and emits the results.

$ sevctl ok {sev, es, snp}   // Probes support for the generation specified.
$ sevctl ok                  // Probes for SEV, SEV-ES, and SEV-SNP support.

provision

Installs the operator-provided OCA certificate to take ownership of the platform.

$ sevctl provision ~/owners-cert ~/owners-private-key

reset

Resets the SEV platform. This will clear all persistent data managed by the platform.

$ sevctl reset

rotate

Rotates the Platform Diffie-Hellman (PDH).

$ sevctl rotate

show

Describes the state of the SEV platform.

$ sevctl show flags

$ sevctl show guests

verify

Verifies the full SEV/CA certificate chain. File paths to these certificates can be supplied as command line arguments if they are stored on the local filesystem. If they are not supplied, the well-known public components will be downloaded from their remote locations.

$ sevctl verify

License: Apache-2.0