Added certificate verification and attestation robustness features.
New recommendation for verify.SnpAttestation: Use verify.DefaultOptions() instead of &verify.Options{}.
This is a minor breaking release for some exported functions' signatures, but to increase uniformity. Where some fields were passed, now the entire options object is passed.
Functions affected:
- verify.GetAttestationFromReport
- verify.GetCrlAndCheckRoot
- verify.VcekNotRevoked
- trust.AMDRootCerts.X509Options
The API changes are permanent, but the robustness features are temporary. Most users should not be affected since recommended usage is to just use verify.SnpAttestation.
While distributions update their kernels to 6.4 or later, there's a chance 47894e0fa6a5 is included and 72f7754dcf31 isn't, such that a host may throttle GET_REPORT and the sev-guest driver will delete the VMPCK0 instead of allow the command to try again.
The KDS clock skew option is a stop-gap to avoid getting "certificates from the future" that fail to verify while AMD updates its KDS semantics to back-date its certificates by a day.