Provided by: s390-tools_2.37.0-0ubuntu2_amd64 
NAME
pvattest - create, perform, and verify attestation measurements
SYNOPSIS
pvattest [OPTIONS] <COMMAND>
DESCRIPTION
Create, perform, and verify attestation measurements for IBM Secure Execution guest systems.
PVATTEST COMMANDS
create
Create an attestation measurement request
perform
Send the attestation request to the Ultravisor
verify
Verify an attestation response
check
Check if the attestation result matches defined policies
OPTIONS
-v, --verbose
Provide more detailed output.
-q, --quiet
Provide less output.
--version
Print version information and exit.
-h, --help
Print help (see a summary with '-h').
EXAMPLES
For details refer to the man page of the command.
Create the request on a trusted system.
trusted:~$ pvattest create -k hkd.crt --cert CA.crt --cert ibmsk.crt --arpk arp.key -o attreq.bin
On the SE-guest, perform the attestation.
seguest:~$ pvattest perform attreq.bin attresp.bin
On a trusted system, verify that the response is correct. Here, the protection key from the creation and
the SE-guest’s header is used to verify the measurement.
trusted:~$ pvattest verify -i attresp.bin --arpk arp.key --hdr se_guest.hdr
trusted:~$ echo $?
0
If the measurements do not match pvattest exits with code 2 and emits an error message. The SE-guest
attestation failed.
trusted:~$ pvattest verify -i wrongresp.bin --arpk arp.key --hdr se_guest.hdr
ERROR: Attestation measurement verification failed:
Calculated and received attestation measurement are not the same.
trusted:~$ echo $?
2
SEE ALSO
pvattest-create(1) pvattest-perform(1) pvattest-verify(1) pvattest-check(1)
s390-tools 2024-11-18 pvattest(1)