Provisioning attestation certificates for offline verification
You may see the following warning in your Anjuna Confidential Container log file during attestation:
Warning: Neither VCEK nor VLEK certificate found in data pages
This message indicates that the per-chip VCEK and ASK/ARK certificate chain have not been provisioned for your host machine. In the case that your APM instance has access to the internet, the Anjuna Policy Manager falls back to downloading the certificates it needs from AMD’s KDS service at attestation verification time, and so this message can be safely ignored.
However, if your APM does not have access to the internet you can provision the certificates onto the host ahead of time with the
anjuna-metal certs commands.
Once installed, the certificates are made available to the Anjuna Confidential Container automatically,
and the APM can then verify attestation reports offline.
| The VCEK certificate is tied to the host’s firmware (TCB) version, so this installation procedure must be repeated whenever the host firmware is updated. |
Provisioning a connected host
On an AMD SEV-SNP host with internet access, a single command will:
-
determine the VCEK and ASK/ARK certificate chain AMD KDS URLs to use for the current machine
-
download the certificates from AMD’s KDS
-
validate the response & install the certificates locally
$ anjuna-metal certs install
Provisioning an air-gapped host
The following provides instructions provisioning the certificates for a bare metal host that does not have access to the internet.
-
On the air-gapped host, generate a descriptor to identify the certificates to fetch for the bare metal host:
$ anjuna-metal certs descriptor descriptor.json -
Copy
descriptor.jsonto a machine with internet access and download the raw certificates into a directory:$ anjuna-metal certs fetch descriptor.json --output-dir ./certsThis writes the raw VCEK (
vcek.der) and ASK/ARK certificate chain (cert_chain.pem) into the output directory. -
Copy both files back to the air-gapped host and install them:
$ anjuna-metal certs install ./certs/vcek.der ./certs/cert_chain.pemThe certificate chain is validated against AMD’s trusted root key before it is installed.
Downloading certificates manually
If you would rather retrieve the certificates yourself,
run anjuna-metal certs descriptor without a file argument on the host
to print the AMD KDS URLs for this machine’s VCEK certificate
and ASK/ARK certificate chain:
$ anjuna-metal certs descriptor
VCEK URL: https://kdsintf.amd.com/vcek/v1/<product>/<chip-id>?...
Cert chain URL: https://kdsintf.amd.com/vcek/v1/<product>/cert_chain
Download both URLs from any machine with internet access, then install the resulting files on the bare metal host as before:
$ anjuna-metal certs install ./vcek.der ./cert_chain.pem