From 89c767d84923f0ad84e82802ee6a856c730dc3cf Mon Sep 17 00:00:00 2001 From: Takuma IMAMURA <209989118+hyperfinitism@users.noreply.github.com> Date: Tue, 6 Jan 2026 13:13:02 +0900 Subject: [PATCH 1/2] docs: add MIT License to the project --- LICENSE | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..0227f9b --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2025 Acompany Co,. Ltd. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. From 222d207ccbe3ae24f7001f338fd974b239447f0c Mon Sep 17 00:00:00 2001 From: Takuma IMAMURA <209989118+hyperfinitism@users.noreply.github.com> Date: Tue, 6 Jan 2026 16:08:54 +0900 Subject: [PATCH 2/2] docs: update README.md and examples/README.md --- README.md | 56 ++++++++++++++++++++-------------------------- examples/README.md | 10 ++++----- 2 files changed, 28 insertions(+), 38 deletions(-) diff --git a/README.md b/README.md index a6f8c82..fa80e7a 100644 --- a/README.md +++ b/README.md @@ -1,20 +1,38 @@ # py-snp-utils -**py-snp-utils** (`pysnputils`) is a Python library for parsing SNP reports, fetching VCEK certificate chains, and verifying them. +![SemVer](https://img.shields.io/badge/pysnputils-0.1.0-blue) +![Python Version](https://img.shields.io/badge/Python-3.12+-blue) +[![License](https://img.shields.io/badge/License-MIT-red)](/LICENSE) -## Installation +**py-snp-utils** (`pysnputils`) is a Python library for implementing attestation verification of AMD SEV-SNP confidential VMs. It provides functionality to parse SNP reports, fetch VCEK certificate chains and CRLs, and verify attestation evidences. + +## Compatibility + +### SEV-SNP Revision + +- SEV-SNP Firmware ABI Spec: Rev. 1.58 (May 2025) +- KDS Interface Spec: Rev. 1.00 (January 2025) + +### Tested Environments + +- Ubuntu 24.04.1 + AMD64 (x86_64) +- macOS 15.6.1 + Aarch64 + +## Getting Started ### Requirements -- Python 3.12+ (Tested with Python 3.12.7) +- Python 3.12+ -### Install from repository +### Install from Repository ```shell -pip install git+https://github.com/acompany-develop/py-snp-utils +pip install git+https://github.com/acompany-develop/py-snp-utils.git ``` -## Usage +## What's Inside? + +### Submodules The Python module `pysnputils` consists of the following submodules: | Submodules | Descriptions | @@ -23,32 +41,6 @@ The Python module `pysnputils` consists of the following submodules: | `fetch` | functions to fetch VCEK certificate chains from AMD KDS | | `verify` | functions to verify VCEK certificate chains and SNP reports | -### Example code - -```python -from pysnputils.types import AttestationReport -from pysnputils.fetch import fetch_vcek, fetch_ca, fetch_crl - -with open("report.bin", "rb") as f: - report_bin = f.read() - -# parse report, auto-detect processor model -report_parsed = AttestationReport.from_bytes(report_bin) - -# fetch VCEK cert chain and CRL -vcek = fetch_vcek(parsed_report) -ca = fetch_ca(parsed_report) -ask = ca[0] -ark = ca[1] -crl = fetch_crl(parsed_report) - -# verify chain of trust -ok = verify_report_signature(parsed_report, vcek) -ok &= verify_certs(vcek, ask) -ok &= verify_certs(ask, ark) -ok &= verify_certs(ark, ark) -``` - ### CLI Tools / Example Scripts The `examples/` directory contains scripts that serve as both usage examples and command-line tools. diff --git a/examples/README.md b/examples/README.md index ec02802..dfc8e23 100644 --- a/examples/README.md +++ b/examples/README.md @@ -1,5 +1,7 @@ # Example CLI tools using pysnputils +This directory includes several command-line tools using pysnputils. These are intended to demonstrate the use of pysnputils, whilst also providing standalone utilities for SEV-SNP attestation verification. + ## Usage ### Common @@ -12,7 +14,7 @@ or ```shell # grant permission to execute -# chmod +x $SCRIPT_PATH +chmod +x $SCRIPT_PATH $SCRIPT_PATH [OPTIONS...] ``` @@ -74,9 +76,5 @@ python verify.py --report $REPORT_PATH --certs $CERTS_DIR [--processor-model $PR ### reportV5.bin -- Report Version: 3 +- Report Version: 5 - Processor Model: Milan - - - -