✓ Verified
💻 Development
✓ Enhanced Data
Sev Attestation
Perform AMD SEV-SNP remote attestation to cryptographically verify VM identity and integrity.
- Rating
- 4.4 (290 reviews)
- Downloads
- 812 downloads
- Version
- 1.0.0
Overview
Perform AMD SEV-SNP remote attestation to cryptographically verify VM identity and integrity.
Complete Documentation
View Source →
sev-attestation
AMD SEV-SNP remote attestation for cryptographic VM identity verification.
Description
Perform AMD SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging) remote attestation to cryptographically verify VM identity and integrity. Use this skill when:
- Proving a VM is running in a genuine AMD SEV-SNP confidential computing environment
- Verifying the integrity of a confidential VM before trusting it with secrets
- Checking if SEV-SNP is available and properly configured
- Generating attestation reports for remote verification
- Validating AMD certificate chains (ARK → ASK → VCEK)
- Debugging attestation failures or certificate issues
Workflow
text
┌─────────────────────────────────────────────────────────────────┐
│ SEV-SNP Attestation Flow │
└─────────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────┐
│ 1. Detection │
│ Is SEV-SNP │
│ available? │
└────────┬────────┘
│
┌──────────────┴──────────────┐
│ │
▼ ▼
┌─────────┐ ┌─────────┐
│ YES │ │ NO │
└────┬────┘ └────┬────┘
│ │
▼ ▼
┌─────────────────┐ ┌─────────────────┐
│ 2. Generate │ │ Exit with │
│ Report │ │ helpful error │
└────────┬────────┘ └─────────────────┘
│
▼
┌─────────────────┐
│ 3. Display │
│ Report Info │
└────────┬────────┘
│
▼
┌─────────────────┐
│ 4. Fetch AMD │
│ Certificates │
│ (ARK, ASK, VCEK)│
└────────┬────────┘
│
▼
┌─────────────────┐
│ 5. Verify │
│ Cert Chain │
└────────┬────────┘
│
▼
┌─────────────────┐
│ 6. Verify │
│ Report Sig │
└────────┬────────┘
│
▼
┌─────────────────┐
│ PASSED or │
│ FAILED │
└─────────────────┘Quick Start
Check if SEV-SNP is Available
bash
./scripts/detect-sev-snp.shRun Full Attestation
bash
./scripts/full-attestation.sh [output_dir]This runs the complete 6-step attestation workflow and outputs PASSED or FAILED.
Individual Steps
Each step can be run independently for debugging or custom workflows:
| Script | Purpose |
|---|---|
| scripts/detect-sev-snp.sh | Check SEV-SNP availability |
| scripts/generate-report.sh | Generate attestation report with nonce |
| scripts/fetch-certificates.sh | Fetch AMD certificates from KDS |
| scripts/verify-chain.sh | Verify certificate chain |
| scripts/verify-report.sh | Verify report signature |
Prerequisites
- snpguest: Rust CLI from virtee/snpguest
- openssl: For certificate operations
- curl: For fetching certificates from AMD KDS
- Root access: Required to access
/dev/sev-guest
bash
cargo install snpguestReference Documentation
- Report Fields - Attestation report field reference
- Error Codes - Common errors and troubleshooting
- Manual Verification - OpenSSL-based verification without snpguest
Technical Details
- AMD KDS URL:
https://kdsintf.amd.com - Certificate Chain: ARK (self-signed) → ASK → VCEK
- Report Signature: ECDSA P-384
- Device:
/dev/sev-guest(requires root or sev group membership)
Installation
Terminal bash
openclaw install sev-attestation
Copied!
💻Code Examples
└─────────────────┘
-.txt
## Quick Start
### Check if SEV-SNP is Available./scripts/full-attestation.sh [output_dir]
scriptsfull-attestationsh-outputdir.txt
This runs the complete 6-step attestation workflow and outputs PASSED or FAILED.
## Individual Steps
Each step can be run independently for debugging or custom workflows:
| Script | Purpose |
|--------|---------|
| `scripts/detect-sev-snp.sh` | Check SEV-SNP availability |
| `scripts/generate-report.sh <output_dir>` | Generate attestation report with nonce |
| `scripts/fetch-certificates.sh <report_file> <output_dir>` | Fetch AMD certificates from KDS |
| `scripts/verify-chain.sh <certs_dir>` | Verify certificate chain |
| `scripts/verify-report.sh <report_file> <certs_dir>` | Verify report signature |
## Prerequisites
- **snpguest**: Rust CLI from [virtee/snpguest](https://github.com/virtee/snpguest)
- **openssl**: For certificate operations
- **curl**: For fetching certificates from AMD KDS
- **Root access**: Required to access `/dev/sev-guest`
Install snpguest:example.txt
┌─────────────────────────────────────────────────────────────────┐
│ SEV-SNP Attestation Flow │
└─────────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────┐
│ 1. Detection │
│ Is SEV-SNP │
│ available? │
└────────┬────────┘
│
┌──────────────┴──────────────┐
│ │
▼ ▼
┌─────────┐ ┌─────────┐
│ YES │ │ NO │
└────┬────┘ └────┬────┘
│ │
▼ ▼
┌─────────────────┐ ┌─────────────────┐
│ 2. Generate │ │ Exit with │
│ Report │ │ helpful error │
└────────┬────────┘ └─────────────────┘
│
▼
┌─────────────────┐
│ 3. Display │
│ Report Info │
└────────┬────────┘
│
▼
┌─────────────────┐
│ 4. Fetch AMD │
│ Certificates │
│ (ARK, ASK, VCEK)│
└────────┬────────┘
│
▼
┌─────────────────┐
│ 5. Verify │
│ Cert Chain │
└────────┬────────┘
│
▼
┌─────────────────┐
│ 6. Verify │
│ Report Sig │
└────────┬────────┘
│
▼
┌─────────────────┐
│ PASSED or │
│ FAILED │
└─────────────────┘Tags
#coding_agents-and-ides
Quick Info
Category Development
Model Claude 3.5
Complexity One-Click
Author xinyuwang
Last Updated 3/10/2026
🚀
Optimized for
Claude 3.5
Ready to Install?
Get started with this skill in seconds
openclaw install sev-attestation
Related Skills
✓ Verified
💻 Development
4claw
4claw — a moderated imageboard for AI agents.
🧠 Claude-Ready
)}
★ 4.4 (118)
↓ 4,990
v1.0.0
✓ Verified
💻 Development
Aap Passport
Agent Attestation Protocol - The Reverse Turing Test.
🧠 Claude-Ready
)}
★ 4.3 (89)
↓ 4,621
v1.0.0
✓ Verified
💻 Development
Acestep Lyrics Transcription
Transcribe audio to timestamped lyrics using OpenAI Whisper or ElevenLabs Scribe API.
⚡ GPT-Optimized
)}
★ 3.8 (274)
↓ 17,648
v1.0.0
✓ Verified
💻 Development
Adaptive Suite
A continuously adaptive skill suite that empowers Clawdbot.
🧠 Claude-Ready
)}
★ 4.7 (88)
↓ 1,625
v1.0.0