COCOS-363 - Add verification of vTPM attestation to CLI (#363)

* CLI attestation changes CLI attestation changes Add all modes to CLI changes updates Remove old attestation validateion command Make updates based on PR reviews Disable depreciated linter Linter fixes Resolve conflicts resolve go.mod errors Use previous version of go-sev-guest Modify tests Remove tdx attestation Fix error messages printing Add tests Fix CI failures Do proper error handling * Fix CI failures * Add string constants
2026-06-23 04:10:25 +00:00 · 2025-02-11 23:08:04 +03:00
parent 3e99214d2a
commit bb0ad293e6
6 changed files with 1635 additions and 103 deletions
@@ -67,7 +67,6 @@ linters:
    - dogsled
    - errchkjson
    - errname
-    - execinquery
    - copyloopvar
    - ginkgolinter
    - gocheckcompilerdirectives
@@ -78,3 +77,4 @@ linters:
    - mirror
    - nakedret
    - dupword
+
@@ -3,9 +3,11 @@
 package cli

 import (
+	"crypto"
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
+	"io"
 	"os"
 	"strconv"
 	"strings"
@@ -17,11 +19,17 @@ import (
 	"github.com/google/go-sev-guest/proto/check"
 	"github.com/google/go-sev-guest/proto/sevsnp"
 	"github.com/google/go-sev-guest/tools/lib/report"
+	sevVerify "github.com/google/go-sev-guest/verify"
+	tpmAttest "github.com/google/go-tpm-tools/proto/attest"
+	"github.com/google/go-tpm-tools/server"
+	"github.com/google/go-tpm/legacy/tpm2"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 	"github.com/ultravioletrs/cocos/agent"
 	"github.com/ultravioletrs/cocos/pkg/attestation/quoteprovider"
 	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/encoding/prototext"
+	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/wrapperspb"
 )

@@ -42,9 +50,12 @@ const (
 	size48                  = 48
 	size64                  = 64
 	attestationFilePath     = "attestation.bin"
+	vtpmFilePath            = "../quote.dat"
 	attestationJson         = "attestation.json"
 	sevProductNameMilan     = "Milan"
 	sevProductNameGenoa     = "Genoa"
+	FormatBinaryPB          = "binarypb"
+	FormatTextProto         = "textproto"
 	exampleJSONConfig       = `
 	{
 		"rootOfTrust":{
@@ -101,6 +112,7 @@ const (
 )

 var (
+	mode                string
 	cfg                 = check.Config{Policy: &check.Policy{}, RootOfTrust: &check.RootOfTrust{}}
 	cfgString           string
 	timeout             time.Duration
@@ -112,6 +124,7 @@ var (
 	trustedIdKeys       []string
 	trustedIdKeyHashes  []string
 	attestationFile     string
+	tpmAttestationFile  string
 	attestation         []byte
 	empty16             = [size16]byte{}
 	empty32             = [size32]byte{}
@@ -119,8 +132,20 @@ var (
 	defaultReportIdMa   = []byte{255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255}
 	getJsonAttestation  bool
 	errReportSize       = errors.New("attestation contents too small")
+	output              string
+	nonce               []byte
+	format              string
+	teeNonce            []byte
 )

+var errEmptyFile = errors.New("input file is empty")
+
+var marshalOptions = prototext.MarshalOptions{
+	Multiline: true,
+	EmitASCII: true,
+}
+var unmarshalOptions = prototext.UnmarshalOptions{}
+
 func (cli *CLI) NewAttestationCmd() *cobra.Command {
 	return &cobra.Command{
 		Use:   "attestation [command]",
@@ -252,52 +277,108 @@ func isFileJSON(filename string) bool {

 func (cli *CLI) NewValidateAttestationValidationCmd() *cobra.Command {
 	cmd := &cobra.Command{
-		Use:     "validate",
-		Short:   "Validate and verify attestation information. The report is provided as a file path.",
-		Example: "validate <attestation_report_file_path>",
-		Args:    cobra.ExactArgs(1),
-		Run: func(cmd *cobra.Command, args []string) {
-			cmd.Println("Checking attestation")
+		Use:   "validate",
+		Short: "Validate and verify attestation information. You can choose from 3 modes: snp,vtpm and snp-vtpm.Default mode is snp.",
+		Example: `Based on mode:
+		validate <attestationreportfilepath> --report_data <reportdata> --product <product data> //default
+		validate --mode snp <attestationreportfilepath> --report_data <reportdata> --product <product data>
+		validate --mode vtpm <attestationreportfilepath> --nonce <noncevalue> --format <formatvalue>  --output <outputvalue>
+		validate --mode snp-vtpm <attestationreportfilepath> --nonce <noncevalue> --format <formatvalue>  --output <outputvalue>`,

-			attestationFile = string(args[0])
-
-			if err := parseConfig(); err != nil {
-				printError(cmd, "Error parsing config: %v ❌ ", err)
-				return
-			}
-			if err := parseHashes(); err != nil {
-				printError(cmd, "Error parsing hashes: %v ❌ ", err)
-				return
-			}
-			if err := parseFiles(); err != nil {
-				printError(cmd, "Error parsing files: %v ❌ ", err)
-				return
-			}
-			// This format is the attestation report in AMD's specified ABI format, immediately
-			// followed by the certificate table bytes.
-			if len(attestation) < abi.ReportSize {
-				msg := color.New(color.FgRed).Sprintf("attestation contents too small (0x%x bytes). Want at least 0x%x bytes ❌ ", len(attestation), abi.ReportSize)
-				cmd.Println(msg)
-				return
-			}
-			if err := parseUints(); err != nil {
-				printError(cmd, "Error parsing uints: %v ❌ ", err)
-				return
-			}
-			cfg.Policy.Vmpl = wrapperspb.UInt32(0)
-
-			if err := validateInput(); err != nil {
-				printError(cmd, "Error validating input: %v ❌ ", err)
-				return
+		PreRunE: func(cmd *cobra.Command, args []string) error {
+			mode, _ := cmd.Flags().GetString("mode")
+			if len(args) != 1 {
+				return fmt.Errorf("please pass the attestation report file path")
 			}

-			if err := quoteprovider.VerifyAndValidate(attestation, &cfg); err != nil {
-				printError(cmd, "Attestation validation and verification failed with error: %v ❌ ", err)
-				return
+			// Validate flags based on the mode
+			switch mode {
+			case "snp":
+				if err := cmd.MarkFlagRequired("report_data"); err != nil {
+					return fmt.Errorf("failed to mark 'report_data' as required for SEV-SNP mode: %v", err)
+				}
+				if err := cmd.MarkFlagRequired("product"); err != nil {
+					return fmt.Errorf("failed to mark flag as required: %v ❌ ", err)
+				}
+			case "snp-vtpm":
+				if err := cmd.MarkFlagRequired("nonce"); err != nil {
+					return fmt.Errorf("failed to mark 'nonce' as required for vTPM mode: %v", err)
+				}
+				if err := cmd.MarkFlagRequired("format"); err != nil {
+					return fmt.Errorf("failed to mark 'format' as required for vTPM mode: %v", err)
+				}
+				if err := cmd.MarkFlagRequired("output"); err != nil {
+					return fmt.Errorf("failed to mark 'output' as required for vTPM mode: %v", err)
+				}
+
+			case "vtpm":
+				if err := cmd.MarkFlagRequired("nonce"); err != nil {
+					return fmt.Errorf("failed to mark 'nonce' as required for vTPM mode: %v", err)
+				}
+				if err := cmd.MarkFlagRequired("format"); err != nil {
+					return fmt.Errorf("failed to mark 'format' as required for vTPM mode: %v", err)
+				}
+				if err := cmd.MarkFlagRequired("output"); err != nil {
+					return fmt.Errorf("failed to mark 'output' as required for vTPM mode: %v", err)
+				}
+			default:
+				return fmt.Errorf("unknown mode: %s", mode)
 			}
-			cmd.Println("Attestation validation and verification is successful!")
+			return nil
 		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			mode, _ := cmd.Flags().GetString("mode")
+			switch mode {
+			case "snp":
+				return sevsnpverify(cmd, args)
+			case "snp-vtpm":
+				return vtpmSevSnpverify(args)
+			case "vtpm":
+				return vtpmverify(args)
+			default:
+				return fmt.Errorf("unknown mode: %s", mode)
+			}
+		},
+		SilenceUsage:  true,
+		SilenceErrors: true,
 	}
+	cmd.Flags().StringVar(
+		&mode,
+		"mode",
+		"snp", // default mode
+		"The attestation validation mode. Example: sevsnp",
+	)
+
+	// VTPM FLAGS
+	cmd.Flags().BytesHexVar(
+		&nonce,
+		"nonce",
+		[]byte{},
+		"hex encoded nonce for vTPM attestation, cannot be empty",
+	)
+
+	cmd.Flags().StringVar(
+		&format,
+		"format",
+		"binarypb", // default value
+		"type of output file where attestation report stored <binarypb|textproto>",
+	)
+
+	cmd.Flags().StringVar(
+		&output,
+		"output",
+		"",
+		"output file",
+	)
+
+	cmd.Flags().BytesHexVar(
+		&teeNonce,
+		"tee-nonce",
+		[]byte{},
+		"hex encoded teenonce for hardware attestation, can be empty",
+	)
+
+	// SEV-SNP FLAGS
 	cmd.Flags().StringVar(
 		&cfgString,
 		"config",
@@ -473,19 +554,190 @@ func (cli *CLI) NewValidateAttestationValidationCmd() *cobra.Command {
 		"PEM format CA bundles for the AMD product. Combined with contents of cabundle_paths.",
 	)

-	if err := cmd.MarkFlagRequired("report_data"); err != nil {
-		printError(cmd, "Failed to mark flag as required: %v ❌ ", err)
-		return nil
-	}
-
-	if err := cmd.MarkFlagRequired("product"); err != nil {
-		printError(cmd, "Failed to mark flag as required: %v ❌ ", err)
-		return nil
-	}
-
 	return cmd
 }

+func sevsnpverify(cmd *cobra.Command, args []string) error {
+	cmd.Println("Checking attestation")
+
+	attestationFile = string(args[0])
+
+	if err := parseConfig(); err != nil {
+		return fmt.Errorf("error parsing config: %v ❌ ", err)
+	}
+	if err := parseHashes(); err != nil {
+		return fmt.Errorf("error parsing hashes: %v ❌ ", err)
+	}
+	if err := parseFiles(); err != nil {
+		return fmt.Errorf("error parsing files: %v ❌ ", err)
+	}
+	// This format is the attestation report in AMD's specified ABI format, immediately
+	// followed by the certificate table bytes.
+	if len(attestation) < abi.ReportSize {
+		return fmt.Errorf("attestation too small: got 0x%x bytes, need at least 0x%x bytes", len(attestation), abi.ReportSize)
+	}
+	if err := parseUints(); err != nil {
+		return fmt.Errorf("error parsing uints: %v ❌ ", err)
+	}
+	cfg.Policy.Vmpl = wrapperspb.UInt32(0)
+
+	if err := validateInput(); err != nil {
+		return fmt.Errorf("error validating input: %v ❌ ", err)
+	}
+
+	if err := quoteprovider.VerifyAndValidate(attestation, &cfg); err != nil {
+		return fmt.Errorf("attestation validation and verification failed with error: %v ❌ ", err)
+	}
+	cmd.Println("Attestation validation and verification is successful!")
+	return nil
+}
+
+func vtpmSevSnpverify(args []string) error {
+	tpmAttestationFile = string(args[0])
+	input, err := openInputFile()
+	if err != nil {
+		return err
+	}
+	if closer, ok := input.(*os.File); ok {
+		defer closer.Close()
+	}
+	attestationBytes, err := io.ReadAll(input)
+	if err != nil {
+		return err
+	}
+	attestation := &tpmAttest.Attestation{}
+
+	if format == FormatBinaryPB {
+		err = proto.Unmarshal(attestationBytes, attestation)
+	} else if format == FormatTextProto {
+		err = unmarshalOptions.Unmarshal(attestationBytes, attestation)
+	} else {
+		return fmt.Errorf("format should be either binarypb or textproto")
+	}
+	if err != nil {
+		return fmt.Errorf("fail to unmarshal attestation report: %v", err)
+	}
+
+	pub, err := tpm2.DecodePublic(attestation.GetAkPub())
+	if err != nil {
+		return err
+	}
+	cryptoPub, err := pub.Key()
+	if err != nil {
+		return err
+	}
+
+	var validateOpts interface{}
+	switch attestation.GetTeeAttestation().(type) {
+	case *tpmAttest.Attestation_SevSnpAttestation:
+		if len(teeNonce) != 0 {
+			validateOpts = &server.VerifySnpOpts{
+				Validation:   server.SevSnpDefaultValidateOpts(teeNonce),
+				Verification: &sevVerify.Options{},
+			}
+		} else {
+			validateOpts = &server.VerifySnpOpts{
+				Validation:   server.SevSnpDefaultValidateOpts(nonce),
+				Verification: &sevVerify.Options{},
+			}
+		}
+	default:
+		validateOpts = nil
+	}
+
+	ms, err := server.VerifyAttestation(attestation, server.VerifyOpts{Nonce: nonce, TrustedAKs: []crypto.PublicKey{cryptoPub}, TEEOpts: validateOpts})
+	if err != nil {
+		return fmt.Errorf("verifying attestation: %w", err)
+	}
+	out, err := marshalOptions.Marshal(ms)
+	if err != nil {
+		return nil
+	}
+	output, err := createOutputFile()
+	if err != nil {
+		return err
+	}
+	if closer, ok := output.(*os.File); ok {
+		defer closer.Close()
+	}
+	if _, err := output.Write(out); err != nil {
+		return fmt.Errorf("failed to write verified attestation report: %v", err)
+	}
+
+	return nil
+}
+
+func vtpmverify(args []string) error {
+	tpmAttestationFile = string(args[0])
+	input, err := openInputFile()
+	if err != nil {
+		return err
+	}
+	if closer, ok := input.(*os.File); ok {
+		defer closer.Close()
+	}
+	attestationBytes, err := io.ReadAll(input)
+	if err != nil {
+		return err
+	}
+	attestation := &tpmAttest.Attestation{}
+
+	if format == FormatBinaryPB {
+		err = proto.Unmarshal(attestationBytes, attestation)
+	} else if format == FormatTextProto {
+		err = unmarshalOptions.Unmarshal(attestationBytes, attestation)
+	} else {
+		return fmt.Errorf("format should be either binarypb or textproto")
+	}
+	if err != nil {
+		return fmt.Errorf("fail to unmarshal attestation report: %v", err)
+	}
+
+	pub, err := tpm2.DecodePublic(attestation.GetAkPub())
+	if err != nil {
+		return err
+	}
+	cryptoPub, err := pub.Key()
+	if err != nil {
+		return err
+	}
+
+	ms, err := server.VerifyAttestation(attestation, server.VerifyOpts{Nonce: nonce, TrustedAKs: []crypto.PublicKey{cryptoPub}, TEEOpts: nil})
+	if err != nil {
+		return nil
+	}
+	out, err := marshalOptions.Marshal(ms)
+	if err != nil {
+		return nil
+	}
+	output, err := createOutputFile()
+	if err != nil {
+		return err
+	}
+	if closer, ok := output.(*os.File); ok {
+		defer closer.Close()
+	}
+	if _, err := output.Write(out); err != nil {
+		return fmt.Errorf("failed to write verified attestation report: %v", err)
+	}
+
+	return nil
+}
+
+func openInputFile() (io.Reader, error) {
+	if tpmAttestationFile == "" {
+		return nil, errEmptyFile
+	}
+	return os.Open(tpmAttestationFile)
+}
+
+func createOutputFile() (io.Writer, error) {
+	if output == "" {
+		return os.Stdout, nil
+	}
+	return os.Create(output)
+}
+
 // parseConfig decodes config passed as json for check.Config struct.
 // example
 /* {
@@ -14,6 +14,7 @@ import (
 	"github.com/google/go-sev-guest/abi"
 	"github.com/google/go-sev-guest/proto/check"
 	"github.com/google/go-sev-guest/proto/sevsnp"
+	"github.com/spf13/cobra"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
@@ -145,12 +146,12 @@ func TestNewGetAttestationCmd(t *testing.T) {
 	}
 }

-func TestNewValidateAttestationValidationCmd(t *testing.T) {
+func TestNewValidateAttestationValidationCmdDefaults(t *testing.T) {
 	cli := &CLI{}
 	cmd := cli.NewValidateAttestationValidationCmd()

 	assert.Equal(t, "validate", cmd.Use)
-	assert.Equal(t, "Validate and verify attestation information. The report is provided as a file path.", cmd.Short)
+	assert.Equal(t, "Validate and verify attestation information. You can choose from 3 modes: snp,vtpm and snp-vtpm.Default mode is snp.", cmd.Short)

 	assert.Equal(t, fmt.Sprint(defaultMinimumTcb), cmd.Flag("minimum_tcb").Value.String())
 	assert.Equal(t, fmt.Sprint(defaultMinimumLaunchTcb), cmd.Flag("minimum_lauch_tcb").Value.String())
@@ -162,6 +163,95 @@ func TestNewValidateAttestationValidationCmd(t *testing.T) {
 	assert.Equal(t, fmt.Sprint(defaultMaxRetryDelay), cmd.Flag("max_retry_delay").Value.String())
 }

+func TestNewValidateAttestationValidationCmd(t *testing.T) {
+	cli := &CLI{}
+	cmd := cli.NewValidateAttestationValidationCmd()
+
+	t.Run("missing attestation report file path", func(t *testing.T) {
+		err := cmd.Execute()
+		assert.Error(t, err)
+		assert.Equal(t, "please pass the attestation report file path", err.Error())
+	})
+
+	t.Run("unknown mode", func(t *testing.T) {
+		cmd.SetArgs([]string{attestationFilePath, "--mode=invalid"})
+		err := cmd.Execute()
+		assert.Error(t, err)
+		assert.Contains(t, err.Error(), "unknown mode")
+	})
+
+	t.Run("snp mode with missing flags", func(t *testing.T) {
+		cmd.SetArgs([]string{attestationFilePath, "--mode=snp"})
+		err := cmd.Execute()
+		assert.Error(t, err)
+		assert.Contains(t, err.Error(), "required flag(s) \"product\", \"report_data\" not set")
+	})
+
+	t.Run("vtpm mode with missing flags", func(t *testing.T) {
+		cmd.SetArgs([]string{vtpmFilePath, "--mode=vtpm"})
+		err := cmd.Execute()
+		assert.Error(t, err)
+		assert.Contains(t, err.Error(), "required flag(s) \"format\", \"nonce\", \"output\", \"product\", \"report_data\" not set")
+	})
+
+	t.Run("snp-vtpm mode with missing flags", func(t *testing.T) {
+		cmd.SetArgs([]string{vtpmFilePath, "--mode=snp-vtpm"})
+		err := cmd.Execute()
+		assert.Error(t, err)
+		assert.Contains(t, err.Error(), "required flag(s) \"format\", \"nonce\", \"output\", \"product\", \"report_data\" not set")
+	})
+
+	t.Run("valid snp mode execution", func(t *testing.T) {
+		cli := CLI{}
+		cmd := cli.NewValidateAttestationValidationCmd()
+
+		cmd.RunE = func(_ *cobra.Command, _ []string) error {
+			t.Log("Mock RunE executed instead of sevsnpverify")
+			return nil
+		}
+
+		cmd.SetArgs([]string{
+			"../attestation.bin",
+			"--mode=snp",
+			"--report_data=" +
+				"11223344556677889900aabbccddeeff11223344556677889900aabbccddeeff" +
+				"11223344556677889900aabbccddeeff11223344556677889900aabbccddeeff",
+			"--product=Milan",
+		})
+		err := cmd.PreRunE(cmd, []string{"../attestation.bin"})
+		assert.NoError(t, err)
+	})
+
+	t.Run("valid vtpm mode execution", func(t *testing.T) {
+		cli := CLI{}
+		cmd := cli.NewValidateAttestationValidationCmd()
+
+		cmd.RunE = func(_ *cobra.Command, _ []string) error {
+			t.Log("Mock RunE executed instead of vtpmverify")
+			return nil
+		}
+
+		cmd.SetArgs([]string{vtpmFilePath, "--mode=vtpm", "--nonce=123abc", "--format=binarypb", "--output=some_output"})
+
+		err := cmd.PreRunE(cmd, []string{"../quote.dat"})
+		assert.NoError(t, err)
+	})
+
+	t.Run("valid snp-vtpm mode execution", func(t *testing.T) {
+		cli := CLI{}
+		cmd := cli.NewValidateAttestationValidationCmd()
+
+		cmd.RunE = func(_ *cobra.Command, _ []string) error {
+			t.Log("Mock RunE executed instead of vtpmSevSnpverify")
+			return nil
+		}
+
+		cmd.SetArgs([]string{vtpmFilePath, "--mode=snp-vtpm", "--nonce=123abc", "--format=textproto", "--output=some_output"})
+		err := cmd.PreRunE(cmd, []string{"../quote.dat"})
+		assert.NoError(t, err)
+	})
+}
+
 func TestParseConfig(t *testing.T) {
 	cfgString = ""
 	err := parseConfig()
@@ -4,22 +4,23 @@ go 1.23.0

 require (
 	github.com/absmach/magistrala v0.15.1
-	github.com/caarlos0/env/v11 v11.3.1
+	github.com/caarlos0/env/v11 v11.2.2
 	github.com/fatih/color v1.18.0
 	github.com/go-kit/kit v0.13.0
 	github.com/gofrs/uuid v4.4.0+incompatible
 	github.com/google/go-sev-guest v0.11.1
+	github.com/google/go-tdx-guest v0.3.1 // indirect
 	github.com/mdlayher/vsock v1.2.1
 	github.com/spf13/cobra v1.8.1
-	github.com/spf13/pflag v1.0.6
+	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.10.0
 	github.com/virtee/sev-snp-measure-go v0.0.0-20240530153610-e6e8dc9b6877
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0
-	go.opentelemetry.io/otel/trace v1.34.0
-	golang.org/x/crypto v0.32.0
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0
+	go.opentelemetry.io/otel/trace v1.32.0
+	golang.org/x/crypto v0.30.0
 	golang.org/x/sync v0.10.0
-	google.golang.org/grpc v1.69.4
-	google.golang.org/protobuf v1.36.3
+	google.golang.org/grpc v1.68.1
+	google.golang.org/protobuf v1.35.2
 )

 require (
@@ -33,6 +34,9 @@ require (
 	github.com/gofrs/uuid/v5 v5.3.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/certificate-transparency-go v1.1.2 // indirect
+	github.com/google/go-attestation v0.5.0 // indirect
+	github.com/google/go-tspi v0.3.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
@@ -41,9 +45,8 @@ require (
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/pborman/uuid v1.2.1 // indirect
-	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 // indirect
-	go.opentelemetry.io/otel v1.34.0 // indirect
+	go.opentelemetry.io/otel v1.32.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.32.0 // indirect
@@ -54,12 +57,14 @@ require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/docker/docker v27.5.1+incompatible
+	github.com/docker/docker v27.4.0+incompatible
 	github.com/go-kit/log v0.2.1 // indirect
 	github.com/go-logfmt/logfmt v0.6.0 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/google/go-configfs-tsm v0.2.2 // indirect
+	github.com/google/go-tpm v0.9.3
+	github.com/google/go-tpm-tools v0.4.4
 	github.com/google/logger v1.1.1
 	github.com/google/uuid v1.6.0
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 // indirect
@@ -72,16 +77,16 @@ require (
 	github.com/prometheus/common v0.59.1 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
-	go.opentelemetry.io/otel/metric v1.34.0 // indirect
+	go.opentelemetry.io/otel/metric v1.32.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/net v0.34.0 // indirect
-	golang.org/x/sys v0.29.0 // indirect
-	golang.org/x/term v0.28.0
+	golang.org/x/net v0.31.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/term v0.27.0
 	golang.org/x/text v0.21.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

-replace github.com/virtee/sev-snp-measure-go => github.com/sammyoina/sev-snp-measure-go v0.0.0-20241202151803-ef189f0ff825
+replace github.com/virtee/sev-snp-measure-go => github.com/sammyoina/sev-snp-measure-go v0.0.0-20241107163739-38915ab517c7