nvflare.app_opt.confidential_computing.snp_authorizer module

class SNPAuthorizer(max_nonce_history=1000, amd_certs_dir='/opt/certs', snpguest_binary='snpguest', cpu_model='milan', max_retries=5, retry_interval=10, cmd_timeout=60)

Bases: CCAuthorizer

AMD SEV-SNP Authorizer

Initialize the SNPAuthorizer instance.

Parameters:

• max_nonce_history (int, optional) – Maximum number of nonces to keep in history for replay protection. Defaults to 1000.

• amd_certs_dir (str, optional) – Directory path where AMD certificates are stored. Defaults to “/opt/certs”.

• snpguest_binary (str, optional) – Path to the snpguest binary used for generating and verifying reports. Defaults to “/host/bin/snpguest”.

• cpu_model (str, optional) – CPU model identifier used when fetching certificates. Defaults to “milan”.

• max_retries (int) – Max number of retries on transient failures.

• retry_interval (int) – Wait time (seconds) between retries.

• cmd_timeout (int) – SNPGuest command timeout.

generate()

Generates and returns the active CCAuthorizer token.

Returns:

token string

get_namespace() → str

Returns the namespace of the CCAuthorizer.

Returns:

namespace string

verify(token)

Returns the token verification result.

Parameters:

token – str

Returns:

a boolean value indicating the token verification result

parse_chip_id(report_text: str) → str

parse_reported_tcb(report_text: str) → dict