Right now, the SNP (bare-metal) verification logic relies on the snpguest crate that pins to a given version of sev. The SNP-vTPM verification logic relies on the az-snp-vtpm crate, that pins to its own version of the sev crate. This version mismatch makes it hard to re-use code across both modules. To workaround this issue we define an AmdKdsReport trait, but we still have two co-existing versions of the sev crate pinned to a different tag.
We also use snpguest and az-snp-vtpm rather lightly. In the future we should consider relying only on the low-level sev crate and improve the code re-use across both.
Right now, the SNP (bare-metal) verification logic relies on the
snpguestcrate that pins to a given version ofsev. The SNP-vTPM verification logic relies on theaz-snp-vtpmcrate, that pins to its own version of thesevcrate. This version mismatch makes it hard to re-use code across both modules. To workaround this issue we define anAmdKdsReporttrait, but we still have two co-existing versions of thesevcrate pinned to a different tag.We also use
snpguestandaz-snp-vtpmrather lightly. In the future we should consider relying only on the low-levelsevcrate and improve the code re-use across both.