Package trust defines core trust types and values for attestation verification.

DefaultOptions returns a useful default verification option setting.

GetAttestationFromReport uses AMD's Key Distribution Service (KDS) to download the certificate chain for the VCEK that supposedly signed the given report, and returns the Attestation representation of their combination.

GetCrlAndCheckRoot downloads the given cert's CRL from one of the distribution points and verifies that the CRL is valid and doesn't revoke an intermediate key.

RawSnpReport verifies the raw bytes representation of an attestation report's signature based on the report's SignatureAlgo and uses the AMD Key Distribution Service to download the report's corresponding VCEK certificate.

RootOfTrustToOptions translates the RootOfTrust message into the Options type needed for driving an attestation verification.

SnpAttestation verifies the protobuf representation of an attestation report's signature based on the report's SignatureAlgo, provided the certificate chain is valid.

SnpProtoReportSignature verifies the protobuf representation of an attestation report's signature based on the report's SignatureAlgo.

SnpReport verifies the protobuf representation of an attestation report's signature based on the report's SignatureAlgo and uses the AMD Key Distribution Service to download the report's corresponding VCEK certificate.

SnpReportSignature verifies the attestation report's signature based on the report's SignatureAlgo.

VcekNotRevoked will consult the online CRL listed in the VCEK certificate for whether this cert has been revoked.

ErrMissingVlek is returned when attempting to verify a VLEK-signed report that doesn't also have its VLEK certificate attached.

CRLUnavailableErr represents a problem with fetching the CRL from the network.

Options represents verification options for an SEV-SNP attestation report.