NAME

       pvattest [OPTION?] verify [OPTIONS] - verify an attestation measurement

DESCRIPTION

       Verify that a previously generated attestation measurement of an IBM Secure Execution
       guest is as expected. Only verify attestation requests in a trusted environment, such as
       your workstation. Input must contain the response as produced by 'pvattest perform'. The
       protection key must be the one that was used to create the request by 'pvattest create'.
       Please delete it after verification. The header must be the IBM Secure Execution header of
       the image that was attested during 'pvattest perform'

OPTIONS

       -h, --help
              Show help options

       -i, --input=FILE
              FILE specifies the attestation result as input.

       -o, --ouput=FILE
              FILE specifies the output for the verification result.

       --hdr=FILE
              Specify the header of the guest image. Exactly one is required.

       -a, --arpk=FILE
              Use FILE to specify the GCM-AES256 key to decrypt the attestation request. Delete
              this key after verification.

       --format=yaml
              Define the output format.  Default value: 'yaml'

              Possible values:
           - yaml: Use YAML format

       -V, --verbose
              Provide more detailed output (optional)

EXAMPLE

       To verify a measurement in 'measurement.bin' with the protection key 'arp.kep' and SE-
       guest header 'se_guest.hdr'.

               pvattest verify --input attresp.bin --arpk arp.key --hdr se_guest.hdr

       If the verification was successful the program exists with zero.  If the verification
       failed it exists with 2 and prints the following to stderr:

               ERROR: Attestation measurement verification failed:
                      Calculated and received attestation measurement are not the same.

SEE ALSO

       pvattest(1), pvattest-create(1), pvattest-perform(1)