Provided by: s390-tools_2.38.0-0ubuntu3_amd64 
NAME
pvattest - create, perform, and verify attestation measurements
SYNOPSIS
pvattest [OPTIONS] <COMMAND>
DESCRIPTION
Create, perform, and verify attestation measurements for IBM Secure Execution guest systems.
PVATTEST COMMANDS
pvattest-create(1)
Create an attestation measurement request
pvattest-perform(1)
Send the attestation request to the Ultravisor
pvattest-verify(1)
Verify an attestation response
pvattest-check(1)
Check if the attestation result matches defined policies
OPTIONS
-v, --verbose
Provide more detailed output.
-q, --quiet
Provide less output.
--version
Print version information and exit.
-h, --help
Print help (see a summary with -h).
EXAMPLES
For details refer to the man page of the command.
Create the request on a trusted system.
trusted:~$ pvattest create -k hkd.crt --cert CA.crt --cert ibmsk.crt --arpk arp.key -o attreq.bin
On the SE-guest, perform the attestation.
seguest:~$ pvattest perform attreq.bin attresp.bin
On a trusted system, verify that the response is correct. Here, the protection key from the creation and
the SE-guest’s header is used to verify the measurement.
trusted:~$ pvattest verify -i attresp.bin --arpk arp.key --hdr se_guest.hdr
trusted:~$ echo $?
0
If the measurements do not match pvattest exits with code 2 and emits an error message. The SE-guest
attestation failed.
trusted:~$ pvattest verify -i wrongresp.bin --arpk arp.key --hdr se_guest.hdr
ERROR: Attestation measurement verification failed:
Calculated and received attestation measurement are not the same.
trusted:~$ echo $?
2
SEE ALSO
pvattest-create(1) pvattest-perform(1) pvattest-verify(1) pvattest-check(1)
s390-tools 2025-03-12 PVATTEST(1)