|
| 1 | +# confidential-cvm-cli |
| 2 | + |
| 3 | +TEE verification and management CLI for confidential compute VMs. |
| 4 | + |
| 5 | +This CLI lets you cryptographically confirm that a CVM is running in a genuine TEE and inspect its state. It is derived from the PrivateClaw CLI and currently keeps the same on-VM evidence paths for compatibility with existing cloud-init. |
| 6 | + |
| 7 | +For background on TEEs and remote attestation, see [confidential.ai/docs](https://confidential.ai/docs). |
| 8 | + |
| 9 | +## Install |
| 10 | + |
| 11 | +```bash |
| 12 | +curl -fsSL https://github.com/lunal-dev/confidential-cvm-cli/releases/latest/download/install.sh | bash |
| 13 | +``` |
| 14 | + |
| 15 | +This installs two binaries to `/usr/local/bin/`: |
| 16 | + |
| 17 | +- `cc` - the CLI shell script (this repo) |
| 18 | +- `attestation-cli` - pre-built binary from [lunal-dev/attestation-rs](https://github.com/lunal-dev/attestation-rs) that performs the cryptographic SEV-SNP and TPM attestation |
| 19 | + |
| 20 | +## Commands |
| 21 | + |
| 22 | +```bash |
| 23 | +cc vm <command> [flags] |
| 24 | +``` |
| 25 | + |
| 26 | +| Command | Description | |
| 27 | +|---|---| |
| 28 | +| `cc vm verify [-v\|--verbose]` | Run the full 5-check TEE verification | |
| 29 | +| `cc vm info` | Print component versions, hostname, gateway IP, install date | |
| 30 | +| `cc vm attest` | Generate attestation evidence (boot-time; run by cloud-init) | |
| 31 | +| `cc vm assign` | Apply user configuration from IMDS (internal; run by systemd) | |
| 32 | + |
| 33 | +The legacy single-level command shape is still accepted when cheap, so `cc verify` currently maps to `cc vm verify`. |
| 34 | + |
| 35 | +### `cc vm verify` |
| 36 | + |
| 37 | +User-facing command. Runs five checks and prints a pass/fail summary: |
| 38 | + |
| 39 | +1. **SEV-SNP Hardware** - requests a fresh AMD SEV-SNP attestation report bound to the current SSH host key hash and validates the full cert chain via `attestation-cli`. |
| 40 | +2. **TPM Attestation** - validates the vTPM quote and AK cert chain. |
| 41 | +3. **Host Key Binding** - confirms the live SSH host key matches the key baked into the attestation evidence. |
| 42 | +4. **Inference Provider** - shows the configured confidential inference endpoint. |
| 43 | +5. **External Access Lockout** - audits `authorized_keys`, firewall rules, and cloud-provider access paths to confirm no operator backdoor. |
| 44 | + |
| 45 | +Add `-v` / `--verbose` for full cert-chain, VCEK, and endpoint diagnostics. |
| 46 | + |
| 47 | +### `cc vm info` |
| 48 | + |
| 49 | +Prints a compact status block useful for bug reports and quick sanity checks: |
| 50 | + |
| 51 | +```text |
| 52 | +cc: v1.5.8 |
| 53 | +attestation-cli: v0.4.1 |
| 54 | +openclaw: <version> |
| 55 | +Hostname: <fqdn> |
| 56 | +Gateway IP: <gateway> |
| 57 | +Installed: <date> |
| 58 | +``` |
| 59 | + |
| 60 | +### `cc vm attest` |
| 61 | + |
| 62 | +Boot-time command invoked by cloud-init. Generates SEV-SNP + TPM attestation evidence binding the SSH host key to the TEE hardware and writes it to `/etc/privateclaw/evidence.json` for current compatibility. |
| 63 | + |
| 64 | +### `cc vm assign` |
| 65 | + |
| 66 | +Internal command invoked by a systemd timer. Polls Azure IMDS for user configuration and applies it to the CVM. |
| 67 | + |
| 68 | +## Independent Verification |
| 69 | + |
| 70 | +You can verify a CVM's attestation evidence from any machine. You do not need to trust this CLI: |
| 71 | + |
| 72 | +```bash |
| 73 | +# Copy evidence off the CVM |
| 74 | +scp user@cvm:/etc/privateclaw/evidence.json . |
| 75 | + |
| 76 | +# Verify locally with attestation-cli |
| 77 | +attestation-cli verify -e evidence.json --expected-report-data <host_key_hash_hex> |
| 78 | +``` |
| 79 | + |
| 80 | +## Cloud-Init Follow-Up |
| 81 | + |
| 82 | +Confidential Agents cloud-init has not been changed yet. Once this repo has a published release, update cloud-init to download: |
| 83 | + |
| 84 | +```text |
| 85 | +https://github.com/lunal-dev/confidential-cvm-cli/releases/latest/download/install.sh |
| 86 | +``` |
| 87 | + |
| 88 | +Then update boot/runtime invocations from `privateclaw attest`, `privateclaw assign`, and `privateclaw verify` to `cc vm attest`, `cc vm assign`, and `cc vm verify`. |
| 89 | + |
| 90 | +## Auditing |
| 91 | + |
| 92 | +Everything that runs on your CVM lives in this repo. `cc` is a single bash script. The only binary dependency is [`attestation-cli`](https://github.com/lunal-dev/attestation-rs), which is also open source. |
| 93 | + |
| 94 | +## License |
| 95 | + |
| 96 | +[MIT](./LICENSE) |
0 commit comments