Skip to content

Commit e6c220c

Browse files
committed
Initial confidential CVM CLI rebrand
0 parents  commit e6c220c

16 files changed

Lines changed: 1211 additions & 0 deletions

.github/workflows/release.yml

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
name: Release
2+
3+
on:
4+
push:
5+
tags:
6+
- 'v*'
7+
8+
permissions:
9+
contents: write
10+
11+
jobs:
12+
release:
13+
runs-on: ubuntu-latest
14+
steps:
15+
- uses: actions/checkout@v4
16+
17+
- name: Create Release
18+
uses: softprops/action-gh-release@v2
19+
with:
20+
files: |
21+
cc
22+
install.sh
23+
generate_release_notes: true

LICENSE

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
MIT License
2+
3+
Copyright (c) 2026 Lunal
4+
5+
Permission is hereby granted, free of charge, to any person obtaining a copy
6+
of this software and associated documentation files (the "Software"), to deal
7+
in the Software without restriction, including without limitation the rights
8+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9+
copies of the Software, and to permit persons to whom the Software is
10+
furnished to do so, subject to the following conditions:
11+
12+
The above copyright notice and this permission notice shall be included in all
13+
copies or substantial portions of the Software.
14+
15+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21+
SOFTWARE.

README.md

Lines changed: 96 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,96 @@
1+
# confidential-cvm-cli
2+
3+
TEE verification and management CLI for confidential compute VMs.
4+
5+
This CLI lets you cryptographically confirm that a CVM is running in a genuine TEE and inspect its state. It is derived from the PrivateClaw CLI and currently keeps the same on-VM evidence paths for compatibility with existing cloud-init.
6+
7+
For background on TEEs and remote attestation, see [confidential.ai/docs](https://confidential.ai/docs).
8+
9+
## Install
10+
11+
```bash
12+
curl -fsSL https://github.com/lunal-dev/confidential-cvm-cli/releases/latest/download/install.sh | bash
13+
```
14+
15+
This installs two binaries to `/usr/local/bin/`:
16+
17+
- `cc` - the CLI shell script (this repo)
18+
- `attestation-cli` - pre-built binary from [lunal-dev/attestation-rs](https://github.com/lunal-dev/attestation-rs) that performs the cryptographic SEV-SNP and TPM attestation
19+
20+
## Commands
21+
22+
```bash
23+
cc vm <command> [flags]
24+
```
25+
26+
| Command | Description |
27+
|---|---|
28+
| `cc vm verify [-v\|--verbose]` | Run the full 5-check TEE verification |
29+
| `cc vm info` | Print component versions, hostname, gateway IP, install date |
30+
| `cc vm attest` | Generate attestation evidence (boot-time; run by cloud-init) |
31+
| `cc vm assign` | Apply user configuration from IMDS (internal; run by systemd) |
32+
33+
The legacy single-level command shape is still accepted when cheap, so `cc verify` currently maps to `cc vm verify`.
34+
35+
### `cc vm verify`
36+
37+
User-facing command. Runs five checks and prints a pass/fail summary:
38+
39+
1. **SEV-SNP Hardware** - requests a fresh AMD SEV-SNP attestation report bound to the current SSH host key hash and validates the full cert chain via `attestation-cli`.
40+
2. **TPM Attestation** - validates the vTPM quote and AK cert chain.
41+
3. **Host Key Binding** - confirms the live SSH host key matches the key baked into the attestation evidence.
42+
4. **Inference Provider** - shows the configured confidential inference endpoint.
43+
5. **External Access Lockout** - audits `authorized_keys`, firewall rules, and cloud-provider access paths to confirm no operator backdoor.
44+
45+
Add `-v` / `--verbose` for full cert-chain, VCEK, and endpoint diagnostics.
46+
47+
### `cc vm info`
48+
49+
Prints a compact status block useful for bug reports and quick sanity checks:
50+
51+
```text
52+
cc: v1.5.8
53+
attestation-cli: v0.4.1
54+
openclaw: <version>
55+
Hostname: <fqdn>
56+
Gateway IP: <gateway>
57+
Installed: <date>
58+
```
59+
60+
### `cc vm attest`
61+
62+
Boot-time command invoked by cloud-init. Generates SEV-SNP + TPM attestation evidence binding the SSH host key to the TEE hardware and writes it to `/etc/privateclaw/evidence.json` for current compatibility.
63+
64+
### `cc vm assign`
65+
66+
Internal command invoked by a systemd timer. Polls Azure IMDS for user configuration and applies it to the CVM.
67+
68+
## Independent Verification
69+
70+
You can verify a CVM's attestation evidence from any machine. You do not need to trust this CLI:
71+
72+
```bash
73+
# Copy evidence off the CVM
74+
scp user@cvm:/etc/privateclaw/evidence.json .
75+
76+
# Verify locally with attestation-cli
77+
attestation-cli verify -e evidence.json --expected-report-data <host_key_hash_hex>
78+
```
79+
80+
## Cloud-Init Follow-Up
81+
82+
Confidential Agents cloud-init has not been changed yet. Once this repo has a published release, update cloud-init to download:
83+
84+
```text
85+
https://github.com/lunal-dev/confidential-cvm-cli/releases/latest/download/install.sh
86+
```
87+
88+
Then update boot/runtime invocations from `privateclaw attest`, `privateclaw assign`, and `privateclaw verify` to `cc vm attest`, `cc vm assign`, and `cc vm verify`.
89+
90+
## Auditing
91+
92+
Everything that runs on your CVM lives in this repo. `cc` is a single bash script. The only binary dependency is [`attestation-cli`](https://github.com/lunal-dev/attestation-rs), which is also open source.
93+
94+
## License
95+
96+
[MIT](./LICENSE)

admin-staging-precision-fix.png

22.5 KB
Loading

0 commit comments

Comments
 (0)