sevctl is a command line utility for managing the AMD Secure Encrypted Virtualization (SEV) platform.
It currently supports the entire management API for the Naples generation of processors.
Every sevctl (sub)command comes with a quick --help option for a reference on its use. For example:
console
$ sevctl --help
or
console
$ sevctl show --help
Exports the SEV certificate chain to the provided file path.
console
$ sevctl export /path/to/where/you/want/the-certificate
Generates a new (self-signed) OCA certificate and key.
console
$ sevctl generate ~/my-cert ~/my-key
Resets the SEV platform. This will clear all persistent data managed by the platform.
console
$ sevctl reset
Rotates the Platform Diffie-Hellman (PDH).
console
$ sevctl rotate
Describes the state of the SEV platform.
console
$ sevctl show flags
console
$ sevctl show guests
Verifies the full SEV/CA certificate chain. File paths to these certificates can be supplied as command line arguments if they are stored on the local filesystem. If they are not supplied, the well-known public components will be downloaded from their remote locations.
console
$ sevctl verify
License: Apache-2.0