feat: AMD SEV-SNP app key provisioning (GetAppKeyAmd)

Cargo.toml

@@ -122,6 +122,8 @@ hex = { version = "0.4.3", default-features = false }
 hex_fmt = "0.3.0"
 hex-literal = "1.0.0"
 prost = "0.13.5"
+# AMD SEV-SNP attestation verification
+sev = { version = "=6.0.0", default-features = false, features = ["snp", "crypto_nossl"] }
 prost-types = "0.13.5"
 scale = { version = "3.7.4", package = "parity-scale-codec", features = [
     "derive",
@@ -177,6 +179,7 @@ url = "2.5"
 
 # Cryptography/Security
 aes-gcm = "0.10.3"
+aes-siv = "0.7.0"
 curve25519-dalek = "4.1.3"
 dcap-qvl = "0.3.10"
 elliptic-curve = { version = "0.13.8", features = ["pkcs8"] }

dstack-attest/src/attestation.rs

@@ -30,6 +30,7 @@ use sha2::Digest as _;
 const DSTACK_TDX: &str = "dstack-tdx";
 const DSTACK_GCP_TDX: &str = "dstack-gcp-tdx";
 const DSTACK_NITRO_ENCLAVE: &str = "dstack-nitro-enclave";
+const DSTACK_SEV_SNP: &str = "dstack-sev-snp";
 #[cfg(feature = "quote")]
 const SYS_CONFIG_PATH: &str = "/dstack/.host-shared/.sys-config.json";
 
@@ -63,6 +64,9 @@ pub enum AttestationMode {
     /// Dstack attestation SDK in AWS Nitro Enclave
     #[serde(rename = "dstack-nitro-enclave")]
     DstackNitroEnclave,
+    /// AMD SEV-SNP attestation
+    #[serde(rename = "dstack-sev-snp")]
+    DstackSevSnp,
 }
 
 impl AttestationMode {
@@ -96,6 +100,7 @@ impl AttestationMode {
             Self::DstackTdx => true,
             Self::DstackGcpTdx => true,
             Self::DstackNitroEnclave => false,
+            Self::DstackSevSnp => false,
         }
     }
 
@@ -105,6 +110,7 @@ impl AttestationMode {
             Self::DstackGcpTdx => Some(14),
             Self::DstackTdx => None,
             Self::DstackNitroEnclave => None,
+            Self::DstackSevSnp => None,
         }
     }
 
@@ -114,6 +120,7 @@ impl AttestationMode {
             Self::DstackTdx => DSTACK_TDX,
             Self::DstackGcpTdx => DSTACK_GCP_TDX,
             Self::DstackNitroEnclave => DSTACK_NITRO_ENCLAVE,
+            Self::DstackSevSnp => DSTACK_SEV_SNP,
         }
     }
 
@@ -123,6 +130,8 @@ impl AttestationMode {
             Self::DstackTdx => true,
             Self::DstackGcpTdx => true,
             Self::DstackNitroEnclave => false,
+            // SEV-SNP: compose_hash and rootfs_hash are separate fields in the request
+            Self::DstackSevSnp => true,
         }
     }
 }
@@ -615,7 +624,9 @@ impl Attestation {
                     cc_eventlog::tdx::read_event_log().context("Failed to read event log")?;
                 AttestationQuote::DstackTdx(TdxQuote { quote, event_log })
             }
-            AttestationMode::DstackGcpTdx | AttestationMode::DstackNitroEnclave => {
+            AttestationMode::DstackGcpTdx
+            | AttestationMode::DstackNitroEnclave
+            | AttestationMode::DstackSevSnp => {
                 bail!("Unsupported attestation mode: {mode:?}");
             }
         };

kms/Cargo.toml

@@ -23,6 +23,7 @@ tracing.workspace = true
 tracing-subscriber.workspace = true
 x25519-dalek.workspace = true
 yasna.workspace = true
+aes-siv.workspace = true
 
 dstack-kms-rpc.workspace = true
 ra-rpc = { workspace = true, features = ["client", "rocket"] }
@@ -47,6 +48,9 @@ tempfile.workspace = true
 serde-duration.workspace = true
 dstack-verifier = { workspace = true, default-features = false }
 dstack-mr.workspace = true
+# AMD SEV-SNP attestation verification (cert chain + report signature)
+sev = { workspace = true }
+base64.workspace = true
 
 [features]
 default = []