Package: cloud.debian.org Severity: important Dear Maintainer,
I'm a Google Cloud engineer in the confidential computing organization. We found that --image_project=debian-cloud --image_family=debian-12 fails basic SEV-SNP attestation tests. Please remove the guest_os_feature SEV_SNP_CAPABLE from your images until you resolve this issue. This means that /dev/sev-guest is not available, and neither is /sys/kernel/config/tsm/report, and modprobe sev-guest fails to install the required module for either of those attestation entry points to become visible. We believe that the SEV-SNP technology's main advantage beyond its nested page table integrity protections is its ability to provide signed attestations that contain a digest of the VM state at launch time. The SEV_SNP_CAPABLE feature ought to imply attestation support. I will clarify the public documentation on this. The sev-guest driver ought to be easily accessible to Cloud users of the Debian-12 image. If I missed which package contains this kernel module, please let me know which it is so I may update our testing facilities. Thanks! -- -Dionna Glaze, PhD, CISSP (she/her)
