Skip to content

Instantly share code, notes, and snippets.

@misodengaku

misodengaku/show_services_manifest.py

Last active October 14, 2025 02:01
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save misodengaku/abd457c2c85387c97567b5f7cc71f08d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save misodengaku/abd457c2c85387c97567b5f7cc71f08d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
show_services_manifest.py
import struct, uuid
# https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58019.pdf p29
SERVICE_MANIFEST_GUID = uuid.UUID("63849ebb-3d92-4670-a1ff-58f9c94b87bb")
# https://github.com/coconut-svsm/svsm/blob/74d5682c0fabcabedd80aa6e5f5ea9425a4f7171/kernel/src/protocols/attest.rs#L37
SVSM_ATTEST_VTPM_GUID = uuid.UUID("c476f1eb-0123-45a5-9641-b4e7dde5bfe3")
def read_uuid(b):
s = struct.unpack("<IHH2s6s", b[0:16])
return uuid.UUID(bytes=struct.pack(">IHH2s6s", s[0], s[1], s[2], s[3], s[4]))
with open("services_manifest.bin", "rb") as f:
b = f.read()
guid = read_uuid(b)
if guid != SERVICE_MANIFEST_GUID:
print("error")
exit()
length, num = struct.unpack_from("<II", b, 16)
print("Manifest GUID:", guid)
print("Length:", length)
print("Services:", num)
print("----")
off = 16 + 4 + 4
for i in range(num):
# service table entry
sg = read_uuid(b[off : off + 16])
off += 16
if sg != SVSM_ATTEST_VTPM_GUID:
print("error")
exit()
so, sl = struct.unpack_from("<II", b, off)
off += 8
print(f"Service {i}:\n\tGUID: {sg}\n\tOffset: {so}\n\tLength: {sl}")
print("----")
data = b[off:]
print("Certificate data(hex):", data.hex())
f = open("cert.tpmt_public", "wb")
f.write(data)
f.close()
# https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58019.pdf p36
print(
"Wrote cert.tpmt_public. Use `tpm2_print -t TPMT_PUBLIC cert.tpmt_public` to parse."
)
@misodengaku
Copy link
Author

misodengaku commented Oct 10, 2025 

$ python3 show_services_manifest.py
Manifest GUID: 63849ebb-3d92-4670-a1ff-58f9c94b87bb
Length: 362
Services: 1
----
Service 0:
        GUID: c476f1eb-0123-45a5-9641-b4e7dde5bfe3
        Offset: 48
        Length: 314
----
Certificate data(hex): 0001000b000300b20020837197674484b3f81a90cc8d46a5d724fd52d76e06520b64f2a1da1b331469aa00060080004300100800000000000100802d28fd2841042f90a00a51ad32028b80c4e8380f79724e6e53ab99e3d81765c662943fcf0f7ca5983813b887038defe977eee7eeae98eb9c28f8c80df89747657d19901f34e4e4cd4d0530aca531fb67cd8b662ea7a415f7e39e058d680306ac78a7ae2e1c4d36b228a510c74faa85c5b5693b8c332082d28aa8deaf7f4279614657655b7e37d5eb77b5647a124d1aa381a336e6aa0c4103c0b71fc5b6b24b734fd06442ab9eea456832cfd60da24bc298551b5fe55ccebd3d8c806792804a1b9d868b57ff127b27597e4e4fc5cb3e0914bc2f30449e57a6c43bc1a6468afe554ab54b333207a80df735ba6b8f4d0e94858c7659ad746fae922a20690262a1
Wrote cert.tpmt_public. Use `tpm2_print -t TPMT_PUBLIC cert.tpmt_public` to parse.
$ tpm2_print -t TPMT_PUBLIC cert.tpmt_public
name-alg:
  value: sha256
  raw: 0xb
attributes:
  value: fixedtpm|fixedparent|sensitivedataorigin|adminwithpolicy|restricted|decrypt
  raw: 0x300b2
type:
  value: rsa
  raw: 0x1
exponent: 65537
bits: 2048
scheme:
  value: null
  raw: 0x10
scheme-halg:
  value: (null)
  raw: 0x0
sym-alg:
  value: aes
  raw: 0x6
sym-mode:
  value: cfb
  raw: 0x43
sym-keybits: 128
rsa: 802d28fd2841042f90a00a51ad32028b80c4e8380f79724e6e53ab99e3d81765c662943fcf0f7ca5983813b887038defe977eee7eeae98eb9c28f8c80df89747657d19901f34e4e4cd4d0530aca531fb67cd8b662ea7a415f7e39e058d680306ac78a7ae2e1c4d36b228a510c74faa85c5b5693b8c332082d28aa8deaf7f4279614657655b7e37d5eb77b5647a124d1aa381a336e6aa0c4103c0b71fc5b6b24b734fd06442ab9eea456832cfd60da24bc298551b5fe55ccebd3d8c806792804a1b9d868b57ff127b27597e4e4fc5cb3e0914bc2f30449e57a6c43bc1a6468afe554ab54b333207a80df735ba6b8f4d0e94858c7659ad746fae922a20690262a1
authorization policy: 837197674484b3f81a90cc8d46a5d724fd52d76e06520b64f2a1da1b331469aa
$

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment