Determine CPU family inside VM

[Villain88]

I am using AMD SEV-SNP in my project. The VM is supposed to generate a report and send it along with the certificate chain (including vcek) to the verifying party. To get the vcek it is important to know the generation of the processor. The hypervisor may use cpuid masking, so the standard mechanisms for obtaining family/model/stepping may not work. The report also does not contain family information other than chipid. Can you tell me if there is a reliable way to distinguish milan from genoa inside a VM?

[tylerfanelli]

I don't believe there's a way to determine the SEV-SNP generation from the VM.

I've come across this problem before, and have opted to instead have the ARK/ASK chain of different architectures (milan, genoa, etc...) verified by the Relying Party rather than the VM itself.

[DGonzalezVillal]

Hello @Villain88

Originally there was no way of telling your CPU model inside of a virtual machine. But on a recent update to the AMD SEV firmware, there is a new version of the Attestation Report. In version 3 of the attestation report the fields for cpuid family, model and stepping were added. From those you should be able to tell what CPU generation you have in the hose system.

Support for the new attestation report is being added now in #268.