google
diff --git a/‎.github/workflows/ci.yml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/ci.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎.gitignore
Lines changed: 1 addition & 0 deletions b/‎.gitignore
Lines changed: 1 addition & 0 deletions
diff --git a/‎abi/abi.go
Lines changed: 6 additions & 3 deletions b/‎abi/abi.go
Lines changed: 6 additions & 3 deletions
diff --git a/‎gce/gce.go
Lines changed: 19 additions & 0 deletions b/‎gce/gce.go
Lines changed: 19 additions & 0 deletions
diff --git a/‎proto/check/check.pb.go
Lines changed: 1 addition & 1 deletion b/‎proto/check/check.pb.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎proto/fakekds/fakekds.pb.go
Lines changed: 1 addition & 1 deletion b/‎proto/fakekds/fakekds.pb.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎proto/sevsnp.proto
Lines changed: 4 additions & 0 deletions b/‎proto/sevsnp.proto
Lines changed: 4 additions & 0 deletions
diff --git a/‎proto/sevsnp/sevsnp.pb.go
Lines changed: 34 additions & 20 deletions b/‎proto/sevsnp/sevsnp.pb.go
Lines changed: 34 additions & 20 deletions
@@ -44,10 +44,10 @@ jobs:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           version: "3.12.4"
       - name: Install protoc-gen-go
-        run: go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.27.1
+        run: go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.28.1
       - name: Check Protobuf Generation
         run: |
-          go generate ./... 
+          go generate ./...
           git diff -G'^[^/]' --exit-code
       - name: Generate all protobufs
         run: go generate ./...
 
@@ -2,3 +2,4 @@
 !*.*
 !*/
 *~
+external/*
@@ -22,6 +22,7 @@ import (
 	"fmt"
 	"math/big"
 
+	"github.com/google/go-sev-guest/gce"
 	pb "github.com/google/go-sev-guest/proto/sevsnp"
 	"github.com/google/logger"
 	"github.com/pborman/uuid"
@@ -690,9 +691,11 @@ func (c *CertTable) Proto() *pb.CertificateChain {
 	if err != nil {
 		logger.Warningf("ARK certificate not found in data pages: %v", err)
 	}
+	firmware, _ := c.GetByGUIDString(gce.FirmwareCertGUID)
 	return &pb.CertificateChain{
-		VcekCert: vcek,
-		AskCert:  ask,
-		ArkCert:  ark,
+		VcekCert:     vcek,
+		AskCert:      ask,
+		ArkCert:      ark,
+		FirmwareCert: firmware,
 	}
 }
@@ -0,0 +1,19 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package gce defines logic specific to verification of GCE-specific attestations.
+package gce
+
+// FirmwareCertGUID is the extended report GUID table GUID for a firmware certificate on GCE.
+const FirmwareCertGUID = "9f4116cd-c503-4f5a-8f6f-fb68882f4ce2"
@@ -65,6 +65,10 @@ message CertificateChain {
 
   // The AMD Root key certificate (signs the ASK cert).
   bytes ark_cert = 3;
+
+  // A certificate the host may inject to endorse the measurement of the
+  // firmware.
+  bytes firmware_cert = 4;
 }
 
 message Attestation {
-Original file line number
+Diff line change
 !*.*
 !*/
 *~
 +external/*
Original file line number	Diff line number	Diff line change
`@@ -65,6 +65,10 @@ message CertificateChain {`
`65`	`65`
`66`	`66`	`// The AMD Root key certificate (signs the ASK cert).`
`67`	`67`	`bytes ark_cert = 3;`
	`68`	`+`
	`69`	`+ // A certificate the host may inject to endorse the measurement of the`
	`70`	`+ // firmware.`
	`71`	`+ bytes firmware_cert = 4;`
`68`	`72`	`}`
`69`	`73`
`70`	`74`	`message Attestation {`