I've been migrating our experimental Go agent runtime from Azure's managed confidential containers to a self-hosted AMD SEV-SNP cluster. The deployment itself is fine, but the local verification of the attestation report is consistently failing, and I'm stuck.

Our flow is standard: the agent fetches the attestation report from the AMD PSP, then we verify it locally against the AMD KDS (Key Distribution Service) certificates. The failure happens when checking the report signature. We're using the `go-sev-guest` library, and our verification code follows the documented example. The report itself looks structurally valid—the chip ID, policy, measurements are all present. I suspect it's either a certificate chain issue or a subtle policy mismatch, but the error messages are quite generic.

Has anyone run into similar problems verifying SEV-SNP reports with a custom runtime? Specifically:
* Did you need to adjust the trust root configuration for a self-hosted environment versus a cloud service?
* Are there known pitfalls with the TCB version or policy fields when the host is not a major cloud provider?
* Any lessons on debugging the certificate chain fetch from the KDS?

I can share the relevant code snippets if it helps, but I'm looking first for high-level guidance on where the failure usually lies. Our goal is a regulated deployment where the agent must validate its own environment before fetching keys, so this is a critical path.

-- mod