@karthik jayaraman Please check this Python web API/Rest Interface to this attestation library. You can as well implement the same to achieve the goal of rest attestation API/Rest Interface confidential-container-samples/cvm-python-app-remoteattest at main · Azure-Samples/confidential-container-samples (github.com). Its build as a container but can as well work with direct deployments.
Peform vTPM attestation programatically on Azure
I am trying to invoke Attest APIs (https://learn.microsoft.com/en-us/rest/api/attestation/attestation/attest-tpm?tabs=HTTP) on a Azure VM with vTPM enabled.
I followed this article and have created the following:
- Azure Attestation Service in my subscription
- A new policy for TPM attestation
- Client with Attestation Reader role
- A Ubuntu 20.04.5 instance with vTPM enabled (secure-boot disabled)
With all the pre-requisites setup, I am wondering if its possible for me to call Attestation APIs and perform attestation on-demand using the Attestation client libraries ?
OR, if the attestation is performed only by Azure automatically (the article does not indicate this), is it possible to read and verify the attestation results auto-triggered by Azure ? My objective is to see if I can create a client driven way to attest / verify attestation.
Azure Virtual Machines
1 answer
Sort by: Most helpful
-
vipullag-MSFT 26,492 Reputation points Moderator
2023-02-16T06:24:26.5266667+00:00