Peform vTPM attestation programatically on Azure

Karthik Jayaraman 1 Reputation point
2022-12-27T18:01:02.467+00:00

I am trying to invoke Attest APIs (https://learn.microsoft.com/en-us/rest/api/attestation/attestation/attest-tpm?tabs=HTTP) on a Azure VM with vTPM enabled.

I followed this article and have created the following:

  1. Azure Attestation Service in my subscription
  2. A new policy for TPM attestation
  3. Client with Attestation Reader role
  4. A Ubuntu 20.04.5 instance with vTPM enabled (secure-boot disabled)

With all the pre-requisites setup, I am wondering if its possible for me to call Attestation APIs and perform attestation on-demand using the Attestation client libraries ?

OR, if the attestation is performed only by Azure automatically (the article does not indicate this), is it possible to read and verify the attestation results auto-triggered by Azure ? My objective is to see if I can create a client driven way to attest / verify attestation.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
9,058 questions
{count} votes

1 answer

Sort by: Most helpful
  1. vipullag-MSFT 26,492 Reputation points Moderator
    2023-02-16T06:24:26.5266667+00:00

    @karthik jayaraman Please check this Python web API/Rest Interface to this attestation library. You can as well implement the same to achieve the goal of rest attestation API/Rest Interface confidential-container-samples/cvm-python-app-remoteattest at main · Azure-Samples/confidential-container-samples (github.com). Its build as a container but can as well work with direct deployments.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.