How does the client library get the attestation report from inside the VM? AMD

Question

How does the client library get the attestation report from inside the VM? AMD

Danko Miladinovic 0

Hi,

Are the VMs that are used on azure in confidential computing alterd in some way. I am asking this question because the client attestation library is getting the attestation report from inside the VM, the clien libray from this repository:
https://github.com/Azure/confidential-computing-cvm-guest-attestation I tried to run the cvm-attestation-sample-app on a AMD SEV secure VM and it did not work. The error was that the /dev/tpm was missing.

Best regards,
Danko

kobulloc-MSFT 26,811 Reputation points Microsoft Employee Moderator

2023-04-20T18:28:48.7133333+00:00

Hello, @Danko Miladinovic ! My limited understanding is that there are both platform requirements (Trusted Platform Modules or TPMs) on Azure for attestation as well as environment requirements (Trusted Execution Environments or TEEs). It looks like the non Azure VM is reporting that the TPM is missing. I'm following up with some subject experts to confirm.
kobulloc-MSFT 26,811 Reputation points Microsoft Employee Moderator

2023-04-20T21:02:12.4633333+00:00
Hello, @Danko Miladinovic ! The sample application of Azure confidential VM guest attestation only works for Azure confidential VMs running inside of an Azure Data center. This is largely due to two factors:

Azure confidential VMs are using AMD SEV-SNP features

Implementation differences: On-prem SEV VMs may have different firmware leveraging VMPL (Virtual Machine Privilege Levels) and virtual TPM (Trusted Platform Module) authenticated by Azure.

We can provide a more targeted answer if you can provide some additional details:

What are the exact errors that you are seeing?

What is the guest OS image?

What other confidential computing VMs are being compared? (Is this from AWS or GCP?)

If you are uncomfortable sharing these details in the forums, you can send an email to AzCommunity@microsoft.com as long as you include "Attn: kobulloc - Confidential computing TPM is missing" in the subject (subscription ID and subscription name in the body may help speed things up as well).
kobulloc-MSFT 26,811 Reputation points Microsoft Employee Moderator

2023-04-24T20:29:13.88+00:00

Hello, @Danko Miladinovic !

I hope this has been helpful! We appreciate hearing from you and would love to help others who may have the same question. Accepting answers helps increase visibility of this question for other members of the Microsoft Q&A community. If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!

1 answer

Your answer

kobulloc-MSFT 26,811 Reputation points Microsoft Employee Moderator

2023-04-20T18:28:48.7133333+00:00

Hello, @Danko Miladinovic ! My limited understanding is that there are both platform requirements (Trusted Platform Modules or TPMs) on Azure for attestation as well as environment requirements (Trusted Execution Environments or TEEs). It looks like the non Azure VM is reporting that the TPM is missing. I'm following up with some subject experts to confirm.
kobulloc-MSFT 26,811 Reputation points Microsoft Employee Moderator

2023-04-20T21:02:12.4633333+00:00

Hello, @Danko Miladinovic ! The sample application of Azure confidential VM guest attestation only works for Azure confidential VMs running inside of an Azure Data center. This is largely due to two factors:

Azure confidential VMs are using AMD SEV-SNP features

Implementation differences: On-prem SEV VMs may have different firmware leveraging VMPL (Virtual Machine Privilege Levels) and virtual TPM (Trusted Platform Module) authenticated by Azure.

We can provide a more targeted answer if you can provide some additional details:

What are the exact errors that you are seeing?

What is the guest OS image?

What other confidential computing VMs are being compared? (Is this from AWS or GCP?)

If you are uncomfortable sharing these details in the forums, you can send an email to AzCommunity@microsoft.com as long as you include "Attn: kobulloc - Confidential computing TPM is missing" in the subject (subscription ID and subscription name in the body may help speed things up as well).
kobulloc-MSFT 26,811 Reputation points Microsoft Employee Moderator

2023-04-24T20:29:13.88+00:00

Hello, @Danko Miladinovic !

I hope this has been helpful! We appreciate hearing from you and would love to help others who may have the same question. Accepting answers helps increase visibility of this question for other members of the Microsoft Q&A community. If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!

Answer 1

Hello, @Danko Miladinovic !

I'll summarize what we discussed in the comments for anyone else who may be interested.

Why doesn't the sample application of the Azure confidential VM guest attestation work on my VM running outside of an Azure datacenter?

The sample application of Azure confidential VM guest attestation only works for Azure confidential VMs running inside of an Azure Data center. This is largely due to two factors:

Azure confidential VMs are using AMD SEV-SNP features
Implementation differences: On-prem SEV VMs may have different firmware leveraging VMPL (Virtual Machine Privilege Levels) and virtual TPM (Trusted Platform Module) authenticated by Azure.

Share via

How does the client library get the attestation report from inside the VM? AMD

1 answer

Your answer