there is way to obtain the certificate authority to attest that the vtpm running in a virtual machine its trustworthy?

Carlos Pamplona 0 Reputation points
2023-10-03T12:27:29.4866667+00:00

I need to know if there is some available certificate authority to validate if the vTPM running at the virtual machine is trustworthy. My purpose it's to understand better if the report given by the vtpm can be used to attest a virtual machine securely with a trust chain

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,257 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. deherman-MSFT 34,021 Reputation points Microsoft Employee
    2023-10-04T21:47:55.35+00:00

    @Carlos Pamplona

    Microsoft Defender for Cloud with the guest attestation extension helps you to confirm that a confidential VM runs on a hardware-based trusted execution environment (TEE) with security features enabled for isolation and integrity.

    For VMs with VTPM enabled and the guest attestation extension installed Defender for Cloud will issue an Attestation failed your virtual machine alert if:

    • The attested information, which includes the boot log, deviates from a trusted baseline. This problem might indicate that untrusted modules have loaded and the OS might be compromised.
    • The attestation quote can't be verified to originate from the vTPM of the attested VM. This problem might indicate that malware is present, which might indicate that traffic to the vTPM is being intercepted.

    Let me know if that helps or if you still have questions.


    If you still have questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.

    If the answer has been helpful, we appreciate hearing from you and would love to help others who may have the same question. Accepting answers helps increase visibility of this question for other members of the Microsoft Q&A community.

    Thank you for helping to improve Microsoft Q&A!

    User's image

    0 comments No comments