How to provision client assets into JWT token in Azure CVM?

Joey 40 Reputation points
2024-09-29T10:33:36.8866667+00:00

Hi~

This question is related to this FAQ.

Currently, I am using an Azure SNP-CVM:

  • Image: Ubuntu Server 20.04 LTS (Confidential VM - SEV-SNP Only)

VMsize: DCa series

  • Enabled features: SecureBoot, Trusted Launch Feature, and EncOSdisk.

To do attestation, I have successfully installed the AttestationClient{cvm-platform-checker-exe} and acquired the JWT response.

My question is, how can I provision client assets into the JWT token generated by Azure attestation in SNP-CVM?

The official AMD SEV-SNP hardware offers this ability that allows the attester to provide 512-bit <REPORT_DATA>, like a public key, into the AMD-generated attestation report.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,871 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Rachid Labiëd 0 Reputation points
    2024-10-04T09:36:16.7133333+00:00

    To provisiion client assets into the JWT token generated by Azure Attestation in an SNP-CVM, you can follow these steps:

    Use the Azure Attestation API**:** Utilize the Azure Attestation service to create a custom attestation policy that allows you to include client assets.

    1. Prepare Your Attestation Request: When sending an attestation request, include your REPORT_DATA in the request body. This REPORT_DATA can include the public key or other assets you wish to provision.
    2. Modify the AttestationClient: If you're using the AttestationClient, ensure it's configured to send the custom REPORT_DATA in the request.
    3. Process the JWT Response**:** After the attestation is processed, the JWT token will include your client assets as part of its claims, which can then be used by your application.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.