How to provision client assets into JWT token in Azure CVM?

Question

How to provision client assets into JWT token in Azure CVM?

Joey 175

Hi~

This question is related to this FAQ.

Currently, I am using an Azure SNP-CVM:

Image: Ubuntu Server 20.04 LTS (Confidential VM - SEV-SNP Only)

VMsize: DCa series

Enabled features: SecureBoot, Trusted Launch Feature, and EncOSdisk.

To do attestation, I have successfully installed the AttestationClient{cvm-platform-checker-exe} and acquired the JWT response.

My question is, how can I provision client assets into the JWT token generated by Azure attestation in SNP-CVM?

The official AMD SEV-SNP hardware offers this ability that allows the attester to provide 512-bit <REPORT_DATA>, like a public key, into the AMD-generated attestation report.

Anonymous

2024-09-30T08:41:47.19+00:00

Hi Joey,

Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

To provision client assets into the JWT token generated by Azure attestation in SNP-CVM, follow these steps:

Make sure you have the AttestationClient installed and configured on your Confidential VM (CVM). This client will help you interact with the Azure Attestation service. Use the AttestationClient to generate an attestation report, which will include the necessary details about the VM’s state and configuration.

The AMD SEV-SNP hardware allows you to include a 512-bit REPORT_DATA in the attestation report. This can be a public key or any other client-specific data. You can set this REPORT_DATA using the AttestationClient before generating the attestation report.

Once the attestation report is generated, use it to acquire a JWT token from the Azure Attestation service. This token will include the REPORT_DATA you provided. The JWT token can now be used to authenticate and authorize access to your resources, containing the client assets you provisioned in the REPORT_DATA.

For detailed steps and examples, please refer to the documentation on Secure Key Release with Confidential VMs How To Guide.

If you have any further queries, do let us know. If the comment is helpful, please click "Upvote".
Anonymous

2024-10-01T01:27:10.24+00:00

Hi Joey,

Just checking in to see if you had a chance to review my comment on your question. Please let us know if it was helpful and feel free to reach out if you have any further queries.

If you found the information useful, please click "Upvote" on the post to let us know.

Thank You.
Joey 175 Reputation points

2024-10-01T05:36:11.84+00:00

Hi Sai Krishna Katakam,

The document you referred to above, Secure Key Release with Confidential VMs How To Guide, mainly introduces the prerequisites of service Seucre Key Release (SKU). To perform the SKU release, it should use the Microsoft Azure Attestation service (MAA).

Are there samples or documents that tell me how to use MAA to achieve the SKU?

Another question: As I mentioned above, the original SNP Attestation offers a 512-bit REPORT_DATA field for customization. If I just want to provision some user data ( don't rely on Azure Key Vault/SKR) directly in the SNP attestation / JWT token, how can I do that?

Thank you for your help!
Joey 175 Reputation points

2024-10-01T05:45:04.9033333+00:00

Hi Sai Krishna Katakam,

The document you provided, Secure Key Release with Confidential VMs How To Guide, mainly introduces the prerequisites of using the SKR service. In this case, it should be achieved by using Microsoft Azure Attestation service (MAA). Are there specific samples/documents that can tell me how to perform MAA with SKR?

Another question is, if I just want to provide some user data directly in the SNP Attestation Report /Azure JWT that does not rely on the SKR service, how can I do that?
Joey 175 Reputation points

2024-10-01T05:47:19.2066667+00:00

Hi Sai Krishna Katakam,

The document you provided, Secure Key Release with Confidential VMs How To Guide, mainly introduces the prerequisites of using the SKR service. In this case, it should be achieved by using Microsoft Azure Attestation service (MAA) together with SKR. Are there samples/documents that can tell me how to perform MAA with SKR?

Another question is, if I just want to provide some user data directly in the SNP Attestation Report /Azure JWT that does not rely on the SKR service, how can I do that?

Thank you for your help!
Rachid Labiëd 15 Reputation points

2024-10-04T09:36:16.7133333+00:00
To provisiion client assets into the JWT token generated by Azure Attestation in an SNP-CVM, you can follow these steps:

Use the Azure Attestation API**:** Utilize the Azure Attestation service to create a custom attestation policy that allows you to include client assets.

Prepare Your Attestation Request: When sending an attestation request, include your REPORT_DATA in the request body. This REPORT_DATA can include the public key or other assets you wish to provision.

Modify the AttestationClient: If you're using the AttestationClient, ensure it's configured to send the custom REPORT_DATA in the request.

Process the JWT Response**:** After the attestation is processed, the JWT token will include your client assets as part of its claims, which can then be used by your application.
Joey 175 Reputation points

2024-10-06T06:32:18.4266667+00:00
Hi Rachid Labiëd,

This is exactly something I want to do. I think there are several key points:

Utilize the Azure Attestation service to create a custom attestation policy that allows you to include client assets;

Modify the AttestationClient to send custom REPORT_DATA in the request.

Are there any documents/samples about the issue? Especially for 'Modify the AttestationClient,' does it mean the default AttestationClient tool doesn't support the feature at the moment?
Joey 175 Reputation points

2024-10-06T06:42:22.3633333+00:00

Hi Sai Krishna Katakam,

Other than the SKR, I want to ask how I can provision the user data directly into the SNP Hardware report and then into the JWT. If there were documents or samples, that would be helpful.

In particular, from parsing the JWT, I noticed there is a 'user-data' field. Is it that the 512-bit <REPORT_DATA> field comes from the AMD SNP Hardware Attestation report?

Inside the SNP-CVM guest, how can I provision assets to this field in each request of a JWT token?

Many thanks~
Rachid Labiëd 15 Reputation points

2024-10-06T07:21:21.12+00:00

Hi Joey, Hi,

that is correct regarding the steps to integrate client assets into the attestation process using Azure Attestation.

1. Azure Attestation Service and Custom Attestation Policy:

You can use the Azure Attestation service to define custom policies for verifying the integrity and authenticity of the environment where your application runs. This includes configuring policies that handle custom REPORT_DATA, which can include your client assets.

Custom attestation policy allows you to define rules on what the attestation token must contain, such as specific claims in the REPORT_DATA, to be deemed valid. You can find more about custom policies here: Azure Attestation Policies Documentation

2. Modifying the AttestationClient:

Modifying the AttestationClient refers to customizing how your client interacts with the Azure Attestation service. You would modify it to include custom REPORT_DATA in the request payload that is sent to the Azure Attestation service for verification.

The default AttestationClient may not natively support sending custom REPORT_DATA directly in all scenarios. In this case, you might need to extend the client code or use a lower-level API to modify the requests.

check these links out:

• Azure SDK for .NET Attestation Client Library

• Azure Attestation REST API Documentation

Sample Resources:

• A relevant sample for custom REPORT_DATA might be found in the official Azure-Samples repository or via the SDK docs:

• Azure Samples GitHub

• Azure Attestation SDK Examples

If the current AttestationClient doesn’t support the feature directly, modifying it to send your custom payloads would be the way forward. Using the REST API might also give you more control over the data you send.
Anonymous

2024-10-07T09:26:13.2466667+00:00

Hi Joey,

Yes, the 512-bit REPORT_DATA field in the AMD SEV-SNP hardware attestation report corresponds to the user-data field in the Azure Attestation (MAA) JWT token. You can use this field to provision your custom data directly into the SNP hardware attestation report, which will be included in the JWT issued by the MAA service.

Steps to Provision User Data into the JWT:

Set the REPORT_DATA Field in the SNP Hardware Report:

Inside the SNP-CVM guest, you can use the AttestationClient to set the REPORT_DATA field before generating the attestation report. This field can hold user-specific assets such as public keys or other data.

Generate the Attestation Report:

The REPORT_DATA you set will be included in the attestation report generated by the SEV-SNP hardware.

Submit the Report to MAA:

Send the attestation report to Azure Attestation (MAA). The MAA service will validate the report and issue a JWT token containing your REPORT_DATA in the user-data field.

For more details, please refer to the below documents.
Attestation for Confidential VMs
Confidential VM Attestation Overview

If you have any further queries, do let us know. If the comment is helpful, please click "Upvote".
Rachid Labiëd 15 Reputation points

2024-10-07T09:41:28.0966667+00:00

Hi Joey, Using **cvm-platform-checker-exe **(Azure Attestation Client): When you run the cvm-platform-checker-exe in Azure SNP-CVM, the attestation process will generate an attestation report (JWT) that includes the REPORT_DATA. Injecting Custom Data into the Attestation Request: The cvm-platform-checker-exe allows you to inject a 512-bit REPORT_DATA (64 bytes of arbitrary data) when generating the attestation report. Here’s a general flow to provision client data (such as a public key):

-Generate your client data, e.g., a hash of a public key or nonce.

-Pass this data as REPORT_DATA when requesting the attestation report using the cvm-platform-checker-exe.

Once you have generated the JWT, verify that the REPORT_DATA has been correctly incorporated. The JWT contains claims, and REPORT_DATA should be embedded in one of these claims. The Azure Attestation service signs this token, ensuring its integrity.

After running the attestation process, you will receive a JWT token. You can decode the token to see the embedded data (e.g., public key) within the REPORT_DATA field. JWT tokens can be decoded with tools like jwt.io.

By using the cvm-platform-checker-exe or a similar tool and specifying the REPORT_DATA in your attestation request, you can provision client-specific data (such as a public key) into the Azure-generated JWT token. This allows you to securely attest the integrity and authenticity of your confidential VM workloads, leveraging the SEV-SNP technology provided by AMD in Azure.
Anonymous

2024-10-08T03:18:21.36+00:00

Hi Joey,

Just checking in to see if you had a chance to review my comment on your question. Please let us know if it was helpful and feel free to reach out if you have any further queries.

If you found the information useful, please click "Upvote" on the post to let us know.

Thank You.
Joey 175 Reputation points

2024-10-08T05:05:47.0433333+00:00
Hi Sai Krishna Katakam,

Thank you for your timely reply.

Both you and Rachild Labiëd have mentioned that I can directly use the AttestaionClient to provision the <Report_Data> into the JWT. However, I am not sure whether the AttestationClient indeed implemented this function. As the following shows,

Besides, in

cvm-attestation-sample-app,

cvm-platform-checker-exe

**AttestationClient latest sourcecode?**

I cannot find the instructions to provide the user data. Any suggestions will be appreciated.
Anonymous

2024-10-10T10:25:18.39+00:00

Hi Joey,

Currently, the AttestationClient does not have an explicit option for setting REPORT_DATA, as seen in your screenshot. However, you can manually provision the REPORT_DATA field within the SEV-SNP platform before generating the attestation report.

To set user-specific data (such as a public key) in the REPORT_DATA field and have it included in the JWT, follow these steps:

Provision REPORT_DATA:

Use the SEV-SNP firmware or platform API to set the 512-bit REPORT_DATA inside the Confidential VM. This field can store user-defined data.

Generate Attestation Report:

After setting the REPORT_DATA, run the AttestationClient to generate the attestation report. This will include your custom data in the REPORT_DATA field.

Get JWT with REPORT_DATA:

When the attestation report is submitted to the Microsoft Azure Attestation (MAA) service, the REPORT_DATA will be embedded in the user-data field of the JWT.

For more information, refer to the following Microsoft documentation:
Azure Confidential Computing Overview
What is guest attestation for confidential VMs?
If you found the information useful, please click "Upvote" on the post to let us know.

Thank You.

Joey 175

Hi Sai Krishna Katakam,

It took me some time to read these documents and reorganize my thoughts.

Firstly, I think the idea you mentioned is mainly consistent with what Rachid Labiëd also noted before, that is, I should send a custom attestation request by modifying the AttestationClient or by some other methods.

Before taking this method into practice, I still have some questions and hope for your confirmation because I haven't found a clear statement in Azure CVM Attestation/Microsoft Azure Attestation/TPM series documents, which are important to this issue.

Below is the default Azure SNP-CVM JWT I acquired using AttestationClient.

{
  "alg": "RS256",
  "jku": "https://sharedeus2.eus2.attest.azure.net/certs",
  "kid": "J0pAPdfXXHqWWimgrH853wMIdh5/fLe1z6uSXYPXCa0=",
  "typ": "JWT"
}.{
  "exp": 1728429904,
  "iat": 1728401104,
  "iss": "https://sharedeus2.eus2.attest.azure.net",
  "jti": "6c66a583d30ac24813e061dbb3254980d5a44b957d25266983dd916eee59ac98",
  "nbf": 1728401104,
  "secureboot": true,
  "x-ms-attestation-type": "azurevm",
  "x-ms-azurevm-attestation-protocol-ver": "2.0",
  "x-ms-azurevm-attested-pcrs": [
    0,
    1,
    2,
    3,
    4,
    5,
    6,
    7
  ],
  "x-ms-azurevm-bootdebug-enabled": false,
  "x-ms-azurevm-dbvalidated": true,
  "x-ms-azurevm-dbxvalidated": true,
  "x-ms-azurevm-debuggersdisabled": true,
  "x-ms-azurevm-default-securebootkeysvalidated": true,
  "x-ms-azurevm-elam-enabled": false,
  "x-ms-azurevm-flightsigning-enabled": false,
  "x-ms-azurevm-hvci-policy": 0,
  "x-ms-azurevm-hypervisordebug-enabled": false,
  "x-ms-azurevm-is-windows": false,
  "x-ms-azurevm-kerneldebug-enabled": false,
  "x-ms-azurevm-osbuild": "NotApplication",
  "x-ms-azurevm-osdistro": "Ubuntu",
  "x-ms-azurevm-ostype": "Linux",
  "x-ms-azurevm-osversion-major": 20,
  "x-ms-azurevm-osversion-minor": 4,
  "x-ms-azurevm-signingdisabled": true,
  "x-ms-azurevm-testsigning-enabled": false,
  "x-ms-azurevm-vmid": "4D40782A-122A-42B6-BB3C-45F76ACE525E",
  "x-ms-isolation-tee": {
    "x-ms-attestation-type": "sevsnpvm",
    "x-ms-compliance-status": "azure-compliant-cvm",
    "x-ms-runtime": {
      "keys": [
        {
          "e": "AQAB",
          "key_ops": [
            "sign"
          ],
          "kid": "HCLAkPub",
          "kty": "RSA",
          "n": "x09xjAAA5dntieiK5WLWPSC_CMnPBltXtHkSQK7TuJFtrWTlqAdZc1gkh71l-e_mWaqA7cNqkOeHo0sKYzDrGlTT3POEfrpMXLM3Ti58sQeoSioUMsajieKFlkqJFo0bLlt7_xgmt0YlJTQfVH1gEM5S1w0d97cxri8Zg_HU1FIMssU2eoI8w39kIMiE6xqNuQP5fu0CrP_b0YOibH1krvA6wyeW3ui7iOYkz3xnlw-lUp-_iHvGJmAKamaJSmNs5fsMXPvEcFgqw9lai1LpwbnM-bIkCeQOFmJh7clijFjBaJagD0chm8Lwy6PiletYWyg7oTSfB7UGT0j0-ltEWQ"
        },
        {
          "e": "AQAB",
          "key_ops": [
            "encrypt"
          ],
          "kid": "HCLEkPub",
          "kty": "RSA",
          "n": "lNn8lAAA3yFx08h7aX01sosbxH6MLn0wJXqK8J4Omv3LrgVQ_NK0JORZriwjKzg34SnOR4fnd_U9J_8e9uFS51tYZTRUmaDHrNBYTKtLAIirTbBl-xjUR6fqOW_ofymrR1meBoh_kaZJ4IL5QymlWMriRBGZfFputkMVs0VAng4WXF2cCGEsSNIpUtgBdUuCyLI95jZcouLOGq_eXILtuv7XxvfQ2Fa0n_4dHeFTMCgp898n1oWVuuKTT0zcoR6fML9EbfbdI9kKCZfZqxcl4LB-r65Hn7UZhw-ObPkOzcO30U_wJfTToycoiW35bOgB1nMh8-ImpPxnULXShuAQ6Q"
        }
      ],
      "user-data": "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
      "vm-configuration": {
        "console-enabled": true,
        "secure-boot": true,
        "tpm-enabled": true,
        "vmUniqueId": "4D40782A-122A-42B6-BB3C-45F76ACE525E"
      }
    },
    "x-ms-sevsnpvm-authorkeydigest": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
    "x-ms-sevsnpvm-bootloader-svn": 4,
    "x-ms-sevsnpvm-familyId": "01000000000000000000000000000000",
    "x-ms-sevsnpvm-guestsvn": 7,
    "x-ms-sevsnpvm-hostdata": "0000000000000000000000000000000000000000000000000000000000000000",
    "x-ms-sevsnpvm-idkeydigest": "0356215882a825279a85b300b0b742931d113bf7e32dde2e50ffde7ec743ca491ecdd7f336dc28a6e0b2bb57af7a44a3",
    "x-ms-sevsnpvm-imageId": "02000000000000000000000000000000",
    "x-ms-sevsnpvm-is-debuggable": false,
    "x-ms-sevsnpvm-launchmeasurement": "122d0d6fcd1b714a7c34f32d0dc9262ab08976cc8e22132b40ef2569f1dcc47b71ba617debed11563389d7a3f8481d99",
    "x-ms-sevsnpvm-microcode-svn": 211,
    "x-ms-sevsnpvm-migration-allowed": false,
    "x-ms-sevsnpvm-reportdata": "2d6c62edf2686bf4f793e32c150732e9cba314f84828437f298d896e7b09b4690000000000000000000000000000000000000000000000000000000000000000",
    "x-ms-sevsnpvm-reportid": "c85a42eb003829ba7cfd0368958959f8de5aed503ca239793f42f32be84fe87d",
    "x-ms-sevsnpvm-smt-allowed": true,
    "x-ms-sevsnpvm-snpfw-svn": 21,
    "x-ms-sevsnpvm-tee-svn": 0,
    "x-ms-sevsnpvm-vmpl": 0
  },
  "x-ms-policy-hash": "wm9mHlvTU82e8UqoOy1Yj1FBRSNkfe99-69IYDq9eWs",
  "x-ms-runtime": {
    "client-payload": {
      "nonce": ""
    },
    "keys": [
      {
        "e": "AQAB",
        "key_ops": [
          "encrypt"
        ],
        "kid": "TpmEphemeralEncryptionKey",
        "kty": "RSA",
        "n": "riuyEwAA3im6ciMIpVgvHD187Fi-588V5RRRlFyQ5zEG5S148qVIc7VaZCTT6Q3h8ghs0Wt6bksRm56V5bsSgyMiZTQiotb2XvP0EJ0GsDrE56paaqcM-GqC1Ip0KdCmpXW1UTd_FPnxNLYj6kdUGvGsEIMxjXlq5KUMCyq7MFCanxoHdiRhaaN5XVhSSr4YzOUe7OP7aPy7SmadYO-W7rGEl2_Wd-5opTWMtIFAvZNbzTlbg374gxy2MzyKsH4jMVuBFqTE1GCfzKW2zouHMirU6Ygx_yvXExPB3zi-zB0fjlBCN-b9D3EwFMLTp3aLQULDDQ9QEX1B4i9oP65keQ"
      }
    ]
  },
  "x-ms-ver": "1.0"
}.[Signature]

0 additional answers

Your answer

Anonymous

2024-09-30T08:41:47.19+00:00

Hi Joey,

Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

To provision client assets into the JWT token generated by Azure attestation in SNP-CVM, follow these steps:

Make sure you have the AttestationClient installed and configured on your Confidential VM (CVM). This client will help you interact with the Azure Attestation service. Use the AttestationClient to generate an attestation report, which will include the necessary details about the VM’s state and configuration.

The AMD SEV-SNP hardware allows you to include a 512-bit REPORT_DATA in the attestation report. This can be a public key or any other client-specific data. You can set this REPORT_DATA using the AttestationClient before generating the attestation report.

Once the attestation report is generated, use it to acquire a JWT token from the Azure Attestation service. This token will include the REPORT_DATA you provided. The JWT token can now be used to authenticate and authorize access to your resources, containing the client assets you provisioned in the REPORT_DATA.

For detailed steps and examples, please refer to the documentation on Secure Key Release with Confidential VMs How To Guide.

If you have any further queries, do let us know. If the comment is helpful, please click "Upvote".
Anonymous

2024-10-01T01:27:10.24+00:00

Hi Joey,

Just checking in to see if you had a chance to review my comment on your question. Please let us know if it was helpful and feel free to reach out if you have any further queries.

If you found the information useful, please click "Upvote" on the post to let us know.

Thank You.
Joey 175 Reputation points

2024-10-01T05:36:11.84+00:00

Hi Sai Krishna Katakam,

The document you referred to above, Secure Key Release with Confidential VMs How To Guide, mainly introduces the prerequisites of service Seucre Key Release (SKU). To perform the SKU release, it should use the Microsoft Azure Attestation service (MAA).

Are there samples or documents that tell me how to use MAA to achieve the SKU?

Another question: As I mentioned above, the original SNP Attestation offers a 512-bit REPORT_DATA field for customization. If I just want to provision some user data ( don't rely on Azure Key Vault/SKR) directly in the SNP attestation / JWT token, how can I do that?

Thank you for your help!
Joey 175 Reputation points

2024-10-01T05:45:04.9033333+00:00

Hi Sai Krishna Katakam,

The document you provided, Secure Key Release with Confidential VMs How To Guide, mainly introduces the prerequisites of using the SKR service. In this case, it should be achieved by using Microsoft Azure Attestation service (MAA). Are there specific samples/documents that can tell me how to perform MAA with SKR?

Another question is, if I just want to provide some user data directly in the SNP Attestation Report /Azure JWT that does not rely on the SKR service, how can I do that?
Joey 175 Reputation points

2024-10-01T05:47:19.2066667+00:00

Hi Sai Krishna Katakam,

The document you provided, Secure Key Release with Confidential VMs How To Guide, mainly introduces the prerequisites of using the SKR service. In this case, it should be achieved by using Microsoft Azure Attestation service (MAA) together with SKR. Are there samples/documents that can tell me how to perform MAA with SKR?

Another question is, if I just want to provide some user data directly in the SNP Attestation Report /Azure JWT that does not rely on the SKR service, how can I do that?

Thank you for your help!
Rachid Labiëd 15 Reputation points

2024-10-04T09:36:16.7133333+00:00

To provisiion client assets into the JWT token generated by Azure Attestation in an SNP-CVM, you can follow these steps:

Use the Azure Attestation API**:** Utilize the Azure Attestation service to create a custom attestation policy that allows you to include client assets.

Prepare Your Attestation Request: When sending an attestation request, include your REPORT_DATA in the request body. This REPORT_DATA can include the public key or other assets you wish to provision.

Modify the AttestationClient: If you're using the AttestationClient, ensure it's configured to send the custom REPORT_DATA in the request.

Process the JWT Response**:** After the attestation is processed, the JWT token will include your client assets as part of its claims, which can then be used by your application.
Joey 175 Reputation points

2024-10-06T06:32:18.4266667+00:00

Hi Rachid Labiëd,

This is exactly something I want to do. I think there are several key points:

Utilize the Azure Attestation service to create a custom attestation policy that allows you to include client assets;

Modify the AttestationClient to send custom REPORT_DATA in the request.

Are there any documents/samples about the issue? Especially for 'Modify the AttestationClient,' does it mean the default AttestationClient tool doesn't support the feature at the moment?
Joey 175 Reputation points

2024-10-06T06:42:22.3633333+00:00

Hi Sai Krishna Katakam,

Other than the SKR, I want to ask how I can provision the user data directly into the SNP Hardware report and then into the JWT. If there were documents or samples, that would be helpful.

In particular, from parsing the JWT, I noticed there is a 'user-data' field. Is it that the 512-bit <REPORT_DATA> field comes from the AMD SNP Hardware Attestation report?

Inside the SNP-CVM guest, how can I provision assets to this field in each request of a JWT token?

Many thanks~
Rachid Labiëd 15 Reputation points

2024-10-06T07:21:21.12+00:00

Hi Joey, Hi,

that is correct regarding the steps to integrate client assets into the attestation process using Azure Attestation.

1. Azure Attestation Service and Custom Attestation Policy:

You can use the Azure Attestation service to define custom policies for verifying the integrity and authenticity of the environment where your application runs. This includes configuring policies that handle custom REPORT_DATA, which can include your client assets.

Custom attestation policy allows you to define rules on what the attestation token must contain, such as specific claims in the REPORT_DATA, to be deemed valid. You can find more about custom policies here: Azure Attestation Policies Documentation

2. Modifying the AttestationClient:

Modifying the AttestationClient refers to customizing how your client interacts with the Azure Attestation service. You would modify it to include custom REPORT_DATA in the request payload that is sent to the Azure Attestation service for verification.

The default AttestationClient may not natively support sending custom REPORT_DATA directly in all scenarios. In this case, you might need to extend the client code or use a lower-level API to modify the requests.

check these links out:

• Azure SDK for .NET Attestation Client Library

• Azure Attestation REST API Documentation

Sample Resources:

• A relevant sample for custom REPORT_DATA might be found in the official Azure-Samples repository or via the SDK docs:

• Azure Samples GitHub

• Azure Attestation SDK Examples

If the current AttestationClient doesn’t support the feature directly, modifying it to send your custom payloads would be the way forward. Using the REST API might also give you more control over the data you send.
Anonymous

2024-10-07T09:26:13.2466667+00:00

Hi Joey,

Yes, the 512-bit REPORT_DATA field in the AMD SEV-SNP hardware attestation report corresponds to the user-data field in the Azure Attestation (MAA) JWT token. You can use this field to provision your custom data directly into the SNP hardware attestation report, which will be included in the JWT issued by the MAA service.

Steps to Provision User Data into the JWT:

Set the REPORT_DATA Field in the SNP Hardware Report:

Inside the SNP-CVM guest, you can use the AttestationClient to set the REPORT_DATA field before generating the attestation report. This field can hold user-specific assets such as public keys or other data.

Generate the Attestation Report:

The REPORT_DATA you set will be included in the attestation report generated by the SEV-SNP hardware.

Submit the Report to MAA:

Send the attestation report to Azure Attestation (MAA). The MAA service will validate the report and issue a JWT token containing your REPORT_DATA in the user-data field.

For more details, please refer to the below documents.
Attestation for Confidential VMs
Confidential VM Attestation Overview

If you have any further queries, do let us know. If the comment is helpful, please click "Upvote".
Rachid Labiëd 15 Reputation points

2024-10-07T09:41:28.0966667+00:00

Hi Joey, Using **cvm-platform-checker-exe **(Azure Attestation Client): When you run the cvm-platform-checker-exe in Azure SNP-CVM, the attestation process will generate an attestation report (JWT) that includes the REPORT_DATA. Injecting Custom Data into the Attestation Request: The cvm-platform-checker-exe allows you to inject a 512-bit REPORT_DATA (64 bytes of arbitrary data) when generating the attestation report. Here’s a general flow to provision client data (such as a public key):

-Generate your client data, e.g., a hash of a public key or nonce.

-Pass this data as REPORT_DATA when requesting the attestation report using the cvm-platform-checker-exe.

Once you have generated the JWT, verify that the REPORT_DATA has been correctly incorporated. The JWT contains claims, and REPORT_DATA should be embedded in one of these claims. The Azure Attestation service signs this token, ensuring its integrity.

After running the attestation process, you will receive a JWT token. You can decode the token to see the embedded data (e.g., public key) within the REPORT_DATA field. JWT tokens can be decoded with tools like jwt.io.

By using the cvm-platform-checker-exe or a similar tool and specifying the REPORT_DATA in your attestation request, you can provision client-specific data (such as a public key) into the Azure-generated JWT token. This allows you to securely attest the integrity and authenticity of your confidential VM workloads, leveraging the SEV-SNP technology provided by AMD in Azure.
Anonymous

2024-10-08T03:18:21.36+00:00

Hi Joey,

Just checking in to see if you had a chance to review my comment on your question. Please let us know if it was helpful and feel free to reach out if you have any further queries.

If you found the information useful, please click "Upvote" on the post to let us know.

Thank You.
Joey 175 Reputation points

2024-10-08T05:05:47.0433333+00:00

Hi Sai Krishna Katakam,

Thank you for your timely reply.

Both you and Rachild Labiëd have mentioned that I can directly use the AttestaionClient to provision the <Report_Data> into the JWT. However, I am not sure whether the AttestationClient indeed implemented this function. As the following shows,

Besides, in

cvm-attestation-sample-app,

cvm-platform-checker-exe

**AttestationClient latest sourcecode?**

I cannot find the instructions to provide the user data. Any suggestions will be appreciated.
Anonymous

2024-10-10T10:25:18.39+00:00

Hi Joey,

Currently, the AttestationClient does not have an explicit option for setting REPORT_DATA, as seen in your screenshot. However, you can manually provision the REPORT_DATA field within the SEV-SNP platform before generating the attestation report.

To set user-specific data (such as a public key) in the REPORT_DATA field and have it included in the JWT, follow these steps:

Provision REPORT_DATA:

Use the SEV-SNP firmware or platform API to set the 512-bit REPORT_DATA inside the Confidential VM. This field can store user-defined data.

Generate Attestation Report:

After setting the REPORT_DATA, run the AttestationClient to generate the attestation report. This will include your custom data in the REPORT_DATA field.

Get JWT with REPORT_DATA:

When the attestation report is submitted to the Microsoft Azure Attestation (MAA) service, the REPORT_DATA will be embedded in the user-data field of the JWT.

For more information, refer to the following Microsoft documentation:
Azure Confidential Computing Overview
What is guest attestation for confidential VMs?
If you found the information useful, please click "Upvote" on the post to let us know.

Thank You.
Anonymous

2024-10-14T07:55:09.35+00:00

Hi Joey,

I would recommend creating a new thread on the same forum with as much details about your issue as possible.

That would make sure that your issue has better visibility in the community.

Thank you.
Joey 175 Reputation points

2024-10-14T09:46:53.2966667+00:00

Hi Sai Krishna Katakam,

I posted a new stream here: How to provision assets into the Attestation Report of a SNP-CVM instance?

Thank you very much for your help and support.

Answer 1

Anonymous

Hi Joey,

Based on your latest comment for using the Microsoft Azure Attestation (MAA) service together with Secure Key Release (SKR), you can refer to the following resources:

Secure Key Release feature with AKV and Azure Confidential Computing (ACC): This document provides a detailed guide on how to perform SKR using MAA. It includes steps for setting up Azure Key Vault, creating a secure key release policy, and performing the release operation.

Azure Attestation Overview: This document offers an overview of Azure Attestation, including its integration with SKR.

Quickstart Set up Azure Attestation by using the Azure portal: This quickstart guide helps you set up and configure an attestation provider using the Azure portal.

Regarding your second question about providing user data directly in the SNP Attestation Report or Azure JWT without relying on the SKR service, you can customize the 512-bit REPORT_DATA field in the SNP attestation report. This field can be used to include user-specific data, which will then be part of the attestation token.

For more detailed guidance, you can refer to the Azure Attestation documentation and the specific sections on customizing attestation policies.
Secure Key Release with Confidential VMs How To Guide
Examples of an attestation token

If you have any further queries, do let us know. If the comment is helpful, please click "Upvote".

joeyjoy 20

Hi Sai Krishna Katakam,

I will go through the links you provided to figure out how to provision SKR and user data in JWT.

Here, I want to ask another question. As the initial question posted, I have installed the Attestation Client and can obtain the JWT token.

station_client$ sudo ./AttestationClient -o token
eyJhbGiLCJraWQiOiJKMHBBUGRmWFhIcVdXaW1nckg4NTN3TUlkaDUvZkxlMXo2dVNYWVBYQ2EwPSIsInR5cCI6IkpXVC
...
...
iI6IjEuMCJ9.uIGgXtjMswlHNhXiR27riErCU6fgCmvIvf3LtpiAFDyFMe_UitM4Zmkx_SGA_lgOtm9-uL2T45BUKmKlKv6VpUVIjHj2NPqXRi3eOjGmhGW6doiFlXyNN3td3gEbY16qobM6BiBAEMhxUrpQUQPF07GnX8KWGqZGvpy6UDtgmyOVK5Ztu9fUYinDd3Nnj6OssQI0dZk5jU87avzRtNinLTxKdREiRw00gyfJdYfpdUfSDMEGMcVv-S-LU4iydYaIHrfccgoaqJT3ukK74VgjbcwT2n5Dze54cgCGTnws9wqKt9G8zFF6amwrcouNLCsvxYDUNMp-r4BjA4-anw2XFg

With the parser, I can obtain the following info.:

{
  "alg": "RS256",
  "jku": "https://sharedeus2.eus2.attest.azure.net/certs",
  "kid": "J0pAPdfXXHqWWimgrH853wMIdh5/fLe1z6uSXYPXCa0=",
  "typ": "JWT"
}.{
  "exp": 1727800337,
  "iat": 1727771537,
  "iss": "https://sharedeus2.eus2.attest.azure.net",
  "jti": "9ce7081d108f631cf73b39b4cae5549d0a5bd5f946ea30c46ae9dead15e0b928",
  "nbf": 1727771537,
  "secureboot": true,
  "x-ms-attestation-type": "azurevm",
  "x-ms-azurevm-attestation-protocol-ver": "2.0",
  "x-ms-azurevm-attested-pcrs": [
...
...
} ] }, "x-ms-ver": "1.0" }.[Signature]

After searching some documents, I found that the signing certs and the JWT signature should be :

Signing certs:
"jku": "https://sharedeus2.eus2.attest.azure.net/certs"

Signature:
iI6IjEuMCJ9.uIGgXtjMswlHNhXiR27riErCU6fgCmvIvf3LtpiAFDyFMe_UitM4Zmkx_SGA_lgOtm9-uL2T45BUKmKlKv6VpUVIjHj2NPqXRi3eOjGmhGW6doiFlXyNN3td3gEbY16qobM6BiBAEMhxUrpQUQPF07GnX8KWGqZGvpy6UDtgmyOVK5Ztu9fUYinDd3Nnj6OssQI0dZk5jU87avzRtNinLTxKdREiRw00gyfJdYfpdUfSDMEGMcVv-S-LU4iydYaIHrfccgoaqJT3ukK74VgjbcwT2n5Dze54cgCGTnws9wqKt9G8zFF6amwrcouNLCsvxYDUNMp-r4BjA4-anw2XFg

If correct, my question is, how can I verify the JWT signature with the signing certs? I think there should be a code of practice.

I have searched some documents, and I found this document (https://learn.microsoft.com/en-us/azure/attestation/overview) and the code samples (https://github.com/Azure-Samples/microsoft-azure-attestation/blob/e7f296ee2ca1dd93b75acdc6bab0cc9a6a20c17c/sgx.attest.sample.oe.sdk/validatequotes.net/MaaQuoteValidator.cs#L62-L65) it given is not so clear.

joeyjoy 20 Reputation points

2024-10-01T12:10:27.47+00:00

Hi Sai Krishna Katakam,

I looked up some JWT standards, and now I know how they should be verified.
Anonymous

2024-10-04T06:21:29.3566667+00:00

Hi Joey,

Base on your reply we assume that now you are able to verify the JWT signature with the signing certs.

If yes, please confirm on same.

Thank you.
joeyjoy 20 Reputation points

2024-10-04T09:32:33.1033333+00:00

Yes, it is a standard JWT validation process.
Anonymous

2024-10-15T05:19:37.19+00:00

Hi Joey,

If an answer has been helpful, please consider accept the answer and "Upvote" to help increase visibility of this question for other members of the Microsoft Q&A community.

Thank you.

Share via

How to provision client assets into JWT token in Azure CVM?

0 additional answers

Your answer