How can I attest an image running on an Azure Confidential VM?

cloud D 20 Reputation points
2024-12-15T12:14:16.17+00:00

I have a machine from here https://learn.microsoft.com/en-us/azure/confidential-computing/virtual-machine-options . I would like to attest that the image running on that machine is the intended image. I see here https://github.com/Azure/confidential-computing-cvm-guest-attestation/tree/main/cvm-attestation-sample-app that there is a way for Azure to attest that the image is running on a TEE. When running sudo confidential-computing-cvm-guest-attestation/cvm-attestation-sample-app/AttestationClient it returns true. That is not enough for me. I would also like to verify the image myself. The AMD SEV processor offers a way to attest that the image running on the machine is the intended one. How can that be done in Azure?

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
8,276 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Robina 260 Reputation points
    2024-12-20T18:25:07.0033333+00:00

    Given that you’ve already tried the AttestationClient and it's not sufficient for verifying the authenticity of the image running, let me focus on how you can manually attest the image running on an Azure VM with AMD SEV-SNP using a more direct approach.

    Direct Method to Verify the Image on SEV-SNP VMs

    Since you're looking to specifically verify the image running on the machine, here's a more detailed, hands-on approach to directly verify the image hash and its integrity using AMD SEV-SNP, beyond using the AttestationClient.

    Steps:

    1. Ensure AMD SEV-SNP is Enabled on the VM:
    • Verify that your VM is deployed on a machine with AMD EPYC processors that support SEV-SNP.
    • Azure provides AMD-powered VMs, but you may want to double-check the VM configuration in the Azure portal to ensure SEV-SNP is enabled.
    • Install SEV Tools: You'll need the sevtool or a similar tool to interact with the SEV-SNP hardware and retrieve the attestation information directly from the VM.
      • On a Linux-based VM (e.g., Ubuntu), install sevtool:
        ```bash
        
        sudo apt update sudo apt install sevtool
            
        

    Retrieve the SEV-SNP Attestation Data: SEV-SNP generates a Measurement Report that includes the hash of the running image. This hash represents the state of the VM, including the image being executed.

    • Run the following command on your VM to get the attestation data:
    sevtool info
    
    
    

    The output will look like this:

    SEV info: Measurement: 1234567890abcdef1234567890abcdef
    
    
    

    The Measurement value is the hash of the image running on your VM.

    • Compare the Hash with the Expected Image Hash:
      • The Measurement field will provide the cryptographic hash of the image running on the VM.
      • You need the hash of the intended image (this could be stored securely or pre-calculated when the image was created).
      • Compare the hash from the sevtool info command with your expected hash to ensure the image is the correct, intended one.

    Why This Works:

    • SEV-SNP guarantees that the VM is running in a secure and trusted environment and prevents the hypervisor from tampering with the guest's memory or image.
    • By retrieving the Measurement (hash) from SEV-SNP hardware, you get the actual hash of the running image, which is what you're looking for. This directly verifies that the image hasn’t been modified or tampered with.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.