Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
9,013 questions
Payload/Artifacts required in TPM Attest REST API data field
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 2%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Abdul Moiz
0
Reputation points
I am trying to perform TPM attestation from Azure confidential virtual machine, using TPM attest REST API by following docs here, (https://learn.microsoft.com/en-us/rest/api/attestation/attestation/attest-tpm?view=rest-attestation-2022-08-01&tabs=HTTP)
API - POST {instanceUrl}/attest/Tpm?api-version=2022-08-01
The problem I am facing is, in the docs it's mentioned the API requires "data" field in request body, but it's not mentioned what fields/payload should be included in data field.
I am unable to find which fields/artifacts need to be base64 encoded in "data" field for above mentioned API, any help is appreciated.
Update Jan 19, 5:14 PM
I am using Intel Xeon based Confidential Virtual Machine (DC2es v5, East US 2).
Thanks!
Azure Virtual Machines
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 38%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Markapuram Sudheer Reddy 2,050 Reputation points Microsoft External Staff Moderator2025-06-19T03:17:23.6266667+00:00 Hi Abdul Moiz,
According to the documentation, the following artifacts should be included in the protocol blob for vTPM attestation:
TPM Quote
TPM Event Log
vTPM AK Certificate
Hardware Report
Hardware Vendor Certificate Chain
The data field is a container for all the attestation evidence needed by Azure to validate the trustworthiness of your virtual machine or device.
The value is base64url-encoded (not plain JSON or binary) to safely transmit complex data in a single string.
Please check the documentation for more information:
https://learn.microsoft.com/en-us/azure/confidential-computing/virtual-tpms-in-azure-confidential-vm
Hope it helps!
If the information is helpful, please click on "Upvote"
If you have any queries, please do let us know, we will help you.
-
Abdul Moiz 0 Reputation points
2025-06-19T09:47:00.3333333+00:00 Hi @Markapuram Sudheer Reddy , Thank you for your prompt response, it's very helpful.
Is there any specific format for each of these fields (before base64 encoding) that is required by REST API? Or any example payload that can help minimize errors.
Like, quote: "/1RDR4AYACIA......cgTPQav0ZX" or something else.
I am using Intel CVM btw.
Thanks again!
-
Abdul Moiz 0 Reputation points
2025-06-19T12:16:11.7966667+00:00 Also I noticed both these resources you shared are for AMD SEV-SNP, I am using Intel Xeon based Virtual Machine.https://learn.microsoft.com/en-us/azure/confidential-computing/virtual-tpms-in-azure-confidential-vm
-
Markapuram Sudheer Reddy 2,050 Reputation points Microsoft External Staff Moderator
2025-06-23T08:40:45.2733333+00:00 Hi Abdul Moiz,
They are implemented on different processor families like SEV-SNP on AMD EPYC processors, and TDX on select Intel Xeon processors. Please check complete list of processors compatible with Intel TDX.
Sign in to comment
Sign in to answer