Use sample application for guest attestation

The guest attestation feature helps you to confirm that a confidential VM runs on a hardware-based trusted execution environment (TEE) with security features enabled for isolation and integrity.

Sample applications for use with the guest attestation APIs are available on GitHub.

Depending on your type of scenario, you can reuse the sample code in your client program or workload code.

Prerequisites

• An Azure subscription.
• An Azure confidential VM or a VM with trusted launch enabled. You can use a Ubuntu Linux VM or Windows VM.

Use sample application

To use a sample application in C++ for use with the guest attestation APIs, follow the instructions for your operating system (OS).

Ubuntu

1. Sign in to your VM.

2. Clone the sample Linux application.

3. Install the build-essential package. This package installs everything required for compiling the sample application.

   sudo apt-get install build-essential
   

4. Install the libcurl4-openssl-dev and libjsoncpp-dev packages.

   sudo apt-get install libcurl4-openssl-dev
   

   sudo apt-get install libjsoncpp-dev
   

5. Download the attestation package from https://packages.microsoft.com/repos/azurecore/pool/main/a/azguestattestation1/.

6. Install the attestation package. Make sure to replace <version> with the version that you downloaded.

   sudo dpkg -i azguestattestation1_<latest-version>_amd64.deb
   

Windows

1. Install Visual Studio with the Desktop development with C++ workload.
2. Clone the sample Windows application.
3. Build your project. From the Build menu, select Build Solution.
4. After the build succeeds, go to the Release build folder.
5. Run the application by running the AttestationClientApp.exe.

Next steps

• Learn how to use Microsoft Defender for Cloud integration with confidential VMs with guest attestation installed
• Learn more about the guest attestation feature
• Learn about Azure confidential VMs