#azure #tpm #sev-snp

bin+lib az-snp-vtpm

vTPM based SEV-SNP attestation for Azure Confidential VMs

11 unstable releases (4 breaking)

0.5.2 Feb 23, 2024
0.4.1 Dec 19, 2023
0.4.0 Nov 28, 2023
0.2.3 Jul 3, 2023
0.1.1 Mar 29, 2023

#191 in Cryptography

Download history 432/week @ 2023-11-10 192/week @ 2023-11-17 375/week @ 2023-11-24 228/week @ 2023-12-01 227/week @ 2023-12-08 349/week @ 2023-12-15 266/week @ 2023-12-22 497/week @ 2023-12-29 438/week @ 2024-01-05 584/week @ 2024-01-12 704/week @ 2024-01-19 686/week @ 2024-01-26 555/week @ 2024-02-02 331/week @ 2024-02-09 677/week @ 2024-02-16 886/week @ 2024-02-23

2,585 downloads per month

MIT license

44KB
856 lines

Rust Crate Docs

az-snp-vtpm

This library enables guest attestation flows for SEV-SNP CVMs on Azure. Please refer to the documentation in this repository for details on the attestation procedure.

Create a CVM

Default image is Ubuntu 22.04 cvm

export IMAGE_ID=/subscriptions/.../resourceGroups/.../providers/Microsoft.Compute/galleries/.../images/.../versions/1.0.0
make deploy

Build & Install

cargo b --release -p az-snp-vtpm
scp ../target/release/snp-vtpm azureuser@$CONFIDENTIAL_VM:

Run Binary

Retrieve SEV-SNP report, validate and print it:

sudo ./snp-vtpm -p

Example Project

There is a project in the ./example folder depicting how the crate can be leveraged in a Remote Attestation flow. Note: the code is merely illustrative and doesn't feature exhaustive validation, which would be required in a production scenario.

cargo b -p snp-example

SEV-SNP Report & vTPM

The vTPM is linked to the SEV-SNP report via the vTPM Attestation Key (AK). The public AK is part of a Runtime Data struct, which is hashed and submitted as Report Data when generating the SNP report. To provide freshness guarantees in an attestation exchange we can request a vTPM quote with a nonce. The resulting message is signed by the AK.

                              ┌────────────────────────┐
                              │ HCL Data               │
                              │                        │
                              │ ┌──────────────────────┴─┐  ─┐
                              │ │ Runtime Data           │   │
                              │ │                        │   │
    ┌──────────────────────┐  │ │ ┌────────────────────┐ │   ├─┐
  ┌─┤ vTPM AK              ├──┼─┼─┤ vTPM Public AK     │ │   │ │
  │ └──────────────────────┘  │ │ └────────────────────┘ │   │ │
  │         ┌──────────────┐  │ └──────────────────────┬─┘  ─┘ │
  │         │ vTPM Quote   │  │ ┌────────────────────┐ │       │
  │         │              │  │ │ HCL Report         │ │       │
signs ┌─  ┌─┴────────────┐ │  │ │                    │ │     sha256
  │   │   │ Message      │ │  │ │ ┌────────────────┐ │ │       │
  │   │   │              │ │  │ │ │ SEV-SNP Report │ │ │       │
  │   │   │ ┌──────────┐ │ │  │ │ │                │ │ │       │
  │   │   │ │ PCR0     │ │ │  │ │ │ ┌──────────────┴─┴─┴─┐     │
  │   │   │ └──────────┘ │ │  │ │ │ │ Report Data        │ ◄───┘
  │   │   │   ...        │ │  │ │ │ └──────────────┬─┬─┬─┘
  │   │   │ ┌──────────┐ │ │  │ │ └────────────────┘ │ │
  └─► │   │ │ PCRn     │ │ │  │ └────────────────────┘ │
      │   │ └──────────┘ │ │  └────────────────────────┘
      │   │ ┌──────────┐ │ │ 
      │   │ │ Nonce    │ │ │
      │   │ └──────────┘ │ │
      └─  └─┬────────────┘ │
            └──────────────┘

Dependencies

~17–31MB
~547K SLoC