Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1474 Discussions

Remote Attestation for Confidential VMs using Intel TDX

mAdil
Beginner
‎06-12-2024 12:24 PM
520 Views

Hello,

 

I'm relatively new to Intel SGX/TDX technology and have recently set up an Azure Intel TDX-based confidential VM as outlined here. This VM is running Windows OS and operates within a Trusted Domain (TD), where its memory and state are encrypted and protected from the hypervisor and other VMs.

In the context of Intel SGX, remote attestation is typically performed between an enclave application and its corresponding service providers. However, with Intel TDX and my current setup, I'm uncertain about how to perform remote attestation between my TD (Azure VM) and the relevant service provider. It seems I might need to utilize the Intel TDX Quote Generation Library, but I'm unclear about the prerequisites and how it aligns with my specific use case. Moreover, I am not sure if the complete TDX attestation workflow can be performed from within the TD  (Azure VM). Are there any sample examples available to help me get started?

I've found that resources on this topic online are quite scarce, so any assistance or guidance would be greatly appreciated!

 

Thank you in advance!

Labels (3)
0 Kudos

Link Copied

1 Reply
Scott_R_Intel
Employee
‎06-12-2024 12:27 PM
514 Views

Hello.

You can read about Azure TDX remote attestation on Microsoft's GitHub repo:

https://github.com/Azure/confidential-computing-cvm-guest-attestation/blob/tdx-preview/tdx-attestation-app/ATTEST.md#performing-remote-attestation

 

Regards.

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.