Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Remote Attestation for Confidential VMs using Intel TDX




I'm relatively new to Intel SGX/TDX technology and have recently set up an Azure Intel TDX-based confidential VM as outlined here. This VM is running Windows OS and operates within a Trusted Domain (TD), where its memory and state are encrypted and protected from the hypervisor and other VMs.

In the context of Intel SGX, remote attestation is typically performed between an enclave application and its corresponding service providers. However, with Intel TDX and my current setup, I'm uncertain about how to perform remote attestation between my TD (Azure VM) and the relevant service provider. It seems I might need to utilize the Intel TDX Quote Generation Library, but I'm unclear about the prerequisites and how it aligns with my specific use case. Moreover, I am not sure if the complete TDX attestation workflow can be performed from within the TD  (Azure VM). Are there any sample examples available to help me get started?

I've found that resources on this topic online are quite scarce, so any assistance or guidance would be greatly appreciated!


Thank you in advance!

Labels (3)
0 Kudos
1 Reply
0 Kudos