az-snp-vtpm

Crates.ioaz-snp-vtpm
lib.rsaz-snp-vtpm
version0.7.1
sourcesrc
created_at2023-03-28 16:17:24.176005
updated_at2024-11-18 13:11:23.012175
descriptionvTPM based SEV-SNP attestation for Azure Confidential VMs
homepage
repositoryhttps://github.com/kinvolk/azure-cvm-tooling/
max_upload_size
id823209
size67,263
Suraj Deshmukh (surajssd)

documentation

README

Rust Crate Docs

az-snp-vtpm

This library enables guest attestation flows for SEV-SNP CVMs on Azure. Please refer to the documentation in this repository for details on the attestation procedure.

Create a CVM

Default image is Ubuntu 22.04 cvm

export IMAGE_ID=/subscriptions/.../resourceGroups/.../providers/Microsoft.Compute/galleries/.../images/.../versions/1.0.0
make deploy

Build & Install

cargo b --release -p az-snp-vtpm
scp ../target/release/snp-vtpm azureuser@$CONFIDENTIAL_VM:

Run Binary

Retrieve SEV-SNP report, validate and print it:

sudo ./snp-vtpm -p

Example Project

There is a project in the ./example folder depicting how the crate can be leveraged in a Remote Attestation flow. Note: the code is merely illustrative and doesn't feature exhaustive validation, which would be required in a production scenario.

cargo b -p snp-example

SEV-SNP Report & vTPM

The vTPM is linked to the SEV-SNP report via the vTPM Attestation Key (AK). The public AK is part of a Runtime Data struct, which is hashed and submitted as Report Data when generating the SNP report. To provide freshness guarantees in an attestation exchange we can request a vTPM quote with a nonce. The resulting message is signed by the AK.

                              ┌────────────────────────┐
                              │ HCL Data               │
                              │                        │
                              │ ┌──────────────────────┴─┐  ─┐
                              │ │ Runtime Data           │   │
                              │ │                        │   │
    ┌──────────────────────┐  │ │ ┌────────────────────┐ │   ├─┐
  ┌─┤ vTPM AK              ├──┼─┼─┤ vTPM Public AK     │ │   │ │
  │ └──────────────────────┘  │ │ └────────────────────┘ │   │ │
  │         ┌──────────────┐  │ └──────────────────────┬─┘  ─┘ │
  │         │ vTPM Quote   │  │ ┌────────────────────┐ │       │
  │         │              │  │ │ HCL Report         │ │       │
signs ┌─  ┌─┴────────────┐ │  │ │                    │ │     sha256
  │   │   │ Message      │ │  │ │ ┌────────────────┐ │ │       │
  │   │   │              │ │  │ │ │ SEV-SNP Report │ │ │       │
  │   │   │ ┌──────────┐ │ │  │ │ │                │ │ │       │
  │   │   │ │ PCR0     │ │ │  │ │ │ ┌──────────────┴─┴─┴─┐     │
  │   │   │ └──────────┘ │ │  │ │ │ │ Report Data        │ ◄───┘
  │   │   │   ...        │ │  │ │ │ └──────────────┬─┬─┬─┘
  │   │   │ ┌──────────┐ │ │  │ │ └────────────────┘ │ │
  └─► │   │ │ PCRn     │ │ │  │ └────────────────────┘ │
      │   │ └──────────┘ │ │  └────────────────────────┘
      │   │ ┌──────────┐ │ │ 
      │   │ │ Nonce    │ │ │
      │   │ └──────────┘ │ │
      └─  └─┬────────────┘ │
            └──────────────┘

Integration Tests

The integration test suite can run on an SNP CVM. It needs to be executed as root and the tests have to run sequentially.

sudo -E env "PATH=$PATH" cargo t --features integration_test -- --test-threads 1
Commit count: 61

cargo fmt