Raw Attestation with paravirtualized TPM

General

Microsoft has developed for their Azure Cloud platform a paravirtualizer for the Guest OS. This allows together with Virtualization Based Security to create a secure platform where mostly unmodified Operating Systems can be executed. As the paravirtualizer is hosted within the Gues VM which also contains the Guest OS the same security guarantees from the hardware apply. Together with the VBS this allows for the secure emulation of devices and other services as the OS and the paravirtualizer run at different privilege levels dude to the VBS. The whole concept is similar to nested virtualization/hypervisor.

AMD-SEV-SNP

• Supported

Intel TDX

• Supported