Raw Attestation with paravirtualized TPM
General
Microsoft has developed for their Azure Cloud platform a paravirtualizer for the Guest OS. This allows together with Virtualization Based Security to create a secure platform where mostly unmodified Operating Systems can be executed. As the paravirtualizer is hosted within the Gues VM which also contains the Guest OS the same security guarantees from the hardware apply. Together with the VBS this allows for the secure emulation of devices and other services as the OS and the paravirtualizer run at different privilege levels dude to the VBS. The whole concept is similar to nested virtualization/hypervisor.
AMD-SEV-SNP
Intel TDX
Last updated
Was this helpful?