Raw Attestation
Raw is the basic form of remote attestation, protecting the integrity of the platform and virtualized (UEFI).
Last updated
Was this helpful?
Raw is the basic form of remote attestation, protecting the integrity of the platform and virtualized (UEFI).
Last updated
Was this helpful?
The basic (remote)-attestation that is supported by the Trusted Execution Environment (TEE) is called Raw Attestation to make clear that this is the baseline of attestation that is supported. For this method the platform security processor takes measurements of the platform configuration and the initial configuration of the VM which includes the virtual firmware and the state of the vCPUs.
In AMD-SEV-SNP the Raw Attestation process is one single step. In this single step the CPU takes the measurements of the firmware and the vCPUs and creates the attestation report. The report is signed through a private key that belongs to the CPU which has been certified through the AMD CA. A user can check the signature of the attestation report with the included public key and can contact the AMD CA with the public key and the certificate to validate that the platform is genuine.
The Raw Attestation process in Intel TDX is composed of two different steps. In a first step the CPU generates a structure that is called the TDREPORT. This report can only be verified on the the same platform and is therefore only used if VMs on the same CPU need to attest each other. For the remote verification this report is transformed into a TDQUOTE which is signed through the CPU with a key that can be checked through an Intel Service for its genuinity.
