Generate a Report

Learn to generate an attestation report for a workload on your VM

Create the report

Generate the report for the nonce of the workload.

Example

vhsm nitride attestation -provider=azure-sev-snp-vtpm generate E5a8XdpQhg7f9ET0VMXIJT6HftUrvMWCob2Ki4B5EyEKn_MrekFjYRO_NzKc_ppUcSIXGSptY0bVrrI1tAQt_g==

The example generates for an Azure cVM with AMD SEV-SNP and vTPM support and the nonce that you generated in the previous E5a8XdpQhg7f9... a remote attestation.

Output:

{
  "Version": 1,
  "Provider": "azure-sev-snp-vtpm",
  "Attestation": {
    "Version": 1,
    "Product": "Milan",
    "Report": "SENMQQEAAAArCQAAAgAAAAAAAAAA... (trimmed)",
    "Data": {
      "Value": "eyJOb25jZSI6IkU1YThYZHBRaGc3... (trimmed)",
      "Signature": "kPBnswf+ZLv407QBRxoPegFOeF4T... (trimmed)"
    },
    "Runtime": {
      "keys": [
        {
          "kid": "HCLAkPub",
          "key_ops": ["sign"],
          "kty": "RSA",
          "e": "AQAB",
          "n": "lT_uuAA... (trimmed)"
        },
        {
          "kid": "HCLEkPub",
          "key_ops": ["encrypt"],
          "kty": "RSA",
          "e": "AQAB",
          "n": "2MEUwAA... (trimmed)"
        }
      ],
      "vm-configuration": {
        "console-enabled": true,
        "secure-boot": false,
        "tpm-enabled": true,
        "vmUniqueId": "20B18860-699D-456B-9E59-E7F7E69A2CAA"
      },
      "user-data": "0000000000000000000000000000... (trimmed)"
    },
    "EventLog": "AAAAAAMAAAAAAAAAAAAAAAAAAAAA... (trimmed)",
    "Quote": {
      "quote": "/1RDR4AYACIAC5eEpZ0mR6zrYo6UB... (trimmed)",
      "raw_sig": "ABQACwEABaNegGLkc5GHZobvMEpn... (trimmed)",
      "pcrs": {
        "hash": 11,
        "pcrs": {
          "0": "4VxEeWvqv0arzsfFflkJQgQeR0l+... (trimmed)",
          "1": "PUWM/lXMA+ofRD8VYr7sjfUcdeFK... (trimmed)",
          "2": "...",
          "3": "...",
          "4": "...",
          "5": "...",
          "6": "...",
          "7": "...",
          "8": "...",
          "9": "...",
          "10": "...",
          "11": "...",
          "12": "...",
          "13": "...",
          "14": "...",
          "15": "...",
          "16": "...",
          "17": "...",
          "18": "...",
          "19": "...",
          "20": "...",
          "21": "...",
          "22": "...",
          "23": "..."
        }
      }
    }
  }
}

Convert the report

Note: When you generate an attestation report on the attester, you may need to transfer it to the verifier. Encoding it as base64 ensures the report is not altered during transfer and can be easily embedded in other data structures or sent over the network. The verifier can then decode and process the report reliably.

Copy the contents of the report and save it as verify.json in your local system. To convert a JSON file to a base64-encoded file, use the following command:

base64 -i verify.json -o verify.base64

-i verify.json specifies the input file.
-o verify.base64 specifies the output file.

Alternatively, you can use:

cat verify.json | base64 > verify.base64

Last updated 2 days ago

Was this helpful?