DocumentationTutorials

Setup

Learn how to do a remote attestation using vHSM nitride. You need to create an attestation policy on the verifier.

Note: If you started Nitride by using the vhsm nitride init command then, it performs a series of operations to configure and secure your environment:

  1. Creates essential Nitride identities, including: platform, firmware, and workload

  2. Creates and attaches a Nitride policy from an embedded policy configuration.

  3. Generates attestation objects based on your setup.

  4. Bootstraps the environment to allow secure workload attestation and the issuance of access tokens with the appropriate permissions.

Create an Attestation Policy

  1. Define the policy and metadata for the attestation session in a JSON file.

Example: Create attestation.json file using an editor of your choice. 

{
  "name": "Azure MariaDB",
  "description": "A small Azure VM running MariaDB",
  "namespace": test
  "events": "https://vhsm.enclaive.cloud:8000",
  "policy": "azure-dc2asv5-raw"
}

Explanations:

  • "name": A string uniquely identifying the workload attestation.

  • "description": A human-readable description of the workload.

  • "namespace": The namespace where the attestation will be created.

  • "events": URL endpoint for attestation events (e.g., https://vhsm.enclaive.cloud:8000).

  • "policy": The name of the policy to use for this attestation.

  1. Create an attestation

Example: vhsm nitride attestation create @attestation.json

Output:

In this output, the UUID f43042c2-3ac6-43fd-be0a-efbfd2c5b419 uniquely identifies the attestation session and it is attached to the policy azure-dc2asv5-raw .

Make a note of this UUID

Last updated

Was this helpful?