Create a buckypaper VM template for Azure, AWS, GCP

In this tutorial, we will focus on creating a template for Azure virtual machines from the DC2as_v5 family.

Create a measurement

The measurement is the hash of the OVMF/UEFI firmware that was used to boot the confidential VM. You need to measure this value based on the binary.

POST http://localhost:8200/v1/auth/ratls/reference/measurement

Create a measurement - Nitride Documentation

Headers

Name

Value

X-Vault-Token

<token>

Body

Name

Type

Example

provider

string

azure

measurement

string

SHA-384

Response

{
    "request_id": "24fbc339-8201-79eb-fc0a-6192f2692b7d",
    "lease_id": "",
    "renewable": false,
    "lease_duration": 0,
    "data": {},
    "wrap_info": null,
    "warnings": null,
    "auth": null
}

{
  "error": "Invalid request"
}

Create an image

The next step is to create an image that will be used in the template creation process.

POST http://localhost:8200/v1/auth/ratls/reference/image

Create an image - Nitride Documentation

Headers

Name

Value

X-Vault-Token

<token>

Body

Name

Type

Example

name

string

DC2as_v5

Response

{
    "request_id": "d9ed2ff0-d3e6-86e1-a956-4db2ad2f05e8",
    "lease_id": "",
    "renewable": false,
    "lease_duration": 0,
    "data": {
        "image": "4695e388-32d6-4726-a6d3-97f753c0fc94"
    },
    "wrap_info": null,
    "warnings": null,
    "auth": null
}

{
  "error": "Invalid request"
}

Create a template

In the final stage, we will create a template that will be used to create the attestation.

POST http://localhost:8200/v1/auth/ratls/reference/template

Create a template - Nitride Documentation

Headers

Name

Value

X-Vault-Token

<token>

Body

Name

Type

Example

images

array of string

[ "4695e388-32d6-4726-a6d3-97f753c0fc94" ]

Response

{
    "request_id": "dbf151ca-8459-182d-c5a4-bf484639a249",
    "lease_id": "",
    "renewable": false,
    "lease_duration": 0,
    "data": {
        "template": "da100ec6-c0ff-405a-99a3-36b611d2e9bd"
    },
    "wrap_info": null,
    "warnings": null,
    "auth": null
}

In this tutorial, we will focus on creating a template for AWS EC2 from the M6a family.

Create a measurement

The measurement refers to the cryptographic hash of the OVMF/UEFI firmware used to boot the confidential VM.

POST http://localhost:8200/v1/auth/ratls/reference/measurement

Create a measurement - Nitride Documentation

Headers

Name

Value

X-Vault-Token

<token>

Body

Name

Type

Example

provider

string

aws

measurement

string

SHA-384

Response

{
    "request_id": "24fbc339-8201-79eb-fc0a-6192f2692b7d",
    "lease_id": "",
    "renewable": false,
    "lease_duration": 0,
    "data": {},
    "wrap_info": null,
    "warnings": null,
    "auth": null
}

{
  "error": "Invalid request"
}

Create an image

The next step is to create an image that will be used in the template creation process.

POST http://localhost:8200/v1/auth/ratls/reference/image

Create an image - Nitride Documentation

Headers

Name

Value

X-Vault-Token

<token>

Body

Name

Type

Example

name

string

M6a

Response

{
    "request_id": "d9ed2ff0-d3e6-86e1-a956-4db2ad2f05e8",
    "lease_id": "",
    "renewable": false,
    "lease_duration": 0,
    "data": {
        "image": "4695e388-32d6-4726-a6d3-97f753c0fc94"
    },
    "wrap_info": null,
    "warnings": null,
    "auth": null
}

{
  "error": "Invalid request"
}

Create a template

In the final stage, we will create a template that will be used to create the attestation.

POST http://localhost:8200/v1/auth/ratls/reference/template

Create a template - Nitride Documentation

Headers

Name

Value

X-Vault-Token

<token>

Body

Name

Type

Example

images

array of string

[ "4695e388-32d6-4726-a6d3-97f753c0fc94" ]

Response

{
    "request_id": "dbf151ca-8459-182d-c5a4-bf484639a249",
    "lease_id": "",
    "renewable": false,
    "lease_duration": 0,
    "data": {
        "template": "da100ec6-c0ff-405a-99a3-36b611d2e9bd"
    },
    "wrap_info": null,
    "warnings": null,
    "auth": null
}

In this tutorial, we will focus on creating a template for GCP virtual machines from the N2D family.

Create a measurement

The measurement refers to the cryptographic hash of the OVMF/UEFI firmware used to boot the confidential VM.

POST http://localhost:8200/v1/auth/ratls/reference/measurement

Create a measurement - Nitride Documentation

Headers

Name

Value

X-Vault-Token

<token>

Body

Name

Type

Example

provider

string

gcp

measurement

string

SHA-384

Response

{
    "request_id": "24fbc339-8201-79eb-fc0a-6192f2692b7d",
    "lease_id": "",
    "renewable": false,
    "lease_duration": 0,
    "data": {},
    "wrap_info": null,
    "warnings": null,
    "auth": null
}

{
  "error": "Invalid request"
}

Create an image

The next step is to create an image that will be used in the template creation process.

POST http://localhost:8200/v1/auth/ratls/reference/image

Create an image - Nitride Documentation

Headers

Name

Value

X-Vault-Token

<token>

Body

Name

Type

Example

name

string

N2D

Response

{
    "request_id": "d9ed2ff0-d3e6-86e1-a956-4db2ad2f05e8",
    "lease_id": "",
    "renewable": false,
    "lease_duration": 0,
    "data": {
        "image": "4695e388-32d6-4726-a6d3-97f753c0fc94"
    },
    "wrap_info": null,
    "warnings": null,
    "auth": null
}

{
  "error": "Invalid request"
}

Create a template

In the final stage, we will create a template that will be used to create the attestation.

POST http://localhost:8200/v1/auth/ratls/reference/template

Create a template - Nitride Documentation

Headers

Name

Value

X-Vault-Token

<token>

Body

Name

Type

Example

images

array of string

[ "4695e388-32d6-4726-a6d3-97f753c0fc94" ]

Response

{
    "request_id": "dbf151ca-8459-182d-c5a4-bf484639a249",
    "lease_id": "",
    "renewable": false,
    "lease_duration": 0,
    "data": {
        "template": "da100ec6-c0ff-405a-99a3-36b611d2e9bd"
    },
    "wrap_info": null,
    "warnings": null,
    "auth": null
}

Last updated 7 months ago