Skip to content

Commit 8030681

Browse files
inward-eyeinward-eye
committed
2 parents e14fd06 + 7d636ae commit 8030681

File tree

2 files changed

+6
-2
lines changed

2 files changed

+6
-2
lines changed

articles/attestation/overview.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,10 @@ OE standardizes specific requirements for verification of an enclave evidence. T
4646

4747
Client applications can be designed to take advantage of TPM attestation by delegating security-sensitive tasks to only take place after a platform has been validated to be secure. Such applications can then make use of Azure Attestation to routinely establish trust in the platform and its ability to access sensitive data.
4848

49+
### Azure Confidential VM attestation
50+
51+
Azure [Confidential VM](/azure/confidential-computing/confidential-vm-overview) (CVM) is based on [AMD processors with SEV-SNP technology](/azure/confidential-computing/virtual-machine-solutions-amd) and aims to improve VM security posture by removing trust in host, hypervisor and Cloud Service Provider (CSP). To achieve this, CVM offers VM OS disk encryption option with platform-managed keys and binds the disk encryption keys to the virtual machine's TPM. When a CVM boots up, SNP report containing the guest VM firmware measurements will be sent to Azure Attestation. The service validates the measurements and issues an attestation token that is used to release keys from [Managed-HSM](/azure/key-vault/managed-hsm/overview) or [Azure Key Vault](/azure/key-vault/general/basic-concepts). These keys are used to decrypt the vTPM state of the guest VM, unlock the OS disk and start the CVM. The attestation and key release process is performed automatically on each CVM boot, and the process ensures the CVM boots up only upon successful attestation of the hardware.
52+
4953
## Azure Attestation can run in a TEE
5054

5155
Azure Attestation is critical to Confidential Computing scenarios, as it performs the following actions:

articles/cosmos-db/sql/migrate-dotnet-v3.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ ms.author: esarroyo
66
ms.service: cosmos-db
77
ms.subservice: cosmosdb-sql
88
ms.topic: how-to
9-
ms.date: 02/23/2022
9+
ms.date: 03/07/2022
1010
ms.devlang: csharp
1111
---
1212

@@ -113,7 +113,7 @@ The `FeedOptions` class in SDK v2 has now been renamed to `QueryRequestOptions`
113113

114114
`FeedOptions.EnableCrossPartitionQuery` has been removed and the default behavior in SDK 3.0 is that cross-partition queries will be executed without the need to enable the property specifically.
115115

116-
`FeedOptions.PopulateQueryMetrics` is enabled by default with the results being present in the diagnostics property of the response.
116+
`FeedOptions.PopulateQueryMetrics` is enabled by default with the results being present in the `FeedResponse.Diagnostics` property of the response.
117117

118118
`FeedOptions.RequestContinuation` has now been promoted to the query methods themselves.
119119

0 commit comments

Comments
 (0)