You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/attestation/azure-TPM-VBS-attestation-usage.md
+6-4Lines changed: 6 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,14 +22,14 @@ Attestation Setup has two setups. One pertaining to the service setup and one pe
22
22
23
23
:::image type="content" source="./media/tpm_attestation_setup.png" alt-text="A diagram that shows the different interactions for attestation." lightbox="./media/tpm_attestation_setup.png":::
24
24
25
-
Detailed information about the workflow is described in [Azure attestation workflow](workflow.md)
25
+
Detailed information about the workflow is described in [Azure attestation workflow](workflow.md).
26
26
27
27
### Service endpoint setup:
28
28
This is the first step for any attestation to be performed. Setting up an endpoint, this can be performed either via code or using the Azure portal.
29
29
30
30
Here's how you can set up an attestation endpoint using Portal
31
31
<ul>
32
-
<li> Prerequisite: Access to the Microsoft Azure Active Directory(Azure AD) tenant and subscription under which you want to create the attestation endpoint.</li>
32
+
<li> Prerequisite: Access to the Microsoft Azure Active Directory(Azure AD) tenant and subscription under which you want to create the attestation endpoint.</li>
33
33
<li> Create an endpoint under the desired resource group, with the desired name.
Sample policies can be found in the [Policy Samples](tpm-attestation-sample-policies.md) Section.</br>
48
+
49
+
Sample policies can be found in the [policy section](tpm-attestation-sample-policies.md) .</br>
49
50
50
51
> [!NOTE]
51
52
> Note: TPM endpoints are designed to be provisioned without a default attestation policy.
@@ -56,7 +57,7 @@ Sample policies can be found in the [Policy Samples](tpm-attestation-sample-poli
56
57
A client to communicate with the attestation service endpoint needs to ensure it's following the protocol as described in the [protocol documentation](virtualization-based-security-protocol.md). Use the [Attestation Client NuGet](https://www.nuget.org/packages/Microsoft.Attestation.Client) to ease the integration.
57
58
58
59
<ul>
59
-
<li> Add Attestation Reader Role to the identity that will be used for authentication against the endpoint.
60
+
<li> Add Attestation Reader Role to the identity that will be need for authentication against the endpoint. Azure i
@@ -71,6 +72,7 @@ Using the [Client](https://github.com/microsoft/Attestation-Client-Samples) to t
71
72
72
73
</br>
73
74
Here's a sample of the contents of the attestation report.
75
+
74
76
:::image type="content" source="./media/sampledecodedtoken.jpg" alt-text="Sample decoded token for tpm attestation" lightbox="./media/sampledecodedtoken.jpg":::
75
77
76
78
Using the Open ID [metadata endpoint](https://learn.microsoft.com/rest/api/attestation/metadata-configuration/get?tabs=HTTP) contains properties, which describe the attestation service.The signing keys describe the keys, which will be used to sign tokens generated by the attestation service. All tokens emitted by the attestation service will be signed by one of the certificates listed in the attestation signing keys.
0 commit comments