You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/confidential-computing/guest-attestation-confidential-vms-design.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,7 +16,7 @@ This document provides a detailed overview of the [Azure confidential VM Guest A
16
16
17
17
## vTPM-Based Design
18
18
19
-
Azure confidential VMs utilize a vTPM-based design for the guest attestation. The approach ensures a consistent interface across guest operating systems (Linux and Windows) and hardware platforms (AMD SEV-SNP and Intel TDX).
19
+
Azure confidential virtual machines (VMs) utilize a vTPM-based design for the guest attestation. The approach ensures a consistent interface across guest operating systems (Linux and Windows) and hardware platforms (AMD SEV-SNP and Intel TDX).
20
20
21
21
## Attestation Flow
22
22
@@ -31,7 +31,7 @@ A vTPM evidence consists of a TPM quote and endorsements used to verify the quot
31
31
- A standard TPM quote that is the output of `TPM2_Quote` command defined by TPM 2.0 specification.
32
32
- Includes a list of Platform Configuration Registers (PCRs) that captures the measurements of the guest OS (for example, boot process).
33
33
- The usage of PCRs conforms to Linux and Windows standards (each having its usage definition).
34
-
-The quote is signed by vTPM attestation private key (AK); that is, AK is specified as the signing key in the `TPM2_Quote` command.
34
+
-Signed by vTPM attestation private key (AK); that is, AK is specified as the signing key in the `TPM2_Quote` command.
35
35
36
36
- TPM Event Log
37
37
- An event log stored in the system that can be used to reproduce PCR values in the TPM quote.
@@ -43,12 +43,12 @@ A vTPM evidence consists of a TPM quote and endorsements used to verify the quot
43
43
44
44
- Hardware Report
45
45
- Generated and signed by the hardware.
46
-
-Capturing the following information
46
+
-Capture the following information
47
47
- AK public
48
48
- The measurement of Microsoft-built guest paravisor where the vTPM runs
49
49
- Learn more in [Confidential VMs on Azure](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/confidential-vms-on-azure/ba-p/3836282)).
50
50
- Hardware information
51
-
- Refer to AMD SEV-SNP and Intel TDX specifications for more detail.
51
+
- Refer to AMD SEV-SNP and Intel TDX specifications for more detail.
52
52
53
53
- Hardware Vendor Certificate Chain
54
54
- Issued by hardware vendor (AMD and Intel) to certify the signature of the hardware report.
0 commit comments