You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/attestation/azure-tpm-vbs-attestation-usage.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,11 +16,11 @@ Attestation can be integrated into various applications and services, catering t
16
16
17
17
Attesting a platform has its own challenges with its varied components of boot and setup, one needs to rely on a hardware root-of-trust anchor which can be used to verify the first steps of the boot and extend that trust upwards into every layer on your system. A hardware TPM provides such an anchor for a remote attestation solution. Azure Attestation provides a highly scalable measured boot and runtime integrity measurement attestation solution with a revocation framework to give you full control over platform attestation.
18
18
19
-
## Attestation Steps
19
+
## Attestation steps
20
20
21
21
Attestation Setup has two setups. One pertaining to the service setup and one pertaining to the client setup.
22
22
23
-
:::image type="content" source="./media/tpm_attestation_setup.png" alt-text="A diagram that shows the different interactions for attestation." lightbox="./media/tpm_attestation_setup.png":::
23
+
:::image type="content" source="./media/tpm-attestation-setup.png" alt-text="A diagram that shows the different interactions for attestation." lightbox="./media/tpm-attestation-setup.png":::
24
24
25
25
Detailed information about the workflow is described in [Azure attestation workflow](workflow.md).
26
26
@@ -47,7 +47,7 @@ Sample policies can be found in the [policy section](tpm-attestation-sample-poli
47
47
> TPM endpoints are designed to be provisioned without a default attestation policy.
48
48
49
49
50
-
### Client Setup:
50
+
### Client setup:
51
51
A client to communicate with the attestation service endpoint needs to ensure it's following the protocol as described in the [protocol documentation](virtualization-based-security-protocol.md). Use the [Attestation Client NuGet](https://www.nuget.org/packages/Microsoft.Attestation.Client) to ease the integration.
52
52
53
53
1 Prerequisite: An Azure AD identity is needed to access the TPM endpoint.
@@ -57,15 +57,15 @@ Learn more [Azure AD identity tokens](../active-directory/develop/v2-overview.md
Using the [Client](https://github.com/microsoft/Attestation-Client-Samples) to trigger an attestation flow. A successful attestation will result in an attestation report (encoded JWT token). Parsing the JWT token, the contents of the report can be easily validated against expected outcome.
Here's a sample of the contents of the attestation report.
67
67
git mv OLD-FILENAME NEW-FILENAME
68
-
:::image type="content" source="./media/sample-decoded-token.jpg" alt-text="Sample decoded token for tpm attestation." lightbox="./media/sample-decoded-token.jpg":::
68
+
:::image type="content" source="./media/sample-decoded-token.jpg" alt-text="Sample snapshot of a decoded token for tpm attestation." lightbox="./media/sample-decoded-token.jpg":::
69
69
70
70
Using the Open ID [metadata endpoint](/rest/api/attestation/metadata-configuration/get?tabs=HTTP) contains properties, which describe the attestation service.The signing keys describe the keys, which will be used to sign tokens generated by the attestation service. All tokens emitted by the attestation service will be signed by one of the certificates listed in the attestation signing keys.
Copy file name to clipboardExpand all lines: articles/attestation/tpm-attestation-concepts.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -245,7 +245,7 @@ issuancerules
245
245
246
246
## Next steps
247
247
248
-
-[Try out TPM attestation](azure-TPM-VBS-attestation-usage.md)
248
+
-[Try out TPM attestation](azure-tpm-vbs-attestation-usage.md)
249
249
-[Device Health Attestation on Windows and interacting with Azure Attestation](/windows/client-management/mdm/healthattestation-csp#windows-11-device-health-attestation)
250
250
-[Learn more about claim rule grammar](claim-rule-grammar.md)
0 commit comments