General availability: AMD confidential VM guest attestation
Data opublikowania: 12 października, 2022
Today we are announcing the general availability of the guest attestation feature for AMD SEV-SNP based confidential VMs. Guest attestation enables verifying the trustworthiness (good state) of the trusted execution environment on which the guest VM is executing. It lets you do the following:
- Use the guest attestation feature to verify that a confidential VM is running on a hardware-based trusted execution environment (TEE) with security features (isolation, integrity, secure boot) enabled.
- Allow application deployment decisions (whether to launch a sensitive workload) based on the hardware state returned by the library call.
- Use remote attestation artifacts (token and claims) received from another system (on a confidential VM) to enable relying parties to gain trust to make transactions with the other system.
- Receive recommendations and alerts of unhealthy confidential VMs in Microsoft Defender for Cloud.
To learn more about guest attestation see the documentation and the blog post.