Remote Attestation Attack on AMD SEV-SNP CVM in Azure

Question

Following the 1st scenario ("request in separate workload") on this page (&nbsp;https://learn.microsoft.com/en-us/azure/confidential-computing/guest-attestation-confidential-vms ), after step 2, is it not possible for a malicious guest OS to replace a valid attestation report with another attestation report (from a SEV machine with a good OS) to mask its presence from a relying party? How is this mitigated?

kidd_ip · Answer

A malicious guest operating system cannot substitute or replay an attestation report within Azure SEV-SNP Confidential VMs. The attestation process is cryptographically anchored to AMD’s hardware root of trust and validated through the Microsoft Azure Attestation (MAA) service. Each report is hardware-signed and incorporates unique VM identifiers, freshness nonces, and ephemeral keys, ensuring authenticity, binding to the originating VM, and protection against replay or substitution attacks.
&nbsp;
https://learn.microsoft.com/en-us/azure/confidential-computing/guest-attestation-confidential-vms
&nbsp;

Forum Discussion

Remote Attestation Attack on AMD SEV-SNP CVM in Azure

1 Reply