Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question about User Data / user-claims in attestation #4

Open
daniel-weisse opened this issue Jan 23, 2024 · 0 comments
Open

Question about User Data / user-claims in attestation #4

daniel-weisse opened this issue Jan 23, 2024 · 0 comments

Comments

@daniel-weisse
Copy link

daniel-weisse commented Jan 23, 2024
edited
Loading

Tested the attestation tool on an Azure TDX CVM and had a question about the claims.user-claims field used in the config file, and the User Data field of the CVM Configuration output of the tool.

Regardless of what value I set in the config, User Data is always 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.

However, looking at the sample output in the Readme, there is some value other than 0 present.

Is there something I'm missing, or is the user-claims value not used as report data in the TDX quote?
If so, for what is it used, and how does it factor into the final quote?

For reference, the full output when running the tool is the following:

$ sudo attest --c config_tdx.json 
TSS.Py::__INIT__.PY invoked
Attestation client started...
config_tdx.json

Getting hcl report from vTPM...
Wrote data successfully
Got HCL Report from vTPM!
Starting td quote request
Received td quote successfully
Sending request to Attestation Provider
Got response from Attestation Provider

TOKEN: 

eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOi8vc2hhcmVkd2V1LndldS5hdHRlc3QuYXp1cmUubmV0L2NlcnRzIiwia2lkIjoiZFJLaCtoQmNXVWZRaW1TbDNJdjZaaFN0VzNUU090MFRod2lUZ1VVcVpBbz0iLCJ0eXAiOiJKV1QifQ.eyJhdHRlc3Rlcl90Y2Jfc3RhdHVzIjoiVXBUb0RhdGUiLCJkYmdzdGF0IjoiZGlzYWJsZWQiLCJlYXRfcHJvZmlsZSI6Imh0dHBzOi8vYWthLm1zL21hYS1lYXQtcHJvZmlsZS10ZHh2bSIsImV4cCI6MTcwNjA1MzI4NCwiaWF0IjoxNzA2MDI0NDg0LCJpbnR1c2UiOiJnZW5lcmljIiwiaXNzIjoiaHR0cHM6Ly9zaGFyZWR3ZXUud2V1LmF0dGVzdC5henVyZS5uZXQiLCJqdGkiOiIwMmQ1M2M0MDExN2MzMzBkMWRmYzY5MjUwYzA5YzgxOWFjMzM3ODc4MDM1MTlhZjk3ZGUxNWU3MTY2Mjg0ODQyIiwibmJmIjoxNzA2MDI0NDg0LCJ0ZHhfbXJjb25maWdpZCI6IjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCIsInRkeF9tcm93bmVyIjoiMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIiwidGR4X21yb3duZXJjb25maWciOiIwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLCJ0ZHhfbXJzZWFtIjoiMzYwMzA0ZDM0YTE2YWFjZTBhMThlMDlhZDJkMDdkMmI5ZmQzYzE3NDM3OGU1YmYxMDgzODgwNzk4MjdmODlmZjYyYWNjNWY4YzQ3M2RkNDA3MDYzMjQ4MzRlMjAyOTQ2IiwidGR4X21yc2lnbmVyc2VhbSI6IjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCIsInRkeF9tcnRkIjoiMDI0YTMyYjA3MDM4MzMzMTE4MTYxOWZhMzg3Y2I0ZDU1ZDFlMzg4NzlmOTg5OTMzMDU1Y2NhZDViYzJkYjc5NWQxNzM3YjY2MjA1OTQ5ZDE1NDY5ZGM4YzFiYTdhYjdiIiwidGR4X3JlcG9ydF9kYXRhIjoiMWIyZDE0OGE2MGJhYTk3OTU5NjE1NTQ5ZTBlNjMyYTEwYzEyNGJjZWNlYzc0MDllNzMyODM4NjI5YjNmYmE4ZTAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLCJ0ZHhfcnRtcjAiOiIwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLCJ0ZHhfcnRtcjEiOiIwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLCJ0ZHhfcnRtcjIiOiIwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLCJ0ZHhfcnRtcjMiOiIwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLCJ0ZHhfc2VhbV9hdHRyaWJ1dGVzIjoiMDAwMDAwMDAwMDAwMDAwMCIsInRkeF9zZWFtc3ZuIjoyNTgsInRkeF90ZF9hdHRyaWJ1dGVzIjoiMDAwMDAwMDAwMDAwMDAwMCIsInRkeF90ZF9hdHRyaWJ1dGVzX2RlYnVnIjpmYWxzZSwidGR4X3RkX2F0dHJpYnV0ZXNfa2V5X2xvY2tlciI6ZmFsc2UsInRkeF90ZF9hdHRyaWJ1dGVzX3BlcmZtb24iOmZhbHNlLCJ0ZHhfdGRfYXR0cmlidXRlc19wcm90ZWN0aW9uX2tleXMiOmZhbHNlLCJ0ZHhfdGRfYXR0cmlidXRlc19zZXB0dmVfZGlzYWJsZSI6ZmFsc2UsInRkeF90ZWVfdGNiX3N2biI6IjAyMDEwNjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIiwidGR4X3hmYW0iOiJlNzE4MDYwMDAwMDAwMDAwIiwieC1tcy1hdHRlc3RhdGlvbi10eXBlIjoidGR4dm0iLCJ4LW1zLWNvbXBsaWFuY2Utc3RhdHVzIjoiYXp1cmUtY29tcGxpYW50LWN2bSIsIngtbXMtcG9saWN5LWhhc2giOiI5TlkwVm5UUS1JaUJyaUJwbFZVcEZiY3pjRGFFQlV3c2lGWUF6SHVfZ2NvIiwieC1tcy1ydW50aW1lIjp7ImtleXMiOlt7ImUiOiJBUUFCIiwia2V5X29wcyI6WyJzaWduIl0sImtpZCI6IkhDTEFrUHViIiwia3R5IjoiUlNBIiwibiI6InQ2OFp4QUFBZXFVanpDdmNmZ1pyQTFsMVZkVlg5QWdoSDUtUGwzRnJRWXR5UXpGMHh5NGJyYW1IMzJOaEJPYVM1X1lVNmxUN2RpNl9BSThNRWRVeVBXVVBKcmt5dnA1YnZ0amY5OG1Uc3VYeUdaa1VuQUJUQXoxUy1ZZ0NaNHlvSWp2RlpaS3RHakgwelNNUm5NR0R0VUw4eU5DZmFEYk1YZmhRN0dhME4zemtteWh1aG55VUItaTdYSGdVR21FcVJLYmMySHRQdl9OQ21TbVJxdWItbjNfbU9jOTRNMERGWllaVzQ2RDc0YXVWSG5acm91bUZfWnpPSTIxelFVWWlyTDh0SFhNN1BHbGlWc0t5MVFabjk5WTZkS215b1JwNkpqTU91anNsYjUyaG9jTTM5cDJMeWNLQzdsWU02WjFxVjlXTzk2Z25JaC15Tm84eF8tQTlKUSJ9LHsiZSI6IkFRQUIiLCJrZXlfb3BzIjpbImVuY3J5cHQiXSwia2lkIjoiSENMRWtQdWIiLCJrdHkiOiJSU0EiLCJuIjoibFBsMW9RQUF6Z3hTdFVYaGFWajZNZzdvREVpU3dvQTJKeWFvSWlVbWQySEZVUDl3Yjh0N0MyR3dQNHRPbGhVZ2FMWFBHR0VZSU9abWliQnlXbnBKLWtrbUZ0U2VEQ2cta0RvdkJiZzVicDl6YUxkVjJ0WGN2WVFYa05qVjFfdmFOVUxSazI3RUVBVmFmYmpSTjBwdzg4MVR6NzRHbm9OUkNxUzRUNTZLNGluOW5wbnAzSlF3YzdtTmNkdlZPSE4wVjVRcnFZeW1SZE9HTHdVWHhzbWFYTW9LTDU5N3FNMjM2WFRFaTlMc3AwSkZ6cVdzT05QVW43cW1rYUVCbWdxcW5iX3cycEVMQmxNaDhlODlwN3E0Ylk4WnI3ZERVRVJPSzdWaFlIVnliczJxdEU0dlN5bjFoN2twU1Y0VDk4UGU3RzIyQjNIUGxBQ0FqTkFsTVNVcXl3In1dLCJ1c2VyLWRhdGEiOiIwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCIsInZtLWNvbmZpZ3VyYXRpb24iOnsiY29uc29sZS1lbmFibGVkIjp0cnVlLCJyb290LWNlcnQtdGh1bWJwcmludCI6IjZuWlpuWWFKYzRLcVVaX3l2QS1tdWNGZFlOb3V2bFBuSVRuTk1Yc0hsLTAiLCJzZWN1cmUtYm9vdCI6dHJ1ZSwidHBtLWVuYWJsZWQiOnRydWUsInRwbS1wZXJzaXN0ZWQiOnRydWUsInZtVW5pcXVlSWQiOiI4Qzg1Q0UwMC1BMEVCLTQ5N0ItODdFRi1DQTk2MDlFNkM3NTcifX0sIngtbXMtdmVyIjoiMS4wIn0.OI9_DQM4dPJT7NdEDKfnyGn5H6A-as-Z9CwlA1O_Tu70GCenkHAxRH7vp-iYh6gdqR689qsZwGHLmwaZRHte3WlqK2JxeJBhi74sopyBtd7VKLUWF6r_lLSIzyfFq_qN437IzdTv0ovF0JtZu1Rl1r-rgBqJV5cl1NNsE-grVEGgCanKmQDsu88PyCfuQ7TNIJSdKG5xQNGggfrwVjrabkdCqrEgaPgl348O3LoQE2fEXqL4KSh3Zq2fMF6kb6rZpI-3OMsJvqcN1Rm7PWFqURMuwyEb-jxxnxgWobCKVyYFznzO55NRTCzm_Oy26lFW8pBWFJ_9UL1PMZNw1wlqag

Attested Platform Successfully!!

Claims:
        Attestation Type:  tdxvm
        Status:  azure-compliant-cvm
        TCB Status:  UpToDate
        TCB SVN:  02010600000000000000000000000000

CVM Configuration:
        Console Enabled:  True
        Secure Boot Enabled:  True
        TPM Enabled:  True
        User Data:  00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
        TPM Persisted:  True
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@daniel-weisse