Skip to content

Add reference values for SEV-SNP hardware on Azure #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
iroykaufman wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Add reference values for SEV-SNP hardware on Azure #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0133824
Add reference values for SEV-SNP hardware on Azure
iroykaufman Dec 4, 2025
28aad12
Add intel tdx measurement
iroykaufman Dec 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 44 additions & 0 deletions azure-hardware/AMD-SEV-SNP-v5.hq
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
AzSnpVtpm:
{
"init_data": "0000000000000000000000000000000000000000000000000000000000000000",
"measurement": "DjsB8vCKPkzq09B10OLaMneKGLYSkZtBCNggH9m6gR/xUa+QYVOD+0qPqaRkt5YA",
"platform_smt_enabled": "1",
"platform_tsme_enabled": "0",
"policy_abi_major": "0",
"policy_abi_minor": "31",
"policy_debug_allowed": "0",
"policy_migrate_ma": "0",
"policy_single_socket": "0",
"policy_smt_allowed": "1",
"report_data": "0000000000000000000000000000000000000000000000000000000000000000",
"reported_tcb_bootloader": "4",
"reported_tcb_microcode": "219",
"reported_tcb_snp": "24",
"reported_tcb_tee": "0",
"tpm": {
"pcr00": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr01": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr02": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr03": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr04": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr05": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr06": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr07": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr08": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr09": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr10": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr11": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr12": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr13": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr14": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr15": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr16": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr17": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr18": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr19": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr20": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr21": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr22": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr23": "0000000000000000000000000000000000000000000000000000000000000000"
}
}
89 changes: 89 additions & 0 deletions azure-hardware/Intel-TDX.hq
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
AzTdxVtpm:
{
"advisory_ids": [
"INTEL-SA-01010",
"INTEL-SA-01036",
"INTEL-SA-01076",
"INTEL-SA-01079",
"INTEL-SA-01099",
"INTEL-SA-01103",
"INTEL-SA-01111"
],
"collateral_expiration_status": "0",
"earliest_expiration_date": "2026-01-10T09:46:16Z",
"earliest_issue_date": "2018-05-21T10:45:10Z",
"init_data": "cf0345c491e4954cd6e75322379f30f2a019b61657139c2222d8f1a5ea5c16f4",
"is_cached_keys": false,
"is_dynamic_platform": true,
"is_smt_enabled": true,
"latest_issue_date": "2025-12-11T10:03:56Z",
"pck_crl_num": 1,
"platform_provider_id": "f3875a0a4527e134eb32362699800a5a",
"quote": {
"body": {
"mr_config_id": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"mr_owner": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"mr_owner_config": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"mr_seam": "9790d89a10210ec6968a773cee2ca05b5aa97309f36727a968527be4606fc19e6f73acce350946c9d46a9bf7a63f8430",
"mr_td": "fe27b2aa3a05ec56864c308aff03dd13c189a6112d21e417ec1afe626a8cb9d91482d1379ec02fe6308972950a930d0a",
"mrsigner_seam": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"report_data": "b124e47e844830cd04ce7eef5f3ce3fd4e7ddadc27d2962b8ad35c7add994af90000000000000000000000000000000000000000000000000000000000000000",
"rtmr_0": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"rtmr_1": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"rtmr_2": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"rtmr_3": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"seam_attributes": "0000000000000000",
"tcb_svn": "04010700000000000000000000000000",
"td_attributes": "0000000000000000",
"xfam": "e718060000000000"
},
"header": {
"att_key_type": "0200",
"reserved": "00000000",
"tee_type": "81000000",
"user_data": "160c61ba550c2dcb21f4bc3356bf561f00000000",
"vendor_id": "939a7233f79c4ca9940a0db3957f0607",
"version": "0400"
}
},
"report_data": "0000000000000000000000000000000000000000000000000000000000000000",
"root_ca_crl_num": 1,
"root_key_id": "46e403bd34f05a3f2817ab9badcaacc7ffc98e0f261008cd30dae936cace18d5dcf58eef31463613de1570d516200993",
"sgx_type": "Scalable",
"tcb_date": "2024-03-13T00:00:00Z",
"tcb_eval_num": 1,
"tcb_status": "OutOfDate",
"td_attributes": {
"debug": false,
"key_locker": false,
"perfmon": false,
"protection_keys": false,
"septve_disable": false
},
"tpm": {
"pcr00": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr01": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr02": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr03": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr04": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr05": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr06": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr07": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr08": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr09": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr10": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr11": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr12": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr13": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr14": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr15": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr16": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr17": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr18": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr19": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr20": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr21": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr22": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr23": "0000000000000000000000000000000000000000000000000000000000000000"
}
}
16 changes: 16 additions & 0 deletions azure-hardware/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
## Azure SEV-SNP hardware reference values
On Azure, the SEV-SNP hardware measurement is the launch measurement of the paravisor (openHCL).
The paravisor boots first; therefore, the launch measurement measures the paravisor and not the guest OS.
For more information about the paravisor, see [here](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172).


### Experiment: measuring the hardware quote
Three different images produced the same exact hardware quote except for PCRs and init_data (data provided by the hypervisor at launch). The images that were used are RHEL, Fedora, and FCOS.

### Conclusion
As long as the paravisor stays the same, the measurement will not change and the hardware quote will be valid.

#### Measurements:
`AMD-SEV-SNP-v5.hq` - The hardware quote for DCasv5 and DCadsv5-series CPU, which is the AMD EPYC (Milan) model.
`Intel-TDX.hq` - The hardware quote for DCesv6 and DCedsv5-series CPU, which is the Intel Xeon (Sapphire Rapids) model.

89 changes: 89 additions & 0 deletions azure-hardware/rhel.hq
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
AzTdxVtpm:
{
"advisory_ids": [
"INTEL-SA-01010",
"INTEL-SA-01036",
"INTEL-SA-01076",
"INTEL-SA-01079",
"INTEL-SA-01099",
"INTEL-SA-01103",
"INTEL-SA-01111"
],
"collateral_expiration_status": "0",
"earliest_expiration_date": "2026-01-10T08:31:26Z",
"earliest_issue_date": "2018-05-21T10:45:10Z",
"init_data": "0000000000000000000000000000000000000000000000000000000000000000",
"is_cached_keys": false,
"is_dynamic_platform": true,
"is_smt_enabled": true,
"latest_issue_date": "2025-12-11T09:03:53Z",
"pck_crl_num": 1,
"platform_provider_id": "aca98e3dbecce2809ba09fc4cd8fe3db",
"quote": {
"body": {
"mr_config_id": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"mr_owner": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"mr_owner_config": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"mr_seam": "9790d89a10210ec6968a773cee2ca05b5aa97309f36727a968527be4606fc19e6f73acce350946c9d46a9bf7a63f8430",
"mr_td": "fe27b2aa3a05ec56864c308aff03dd13c189a6112d21e417ec1afe626a8cb9d91482d1379ec02fe6308972950a930d0a",
"mrsigner_seam": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"report_data": "306c4b47875177366a9200fbd6d34d0095f31f36f1f5d74ef2d580b2760efa4a0000000000000000000000000000000000000000000000000000000000000000",
"rtmr_0": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"rtmr_1": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"rtmr_2": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"rtmr_3": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"seam_attributes": "0000000000000000",
"tcb_svn": "04010700000000000000000000000000",
"td_attributes": "0000000000000000",
"xfam": "e718060000000000"
},
"header": {
"att_key_type": "0200",
"reserved": "00000000",
"tee_type": "81000000",
"user_data": "d57c41d9c0666f5826926923fca26db300000000",
"vendor_id": "939a7233f79c4ca9940a0db3957f0607",
"version": "0400"
}
},
"report_data": "0000000000000000000000000000000000000000000000000000000000000000",
"root_ca_crl_num": 1,
"root_key_id": "46e403bd34f05a3f2817ab9badcaacc7ffc98e0f261008cd30dae936cace18d5dcf58eef31463613de1570d516200993",
"sgx_type": "Scalable",
"tcb_date": "2024-03-13T00:00:00Z",
"tcb_eval_num": 1,
"tcb_status": "OutOfDate",
"td_attributes": {
"debug": false,
"key_locker": false,
"perfmon": false,
"protection_keys": false,
"septve_disable": false
},
"tpm": {
"pcr00": "2ade8023eeec241d83eff996830fd33b6b26811a79e8e809def01296337abced",
"pcr01": "796d2471b5dfb2393058e0f3a018f9c074b5233367198f4dd129fcfcd03abefb",
"pcr02": "3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969",
"pcr03": "3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969",
"pcr04": "0c28819c423d9303fa769eaf8e553324f655ee95a7e597697c74044028381c3a",
"pcr05": "ee486e4812bef822df656aaf718f7d906e27c91d96e0e72ed542de238b039dab",
"pcr06": "158c6bccfa58945fc0df6c46f4a7fdb48a079c59dbd5ddc894117b8a0e9c11dd",
"pcr07": "783e11154f39cabdefa36a40ff1b03a91950a41abe1e39646a85684348437759",
"pcr08": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr09": "465524d8de9fbefb05282d4e8745ad00636563a8705e05d8625bc77b4ee06326",
"pcr10": "f4aaaa6db09b1a4c19286340fb41da0a1494e0689e5fd97ff532053bc8548937",
"pcr11": "e5d1f0455d7232251260c422ab96ac3f17e0a4606f7213e4952d509982aa971c",
"pcr12": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr13": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr14": "66c465262f16d108fd77f2f94c4ae0040f81b3168242a827fcf5efcd812de053",
"pcr15": "fccab02fffe690e6c2e357be33f37c712f03f1545caea43de56bfc6cea5825f0",
"pcr16": "0000000000000000000000000000000000000000000000000000000000000000",
"pcr17": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
"pcr18": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
"pcr19": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
"pcr20": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
"pcr21": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
"pcr22": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
"pcr23": "0000000000000000000000000000000000000000000000000000000000000000"
}
}