Attestation configuration

When an Anjuna Confidential Container based on AMD’s SEV-SNP technology is launched on Azure, the Hypervisor leverages the SEV-SNP Platform Security Processor (PSP) firmware to securely configure and launch a Confidential VM.

As part of the launch process, a unique and signed ID block is assigned to the VM by the Hypervisor. The private key used to sign this ID block is private to Azure. The ID_KEY_DIGEST is a SHA-384 hash of the corresponding public key and is advertised by the Attestation Report to help with downstream verification of the VM’s integrity. The PSP firmware validates this ID block signature to finalize the VM launch.

The Anjuna Policy Manager (APM) uses this ID_KEY_DIGEST data to verify whether an Attestation Report was created by a trusted Confidential VM in Azure. The APM internal configuration maintains a list of ID_KEY_DIGEST values that are known at the time of the release of a specific version of the APM. When a new ID_KEY_DIGEST value is shared by Azure, Anjuna will include it in the next release of the APM.

The list of ID Key Digests trusted by the APM can be extended without the need to upgrade the APM to a newer version. This will account for future key rotations from Azure and ensure 24/7 operations for Anjuna Confidential Containers.

The Anjuna Support team will preemptively notify customers about upcoming Azure ID Key rotations and any new ID_KEY_DIGEST values.

The following command can be used to update the existing APM with the new ID_KEY_DIGEST value:

Where <value> can be replaced with the SHA-384 digest of a new public key, e.g.:

The command also accepts a list of values with the following format: