Skip to content

CvmAttestation: changing to use new cvm library for cvm attestation#4289

Open
yangjie-msft wants to merge 2 commits intomicrosoft:mainfrom
yangjie-msft:main
Open

CvmAttestation: changing to use new cvm library for cvm attestation#4289
yangjie-msft wants to merge 2 commits intomicrosoft:mainfrom
yangjie-msft:main

Conversation

@yangjie-msft
Copy link
Collaborator

@yangjie-msft yangjie-msft commented Feb 19, 2026

using https://github.com/[Azure/cvm-attestation-tools](https://github.com/Azure/cvm-attestation-tools) for cvm attestation tests and adding support for tdx cvm attestation tests.

@LiliDeng LiliDeng requested a review from Copilot February 23, 2026 11:43
Copilot AI reviewed Feb 23, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR migrates CVM (Confidential VM) attestation tests to use a new library from Azure/cvm-attestation-tools, replacing the previous Azure/confidential-computing-cvm-guest-attestation library. The update adds support for Intel TDX CVM attestation alongside the existing AMD SEV-SNP support.

Changes:

  • Replaces the old attestation library with cvm-attestation-tools from GitHub
  • Adds Intel TDX CPU support in addition to AMD SEV-SNP for CVM attestation
  • Simplifies installation by using install.sh script instead of manual cmake/make build process
  • Updates attestation validation to use string-based output checking instead of JWT decoding

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 6 comments.

File Description
lisa/microsoft/testsuites/cvm/cvm_attestation_tool.py Refactored AzureCVMAttestationTests to use new cvm-attestation-tools library, updated repository URL, simplified installation process, changed attestation validation from JWT to string matching, and updated file output handling
lisa/microsoft/testsuites/cvm/cvm_attestation.py Extended CPU type check to support Intel TDX in addition to AMD SEV-SNP, added config file selection logic based on CPU type

kamalca
kamalca reviewed Feb 23, 2026
View reviewed changes
kamalca
kamalca reviewed Feb 23, 2026
View reviewed changes
kamalca
kamalca reviewed Feb 23, 2026
View reviewed changes
@kamalca
Copy link
Collaborator

kamalca commented Feb 24, 2026
edited
Loading

@yangjie-msft Do we expect guest attestation to fail when the VM is deployed with encryption type NonPersistedTPM? Can you consider this scenario and how you would like to handle it in your test case logic?

I think ideally we would still test platform attestation for NonPersistedTPM but skip guest attestation if it is not possible.

In LISA, the NonPersistedTPM encryption type is SecurityProfileType.Stateless

kamalca
kamalca reviewed Feb 24, 2026
View reviewed changes
@yangjie-msft
Copy link
Collaborator Author

yangjie-msft commented Feb 24, 2026
edited
Loading

Member

@yangjie-msft Do we expect guest attestation to fail when the VM is deployed with encryption type NonPersistedTPM? Can you consider this scenario and how you would like to handle it in your test case logic?

I think ideally we would still test platform attestation for NonPersistedTPM but skip guest attestation if it is not possible.

In LISA, the NonPersistedTPM encryption type is SecurityProfileType.Stateless

For stateless CVM both guest and platform attestation will need to be run, so both tests should pass.

@kamalca
Copy link
Collaborator

kamalca commented Feb 26, 2026
edited
Loading

For stateless CVM both guest and platform attestation will need to be run, so both tests should pass.

@yangjie-msft I am seeing failures on Standard_DCes_v6 when deployed with Stateless. Can you please test this scenario and see what is failing.

Figure out it was related to SB setting. Now just waiting for final changes and meaningful commit messages.

@yangjie-msft yangjie-msft changed the title using new cvm library for cvm attestation CvmAttestation: changing to use new cvm library for cvm attestation Feb 27, 2026
@kamalca
Copy link
Collaborator

kamalca commented Feb 27, 2026

@LiliDeng LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@kamalca kamalca kamalca approved these changes

@LiliDeng LiliDeng Awaiting requested review from LiliDeng LiliDeng is a code owner

@johnsongeorge-w johnsongeorge-w Awaiting requested review from johnsongeorge-w johnsongeorge-w is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

😃 Ready-For-Review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@yangjie-msft @kamalca