TrustMee: Self-Verifying Remote Attestation Evidence

TL;DR

TrustMee introduces self-verifying remote attestation evidence using WebAssembly, enabling platform-agnostic verification of confidential virtual machine attestations, reducing complexity and maintenance.

Contribution

It presents a novel approach where verification logic is downloaded and executed as WebAssembly, making attestation verification platform-agnostic and simpler to maintain.

Findings

Implemented TrustMee for AMD SEV-SNP, Intel TDX, and Intel SGX.

Enables platform-independent verification of attestation evidence.

Produces attestation claims in standard EAT format.

Abstract

Hardware-secured remote attestation is essential to establishing trust in the integrity of confidential virtual machines (cVMs), but is difficult to use in practice because verifying attestation evidence requires the use of hardware-specific cryptographic logic. This increases both maintenance costs and the verifiers' trusted computing base. We introduce the concept of self-verifying remote attestation evidence. Each attestation bundle identifies its verification logic in the form of a WebAssembly component that is downloaded by the verifier and executed. This approach transforms evidence verification into a platform-agnostic functionality that is implemented once for all platforms: the verifier measures the verification logic and then executes it to validate the evidence. As a result, verifiers can validate attestation evidence without any platform-specific code; the verification logic is just another measurement whose reference value can be checked with existing mechanisms. We implement this concept as TrustMee, a platform-agnostic verification driver for the Trustee framework. We demonstrate its functionality with self-verifying evidence for AMD SEV-SNP, Intel TDX, and Intel SGX attestations, producing attestation claims in the standard Entity Attestation Token (EAT) format.