Internet DRAFT - draft-kdyxy-rats-tdx-eat-profile

draft-kdyxy-rats-tdx-eat-profile







Remote ATtestation ProcedureS                                  G. Kostal
Internet-Draft                                              S. Dittakavi
Intended status: Informational                                 Microsoft
Expires: 21 April 2024                                         R. Yeluri
                                                                  H. Xia
                                                                   J. Yu
                                                                   Intel
                                                         19 October 2023


EAT profile for Intel® Trust Domain Extensions (TDX) attestation result
                  draft-kdyxy-rats-tdx-eat-profile-00

Abstract

   Intel® Trust Domain Extensions (TDX) introduces architectural
   elements designed for the deployment of hardware-isolated virtual
   machines (VMs) known as trust domains (TDs).  TDX is designed to
   provide a secure and isolated environment for running sensitive
   workloads or applications.  This Entity Attestation Token (EAT)
   profile outlines claims for an Intel TDX attestation result which
   facilitate the establishment of trust between a relying party and the
   environment.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 21 April 2024.

Copyright Notice

   Copyright (c) 2023 IETF Trust and the persons identified as the
   document authors.  All rights reserved.






Kostal, et al.            Expires 21 April 2024                 [Page 1]

Internet-Draft               TDX EAT profile                October 2023


   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Requirements Language . . . . . . . . . . . . . . . . . . . .   3
   3.  TDX profile claims  . . . . . . . . . . . . . . . . . . . . .   3
     3.1.  JWT claims  . . . . . . . . . . . . . . . . . . . . . . .   3
     3.2.  EAT claims  . . . . . . . . . . . . . . . . . . . . . . .   3
     3.3.  TDX claims  . . . . . . . . . . . . . . . . . . . . . . .   4
     3.4.  Attester claims . . . . . . . . . . . . . . . . . . . . .   6
   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   6
     4.1.  JWT claims registered by this document  . . . . . . . . .   6
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .  11
   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  11
     6.1.  Normative References  . . . . . . . . . . . . . . . . . .  11
     6.2.  Informative References  . . . . . . . . . . . . . . . . .  12
   Appendix A.  Examples . . . . . . . . . . . . . . . . . . . . . .  12
     A.1.  TDX attestation token by Intel® Trust Authority . . . . .  13
     A.2.  TDX attestation token by Microsoft Azure Attestation  . .  15
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .  16
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  16

1.  Introduction

   This profile outlines claims for an Intel® Trust Domain Extensions
   [TDX] attestation result, generated as an Entity Attestation Token
   [EAT] in a signed JSON Web Token [JWT] format using JOSE header.  It
   doesn't contain nested tokens or a detached EAT bundle.  The profile
   allows signing of the JWT token using RSA cryptographic algorithm.
   To facilitate verification of the signed JWT tokens, the verifier can
   expose the trusted token signing certificates using an OpenID
   metadata endpoint.  In accordance with the standards outlined in the
   JSON Web Signature [JWS] specification, the receiver of the profile
   can use the certificate with key ID (kid) matching the kid parameter
   in the attestation token header for performing signature
   verification.










Kostal, et al.            Expires 21 April 2024                 [Page 2]

Internet-Draft               TDX EAT profile                October 2023


2.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

3.  TDX profile claims

   This profile encompasses claims from the IETF JWT specification, the
   EAT specification and Intel's TDX specification.

3.1.  JWT claims

   The complete definitions of the following claims are available in the
   [JWT] specification.

   iat
      The "iat" (issued at) claim identifies the time at which the JWT
      was issued.

   exp
      The "exp" (expiration time) claim identifies the expiration time
      on or after which the JWT MUST NOT be accepted for processing.

   iss
      The "iss" (issuer) claim identifies the principal that issued the
      JWT.

   jti
      The "jti" (JWT ID) claim provides a unique identifier for the JWT.

   nbf
      The "nbf" (not before) claim identifies the time before which the
      JWT MUST NOT be accepted for processing.

3.2.  EAT claims

   The complete definitions of the following claims are available in the
   [EAT] specification.

   eat_profile
      The "eat_profile" claim identifies an EAT profile by either a URL
      or an OID.






Kostal, et al.            Expires 21 April 2024                 [Page 3]

Internet-Draft               TDX EAT profile                October 2023


   dbgstat
      The "dbgstat" claim applies to entity-wide or submodule-wide debug
      facilities of the entity like [JTAG] and diagnostic hardware built
      into chips.

   intuse
      The "intuse" claim provides an indication to an EAT consumer about
      the intended usage of the token.

   eat_nonce
      An EAT nonce is either a byte or text string or an array of byte
      or text strings.  The array option supports multistage EAT
      verification and consumption.

3.3.  TDX claims

   The complete definitions of the following claims are available in
   section A.3.2 TD Quote Body of [TDX-DCAP-Quoting-Library].

   tdx_mrsignerseam
      A 96-character hexadecimal string that represents a byte array of
      length 48 containing the measurement of the TDX module signer.

   tdx_mrseam
      A 96-character hexadecimal string that represents a byte array of
      length 48 containing the measurement of the TDX module.

   tdx_mrtd
      A 96-character hexadecimal string that represents a byte array of
      length 48 containing the measurement of the initial contents of
      the TDX.

   tdx_rtmr0
      A 96-character hexadecimal string that represents a byte array of
      length 48 containing the runtime extendable measurement register.

   tdx_rtmr1
      A 96-character hexadecimal string that represents a byte array of
      length 48 containing the runtime extendable measurement register.

   tdx_rtmr2
      A 96-character hexadecimal string that represents a byte array of
      length 48 containing the runtime extendable measurement register.

   tdx_rtmr3
      A 96-character hexadecimal string that represents a byte array of
      length 48 containing the runtime extendable measurement register.




Kostal, et al.            Expires 21 April 2024                 [Page 4]

Internet-Draft               TDX EAT profile                October 2023


   tdx_mrconfigid
      A 96-character hexadecimal string that represents a byte array of
      length 48 containing the software-defined ID for non-owner-defined
      configuration of the TDX, e.g., runtime or Operating System (OS)
      configuration.

   tdx_mrowner
      A 96-character hexadecimal string that represents a byte array of
      length 48 containing the software-defined ID for the TDX's owner.

   tdx_mrownerconfig
      A 96-character hexadecimal string that represents a byte array of
      length 48 containing the software-defined ID for owner-defined
      configuration of the TDX, e.g., specific to the workload rather
      than the runtime or OS.

   tdx_report_data
      A 128-character hexadecimal string that represents a byte array of
      length 64.  In this context, the TDX has the flexibility to
      include 64 bytes of custom data in a TDX Report.  For instance,
      this space can be used to hold a nonce, a public key, or a hash of
      a larger block of data.

   tdx_seam_attributes
      A 16 character hexadecimal string that represents a byte array of
      length 8 containing additional configuration of the TDX module.

   tdx_tee_tcb_svn
      A 32 character hexadecimal string that represents a byte array of
      length 16 describing Trusted Computing Base (TCB) Security Version
      Numbers (SVNs) of the TDX.

   tdx_xfam
      A 16 character hexadecimal string that represents a byte array of
      length 8 containing a mask of CPU extended features that the TDX
      is allowed to use.

   tdx_seamsvn
      A number that represents the Intel TDX module SVN.  The complete
      definition of the claim is available in section 3.1
      SEAM_SIGSTRUCT: INTEL® TDX MODULE SIGNATURE STRUCTURE of the
      [TDX-SEAM-Loader-Interface] specification.









Kostal, et al.            Expires 21 April 2024                 [Page 5]

Internet-Draft               TDX EAT profile                October 2023


   tdx_td_attributes
      A 16 character hexadecimal string that represents a byte array of
      length 8.  These are the attributes associated with the Trust
      Domain (TD).  The complete definitions of the claims mentioned
      below are available in section A.3.4.  TD Attributes of
      [TDX-DCAP-Quoting-Library].

   tdx_td_attributes_debug
      A boolean value that indicates whether the TD runs in TD debug
      mode (set to 1) or not (set to 0).  In TD debug mode, the CPU
      state and private memory are accessible by the host VMM.

   tdx_td_attributes_key_locker
      A boolean value that indicates whether the TD is allowed to use
      Key Locker.

   tdx_td_attributes_perfmon
      A boolean value that indicates whether the TD is allowed to use
      Perfmon and PERF_METRICS capabilities.

   tdx_td_attributes_protection_keys
      A boolean value that indicates whether the TD is allowed to use
      Supervisor Protection Keys.

   tdx_td_attributes_septve_disable
      A boolean value that determines whether to disable EPT violation
      conversion to #VE on TD access of PENDING pages.

3.4.  Attester claims

   attester_advisory_ids
      Array of Advisory IDs referring to Intel security advisories that
      provide insight into the reason(s) for the value of tcbStatus of
      the platform TCB level being evaluated.  See advisoryIDs in
      [TDX-API-Portal].

   attester_tcb_status
      A string value that represents the TCB level status of the
      platform being evaluated.  See tcbStatus in [TDX-API-Portal].

4.  IANA Considerations

4.1.  JWT claims registered by this document

   This specification adds the following values to the "JSON Web Token
   Claims" registry established by the JWT specification

   IANA is requested to register the following claims.



Kostal, et al.            Expires 21 April 2024                 [Page 6]

Internet-Draft               TDX EAT profile                October 2023


   -----------------------------------------------

   Claim Name: tdx_mrsignerseam

   Claim Description: TDX module signer

   Specification Document(s): This document

   -----------------------------------------------

   Claim Name: tdx_mrseam

   Claim Description: Measurement of the TDX module

   Specification Document(s): This document

   -----------------------------------------------

   Claim Name: tdx_mrtd

   Claim Description: Measurement of the TDX initial contents

   Specification Document(s): This document

   -----------------------------------------------

   Claim Name: tdx_rtmr0

   Claim Description: Runtime extendable measurement register

   Specification Document(s): This document

   -----------------------------------------------

   Claim Name: tdx_rtmr1

   Claim Description: Runtime extendable measurement register

   Specification Document(s): This document

   -----------------------------------------------

   Claim Name: tdx_rtmr2

   Claim Description: Runtime extendable measurement register

   Specification Document(s): This document




Kostal, et al.            Expires 21 April 2024                 [Page 7]

Internet-Draft               TDX EAT profile                October 2023


   -----------------------------------------------

   Claim Name: tdx_rtmr3

   Claim Description: Runtime extendable measurement register

   Specification Document(s): This document

   -----------------------------------------------

   Claim Name: tdx_mrconfigid

   Claim Description: Software-defined ID for non-owner-defined
   configuration of the TDX

   Specification Document(s): This document

   -----------------------------------------------

   Claim Name: tdx_mrowner

   Claim Description: Software-defined ID for the TDX's owner

   Specification Document(s): This document

   -----------------------------------------------

   Claim Name: tdx_mrownerconfig

   Claim Description: Software-defined ID for owner-defined
   configuration of the TDX

   Specification Document(s): This document

   -----------------------------------------------

   Claim Name: tdx_report_data

   Claim Description: Custom data in the TDX Report

   Specification Document(s): This document

   -----------------------------------------------

   Claim Name: tdx_seam_attributes

   Claim Description: Additional configuration of the TDX module




Kostal, et al.            Expires 21 April 2024                 [Page 8]

Internet-Draft               TDX EAT profile                October 2023


   Specification Document(s): This document

   -----------------------------------------------

   Claim Name: tdx_tee_tcb_svn

   Claim Description: Trusted Computing Base (TCB) Security Version
   Numbers (SVNs) of the TDX

   Specification Document(s): This document

   -----------------------------------------------

   Claim Name: tdx_xfam

   Claim Description: Mask of CPU extended features that the TDX is
   allowed to use

   Specification Document(s): This document

   -----------------------------------------------

   Claim Name: tdx_seamsvn

   Claim Description: The TDX module Security Version Number (SVN)

   Specification Document(s): This document

   -----------------------------------------------

   Claim Name: tdx_td_attributes

   Claim Description: Attributes associated with the Trust Domain (TD)

   Specification Document(s): This document

   -----------------------------------------------

   Claim Name: tdx_td_attributes_debug

   Claim Description: Indicates whether the TD runs in TD debug mode
   (set to 1) or not (set to 0)

   Specification Document(s): This document

   -----------------------------------------------

   Claim Name: tdx_td_attributes_key_locker



Kostal, et al.            Expires 21 April 2024                 [Page 9]

Internet-Draft               TDX EAT profile                October 2023


   Claim Description: Indicates whether the TD is allowed to use Key
   Locker

   Specification Document(s): This document

   -----------------------------------------------

   Claim Name: tdx_td_attributes_perfmon

   Claim Description: Indicates whether the TD is allowed to use Perfmon
   and PERF_METRICS capabilities

   Specification Document(s): This document

   -----------------------------------------------

   Claim Name: tdx_td_attributes_protection_keys

   Claim Description: Indicates whether the TD is allowed to use
   Supervisor Protection Keys

   Specification Document(s): This document

   -----------------------------------------------

   Claim Name: tdx_td_attributes_septve_disable

   Claim Description: Determines whether to disable EPT violation
   conversion to #VE on TD access of PENDING pages

   Specification Document(s): This document

   -----------------------------------------------

   Claim Name: attester_advisory_ids

   Claim Description: Intel security advisories that provide insight
   into the reason(s) for the value of tcbStatus of the platform TCB
   level being evaluated

   Specification Document(s): This document

   -----------------------------------------------

   Claim Name: attester_tcb_status

   Claim Description: TCB level status of the platform being evaluated




Kostal, et al.            Expires 21 April 2024                [Page 10]

Internet-Draft               TDX EAT profile                October 2023


   Specification Document(s): This document

   -----------------------------------------------

5.  Security Considerations

   This specification re-uses the EAT and JWT specifications.  Hence,
   the security and privacy considerations of those specifications apply
   here as well.

   Additionally, the security considerations as described in
   [TDX-Security-Guidance] apply here too.

6.  References

6.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

   [EAT]      Lundblade, L., Mandyam, G., O'Donoghue, J., and C.
              Wallace, "The Entity Attestation Token (EAT)", 30 June
              2023, <https://datatracker.ietf.org/doc/html/draft-ietf-
              rats-eat>.

   [JWT]      Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token
              (JWT)", May 2015,
              <https://datatracker.ietf.org/doc/html/rfc7519>.

   [JWS]      Jones, M., Bradley, J., and N. Sakimura, "JSON Web
              Signature (JWS)", May 2015,
              <https://datatracker.ietf.org/doc/html/rfc7515>.

   [TDX]      Intel, "Intel® Trust Domain Extensions", February 2023,
              <https://www.intel.com/content/www/us/en/developer/tools/
              trust-domain-extensions/overview.html>.

   [TDX-API-Portal]
              Intel, "Intel® SGX and Intel® TDX Registration Service for
              Scalable Platforms", February 2023,
              <https://api.portal.trustedservices.intel.com/
              documentation>.



Kostal, et al.            Expires 21 April 2024                [Page 11]

Internet-Draft               TDX EAT profile                October 2023


   [TDX-DCAP-Quoting-Library]
              Intel, "Intel® Trust Domain Extensions Data Center
              Attestation Primitives (Intel® TDX DCAP): Quote Generation
              Library and Quote Verification Library", August 2023,
              <https://download.01.org/intel-sgx/latest/dcap-
              latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf>.

   [TDX-SEAM-Loader-Interface]
              Intel, "Intel® Trust Domain Extensions - SEAM Loader
              (SEAMLDR) Interface Specification", March 2022,
              <https://cdrdv2.intel.com/v1/dl/getContent/733584>.

6.2.  Informative References

   [JTAG]     "IEEE Standard for Reduced-Pin and Enhanced-Functionality
              Test Access Port and Boundary-Scan Architecture", February
              2010, <https://ieeexplore.ieee.org/document/5412866>.

   [MAA]      Microsoft, "Microsoft Azure Attestation", March 2021,
              <https://learn.microsoft.com/en-us/azure/attestation/
              overview>.

   [TA]       Intel, "Intel® Trust Authority", October 2023,
              <https://www.intel.com/content/www/us/en/security/trust-
              authority.html>.

   [MAA-EAT-Profile]
              Microsoft, "EAT profile of Microsoft Azure Attestation",
              October 2023, <https://learn.microsoft.com/en-
              us/azure/attestation/trust-domain-extensions-eat-profile>.

   [TA-EAT-Profile]
              Intel, "EAT profile of Intel® Trust Authority", October
              2023,
              <https://portal.trustauthority.intel.com/eat_profile>.

   [TDX-Security-Guidance]
              Intel, "Intel TDX Security Guidance", February 2023,
              <https://www.intel.com/content/www/us/en/developer/tools/
              trust-domain-extensions/documentation.html#security-
              guidance>.

Appendix A.  Examples








Kostal, et al.            Expires 21 April 2024                [Page 12]

Internet-Draft               TDX EAT profile                October 2023


A.1.  TDX attestation token by Intel® Trust Authority

   Below is a sample TDX attestation token generated by Intel® Trust
   Authority [TA] which includes claims from this EAT profile.  The
   definitions of the token claims can be found in [TA-EAT-Profile].

      {
  "alg": "PS384",
  "jku": "https://portal.trustauthority.intel.com/certs"
,
  "kid": "1881f519948621f7aeb538a8a5896bb3fb7c271c3522081c5dd7af1a683bac
          f6d90a63e82ade85c00321781591dfdf3d",
  "typ": "JWT"
}.{
  "tdx_tee_tcb_svn": "02010600000000000000000000000000",
  "tdx_mrseam": "360304d34a16aace0a18e09ad2d07d2b9fd3c174378e5bf10838807
          9827f89ff62acc5f8c473dd40706324834e202946",
  "tdx_mrsignerseam": "000000000000000000000000000000000000000000000000
          000000000000000000000000000000000000000000000000",
  "tdx_seam_attributes": "0000000000000000",
  "tdx_td_attributes": "0000000000000000",
  "tdx_xfam": "e718060000000000",
  "tdx_mrtd": "75f3acc2e1dfc3acf404d7eaa69a2eefcd0475a0dd6516ef5ba3cb8
          3399c61b4aa1c638e3622bb650a514bfc6e858886",
  "tdx_mrconfigid": "0000000000000000000000000000000000000000000000000
          00000000000000000000000000000000000000000000000",
  "tdx_mrowner": "0000000000000000000000000000000000000000000000000000
          00000000000000000000000000000000000000000000",
  "tdx_mrownerconfig": "0000000000000000000000000000000000000000000000
          00000000000000000000000000000000000000000000000000",
  "tdx_rtmr0": "000000000000000000000000000000000000000000000000000000
          000000000000000000000000000000000000000000",
  "tdx_rtmr1": "000000000000000000000000000000000000000000000000000000
          000000000000000000000000000000000000000000",
  "tdx_rtmr2": "000000000000000000000000000000000000000000000000000000
          000000000000000000000000000000000000000000",
  "tdx_rtmr3": "000000000000000000000000000000000000000000000000000000
          000000000000000000000000000000000000000000",
  "tdx_report_data": "7e3b88c09ed42bad38c146f542fbee862411878fa33a3fdf
          bffd2ad549db279200000000000000000000000000000000000000000000
          00000000000000000000",
  "tdx_seamsvn": 2,
  "tdx_td_attributes_debug": false,
  "tdx_td_attributes_septve_disable": false,
  "tdx_td_attributes_protection_keys": false,
  "tdx_td_attributes_key_locker": false,
  "tdx_td_attributes_perfmon": false,
  "tdx_is_debuggable": false,



Kostal, et al.            Expires 21 April 2024                [Page 13]

Internet-Draft               TDX EAT profile                October 2023


  "tdx_collateral": {
    "qeidcerthash": "b2ca71b8e849d5e799451b4bfe43159a0ee548032cecb2c0e4
          79bf6ee3f39fd1",
    "qeidcrlhash": "f454dc1b9bd4ce36c04241e2c8c37a2ae26b077f2c66b919843
          365318a59332c",
    "qeidhash": "665b5e4a8c34c24935448629894302b0bc8a054f25e43333021dd8
          c93e9211be",
    "quotehash": "be3de7edd324a21cb73f8ba3d8ea5bd704bd27809dd6f0c8de152
          5511845389c",
    "tcbinfocerthash": "b2ca71b8e849d5e799451b4bfe43159a0ee548032cecb2c
          0e479bf6ee3f39fd1",
    "tcbinfocrlhash": "f454dc1b9bd4ce36c04241e2c8c37a2ae26b077f2c66b919
          843365318a59332c",
    "tcbinfohash": "7c2b91b9aaaf0a9823f17bb6b31403fffee7fe0b658b41d9e80
          2c6de8569096d"
  },
  "attester_runtime_data": {
     "test-claim-name": "test-claim-value"
  },
  "policy_ids_matched": [
    {
      "id": "094f9b2d-5477-4607-8a5f-bd33388c60c7",
      "version": "v4"
    }
  ],
  "attester_tcb_status": "UpToDate",
  "attester_type": "TDX",
  "verifier_instance_ids": [
    "64edd3d8-be70-4d03-9cb5-e5575107c87d",
    "56b8f9df-f6c5-4302-8142-321985f269c4",
    "5f6d8e1e-288a-409e-ad3f-3670f00a426c",
    "c82f8048-ea8b-4407-9365-3990bb646e3e"
  ],
  "dbgstat": "disabled",
  "eat_profile": "https://portal.trustauthority.intel.com/eat_profile"
,
  "intuse": "generic",
  "ver": "1.0.0",
  "exp": 1696973571,
  "jti": "ac2ca0de-e271-4878-a56f-59e5e6b8c328",
  "iat": 1696973271,
  "iss": "Intel Trust Authority",
  "nbf": 1696973271
}







Kostal, et al.            Expires 21 April 2024                [Page 14]

Internet-Draft               TDX EAT profile                October 2023


A.2.  TDX attestation token by Microsoft Azure Attestation

   Below is a sample TDX attestation token generated by Microsoft Azure
   Attestation [MAA] which includes claims from this EAT profile.  The
   definitions of the token claims can be found in [MAA-EAT-Profile].

     {
      "attester_tcb_status": "UpToDate",
      "dbgstat": "disabled",
      "eat_profile": "https://aka.ms/maa-eat-profile-tdxvm",
      "exp": 1697600807,
      "iat": 1697572007,
      "intuse": "generic",
      "iss": "https://maasand001.eus.attest.azure.net",
      "jti": "fb5021d13a90f5b3f5642b30d8103715c8d76ee05c9062923a04af35d0
             347ade",
      "nbf": 1697572007,
      "tdx_mrconfigid": "00000000000000000000000000000000000000000000000
             0000000000000000000000000000000000000000000000000",
      "tdx_mrowner": "00000000000000000000000000000000000000000000000000
             0000000000000000000000000000000000000000000000",
      "tdx_mrownerconfig": "00000000000000000000000000000000000000000000
             0000000000000000000000000000000000000000000000000000",
      "tdx_mrseam": "2fd279c16164a93dd5bf373d834328d46008c2b693af9ebb865
             b08b2ced320c9a89b4869a9fab60fbe9d0c5a5363c656",
      "tdx_mrsignerseam": "000000000000000000000000000000000000000000000
             000000000000000000000000000000000000000000000000000",
      "tdx_mrtd": "5be56d418d33661a6c21da77c9503a07e430b35eb92a0bd042a6b
             3c4e79b3c82bb1c594e770d0d129a0724669f1e953f",
      "tdx_report_data": "93c6db49f2318387bcebdad0275e206725d948f9000d90
             0344aa44abaef1459600000000000000000000000000000000000000000
             00000000000000000000000",
      "tdx_rtmr0": "0000000000000000000000000000000000000000000000000000
             00000000000000000000000000000000000000000000",
      "tdx_rtmr1": "0000000000000000000000000000000000000000000000000000
             00000000000000000000000000000000000000000000",
      "tdx_rtmr2": "0000000000000000000000000000000000000000000000000000
             00000000000000000000000000000000000000000000",
      "tdx_rtmr3": "0000000000000000000000000000000000000000000000000000
             00000000000000000000000000000000000000000000",
      "tdx_seam_attributes": "0000000000000000",
      "tdx_seamsvn": 3,
      "tdx_td_attributes": "0000000000000000",
      "tdx_td_attributes_debug": false,
      "tdx_td_attributes_key_locker": false,
      "tdx_td_attributes_perfmon": false,
      "tdx_td_attributes_protection_keys": false,
      "tdx_td_attributes_septve_disable": false,



Kostal, et al.            Expires 21 April 2024                [Page 15]

Internet-Draft               TDX EAT profile                October 2023


      "tdx_tee_tcb_svn": "03000600000000000000000000000000",
      "tdx_xfam": "e718060000000000",
      "x-ms-attestation-type": "tdxvm",
      "x-ms-compliance-status": "azure-compliant-cvm",
      "x-ms-policy-hash": "B56nbp5slhw66peoRYkpdq1WykMkEworvdol08hnMXE",
      "x-ms-runtime": {
         "test-claim-name": "test-claim-value"
      },
      "x-ms-ver": "1.0"
   }

Acknowledgements

   Thanks to Dave Thaler for offering guidance in drafting and
   publishing the profile.

Authors' Addresses

   Greg Kostal
   Microsoft
   Email: gkostal@microsoft.com


   Sindhuri Dittakavi
   Microsoft
   Email: sindhuri.dittakavi@microsoft.com


   Raghuram Yeluri
   Intel
   Email: raghuram.yeluri@intel.com


   Haidong Xia
   Intel
   Email: haidong.xia@intel.com


   Jerry Yu
   Intel
   Email: jerry.yu@intel.com










Kostal, et al.            Expires 21 April 2024                [Page 16]