Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

TrustMee: Self-Verifying Remote Attestation Evidence

Parsa Sadri Sinaki, Zainab Ahmad, Wentao Xie, Merlijn Sebrechts, Jimmy Kjällman, Lachlan J. Gunn

TL;DR

This paper tackles the fragmentation of remote attestation verification across heterogeneous hardware by introducing TrustMee, a platform-agnostic verifier that uses signed WebAssembly Verification Components shipped with attestation evidence. The approach converts verification into a code-signing problem, enabling a single verifier to support multiple platforms without platform-specific verifier code. The authors implement TrustMee within the Trustee framework and provide verification components for AMD SEV-SNP and Intel TDX, evaluating compatibility, security, and performance; results show low end-to-end overhead in networked scenarios and identify areas for cryptographic and sandboxing optimizations. This work significantly lowers maintenance costs for verifiers in diverse environments and accelerates the adoption of cross-platform attestation in confidential computing deployments.

Abstract

Hardware-secured remote attestation is essential to establishing trust in the integrity of confidential virtual machines (cVMs), but is difficult to use in practice because verifying attestation evidence requires the use of hardware-specific cryptographic logic. This increases both maintenance costs and the verifiers' trusted computing base. We introduce the concept of self-verifying remote attestation evidence. Each attestation bundle includes verification logic as a WebAssembly component signed by a trusted party. This approach transforms evidence verification into a standard code-signing problem: the verifier checks the signature on the embedded logic and then executes it to validate the evidence. As a result, verifiers can validate attestation evidence without any platform-specific knowledge. We implement this concept as TrustMee, a platform-agnostic verification driver for the Trustee framework. We demonstrate its functionality with self-verifying evidence for AMD SEV-SNP and Intel TDX attestations, producing attestation claims in the standard EAT Attestation Result (EAR) format.

TrustMee: Self-Verifying Remote Attestation Evidence

TL;DR

This paper tackles the fragmentation of remote attestation verification across heterogeneous hardware by introducing TrustMee, a platform-agnostic verifier that uses signed WebAssembly Verification Components shipped with attestation evidence. The approach converts verification into a code-signing problem, enabling a single verifier to support multiple platforms without platform-specific verifier code. The authors implement TrustMee within the Trustee framework and provide verification components for AMD SEV-SNP and Intel TDX, evaluating compatibility, security, and performance; results show low end-to-end overhead in networked scenarios and identify areas for cryptographic and sandboxing optimizations. This work significantly lowers maintenance costs for verifiers in diverse environments and accelerates the adoption of cross-platform attestation in confidential computing deployments.

Abstract

Hardware-secured remote attestation is essential to establishing trust in the integrity of confidential virtual machines (cVMs), but is difficult to use in practice because verifying attestation evidence requires the use of hardware-specific cryptographic logic. This increases both maintenance costs and the verifiers' trusted computing base. We introduce the concept of self-verifying remote attestation evidence. Each attestation bundle includes verification logic as a WebAssembly component signed by a trusted party. This approach transforms evidence verification into a standard code-signing problem: the verifier checks the signature on the embedded logic and then executes it to validate the evidence. As a result, verifiers can validate attestation evidence without any platform-specific knowledge. We implement this concept as TrustMee, a platform-agnostic verification driver for the Trustee framework. We demonstrate its functionality with self-verifying evidence for AMD SEV-SNP and Intel TDX attestations, producing attestation claims in the standard EAT Attestation Result (EAR) format.
Paper Structure (44 sections, 12 figures)

This paper contains 44 sections, 12 figures.

Table of Contents

  1. Introduction
  2. Background
  3. Remote Attestation
  4. Remote Attestation of AMD SEV-SNP .
  5. Remote Attestation of Intel TDX .
  6. EAT Attestation Results
  7. Trustee
  8. WebAssembly
  9. Problem description
  10. System model
  11. Adversary model
  12. Requirements
  13. Self-Verifying Remote Attestation Evidence
  14. Verification Component
  15. Verifier Host
  16. ...and 29 more sections

Figures (12)

  • Figure 1: TrustMee removes the need for platform-specific code in the verifier by bundling signed verification logic with the evidence. A generic verifier checks the signature and then uses the component to process the evidence, turning the problem of verification into a problem of code signing.
  • Figure 2: The architecture data flow (adapted from birkholz2023remote).
  • Figure 3: TrustMee architecture for self-verifying remote attestation evidence. The platform-specific verification logic is bundled with the evidence. TrustMee verifies the signature of the verification logic and executes it as a WebAssembly component inside a sandboxed WebAssembly runtime to map the platform-specific attestation evidence to a JSON claims map that can be used by the platform-agnostic logic of the verifier.
  • Figure 4: The interface between the Verification Component and TrustMee is defined using to ensure interoperability.
  • Figure 5: TrustMee adds a platform-agnostic Verifier Driver to Trustee that delegates the verification to a WebAssembly Component.
  • ...and 7 more figures