Lesson from Cloud Confidential Computing Remote Attestation Sample

We have released the sample codes for remote attestation on cloud confidential computing services. I report the lessons learned from them. https://github.com/iisec-suzaki/cloud-ra-sample The samples cover multiple types of Trusted Execution Environments (TEEs): (1) Confidential VMs, including AMD SEV-SNP on Azure, AWS, and GCP, and Intel TDX on Azure and GCP; (2) TEE enclaves using Intel SGX on Azure; and (3) hypervisor-based enclaves using AWS Nitro Enclaves. As verifiers, the samples make use of both open-source attestation tools and commercial services such as Microsoft Azure Attestation (MAA). This talk aims to share these observations to support developers and researchers working with heterogeneous TEE environments and to help avoid common pitfalls when implementing remote attestation on cloud platforms.