Integrating Intel TDX remote attestation into SSH

Fabian Wesemann
M.Sc student, Flensburg Univ. of Applied Sciences

FOSDEM 2025

Content

Technology overview
Project goal
Protocol
Implementation

Intel TDX

Confidential Computing on the virtual machine level
Isolates a VM from software outside the trust domain, e.g. the host OS

Intel TDX Remote Attestation

Verify Intel TDX is enabled
Evidence can be verified by the relying party
On Azure CVMs: Azure Attestation Service

SSH

Server/Client
Remote shell, file transfer, port forwarding, …
Comes with encryption and authentication
e.g. git, rsync

Project goal

Modify OpenSSH, so that our client only connects to servers on a TDX enabled VM.

client → challenger / relying party
server → attester

Protocol

Implementation

Based on OpenSSH
New ra-ssh Service for attestation
trustauthority-cli for TDX quote generation
- Needs privileged process
- monitor messages between sshd and the session

Server

Quote generation

trustauthority-cli quote -u <nonce>

Quote: BAACAIEAAAAAAAAAk5pyM/ecTKmUCg2zlX8GByxxGNDcfxhLFr0pGDnEuPoAAAAABAEHAAAAAAAAAAAAAAAAAJeQ2JoQIQ7Glop3PO4soFtaqXMJ82cnqWhSe+Rgb8Geb3OszjUJRsnUapv3pj+EMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnGAYAAAAAALTz4nSNgAcR2B+nXVtP7h7zCTMhdLJOBnyaiBaHOknjwZV5ocptPM+ibM1LtvwXuwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADKszVohHykb5gnhxt4qpE5RRfPyHTIXXLb1IKNATmEbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMEAAA/HouSzDkAl8BudOjGPc7pAh26e7qgBl1VYKwuahzFxcGOQ4vdCOPb3qcVbHTOyK1lIqbJOW9+MSaJDI2f9sOFyicos92cqH9yk3QNzcjhnMOXIOuDEhQcAVq+Mp3tfZ161YxVkJEI9O6mHrTWOVS3OBgyd+HNxnNyHFMHeVuSXQGAEYQAAAHBxgaA/8AAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVAAAAAAAAAOcAAAAAAAAAhvxODsLF3c66yXBiwKAUKpfBinp1UUe8vD/hfWUpeB0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANyeKnxvlI8XR040p/xD7QMPfBVj8bq932NAyC4OVKjFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAInA31mzmzLdRopMdqh2JwiDtbAU2AEVjnv/+Rqgp8qmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZWPYZ03XtxixiB/18JgQmhAmA3Xjvka4b1zmhNLT1uFqWEiaCC4CbHv0n+klzrqIFSDLVGraQSh8/Lt1QLLr6IAAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHwUAXg4AAC0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlFOFRDQ0JKZWdBd0lCQWdJVkFPVGpBYVU4cFJqVzFZRStVUEh2U1dDd1ZkeWdNQW9HQ0NxR1NNNDlCQU1DCk1IQXhJakFnQmdOVkJBTU1HVWx1ZEdWc0lGTkhXQ0JRUTBzZ1VHeGhkR1p2Y20wZ1EwRXhHakFZQmdOVkJBb00KRVVsdWRHVnNJRU52Y25CdmNtRjBhVzl1TVJRd0VnWURWUVFIREF0VFlXNTBZU0JEYkdGeVlURUxNQWtHQTFVRQpDQXdDUTBFeEN6QUpCZ05WQkFZVEFsVlRNQjRYRFRJME1EVXhOekEwTURReU9Wb1hEVE14TURVeE56QTBNRFF5Ck9Wb3djREVpTUNBR0ExVUVBd3daU1c1MFpXd2dVMGRZSUZCRFN5QkRaWEowYVdacFkyRjBaVEVhTUJnR0ExVUUKQ2d3UlNXNTBaV3dnUTI5eWNHOXlZWFJwYjI0eEZEQVNCZ05WQkFjTUMxTmhiblJoSUVOc1lYSmhNUXN3Q1FZRApWUVFJREFKRFFURUxNQWtHQTFVRUJoTUNWVk13V1RBVEJnY3Foa2pPUFFJQkJnZ3Foa2pPUFFNQkJ3TkNBQVNtCkJCVEJWUCt4SFBxY2VhOUFxNjFjTnliZkI2cjROZUlmN01VSXJyUEhvWW4wcms0Y1krWVg3cHpuVEg2b0Vvb3EKaWpOMWNmZ0VDdkpMSVFTZnFTaWVvNElERERDQ0F3Z3dId1lEVlIwakJCZ3dGb0FVbFc5ZHpiMGI0ZWxBU2NuVQo5RFBPQVZjTDNsUXdhd1lEVlIwZkJHUXdZakJnb0Y2Z1hJWmFhSFIwY0hNNkx5OWhjR2t1ZEhKMWMzUmxaSE5sCmNuWnBZMlZ6TG1sdWRHVnNMbU52YlM5elozZ3ZZMlZ5ZEdsbWFXTmhkR2x2Ymk5Mk5DOXdZMnRqY213L1kyRTkKY0d4aGRHWnZjbTBtWlc1amIyUnBibWM5WkdWeU1CMEdBMVVkRGdRV0JCUkNUTVRuSUQxbXVQc1k2Zm00a2hMNgpyRHJ3NmpBT0JnTlZIUThCQWY4RUJBTUNCc0F3REFZRFZSMFRBUUgvQkFJd0FEQ0NBamtHQ1NxR1NJYjRUUUVOCkFRU0NBaW93Z2dJbU1CNEdDaXFHU0liNFRRRU5BUUVFRU5IeUVYM2hQWHcyT0oxV1RPcm54WDh3Z2dGakJnb3EKaGtpRytFMEJEUUVDTUlJQlV6QVFCZ3NxaGtpRytFMEJEUUVDQVFJQkJ6QVFCZ3NxaGtpRytFMEJEUUVDQWdJQgpCekFRQmdzcWhraUcrRTBCRFFFQ0F3SUJBakFRQmdzcWhraUcrRTBCRFFFQ0JBSUJBakFRQmdzcWhraUcrRTBCCkRRRUNCUUlCQXpBUUJnc3Foa2lHK0UwQkRRRUNCZ0lCQVRBUUJnc3Foa2lHK0UwQkRRRUNCd0lCQURBUUJnc3EKaGtpRytFMEJEUUVDQ0FJQkF6QVFCZ3NxaGtpRytFMEJEUUVDQ1FJQkFEQVFCZ3NxaGtpRytFMEJEUUVDQ2dJQgpBREFRQmdzcWhraUcrRTBCRFFFQ0N3SUJBREFRQmdzcWhraUcrRTBCRFFFQ0RBSUJBREFRQmdzcWhraUcrRTBCCkRRRUNEUUlCQURBUUJnc3Foa2lHK0UwQkRRRUNEZ0lCQURBUUJnc3Foa2lHK0UwQkRRRUNEd0lCQURBUUJnc3EKaGtpRytFMEJEUUVDRUFJQkFEQVFCZ3NxaGtpRytFMEJEUUVDRVFJQkN6QWZCZ3NxaGtpRytFMEJEUUVDRWdRUQpCd2NDQWdNQkFBTUFBQUFBQUFBQUFEQVFCZ29xaGtpRytFMEJEUUVEQkFJQUFEQVVCZ29xaGtpRytFMEJEUUVFCkJBWUFnRzhGQUFBd0R3WUtLb1pJaHZoTkFRMEJCUW9CQVRBZUJnb3Foa2lHK0UwQkRRRUdCQkJFb1RWYzd2OVcKRVJ6aEx2VjVmUzlrTUVRR0NpcUdTSWI0VFFFTkFRY3dOakFRQmdzcWhraUcrRTBCRFFFSEFRRUIvekFRQmdzcQpoa2lHK0UwQkRRRUhBZ0VCQURBUUJnc3Foa2lHK0UwQkRRRUhBd0VCL3pBS0JnZ3Foa2pPUFFRREFnTklBREJGCkFpQjRjTTRXQWU3Y0QrL0lnMDJMNVkwNitMeE9JTmtRVmtEa1dQeWhGcEF3V2dJaEFKYlZ0N2lkRHpBVlpKQm8KQkJGVlJYYTlxbXdvWFI0amt5WXpFYmY4WEVFeAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlDbGpDQ0FqMmdBd0lCQWdJVkFKVnZYYzI5RytIcFFFbkoxUFF6emdGWEM5NVVNQW9HQ0NxR1NNNDlCQU1DCk1HZ3hHakFZQmdOVkJBTU1FVWx1ZEdWc0lGTkhXQ0JTYjI5MElFTkJNUm93R0FZRFZRUUtEQkZKYm5SbGJDQkQKYjNKd2IzSmhkR2x2YmpFVU1CSUdBMVVFQnd3TFUyRnVkR0VnUTJ4aGNtRXhDekFKQmdOVkJBZ01Ba05CTVFzdwpDUVlEVlFRR0V3SlZVekFlRncweE9EQTFNakV4TURVd01UQmFGdzB6TXpBMU1qRXhNRFV3TVRCYU1IQXhJakFnCkJnTlZCQU1NR1VsdWRHVnNJRk5IV0NCUVEwc2dVR3hoZEdadmNtMGdRMEV4R2pBWUJnTlZCQW9NRVVsdWRHVnMKSUVOdmNuQnZjbUYwYVc5dU1SUXdFZ1lEVlFRSERBdFRZVzUwWVNCRGJHRnlZVEVMTUFrR0ExVUVDQXdDUTBFeApDekFKQmdOVkJBWVRBbFZUTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFTlNCLzd0MjFsWFNPCjJDdXpweHc3NGVKQjcyRXlER2dXNXJYQ3R4MnRWVExxNmhLazZ6K1VpUlpDbnFSN3BzT3ZncUZlU3hsbVRsSmwKZVRtaTJXWXozcU9CdXpDQnVEQWZCZ05WSFNNRUdEQVdnQlFpWlF6V1dwMDBpZk9EdEpWU3YxQWJPU2NHckRCUwpCZ05WSFI4RVN6QkpNRWVnUmFCRGhrRm9kSFJ3Y3pvdkwyTmxjblJwWm1sallYUmxjeTUwY25WemRHVmtjMlZ5CmRtbGpaWE11YVc1MFpXd3VZMjl0TDBsdWRHVnNVMGRZVW05dmRFTkJMbVJsY2pBZEJnTlZIUTRFRmdRVWxXOWQKemIwYjRlbEFTY25VOURQT0FWY0wzbFF3RGdZRFZSMFBBUUgvQkFRREFnRUdNQklHQTFVZEV3RUIvd1FJTUFZQgpBZjhDQVFBd0NnWUlLb1pJemowRUF3SURSd0F3UkFJZ1hzVmtpMHcraTZWWUdXM1VGLzIydWFYZTBZSkRqMVVlCm5BK1RqRDFhaTVjQ0lDWWIxU0FtRDV4a2ZUVnB2bzRVb3lpU1l4ckRXTG1VUjRDSTlOS3lmUE4rCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNqekNDQWpTZ0F3SUJBZ0lVSW1VTTFscWROSW56ZzdTVlVyOVFHemtuQnF3d0NnWUlLb1pJemowRUF3SXcKYURFYU1CZ0dBMVVFQXd3UlNXNTBaV3dnVTBkWUlGSnZiM1FnUTBFeEdqQVlCZ05WQkFvTUVVbHVkR1ZzSUVOdgpjbkJ2Y21GMGFXOXVNUlF3RWdZRFZRUUhEQXRUWVc1MFlTQkRiR0Z5WVRFTE1Ba0dBMVVFQ0F3Q1EwRXhDekFKCkJnTlZCQVlUQWxWVE1CNFhEVEU0TURVeU1URXdORFV4TUZvWERUUTVNVEl6TVRJek5UazFPVm93YURFYU1CZ0cKQTFVRUF3d1JTVzUwWld3Z1UwZFlJRkp2YjNRZ1EwRXhHakFZQmdOVkJBb01FVWx1ZEdWc0lFTnZjbkJ2Y21GMAphVzl1TVJRd0VnWURWUVFIREF0VFlXNTBZU0JEYkdGeVlURUxNQWtHQTFVRUNBd0NRMEV4Q3pBSkJnTlZCQVlUCkFsVlRNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVDNm5Fd01ESVlaT2ovaVBXc0N6YUVLaTcKMU9pT1NMUkZoV0dqYm5CVkpmVm5rWTR1M0lqa0RZWUwwTXhPNG1xc3lZamxCYWxUVll4RlAyc0pCSzV6bEtPQgp1ekNCdURBZkJnTlZIU01FR0RBV2dCUWlaUXpXV3AwMGlmT0R0SlZTdjFBYk9TY0dyREJTQmdOVkhSOEVTekJKCk1FZWdSYUJEaGtGb2RIUndjem92TDJObGNuUnBabWxqWVhSbGN5NTBjblZ6ZEdWa2MyVnlkbWxqWlhNdWFXNTAKWld3dVkyOXRMMGx1ZEdWc1UwZFlVbTl2ZEVOQkxtUmxjakFkQmdOVkhRNEVGZ1FVSW1VTTFscWROSW56ZzdTVgpVcjlRR3prbkJxd3dEZ1lEVlIwUEFRSC9CQVFEQWdFR01CSUdBMVVkRXdFQi93UUlNQVlCQWY4Q0FRRXdDZ1lJCktvWkl6ajBFQXdJRFNRQXdSZ0loQU9XLzVRa1IrUzlDaVNEY05vb3dMdVBSTHNXR2YvWWk3R1NYOTRCZ3dUd2cKQWlFQTRKMGxySG9NcytYbzVvL3NYNk85UVd4SFJBdlpVR09kUlE3Y3ZxUlhhcUk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
runtime_data: eyJrZXlzIjpbeyJraWQiOiJIQ0xBa1B1YiIsImtleV9vcHMiOlsic2lnbiJdLCJrdHkiOiJSU0EiLCJlIjoiQVFBQiIsIm4iOiJ5dzY5T0FBQXUzZ1E1YTJ1N0Rsa2FLWmhXbVNJLTU5RUszTFljN01nS2t1VnIyTDZzc1R5NDlTLXllUFdJY2Zrb2U5RldobVJTMVk3RVh2RUd6UXhuUkRkdUxqYjhweWJ5UGJHOU53ZzNYOTktNGNiY3pWaHhJajNaUHFESFhvckhFTURnOWZLT240RUo1X1Y5enJ3VkEtVXpOcmxXdUJZRDZxY0l4bmIzMS1MYlRsRm1SMjNIN204TklPaDlmYlE3NG1WRXlzYnMzWjQyNEIzbS11em5sX2RZanN5RTl0N1B1eGRsQTZUNVhleVdpN2hXRmdFV2lTbGMwS181b3diLUFaM0NPd1ZERTlzU21zU1NKZ2pvaHlkZ01RbzZpMVhNZG1SV1BYNk10alF4YjBmTWhzdHpOR2xNWmItVVZqYzhEdmVWdWFUZ3J5MFcwT0dNNE1jQ1EifSx7ImtpZCI6IkhDTEVrUHViIiwia2V5X29wcyI6WyJlbmNyeXB0Il0sImt0eSI6IlJTQSIsImUiOiJBUUFCIiwibiI6InVQVHRlQUFCQ0JvVW9MT0JlVlVMZXJmdkVQVXFySjZ3UG80WVhMTHAwdFVNTkE2bk5VLW11TGpOUUxHLUg4blBwMFlucEVfZFE1eGc2NnhyT1RlU0NvWE9TR0xCUlMyR05zc0NSYTJyYWtWdnZMZGtQMVNpakYtYlNXV0U0VVJnbU9Zck5fS1BQWTQ5TWt4OG9BYnhubUUydnAwSjJSRGJPTG8tbWxlaERPLUdlQm5sVThkMnpybWhONlpMaTlwM1VENkRISGhuMDlXcXdwWXZrb1lNeGVHd0cxVmNNZXlhY3JWSUk3Z0NsQy1LX2lzWWRud1hIVW1jalJhWF9IN1ZkSkVfb1V0ajk4anpweVhfRWIwWkVGV29tWF9NMmo5T1AxTjZmbm1IUHM1ZDA5c09DYXpSOVpUVnh6TnBEYmRoREpOR2pPTFpERE04djVmdzY4R1hRdyJ9XSwidm0tY29uZmlndXJhdGlvbiI6eyJjb25zb2xlLWVuYWJsZWQiOnRydWUsInJvb3QtY2VydC10aHVtYnByaW50IjoiNm5aWm5ZYUpjNEtxVVpfeXZBLW11Y0ZkWU5vdXZsUG5JVG5OTVhzSGwtMCIsInNlY3VyZS1ib290Ijp0cnVlLCJ0cG0tZW5hYmxlZCI6dHJ1ZSwidHBtLXBlcnNpc3RlZCI6dHJ1ZSwidm1VbmlxdWVJZCI6IkQyNjg1NzUxLURERTMtNDgxNC1BMkEyLTU2NUE2OUZFOTExQiJ9LCJ1c2VyLWRhdGEiOiIyRjFCQTFBQ0UyQzY4OUQwQTNBMzM0MEI5NzQ3MkU3RkNBNURCMDNCNjYyMUIyRkI3NjFGQjA2OEUzNzdCRTFDQTNENDk0NEU1MDYwQzYwN0VEMzlDM0UzRkNDQUYwMTE0QzMyMDJBRDUzMEZBMzE0Mzg2M0UxQjRFMTQ4NUIyMCJ9
user_data: ZmFiaWFu # base64(userdata)

Server

Azure JWT creation

POST https://sharedeus2e.eus2e.attest.azure.net/attest/TdxVm?api-version=2023-04-01-preview

{
  "quote": "BAACAIEAAAAAAAAAk5pyM...AAAAAA=",
  "runtimeData": {
    "data": "eyJrZXlzIjp...IyMCJ9",
    "dataType": "JSON"
  }
}

Azure JWT

{
  "alg": "RS256",
  "jku": "https://sharedeus2e.eus2e.attest.azure.net/certs",
  "kid": "6qubGPaYpJMjCD9chNyuh/ztq87166pwivQJz1quFRQ=",
  "typ": "JWT"
}

{
"attester_tcb_status": "UpToDate",
"x-ms-attestation-type": "tdxvm",
"x-ms-compliance-status": "azure-compliant-cvm",
"x-ms-runtime": {
    "user-data": "2F1B...5B20",// base64(sha512(nonce))
    "vm-configuration": {
      "console-enabled": true,
      "secure-boot": true,
    ...
}
...
}

Full version on jwt.io

Mail: fabian.wesemann at stud.hs-flensburg.de

Implementation and Demo: github.com/tufteddeer/openssh-tdx-remote-attestation

Slides: tufteddeer.github.io/remote-attestation-ssh-slides/

Paper: tufteddeer.github.io/remote-attestation-ssh-slides/TDX-remote-attestation-in-SSH.pdf

Interesting stuff

OpenSSH: openssh.com
Intel Trustauthority CLI: github.com/intel/trustauthority-client-for-go
Azure JWTs: thomasvanlaere.com/posts/2023/03/azure-confidential-computing-verifying-microsoft-azure-attestation-jwt-tokens/
EAT profile: learn.microsoft.com/en-us/azure/attestation/trust-domain-extensions-eat-profile