TrustMee: Self-Verifying Remote Attestation Evidence

Hardware-secured remote attestation is essential to establishing trust in the integrity of confidential virtual machines (cVMs), but is difficult to use in practice because verifying attestation evidence requires the use of hardware-specific cryptographic logic. This increases both maintenance costs and the verifiers' trusted computing base. We introduce the concept of self-verifying remote attestation evidence. Each attestation bundle includes verification logic as a WebAssembly component signed by a trusted party. This approach transforms evidence verification into a standard code-signing problem: the verifier checks the signature on the embedded logic and then executes it to validate the evidence. As a result, verifiers can validate attestation evidence without any platform-specific knowledge. We implement this concept as TrustMee, a platform-agnostic verification driver for the Trustee framework. We demonstrate its functionality with self-verifying evidence for AMD SEV-SNP and Intel TDX attestations, producing attestation claims in the standard EAT Attestation Result (EAR) format.

Source: arXiv:2602.13148v1 - http://arxiv.org/abs/2602.13148v1 PDF: https://arxiv.org/pdf/2602.13148v1 Original Link: http://arxiv.org/abs/2602.13148v1