swagger: '2.0' info: title: Microsoft Azure AttestationClient description: Describes the interface for the per-tenant enclave service. version: 2022-09-01-preview x-ms-parameterized-host: hostTemplate: '{instanceUrl}' useSchemePrefix: false parameters: - name: instanceUrl x-ms-parameter-location: client description: >- The attestation instance base URI, for example https://mytenant.attest.azure.net. required: true type: string in: path x-ms-skip-url-encoding: true consumes: - application/json produces: - application/json securityDefinitions: azure_auth: type: oauth2 authorizationUrl: https://login.microsoftonline.com/common/oauth2/authorize flow: implicit description: Azure Active Directory OAuth2 Flow scopes: user_impersonation: impersonate your user account paths: /policies/{attestationType}: get: tags: - Policy summary: 'Microsoft Azure Retrieves The Current Policy For An Attestation Type' operationId: microsoftAzurePolicyGet parameters: - $ref: '#/parameters/ApiVersionParameter' - $ref: '#/parameters/AttestationType' responses: '200': description: Success schema: $ref: '#/definitions/PolicyResponse' default: description: Error response describing why the operation failed schema: $ref: '#/definitions/CloudError' x-ms-examples: Get Policy: $ref: ./examples/Get_Policy.json description: Needs a more full description created. put: tags: - Policy summary: 'Microsoft Azure Sets The Policy For A Given Attestation Type' operationId: microsoftAzurePolicySet consumes: - text/plain parameters: - $ref: '#/parameters/ApiVersionParameter' - $ref: '#/parameters/AttestationType' - name: newAttestationPolicy in: body description: >- JWT Expressing the new policy whose body is a StoredAttestationPolicy object. required: true x-ms-client-flatten: true schema: $ref: '#/definitions/JsonWebToken' responses: '200': description: Success schema: $ref: '#/definitions/PolicyResponse' default: description: Error response describing why the operation failed schema: $ref: '#/definitions/CloudError' x-ms-examples: Set Policy: $ref: ./examples/Set_Policy.json description: Needs a more full description created. /policies/{attestationType}:reset: post: tags: - Policy summary: >- Microsoft Azure Resets The Attestation Policy For The Specified Tenant And Reverts To The Default Policy operationId: microsoftAzurePolicyReset consumes: - text/plain parameters: - $ref: '#/parameters/ApiVersionParameter' - $ref: '#/parameters/AttestationType' - name: PolicyJws in: body description: JSON Web Signature with an empty policy document required: true x-ms-client-flatten: true schema: $ref: '#/definitions/JsonWebToken' responses: '200': description: >- Success - Returns a JWT signed by the metadata signing key that contains the hash of the supplied policy to be set. schema: $ref: '#/definitions/PolicyResponse' default: description: Error response describing why the operation failed schema: $ref: '#/definitions/CloudError' x-ms-examples: Reset Policy: $ref: ./examples/Reset_Policy.json description: Needs a more full description created. /certificates: get: tags: - Policy Management Certificates summary: >- Microsoft Azure Retrieves The Set Of Certificates Used To Express Policy For The Current Tenant operationId: microsoftAzurePolicycertificatesGet parameters: - $ref: '#/parameters/ApiVersionParameter' responses: '200': description: >- An RFC7519 JSON Web Token structure containing an RFC7517 JsonWebKeySet which contains the certificates used to validate policy changes schema: $ref: '#/definitions/PolicyCertificatesResponse' default: description: Error response describing why the operation failed schema: $ref: '#/definitions/CloudError' x-ms-examples: Get PolicyCertificates: $ref: ./examples/Get_PolicyCertificates.json description: Needs a more full description created. /certificates:add: post: tags: - Policy Management Certificates summary: >- Microsoft Azure Adds A New Attestation Policy Certificate To The Set Of Policy Management Certificates operationId: microsoftAzurePolicycertificatesAdd parameters: - $ref: '#/parameters/ApiVersionParameter' - name: policyCertificateToAdd in: body description: >- An RFC7519 JSON Web Token whose body is an RFC7517 JSON Web Key object. The RFC7519 JWT must be signed with one of the existing signing certificates required: true schema: $ref: '#/definitions/JsonWebToken' responses: '200': description: >- An RFC7519 JSON Web Token structure containing an RFC7517 JsonWebKeySet which contains the certificates used to validate policy changes schema: $ref: '#/definitions/PolicyCertificatesModifyResponse' default: description: Error response describing why the operation failed schema: $ref: '#/definitions/CloudError' x-ms-examples: Add PolicyCertificate: $ref: ./examples/Add_PolicyCertificate.json description: Needs a more full description created. /certificates:remove: post: tags: - Policy Management Certificates summary: >- Microsoft Azure Removes The Specified Policy Management Certificate Note That The Final Policy Management Certificate Cannot Be Removed operationId: microsoftAzurePolicycertificatesRemove parameters: - $ref: '#/parameters/ApiVersionParameter' - name: policyCertificateToRemove in: body description: >- An RFC7519 JSON Web Token whose body is an AttestationCertificateManagementBody object. The RFC7519 JWT must be signed with one of the existing signing certificates required: true schema: $ref: '#/definitions/JsonWebToken' responses: '200': description: >- An RFC7519 JSON Web Token structure containing an RFC7517 JsonWebKeySet which contains the certificates used to validate policy changes schema: $ref: '#/definitions/PolicyCertificatesModifyResponse' default: description: Error response describing why the operation failed schema: $ref: '#/definitions/CloudError' x-ms-examples: Remove PolicyCertificate: $ref: ./examples/Remove_PolicyCertificate.json description: Needs a more full description created. /attest/OpenEnclave: post: tags: - Attestation summary: 'Microsoft Azure Attest To An Sgx Enclave' description: >- Processes an OpenEnclave report , producing an artifact. The type of artifact produced is dependent upon attestation policy. operationId: microsoftAzureAttestationAttestopenenclave parameters: - $ref: '#/parameters/ApiVersionParameter' - name: request in: body description: Request object containing the quote required: true schema: $ref: '#/definitions/AttestOpenEnclaveRequest' responses: '200': description: Success schema: $ref: '#/definitions/AttestationResponse' default: description: Error response describing why the operation failed schema: $ref: '#/definitions/CloudError' x-ms-examples: Attest OpenEnclave: $ref: ./examples/AttestOpenEnclave.json /attest/SgxEnclave: post: tags: - Attestation summary: 'Microsoft Azure Attest To An Sgx Enclave' description: >- Processes an SGX enclave quote, producing an artifact. The type of artifact produced is dependent upon attestation policy. operationId: microsoftAzureAttestationAttestsgxenclave parameters: - $ref: '#/parameters/ApiVersionParameter' - name: request in: body description: Request object containing the quote required: true schema: $ref: '#/definitions/AttestSgxEnclaveRequest' responses: '200': description: Success schema: $ref: '#/definitions/AttestationResponse' default: description: Error response describing why the operation failed schema: $ref: '#/definitions/CloudError' x-ms-examples: Attest SgxEnclave: $ref: ./examples/AttestSgxEnclave.json /attest/Tpm: post: tags: - Attestation summary: 'Microsoft Azure Attest A Virtualization Based Security Vbs Enclave' description: >- Processes attestation evidence from a VBS enclave, producing an attestation result. The attestation result produced is dependent upon the attestation policy. operationId: microsoftAzureAttestationAttesttpm consumes: - application/json parameters: - $ref: '#/parameters/ApiVersionParameter' - name: request in: body description: Request object required: true schema: $ref: '#/definitions/TpmAttestationRequest' responses: '200': description: Success schema: $ref: '#/definitions/TpmAttestationResponse' default: description: Error response describing why the operation failed schema: $ref: '#/definitions/CloudError' x-ms-examples: Attest EdgeTpm: $ref: ./examples/AttestVbsEnclave.json /attest/SevSnpVm: post: tags: - Attestation summary: 'Microsoft Azure Attest To An Sev Snp Virtual Machine' description: >- Processes a SEV SNP Boot chain. The type of artifact produced is dependent upon attestation policy. operationId: microsoftAzureAttestationAttestsevsnpvm parameters: - $ref: '#/parameters/ApiVersionParameter' - name: request in: body description: Request object containing the quote required: true schema: $ref: '#/definitions/AttestSevSnpVmRequest' responses: '200': description: Success schema: $ref: '#/definitions/AttestationResponse' default: description: Error response describing why the operation failed schema: $ref: '#/definitions/CloudError' x-ms-examples: Attest SevSnpVm: $ref: ./examples/AttestSevSnpVm.json /tcbbaselines/{attestationType}: get: tags: - TcbBaseline summary: >- Microsoft Azure Retrieves A List Of All Azure Supported Baseline Details For The A Tee Type Along With An Indication Of Which One Is In Enforced For The Attestation Provider operationId: microsoftAzureTcbbaselinesGet parameters: - $ref: '#/parameters/ApiVersionParameter' - $ref: '#/parameters/AttestationType' responses: '200': description: Success schema: $ref: '#/definitions/TcbBaselineResult' default: description: Error response describing why the operation failed schema: $ref: '#/definitions/CloudError' x-ms-examples: Get TcbBaselines: $ref: ./examples/Get_TcbBaselines.json description: Needs a more full description created. /certs: get: tags: - OpenID Metadata Discovery produces: - application/jwk+json - application/json summary: Microsoft Azure Retrieves The Attestation Signing Keys In Use By The Attestation Service description: >- Retrieves metadata signing certificates in use by the attestation service operationId: microsoftAzureSigningcertificatesGet responses: '200': description: Success schema: $ref: >- ../../../../../common-types/rfcs/rfc7517.json#/definitions/JSONWebKeySet default: description: Error response describing why the operation failed schema: $ref: '#/definitions/CloudError' x-ms-examples: Get Token Signing Certificates: $ref: ./examples/Get_Certs.json /.well-known/openid-configuration: get: tags: - OpenID Metadata Discovery summary: >- Microsoft Azure Retrieves The Openid Configuration Data For The Azure Attestation Service description: >- Retrieves metadata about the attestation signing keys in use by the attestation service operationId: microsoftAzureMetadataconfigurationGet responses: '200': description: Success schema: $ref: '#/definitions/OpenIDConfigurationResponse' default: description: Error response describing why the operation failed schema: $ref: '#/definitions/CloudError' x-ms-examples: Get OpenID Metadata: $ref: ./examples/Get_MetadataConfiguration.json definitions: CloudError: x-ms-external: true properties: error: $ref: '#/definitions/CloudErrorBody' description: An error response from Attestation. CloudErrorBody: x-ms-external: true properties: code: type: string description: >- An identifier for the error. Codes are invariant and are intended to be consumed programmatically. message: type: string description: >- A message describing the error, intended to be suitable for displaying in a user interface. description: An error response from Attestation. JsonWebToken: description: An RFC 7519 Json Web Token type: string pattern: '[A-Za-z0-9_-]+\.[A-Za-z0-9_-]*\.[A-Za-z0-9_-]*' externalDocs: description: JSON Web Token RFC url: https://tools.ietf.org/html/rfc7519 AttestationCertificateManagementBody: type: object description: The body of the JWT used for the PolicyCertificates APIs properties: policyCertificate: description: RFC 7517 Json Web Key describing the certificate. $ref: ../../../../../common-types/rfcs/rfc7517.json#/definitions/JSONWebKey OpenIDConfigurationResponse: type: object description: The response to the OpenID metadata description document API properties: response_types_supported: description: Types supported in the OpenID metadata API type: array items: type: string id_token_signing_alg_values_supported: description: List of the supported signing algorithms type: array items: type: string revocation_endpoint: description: Revocation endpoint type: string issuer: description: Issuer tenant base endpoint type: string jwks_uri: description: The URI to retrieve the signing keys type: string claims_supported: description: Set of claims supported by the OpenID metadata endpoint type: array items: type: string PolicyCertificatesResponse: type: object description: The response to an attestation policy management API properties: token: description: >- An RFC7519 JSON Web Token structure containing a PolicyCertificatesResults object which contains the certificates used to validate policy changes $ref: '#/definitions/JsonWebToken' PolicyCertificatesResult: type: object description: The result of a call to retrieve policy certificates. properties: x-ms-policy-certificates: description: >- SHA256 Hash of the binary representation certificate which was added or removed $ref: >- ../../../../../common-types/rfcs/rfc7517.json#/definitions/JSONWebKeySet x-ms-client-name: PolicyCertificates PolicyCertificatesModifyResponse: type: object description: The response to an attestation policy management API properties: token: description: >- An RFC7519 JSON Web Token structure whose body is a PolicyCertificatesModificationResult object. $ref: '#/definitions/JsonWebToken' PolicyCertificatesModificationResult: type: object description: The result of a policy certificate modification properties: x-ms-certificate-thumbprint: description: >- Hex encoded SHA1 Hash of the binary representation certificate which was added or removed type: string x-ms-client-name: CertificateThumbprint x-ms-policycertificates-result: description: The result of the operation type: string x-ms-client-name: CertificateResolution enum: - IsPresent - IsAbsent x-ms-enum: name: CertificateModification modelAsString: true values: - value: IsPresent description: >- After the operation was performed, the certificate is in the set of certificates. - value: IsAbsent description: >- After the operation was performed, the certificate is no longer present in the set of certificates. StoredAttestationPolicy: type: object properties: AttestationPolicy: description: Policy text to set as a sequence of UTF-8 encoded octets. type: string format: base64url TcbBaseline: type: object description: >- TEE specific Tcb baseline used in attestation, and baseline details including baseline identifier, release date and minimum required software version properties: tcbIdentifier: description: The Tcb baseline Identifier used in attestation policy type: string tcbEvaluationDataNumber: description: >- A monotonically increasing sequence number changed when Intel updates the content of the TCB evaluation data set. SGX TEE specific property type: integer format: int32 tcbReleaseDate: description: Date and time when the Tcb is released. SGX TEE specific property type: string format: date-time minimumPswLinuxVersion: description: >- Minimum Linux PSW version required to support the corresponding Tcb baseline. SGX TEE specific property type: string minimumPswWindowsVersion: description: >- Minimum Windows PSW version required to support the corresponding Tcb baseline. SGX TEE specific property type: string isSelectedTcb: description: >- The corresponding Tcb baseline is set in attestation policy and is used in attestation request if set to true type: boolean TcbBaselineResult: type: object properties: tcbBaselines: type: array description: >- A list of all Azure supported baseline details for the a TEE type along with an indication of which one is in enforced for the attestation provider items: $ref: '#/definitions/TcbBaseline' description: >- A list of all Azure supported baseline details for the a TEE type along with an indication of which one is in enforced for the attestation provider PolicyResponse: type: object description: The response to an attestation policy operation properties: token: description: >- An RFC7519 JSON Web Token structure whose body is an PolicyResult object. $ref: '#/definitions/JsonWebToken' PolicyResult: type: object description: The result of a policy certificate modification properties: x-ms-policy-result: description: The result of the operation type: string x-ms-client-name: PolicyResolution enum: - Updated - Removed x-ms-enum: name: PolicyModification modelAsString: true values: - value: Updated description: The specified policy object was updated. - value: Removed description: The specified policy object was removed. x-ms-policy-token-hash: description: The SHA256 hash of the policy object modified x-ms-client-name: PolicyTokenHash type: string format: base64url x-ms-policy-signer: description: The certificate used to sign the policy object, if specified x-ms-client-name: PolicySigner $ref: ../../../../../common-types/rfcs/rfc7517.json#/definitions/JSONWebKey x-ms-policy: description: >- A JSON Web Token containing a StoredAttestationPolicy object with the attestation policy x-ms-client-name: Policy $ref: '#/definitions/JsonWebToken' AttestationResult: type: object description: >- A Microsoft Azure Attestation response token body - the body of a response token issued by MAA properties: jti: description: Unique Identifier for the token type: string iss: description: The Principal who issued the token type: string iat: description: >- The time at which the token was issued, in the number of seconds since 1970-01-0T00:00:00Z UTC type: number exp: description: >- The expiration time after which the token is no longer valid, in the number of seconds since 1970-01-0T00:00:00Z UTC type: number nbf: description: >- The not before time before which the token cannot be considered valid, in the number of seconds since 1970-01-0T00:00:00Z UTC type: number cnf: description: An RFC 7800 Proof of Possession Key type: object nonce: description: The Nonce input to the attestation request, if provided. type: string x-ms-ver: description: 'The Schema version of this structure. Current Value: 1.0' x-ms-client-name: Version type: string x-ms-runtime: description: Runtime Claims x-ms-client-name: RuntimeClaims type: object x-ms-inittime: description: Inittime Claims x-ms-client-name: InittimeClaims type: object x-ms-policy: description: Policy Generated Claims x-ms-client-name: PolicyClaims type: object x-ms-attestation-type: description: The Attestation type being attested. x-ms-client-name: VerifierType type: string x-ms-policy-signer: description: The certificate used to sign the policy object, if specified. x-ms-client-name: PolicySigner $ref: ../../../../../common-types/rfcs/rfc7517.json#/definitions/JSONWebKey x-ms-policy-hash: description: >- The SHA256 hash of the BASE64URL encoded policy text used for attestation x-ms-client-name: PolicyHash type: string format: base64url x-ms-sgx-is-debuggable: description: True if the enclave is debuggable, false otherwise x-ms-client-name: IsDebuggable type: boolean x-ms-sgx-product-id: description: The SGX Product ID for the enclave. x-ms-client-name: ProductId type: number x-ms-sgx-mrenclave: description: The HEX encoded SGX MRENCLAVE value for the enclave. x-ms-client-name: MrEnclave type: string x-ms-sgx-mrsigner: description: The HEX encoded SGX MRSIGNER value for the enclave. x-ms-client-name: MrSigner type: string x-ms-sgx-svn: description: The SGX SVN value for the enclave. x-ms-client-name: Svn type: number x-ms-sgx-ehd: description: A copy of the RuntimeData specified as an input to the attest call. x-ms-client-name: EnclaveHeldData type: string format: base64url x-ms-sgx-collateral: description: The SGX SVN value for the enclave. x-ms-client-name: SgxCollateral type: object ver: description: 'DEPRECATED: Private Preview version of x-ms-ver claim.' x-ms-client-name: DeprecatedVersion type: string is-debuggable: description: 'DEPRECATED: Private Preview version of x-ms-sgx-is-debuggable claim.' x-ms-client-name: DeprecatedIsDebuggable type: boolean maa-attestationcollateral: description: 'DEPRECATED: Private Preview version of x-ms-sgx-collateral claim.' x-ms-client-name: DeprecatedSgxCollateral type: object aas-ehd: description: 'DEPRECATED: Private Preview version of x-ms-sgx-ehd claim.' x-ms-client-name: DeprecatedEnclaveHeldData type: string format: base64url maa-ehd: description: 'DEPRECATED: Private Preview version of x-ms-sgx-ehd claim.' x-ms-client-name: DeprecatedEnclaveHeldData2 type: string format: base64url product-id: description: 'DEPRECATED: Private Preview version of x-ms-sgx-product-id' x-ms-client-name: DeprecatedProductId type: number sgx-mrenclave: description: 'DEPRECATED: Private Preview version of x-ms-sgx-mrenclave.' x-ms-client-name: DeprecatedMrEnclave type: string sgx-mrsigner: description: 'DEPRECATED: Private Preview version of x-ms-sgx-mrsigner.' x-ms-client-name: DeprecatedMrSigner type: string svn: description: 'DEPRECATED: Private Preview version of x-ms-sgx-svn.' x-ms-client-name: DeprecatedSvn type: number tee: description: 'DEPRECATED: Private Preview version of x-ms-tee.' x-ms-client-name: DeprecatedTee type: string policy_signer: description: 'DEPRECATED: Private Preview version of x-ms-policy-signer' x-ms-client-name: DeprecatedPolicySigner $ref: ../../../../../common-types/rfcs/rfc7517.json#/definitions/JSONWebKey policy_hash: description: 'DEPRECATED: Private Preview version of x-ms-policy-hash' x-ms-client-name: DeprecatedPolicyHash type: string format: base64url rp_data: description: 'DEPRECATED: Private Preview version of nonce' x-ms-client-name: DeprecatedRpData type: string AttestationResponse: type: object description: The result of an attestation operation properties: token: description: >- An RFC 7519 JSON Web Token, the body of which is an AttestationResult object. $ref: '#/definitions/JsonWebToken' DataType: description: >- Specifies the type of the data encoded contained within the "data" field of a "RuntimeData" or "InitTimeData" object type: string enum: - Binary - JSON x-ms-enum: name: DataType modelAsString: true values: - value: Binary description: >- The field's content should be treated as binary and not interpreted by MAA. - value: JSON description: >- The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. RuntimeData: type: object description: >- Runtime data are a conduit for any information defined by the Trusted Execution Environment (TEE) when actually running. properties: data: description: >- Runtime data are generated by the Trusted Execution Environment (TEE). For an SGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must match the lower 32 bytes of the quote's "report data" attribute. For a SEV-SNP quote, the SHA256 hash of the RuntimeData must match the quote's "report data" attribute. type: string format: base64url dataType: description: The type of data contained within the "data" field $ref: '#/definitions/DataType' InitTimeData: type: object description: >- Initialization time data are a conduit for any configuration information that is unknown when building the Trusted Execution Environment (TEE) and is defined at TEE launch time. This data can be used with confidential container or VM scenarios to capture configuration settings such as disk volume content, network configuration, etc. properties: data: description: >- Initialization time data are passed into the Trusted Execution Environment (TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the InitTimeData must match the lower 32 bytes of the quote's "config id" attribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match the quote's "host data" attribute. type: string format: base64url dataType: description: The type of data contained within the "data" field $ref: '#/definitions/DataType' AttestSgxEnclaveRequest: type: object description: Attestation request for Intel SGX enclaves properties: quote: description: Quote of the enclave to be attested type: string format: base64url runtimeData: description: >- Runtime data provided by the enclave at the time of quote generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded "data" field of the runtime data. $ref: '#/definitions/RuntimeData' initTimeData: description: >- Initialization data provided when the enclave is created. MAA will verify that the init data was known to the enclave. Note that InitTimeData is invalid for CoffeeLake processors. $ref: '#/definitions/InitTimeData' draftPolicyForAttestation: description: >- Attest against the provided draft policy. Note that the resulting token cannot be validated. type: string nonce: description: >- Nonce for incoming request - emitted in the generated attestation token type: string AttestOpenEnclaveRequest: type: object description: Attestation request for Intel SGX enclaves properties: report: description: OpenEnclave report from the enclave to be attested type: string format: base64url runtimeData: description: >- Runtime data provided by the enclave at the time of report generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded "data" field of the runtime data. $ref: '#/definitions/RuntimeData' initTimeData: description: >- Base64Url encoded "InitTime data". The MAA will verify that the init data was known to the enclave. Note that InitTimeData is invalid for CoffeeLake processors. $ref: '#/definitions/InitTimeData' draftPolicyForAttestation: description: >- Attest against the provided draft policy. Note that the resulting token cannot be validated. type: string nonce: description: >- Nonce for incoming request - emitted in the generated attestation token type: string TpmAttestationRequest: type: object description: Attestation request for Trusted Platform Module (TPM) attestation. properties: data: description: Protocol data containing artifacts for attestation. type: string format: base64url TpmAttestationResponse: type: object description: Attestation response for Trusted Platform Module (TPM) attestation. properties: data: description: Protocol data containing attestation service response. type: string format: base64url AttestSevSnpVmRequest: type: object description: Attestation request for AMD SEV SNP Virtual Machine properties: report: description: >- Hardware rooted report of the virtual machine being attested along with the signing certificate chain and optionally, additional endorsements type: string runtimeData: description: >- Runtime data provided by the enclave at the time of report generation. The MAA will verify that the run time data is known to the attestation target. $ref: '#/definitions/RuntimeData' initTimeData: description: >- Initialization data provided by the enclave at the time of report generation. The MAA will verify that the init time data is known to the attestation target. $ref: '#/definitions/InitTimeData' draftPolicyForAttestation: description: >- Attest against the provided draft policy. Note that the resulting token cannot be validated. type: string nonce: description: >- Nonce for incoming request - emitted in the generated attestation token type: string parameters: ApiVersionParameter: name: api-version in: query required: true type: string description: Client API version. Current version is 2022-09-01-preview AttestationType: description: >- Specifies the trusted execution environment to be used to validate the evidence name: attestationType in: path type: string required: true x-ms-parameter-location: method x-ms-enum: name: AttestationType modelAsString: true values: - value: SgxEnclave description: Intel Software Guard eXtensions - value: OpenEnclave description: OpenEnclave extensions to SGX - value: SevSnpVm description: AMD SEV SNP Virtual Machine - value: Tpm description: Edge TPM Virtualization Based Security enum: - SgxEnclave - OpenEnclave - SevSnpVm - Tpm tags: - name: Attestation - name: OpenID Metadata Discovery - name: Policy - name: Policy Management Certificates - name: TcbBaseline