https://github.com/lockboot/vaportpm

Rust library for cloud instance attestation. Verify workloads are running on genuine AWS Nitro or GCP Confidential VMs via provider-signed trust chains. Zero C dependencies.
https://github.com/lockboot/vaportpm

attestation aws-nitro confidential-vm rust tpm2 trusted-computing vtpm

Last synced: 4 days ago
JSON representation

Rust library for cloud instance attestation. Verify workloads are running on genuine AWS Nitro or GCP Confidential VMs via provider-signed trust chains. Zero C dependencies.

• Host: GitHub
• URL: https://github.com/lockboot/vaportpm
• Owner: lockboot
• Created: 2026-02-01T08:27:30.000Z (2 months ago)
• Default Branch: main
• Last Pushed: 2026-02-03T15:42:29.000Z (2 months ago)
• Last Synced: 2026-02-03T19:35:30.149Z (2 months ago)
• Topics: attestation, aws-nitro, confidential-vm, rust, tpm2, trusted-computing, vtpm
• Language: Rust
• Homepage:
• Size: 114 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 1
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# v[apor]TPM

**Cloud vTPM attestation library for Rust. Zero C dependencies.**

> What does the "v" in vTPM stand for?

Physical TPM trust is vapor. It evaporates under scrutiny - supply chain attacks, firmware vulnerabilities, the whole theater. The only meaningful TPM trust lives in cloud vTPMs, where the hypervisor **is** the root of trust. The "v" always stood for vapor. Everyone just forgot.

## Crates

| Crate | Description |

|-------|-------------|

| [vaportpm-attest](./crates/vaportpm-attest/) | Generate attestations - talks to TPM |

| [vaportpm-verify](./crates/vaportpm-verify/) | Verify attestations - no TPM needed |

## Trust Model

The verifier handles **cryptographic verification**:

- Validates signatures and certificate chains

- Identifies the cloud provider via embedded root CA hashes

You handle **policy decisions**:

- Do the PCR values match known-good measurements?

- Is the nonce fresh (replay protection)?

## Supported Platforms

| Platform | Status | Trust Anchor |

|----------|--------|--------------|

| AWS EC2 with Nitro v4+ | ✅ Working | Nitro Root CA |

| GCP Confidential VM | ✅ Working | Google EK/AK CA Root |

| Azure Trusted Launch | 🔜 Planned | Microsoft AK certificate |

Please note that GCP 'Shielded VM' with vTPM isn't enough, a 'Confidential VM' is necessary as Google doesn't provision AK certificates without that feature enabled (be it Intel TDX or AMD SEV)

## Quick Start

### Generate Attestation (on cloud instance)

```rust

use vaportpm_attest::attest;

let json = attest(b"challenge-nonce")?;

// Send json to verifier

```

### Verify Attestation (anywhere)

```rust

use vaportpm_verify::verify_attestation_json;

let result = verify_attestation_json(&json)?;

// Verification succeeded - attestation is from a supported cloud provider

println!("Provider: {:?}", result.provider);

println!("PCRs: {:?}", result.pcrs);

```

## License

MIT OR Apache-2.0