Hardware-secured remote attestation is essential to establishing trust in the integrity of confidential virtual machines (cVMs), but is difficult to use in practice because verifying attestation evidence requires the use of hardware-specific cryptographic logic. This increases both maintenance costs and the verifiers' trusted computing base. We introduce the concept of self-verifying remote attestation evidence. Each attestation bundle identifies its verification logic in the form of a WebAssembly component that is downloaded by the verifier and executed. This approach transforms evidence verification into a platform-agnostic functionality that is implemented once for all platforms: the verifier measures the verification logic and then executes it to validate the evidence. As a result, verifiers can validate attestation evidence without any platform-specific code; the verification logic is just another measurement whose reference value can be checked with existing mechanisms. We implement this concept as TrustMee, a platform-agnostic verification driver for the Trustee framework. We demonstrate its functionality with self-verifying evidence for AMD SEV-SNP, Intel TDX, and Intel SGX attestations, producing attestation claims in the standard Entity Attestation Token (EAT) format.

翻译：硬件安全远程证明是建立对机密虚拟机（cVM）完整性信任的关键，但在实际使用中困难重重，因为验证证明证据需要使用硬件特定的密码逻辑。这既增加了维护成本，也扩大了验证者的可信计算基。我们提出自验证远程证明证据的概念。每个证明包将其验证逻辑以WebAssembly组件形式标识，由验证者下载并执行。该方法将证据验证转化为与平台无关的功能，可一次性为所有平台实现：验证者度量验证逻辑并执行以验证证据。因此，验证者无需任何平台特定代码即可验证证明证据；验证逻辑本身即为另一个度量，其参考值可通过现有机制校验。我们以TrustMee实现这一概念——一个面向Trustee框架的平台无关验证驱动。我们通过AMD SEV-SNP、Intel TDX和Intel SGX证明的自验证证据展示了其功能，并生成标准实体证明令牌（EAT）格式的证明声明。