Skip to content

Cosmian VM

Cosmian VM are Linux-based system images preconfigured to verify Confidential VM trustworthiness and integrity at anytime. The images are based either on Ubuntu 22.04 or RHEL 9, and can then be used as regular Linux distribution on most cloud providers such as Google Cloud Platform (GCP), Microsoft Azure and Amazon Web Services (AWS).

Cosmian VM image provides the following features:

  • Confidentiality: the whole environment runs in a Trusted Execution Environment (TEE) with encrypted memory
  • Verifiability: user can verify the integrity of executables at any time and compare against a reference snapshot
  • Genericity: compatible with AMD SEV-SNP and Intel TDX in addition to TPM and vTPM
  • No code modification: no need for third party library or any specific adaptation of applications
  • Simplicity: manual configuration reduced at its bare minimum

setup flow

Threat Model

Cosmian VM is designed to secure your application against passive (honest-but-curious) and active (malicious) cloud provider staff member

The foundation of Cosmian VM relies on the following components:

  • Trusted Execution Environment (TEE) such as AMD SEV-SNP or Intel TDX for memory encryption
  • Trusted Platform Module (TPM) or vTPM (virtual TPM) to store secrets and attest the content of some memory region
  • Integrity Measurement Architecture (IMA), a Linux kernel module used to maintain a measurement log of all executables

In addition, Cosmian VM image contains the following software:

  • cosmian_vm_agent: an agent running in the confidential VM to forward attestations, collaterals (e.g. root certificates) and measurement log
  • cosmian_certtool to ease the generation of Let’s Encrypt certificates if needed
  • cosmian_fstool to ease the generation of LUKS container with secret key stored in the TPM/vTPM

Our client CLI cosmian_vm can be used to interact with cosmian_vm_agent and verify the trustworthiness of a specific instance launched with Cosmian VM as base image.


Cosmian VM image construction process can be found in the this repository:

Table of contents

Setup flow

A confidential VM is instantiated from a cloud provider platform, including Cosmian VM solution. After installing all dependencies, a snapshot of the VM is done and integrity checks can be performed on the running application, in order to verify the running code and infrastructure.

setup flow

Snapshot of the system

The snapshot of the system is a crucial step performed by cosmian_vm_agent to produce a JSON file with:

  • TEE policy
  • TPM policy
  • List of measured files and their hash digests

It’s a one-time process done before you decide to freeze the system, the content will be compared with TEE attestation, TPM/vTPM attestation and IMA measurement log to verify the trustworthiness of the remote instance.

Verification of the remote instance

Verification process of the Cosmian VM is performed using client CLI cosmian_vm which will check:

  • IMA (Integrity Measurement Architecture) measurement log with the list of executable and configuration file’s hash digest, to be compared against the snapshot
  • TPM (Trusted Platform Module) attestation of the IMA measurement log
  • TEE (Trusted Execution Environment) trustworthiness to ensure the instance is running on secure hardware using encrypted memory

simple verification flow

detailed verification flow

Cloud providers support

Cosmian VM already supports AMD SEV-SNP and Intel TDX but it might depend on the cloud provider.

Here is a list of compatibility as of March 2024:

Intel TDX Ubuntu 22.04 Ubuntu 22.04 Ubuntu 22.04
AMD SEV Ubuntu 22.04
Ubuntu 22.04
Ubuntu 22.04

Marketplace Image content

The Cosmian VM image build on the marketplaces of GCP, Azure or AWS contains four major executables:

  • cosmian_vm_agent is designed to be deployed on the Cosmian VM. It serves on demand the collaterals used to verify the trustworthiness of the Cosmian VM such as the IMA file, the TEE quote or the TPM quote
  • cosmian_certtool is designed to generate a certificate signed by Let’s Encrypt or an RATLS certificate
  • cosmian_fstool is designed to generate a LUKS container and enroll the TPM to be automatically started on reboot
  • cosmian_vm is a CLI designed to be used on your own host. It queries the cosmian_vm_agent in order to get the collaterals used to verify the trustworthiness of the Cosmian VM

This image:

  • contains the fully configured IMA
  • contains the fully configured SELinux
  • disables the auto-update (to avoid any modification of the Cosmian VM after having snapshoted it)
  • contains the fully configured cosmian_vm_agent

This is a abstract of the updated file tree:

├── etc
│   ├── apt
│   │    └── apt.conf.d
│   │       └── 10periodic
│   ├── cosmian_vm
│   │   └── agent.toml
│   ├── default
│   │   └── grub
│   ├── ima
│   │   └── ima-policy
│   └── systemd
│       └── system
│           └── cosmian_vm_agent.service
├── usr
│   └── sbin
│       ├── cosmian_certtool
│       ├── cosmian_fstool
│       └── cosmian_vm_agent
└── var
    └── lib
        └── cosmian_vm
            ├── container   <--- LUKS container
            ├── tmp
            └── data        <--- LUKS container mounted
                ├── cert.pem
                └── cert.key

© Copyright 2018-2024 Cosmian. All rights reserved.