Linux Security Summit North America 2025

TEE Device Interface Security Protocol (TDISP) is an industry standard that defines how to:
a) Establish trust between a Confidential VM (CVM) and a device, through attestation,
b) Secure the interconnect between the host and the device, and
c) Securely attach/detach a device interface to/from a CVM.

The main benefit of a CVM using a TDISP device vs a non-TDISP device is that the former is more performant, while still maintaining the confidentiality and integrity guarantees that Confidential Computing provides. Hence, TDISP plays a crucial part in making CVMs more performant, less expensive and, thus, easier to adopt.

An issue that currently exists with TDISP is that there is no standard way to prove that a TDISP attestation report and a platform attestation report originated from the same CVM. As a result, an attacker could replay an old TDISP attestation report with a CVM that doesn't have that TDISP device and cause a relying party to disclose secrets that wouldn't otherwise.

In this talk we would like to holistically explore this issue, the intended use cases and, finally, discuss a proposed solution using TPM NVIndex.