We are announcing the preview of the disk integrity tool for confidential VMs. The disk integrity tool is built on top of the existing confidential VM flow and enables you to measure and attest that your OS disk is launched as expected.
This tooling comes as an Azure CLI extension, that organizations can install in their own trusted environment, run a few simple commands, and integrity protect the root/system partition of their disk. After the confidential VM boots with the integrity protected disk, users can cryptographically attest that OS disk’s root/system partition contents are secure and as expected before processing any confidential workloads. This helps to complete the attestation story from the hardware layer to the application layer in a confidential VM.
To learn more and sign up for the preview, read the blog.