Preferred way to get raw hardware attestation?

[jjfiv]

trafficstars

Hi there, we're evaluating GCS and this tooling, and we'd like for the workload containers to be able to retrieve a raw hardware attestation with a custom nonce/runtime_data, not just a OIDC token, so that the workload can quickly have HW-based assurance that it's running an a TEE.

One possible way of doing this would be to add another endpoint to the TEE Server (e.g., something like POST /v1/attestation). Another way would be to mount the appropriate kernel devices into the container; e.g., /dev/sev-guest, etc., but the latter seems more complex.

https://github.com/google/go-tpm-tools/blob/main/launcher/teeserver/tee_server.go#L69

1. Is there a way to access raw attestations from inside the workload container that I'm missing?
2. Would this project be willing to accept a PR adding such an endpoint to the TEE Server?