Install the Ubuntu 20.04 UEFI vagrant box.
Install the Windows 2022 UEFI vagrant box.
Install the swtpm packages as described in swtpm-vagrant.
Start the environment then do a self-test attestation:
# start the server.
time vagrant up --provider=libvirt --no-destroy-on-error --no-tty server
# start the ubuntu client.
time vagrant up --provider=libvirt --no-destroy-on-error --no-tty client0
# enter the envirment.
vagrant ssh client0
# switch to root.
sudo -i
# show information about the tpm.
attest-tool info
# show the swtpm root ca certificate (this signs the swtpm ca).
openssl x509 -noout -text -in /opt/swtpm-localca/swtpm-localca-rootca-cert.pem
# show the swtpm ca intermediate certificate (this signs the tpm ek).
openssl x509 -noout -text -in /opt/swtpm-localca/swtpm-localca-cert.pem
# list the tpm endorsement keys (ek) certificates.
attest-tool list-eks | openssl x509 -noout -text
# do a self-test attestation.
attest-tool self-testAccess the server page to see the known clients:
Click one of the clients to go to its Remove Attestation page.
Click the "Start Remote Attestation" button and go through the remote attestation steps.