![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 7.000000000000001%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Developer technologies | C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 21%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENV%3C/text%3E%3C/svg%3E)
Hello @PThanh ,
Thanks for your question.
You can’t directly verify Secure Boot from C# by calling Azure Attestation alone. Azure Attestation only works if your app can first collect TPM attestation evidence from the PC (a TPM quote + measured boot log). Then Azure Attestation checks that evidence against a policy and returns a signed result token.
You can refer to the following flow:
- PC creates “proof” The PC (Windows + TPM) creates proof that includes:
- TPM quote (signed by TPM)
- PCR values (numbers that represent boot measurements)
- Measured Boot Log / Event Log (what was measured during boot)
- Send proof to Azure Attestation Your C# app sends that proof to your Azure Attestation Provider endpoint.
- Azure Attestation returns a result Azure returns an attestation token (JWT) that is signed by Azure. Your app verifies the JWT and checks the claims
I hope this addresses your question. If this response was helpful, please consider following the guidance to provide feedback.
