diff --git a/.devcontainer/.gitconfig b/.devcontainer/.gitconfig
index a139bc2..f95ac92 100644
--- a/.devcontainer/.gitconfig
+++ b/.devcontainer/.gitconfig
@@ -1,3 +1,3 @@
 [user]
-	name = grydz
-	email = grydz@pm.me
+    name = grydz
+    email = grydz@pm.me
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
index 23302de..6c292d7 100644
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,5 +1,8 @@
 FROM ghcr.io/cosmian/intel-sgx:2.25
 
+LABEL Name="tee-tools-devcontainer"
+LABEL Version="dev"
+
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
 
 ENV PATH="/root/.cargo/bin:${PATH}"
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index fa30227..86f8139 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -5,11 +5,8 @@
   "customizations": {
     "vscode": {
       "settings": {},
-      "extensions": [
-        "rust-lang.rust-analyzer",
-        "fill-labs.dependi"
-      ]
+      "extensions": ["rust-lang.rust-analyzer", "fill-labs.dependi"]
     }
   },
   "remoteUser": "root"
-}
\ No newline at end of file
+}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 33967c2..265f1ad 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -123,20 +123,8 @@ repos:
         # avoid clash with `double-quote-string-fixer`
         args: [--skip-string-normalization]
 
-  - repo: https://github.com/Cube707/mkdocs
-    rev: e8733d1373c1543d6052925d3272b2ff51dbb140
-    hooks:
-      - id: mkdocs-build
-        additional_dependencies:
-          - mkdocs-plugin-progress
-          - mkdocs-kroki-plugin
-          - mkdocs-material
-          - mkdocs-meta-descriptions-plugin
-          - markdown-katex
-        entry: bash -c 'cd documentation && mkdocs build --strict'
-
   - repo: https://github.com/Cosmian/git-hooks.git
-    rev: v1.0.20
+    rev: v1.0.42
     hooks:
       - id: cargo-format
       # - id: dprint-toml-fix
@@ -144,15 +132,15 @@ repos:
       # - id: cargo-update
       - id: cargo-machete
       - id: cargo-tests-all
-      - id: cargo-outdated
-      - id: clippy-autofix-all
-      - id: clippy-autofix-pedantic
-      - id: clippy-autofix-others
+      - id: nightly-clippy-autofix-unreachable-pub
+      - id: nightly-clippy-autofix-all-targets-all-features
+      - id: nightly-clippy-autofix-all-targets
       - id: clippy-all-targets-all-features
-      - id: cargo-format # in last due to clippy fixes
+      - id: clippy-all-targets
+      - id: cargo-format # in last du to clippy fixes
 
   - repo: https://github.com/EmbarkStudios/cargo-deny
-    rev: 0.14.16 # choose your preferred tag
+    rev: 0.19.0 # choose your preferred tag
     hooks:
       - id: cargo-deny
         args: ["--all-features", "check"] # optionally modify the arguments for cargo-deny (default arguments shown here)
diff --git a/Cargo.lock b/Cargo.lock
index 7cf5e8e..ddf3efb 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4,18 +4,18 @@ version = 4
 
 [[package]]
 name = "addr2line"
-version = "0.21.0"
+version = "0.25.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a30b2e23b9e17a9f90641c7ab1549cd9b44f296d3ccbf309d2863cfe398a0cb"
+checksum = "1b5d307320b3181d6d7954e663bd7c774a838b8220fe0593c86d9fb09f498b4b"
 dependencies = [
  "gimli",
 ]
 
 [[package]]
-name = "adler"
-version = "1.0.2"
+name = "adler2"
+version = "2.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
+checksum = "320119579fcad9c21884f5c4861d16174d0e06250625266f50fe6898340abefa"
 
 [[package]]
 name = "aho-corasick"
@@ -41,15 +41,6 @@ dependencies = [
  "libc",
 ]
 
-[[package]]
-name = "ansi_term"
-version = "0.12.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2"
-dependencies = [
- "winapi",
-]
-
 [[package]]
 name = "anstream"
 version = "0.6.14"
@@ -99,12 +90,6 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
-[[package]]
-name = "anyhow"
-version = "1.0.83"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "25bdb32cbbdce2b519a9cd7df3a678443100e265d5e25ca763b7572a5104f5f3"
-
 [[package]]
 name = "array-init"
 version = "0.0.4"
@@ -114,18 +99,6 @@ dependencies = [
  "nodrop",
 ]
 
-[[package]]
-name = "arrayref"
-version = "0.3.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6b4930d2cb77ce62f89ee5d5289b4ac049559b1c45539271f5ed4fdc7db34545"
-
-[[package]]
-name = "arrayvec"
-version = "0.7.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711"
-
 [[package]]
 name = "asn1"
 version = "0.21.0"
@@ -148,7 +121,7 @@ dependencies = [
  "nom",
  "num-traits",
  "rusticata-macros",
- "thiserror 2.0.12",
+ "thiserror",
  "time",
 ]
 
@@ -187,15 +160,10 @@ dependencies = [
 ]
 
 [[package]]
-name = "atty"
-version = "0.2.14"
+name = "atomic-waker"
+version = "1.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8"
-dependencies = [
- "hermit-abi",
- "libc",
- "winapi",
-]
+checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0"
 
 [[package]]
 name = "autocfg"
@@ -208,33 +176,30 @@ name = "azure_cvm"
 version = "1.6.2"
 dependencies = [
  "base64 0.22.1",
- "bincode",
- "jose-jwk",
- "memoffset",
  "reqwest",
  "serde",
  "serde-big-array",
  "serde_json",
  "sev",
  "sha2",
- "thiserror 2.0.12",
+ "thiserror",
  "tss-esapi",
  "zerocopy",
 ]
 
 [[package]]
 name = "backtrace"
-version = "0.3.71"
+version = "0.3.76"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "26b05800d2e817c8b3b4b54abd461726265fa9789ae34330622f2db9ee696f9d"
+checksum = "bb531853791a215d7c62a30daf0dde835f381ab5de4589cfe7c649d2cbe92bd6"
 dependencies = [
  "addr2line",
- "cc",
  "cfg-if",
  "libc",
  "miniz_oxide",
  "object",
  "rustc-demangle",
+ "windows-link",
 ]
 
 [[package]]
@@ -261,44 +226,26 @@ version = "1.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
 
-[[package]]
-name = "bincode"
-version = "1.3.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad"
-dependencies = [
- "serde",
-]
-
 [[package]]
 name = "bindgen"
-version = "0.59.2"
+version = "0.70.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2bd2a9a458e8f4304c52c43ebb0cfbd520289f8379a52e329a38afda99bf8eb8"
+checksum = "f49d8fed880d473ea71efb9bf597651e77201bdd4893efe54c9e5d65ae04ce6f"
 dependencies = [
- "bitflags 1.3.2",
+ "bitflags",
  "cexpr",
  "clang-sys",
- "clap",
- "env_logger 0.9.3",
- "lazy_static",
- "lazycell",
+ "itertools",
  "log",
- "peeking_take_while",
+ "prettyplease",
  "proc-macro2",
  "quote",
  "regex",
  "rustc-hash 1.1.0",
  "shlex",
- "which",
+ "syn",
 ]
 
-[[package]]
-name = "binstring"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7e0d60973d9320722cb1206f412740e162a33b8547ea8d6be75d7cff237c7a85"
-
 [[package]]
 name = "bitfield"
 version = "0.14.0"
@@ -307,32 +254,29 @@ checksum = "2d7e60934ceec538daadb9d8432424ed043a904d8e0243f3c6446bce549a46ac"
 
 [[package]]
 name = "bitfield"
-version = "0.15.0"
+version = "0.19.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c821a6e124197eb56d907ccc2188eab1038fb919c914f47976e64dd8dbc855d1"
+checksum = "21ba6517c6b0f2bf08be60e187ab64b038438f22dd755614d8fe4d4098c46419"
+dependencies = [
+ "bitfield-macros",
+]
 
 [[package]]
-name = "bitflags"
-version = "1.3.2"
+name = "bitfield-macros"
+version = "0.19.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
+checksum = "f48d6ace212fdf1b45fd6b566bb40808415344642b76c3224c07c8df9da81e97"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
 
 [[package]]
 name = "bitflags"
-version = "2.5.0"
+version = "2.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1"
-
-[[package]]
-name = "blake2b_simd"
-version = "1.0.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "23285ad32269793932e830392f2fe2f83e26488fd3ec778883a93c8323735780"
-dependencies = [
- "arrayref",
- "arrayvec",
- "constant_time_eq",
-]
+checksum = "812e12b5285cc515a9c72a5c1d3b6d46a19dac5acfef5265968c166106e31dd3"
 
 [[package]]
 name = "block-buffer"
@@ -357,9 +301,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
 
 [[package]]
 name = "bytes"
-version = "1.10.1"
+version = "1.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a"
+checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33"
 
 [[package]]
 name = "cc"
@@ -416,38 +360,6 @@ dependencies = [
  "libloading",
 ]
 
-[[package]]
-name = "clap"
-version = "2.34.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c"
-dependencies = [
- "ansi_term",
- "atty",
- "bitflags 1.3.2",
- "strsim",
- "textwrap",
- "unicode-width",
- "vec_map",
-]
-
-[[package]]
-name = "coarsetime"
-version = "0.1.34"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "13b3839cf01bb7960114be3ccf2340f541b6d0c81f8690b007b2b39f750f7e5d"
-dependencies = [
- "libc",
- "wasix",
- "wasm-bindgen",
-]
-
-[[package]]
-name = "codicon"
-version = "3.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "12170080f3533d6f09a19f81596f836854d0fa4867dc32c8172b8474b4e9de61"
-
 [[package]]
 name = "colorchoice"
 version = "1.0.1"
@@ -460,12 +372,6 @@ version = "0.9.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
 
-[[package]]
-name = "constant_time_eq"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f7144d30dcf0fafbce74250a3963025d8d52177934239851c917d29f1df280c2"
-
 [[package]]
 name = "core-foundation-sys"
 version = "0.8.6"
@@ -503,12 +409,6 @@ dependencies = [
  "typenum",
 ]
 
-[[package]]
-name = "ct-codecs"
-version = "1.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f3b7eb4404b8195a9abb6356f4ac07d8ba267045c8d6d220ac4dc992e6cc75df"
-
 [[package]]
 name = "data-encoding"
 version = "2.6.0"
@@ -576,23 +476,23 @@ dependencies = [
 
 [[package]]
 name = "dirs"
-version = "5.0.1"
+version = "6.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "44c45a9d03d6676652bcb5e724c7e988de1acad23a711b5217ab9cbecbec2225"
+checksum = "c3e8aa94d75141228480295a7d0e7feb620b1a5ad9f12bc40be62411e38cce4e"
 dependencies = [
  "dirs-sys",
 ]
 
 [[package]]
 name = "dirs-sys"
-version = "0.4.1"
+version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "520f05a5cbd335fae5a99ff7a6ab8627577660ee5cfd6a94a6a929b52ff0321c"
+checksum = "e01a3366d27ee9890022452ee61b2b63a67e6f13f58900b651ff5665f0bb1fab"
 dependencies = [
  "libc",
  "option-ext",
  "redox_users",
- "windows-sys 0.48.0",
+ "windows-sys 0.60.2",
 ]
 
 [[package]]
@@ -621,16 +521,6 @@ dependencies = [
  "spki",
 ]
 
-[[package]]
-name = "ed25519-compact"
-version = "2.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e9b3460f44bea8cd47f45a0c70892f1eff856d97cd55358b2f73f663789f6190"
-dependencies = [
- "ct-codecs",
- "getrandom",
-]
-
 [[package]]
 name = "either"
 version = "1.12.0"
@@ -649,7 +539,6 @@ dependencies = [
  "ff",
  "generic-array",
  "group",
- "hkdf",
  "pem-rfc7468",
  "pkcs8",
  "rand_core",
@@ -688,19 +577,6 @@ dependencies = [
  "regex",
 ]
 
-[[package]]
-name = "env_logger"
-version = "0.9.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a12e6657c4c97ebab115a42dcee77225f7f482cdd841cf7088c657a42e9e00e7"
-dependencies = [
- "atty",
- "humantime",
- "log",
- "regex",
- "termcolor",
-]
-
 [[package]]
 name = "env_logger"
 version = "0.11.3"
@@ -720,16 +596,6 @@ version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5"
 
-[[package]]
-name = "errno"
-version = "0.3.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba"
-dependencies = [
- "libc",
- "windows-sys 0.52.0",
-]
-
 [[package]]
 name = "ff"
 version = "0.13.0"
@@ -752,6 +618,21 @@ version = "1.0.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
 
+[[package]]
+name = "foreign-types"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
+dependencies = [
+ "foreign-types-shared",
+]
+
+[[package]]
+name = "foreign-types-shared"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
+
 [[package]]
 name = "form_urlencoded"
 version = "1.2.1"
@@ -837,9 +718,9 @@ dependencies = [
 
 [[package]]
 name = "gimli"
-version = "0.28.1"
+version = "0.32.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253"
+checksum = "e629b9b98ef3dd8afe6ca2bd0f89306cec16d43d907889945bc5d6687f2f13c7"
 
 [[package]]
 name = "glob"
@@ -864,15 +745,6 @@ version = "0.14.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1"
 
-[[package]]
-name = "hermit-abi"
-version = "0.1.19"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33"
-dependencies = [
- "libc",
-]
-
 [[package]]
 name = "hex"
 version = "0.4.3"
@@ -900,39 +772,6 @@ dependencies = [
  "digest",
 ]
 
-[[package]]
-name = "hmac-sha1-compact"
-version = "1.1.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dff9d405ec732fa3fcde87264e54a32a84956a377b3e3107de96e59b798c84a7"
-
-[[package]]
-name = "hmac-sha256"
-version = "1.1.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3688e69b38018fec1557254f64c8dc2cc8ec502890182f395dbb0aa997aa5735"
-dependencies = [
- "digest",
-]
-
-[[package]]
-name = "hmac-sha512"
-version = "1.1.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e4ce1f4656bae589a3fab938f9f09bf58645b7ed01a2c5f8a3c238e01a4ef78a"
-dependencies = [
- "digest",
-]
-
-[[package]]
-name = "home"
-version = "0.5.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5"
-dependencies = [
- "windows-sys 0.52.0",
-]
-
 [[package]]
 name = "hostname-validator"
 version = "1.1.1"
@@ -987,18 +826,20 @@ checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4"
 
 [[package]]
 name = "hyper"
-version = "1.6.0"
+version = "1.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cc2b571658e38e0c01b1fdca3bbbe93c00d3d71693ff2770043f8c29bc7d6f80"
+checksum = "2ab2d4f250c3d7b1c9fcdff1cece94ea4e2dfbec68614f7b87cb205f24ca9d11"
 dependencies = [
+ "atomic-waker",
  "bytes",
  "futures-channel",
- "futures-util",
+ "futures-core",
  "http",
  "http-body",
  "httparse",
  "itoa",
  "pin-project-lite",
+ "pin-utils",
  "smallvec 1.13.2",
  "tokio",
  "want",
@@ -1019,23 +860,28 @@ dependencies = [
  "tokio",
  "tokio-rustls",
  "tower-service",
- "webpki-roots",
+ "webpki-roots 0.26.8",
 ]
 
 [[package]]
 name = "hyper-util"
-version = "0.1.10"
+version = "0.1.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "df2dcfbe0677734ab2f3ffa7fa7bfd4706bfdc1ef393f2ee30184aed67e631b4"
+checksum = "727805d60e7938b76b826a6ef209eb70eaa1812794f9424d4a4e2d740662df5f"
 dependencies = [
+ "base64 0.22.1",
  "bytes",
  "futures-channel",
+ "futures-core",
  "futures-util",
  "http",
  "http-body",
  "hyper",
+ "ipnet",
+ "libc",
+ "percent-encoding",
  "pin-project-lite",
- "socket2",
+ "socket2 0.6.1",
  "tokio",
  "tower-service",
  "tracing",
@@ -1213,6 +1059,17 @@ dependencies = [
  "hashbrown",
 ]
 
+[[package]]
+name = "io-uring"
+version = "0.7.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fdd7bddefd0a8833b88a4b68f90dae22c7450d11b354198baee3874fd811b344"
+dependencies = [
+ "bitflags",
+ "cfg-if",
+ "libc",
+]
+
 [[package]]
 name = "iocuddle"
 version = "0.1.1"
@@ -1226,67 +1083,35 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8f518f335dce6725a761382244631d86cf0ccb2863413590b31338feb467f9c3"
 
 [[package]]
-name = "is_terminal_polyfill"
-version = "1.70.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f8478577c03552c21db0e2724ffb8986a5ce7af88107e6be5d2ee6e158c12800"
-
-[[package]]
-name = "itoa"
-version = "1.0.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b"
-
-[[package]]
-name = "jose-b64"
-version = "0.1.2"
+name = "iri-string"
+version = "0.7.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bec69375368709666b21c76965ce67549f2d2db7605f1f8707d17c9656801b56"
+checksum = "c91338f0783edbd6195decb37bae672fd3b165faffb89bf7b9e6942f8b1a731a"
 dependencies = [
- "base64ct",
+ "memchr",
  "serde",
- "serde_json",
- "subtle",
- "zeroize",
 ]
 
 [[package]]
-name = "jose-jwa"
-version = "0.1.2"
+name = "is_terminal_polyfill"
+version = "1.70.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9ab78e053fe886a351d67cf0d194c000f9d0dcb92906eb34d853d7e758a4b3a7"
-dependencies = [
- "serde",
-]
+checksum = "f8478577c03552c21db0e2724ffb8986a5ce7af88107e6be5d2ee6e158c12800"
 
 [[package]]
-name = "jose-jwk"
-version = "0.1.2"
+name = "itertools"
+version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "280fa263807fe0782ecb6f2baadc28dffc04e00558a58e33bfdb801d11fd58e7"
+checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186"
 dependencies = [
- "jose-b64",
- "jose-jwa",
- "p256",
- "p384",
- "rsa",
- "serde",
- "zeroize",
+ "either",
 ]
 
 [[package]]
-name = "jose-jws"
-version = "0.1.2"
+name = "itoa"
+version = "1.0.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1b5d49df4f553a811aa2e378155ade5c7aac0f410086d3010faca127417c1c26"
-dependencies = [
- "jose-b64",
- "jose-jwa",
- "jose-jwk",
- "rand_core",
- "serde",
- "serde_json",
-]
+checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b"
 
 [[package]]
 name = "js-sys"
@@ -1299,43 +1124,18 @@ dependencies = [
 ]
 
 [[package]]
-name = "jwt-simple"
-version = "0.12.9"
+name = "jsonwebtoken"
+version = "9.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "094661f5aad510abe2658bff20409e89046b753d9dc2d4007f5c100b6d982ba0"
+checksum = "5a87cc7a48537badeae96744432de36f4be2b4a34a05a5ef32e9dd8a1c169dde"
 dependencies = [
- "anyhow",
- "binstring",
- "blake2b_simd",
- "coarsetime",
- "ct-codecs",
- "ed25519-compact",
- "hmac-sha1-compact",
- "hmac-sha256",
- "hmac-sha512",
- "k256",
- "p256",
- "p384",
- "rand",
+ "base64 0.22.1",
+ "js-sys",
+ "pem",
+ "ring",
  "serde",
  "serde_json",
- "superboring",
- "thiserror 1.0.60",
- "zeroize",
-]
-
-[[package]]
-name = "k256"
-version = "0.13.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "956ff9b67e26e1a6a866cb758f12c6f8746208489e3e4a4b5580802f2f0a587b"
-dependencies = [
- "cfg-if",
- "ecdsa",
- "elliptic-curve",
- "once_cell",
- "sha2",
- "signature",
+ "simple_asn1",
 ]
 
 [[package]]
@@ -1343,21 +1143,12 @@ name = "lazy_static"
 version = "1.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
-dependencies = [
- "spin",
-]
-
-[[package]]
-name = "lazycell"
-version = "1.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
 
 [[package]]
 name = "libc"
-version = "0.2.170"
+version = "0.2.180"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "875b3680cb2f8f71bdcf9a30f38d48282f5d3c95cbf9b3fa57269bb5d5c06828"
+checksum = "bcc35a38544a891a5f7c865aca548a982ccb3b8650a5b06d0fd33a10283c56fc"
 
 [[package]]
 name = "libloading"
@@ -1369,28 +1160,16 @@ dependencies = [
  "windows-targets 0.52.6",
 ]
 
-[[package]]
-name = "libm"
-version = "0.2.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058"
-
 [[package]]
 name = "libredox"
 version = "0.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d"
 dependencies = [
- "bitflags 2.5.0",
+ "bitflags",
  "libc",
 ]
 
-[[package]]
-name = "linux-raw-sys"
-version = "0.4.14"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"
-
 [[package]]
 name = "litemap"
 version = "0.7.5"
@@ -1409,25 +1188,23 @@ version = "1.6.2"
 dependencies = [
  "base64 0.22.1",
  "hex",
- "jose-jwk",
- "jose-jws",
- "jwt-simple",
+ "jsonwebtoken",
  "pem",
+ "rand",
  "reqwest",
- "rsa",
  "serde",
  "serde_json",
- "thiserror 2.0.12",
+ "thiserror",
  "x509-cert",
 ]
 
 [[package]]
 name = "matchers"
-version = "0.1.0"
+version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8263075bb86c5a1b1427b5ae862e8889656f126e9f77c484496e8b47cf5c5558"
+checksum = "d1525a2a28c7f4fa0fc98bb91ae755d1e2d1505079e05539e35bc876b5d65ae9"
 dependencies = [
- "regex-automata 0.1.10",
+ "regex-automata",
 ]
 
 [[package]]
@@ -1452,21 +1229,6 @@ version = "2.7.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d"
 
-[[package]]
-name = "memoffset"
-version = "0.9.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "488016bfae457b036d996092f6cb448677611ce4449e970ceaf42695203f218a"
-dependencies = [
- "autocfg",
-]
-
-[[package]]
-name = "mime"
-version = "0.3.17"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"
-
 [[package]]
 name = "minimal-lexical"
 version = "0.2.1"
@@ -1475,11 +1237,11 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
 
 [[package]]
 name = "miniz_oxide"
-version = "0.7.2"
+version = "0.8.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9d811f3e15f28568be3407c8e7fdb6514c1cda3cb30683f15b6a1a1dc4ea14a7"
+checksum = "1fa76a2c86f704bdb222d66965fb3d63269ce38518b83cb0575fca855ebb6316"
 dependencies = [
- "adler",
+ "adler2",
 ]
 
 [[package]]
@@ -1499,7 +1261,7 @@ version = "0.29.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46"
 dependencies = [
- "bitflags 2.5.0",
+ "bitflags",
  "cfg-if",
  "cfg_aliases",
  "libc",
@@ -1523,12 +1285,11 @@ dependencies = [
 
 [[package]]
 name = "nu-ansi-term"
-version = "0.46.0"
+version = "0.50.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "77a8165726e8236064dbb45459242600304b42a5ea24ee2948e18e023bf7ba84"
+checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5"
 dependencies = [
- "overload",
- "winapi",
+ "windows-sys 0.60.2",
 ]
 
 [[package]]
@@ -1541,23 +1302,6 @@ dependencies = [
  "num-traits",
 ]
 
-[[package]]
-name = "num-bigint-dig"
-version = "0.8.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dc84195820f291c7697304f3cbdadd1cb7199c0efc917ff5eafd71225c136151"
-dependencies = [
- "byteorder",
- "lazy_static",
- "libm",
- "num-integer",
- "num-iter",
- "num-traits",
- "rand",
- "smallvec 1.13.2",
- "zeroize",
-]
-
 [[package]]
 name = "num-conv"
 version = "0.1.0"
@@ -1584,17 +1328,6 @@ dependencies = [
  "num-traits",
 ]
 
-[[package]]
-name = "num-iter"
-version = "0.1.45"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf"
-dependencies = [
- "autocfg",
- "num-integer",
- "num-traits",
-]
-
 [[package]]
 name = "num-traits"
 version = "0.2.19"
@@ -1602,14 +1335,13 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841"
 dependencies = [
  "autocfg",
- "libm",
 ]
 
 [[package]]
 name = "object"
-version = "0.32.2"
+version = "0.37.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441"
+checksum = "ff76201f031d8863c38aa7f905eca4f53abbfa15f609db4277d44cd8938f33fe"
 dependencies = [
  "memchr",
 ]
@@ -1638,18 +1370,50 @@ version = "1.19.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92"
 
+[[package]]
+name = "openssl"
+version = "0.10.75"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "08838db121398ad17ab8531ce9de97b244589089e290a384c900cb9ff7434328"
+dependencies = [
+ "bitflags",
+ "cfg-if",
+ "foreign-types",
+ "libc",
+ "once_cell",
+ "openssl-macros",
+ "openssl-sys",
+]
+
+[[package]]
+name = "openssl-macros"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "openssl-sys"
+version = "0.9.111"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "82cab2d520aa75e3c58898289429321eb788c3106963d0dc886ec7a5f4adc321"
+dependencies = [
+ "cc",
+ "libc",
+ "pkg-config",
+ "vcpkg",
+]
+
 [[package]]
 name = "option-ext"
 version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "04744f49eae99ab78e0d5c0b603ab218f515ea8cfe5a456d7629ad883a3b6e7d"
 
-[[package]]
-name = "overload"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"
-
 [[package]]
 name = "p256"
 version = "0.13.2"
@@ -1662,35 +1426,17 @@ dependencies = [
  "sha2",
 ]
 
-[[package]]
-name = "p384"
-version = "0.13.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "70786f51bcc69f6a4c0360e063a4cac5419ef7c5cd5b3c99ad70f3be5ba79209"
-dependencies = [
- "ecdsa",
- "elliptic-curve",
- "primeorder",
- "sha2",
-]
-
 [[package]]
 name = "pccs_client"
 version = "1.6.2"
 dependencies = [
  "hex",
  "reqwest",
- "thiserror 2.0.12",
+ "thiserror",
  "urlencoding",
  "x509-cert",
 ]
 
-[[package]]
-name = "peeking_take_while"
-version = "0.1.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099"
-
 [[package]]
 name = "pem"
 version = "3.0.4"
@@ -1763,17 +1509,6 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
 
-[[package]]
-name = "pkcs1"
-version = "0.7.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f"
-dependencies = [
- "der",
- "pkcs8",
- "spki",
-]
-
 [[package]]
 name = "pkcs8"
 version = "0.10.2"
@@ -1802,6 +1537,16 @@ version = "0.2.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
 
+[[package]]
+name = "prettyplease"
+version = "0.2.34"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6837b9e10d61f45f987d50808f83d1ee3d206c66acf650c3e4ae2e1f6ddedf55"
+dependencies = [
+ "proc-macro2",
+ "syn",
+]
+
 [[package]]
 name = "primeorder"
 version = "0.13.6"
@@ -1832,8 +1577,8 @@ dependencies = [
  "quinn-udp",
  "rustc-hash 2.1.1",
  "rustls",
- "socket2",
- "thiserror 2.0.12",
+ "socket2 0.5.7",
+ "thiserror",
  "tokio",
  "tracing",
 ]
@@ -1852,7 +1597,7 @@ dependencies = [
  "rustls",
  "rustls-pki-types",
  "slab",
- "thiserror 2.0.12",
+ "thiserror",
  "tinyvec",
  "tracing",
  "web-time",
@@ -1867,16 +1612,16 @@ dependencies = [
  "cfg_aliases",
  "libc",
  "once_cell",
- "socket2",
+ "socket2 0.5.7",
  "tracing",
  "windows-sys 0.52.0",
 ]
 
 [[package]]
 name = "quote"
-version = "1.0.36"
+version = "1.0.43"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7"
+checksum = "dc74d9a594b72ae6656596548f56f667211f8a97b3d4c3d467150794690dc40a"
 dependencies = [
  "proc-macro2",
 ]
@@ -1924,20 +1669,29 @@ dependencies = [
  "sha2",
  "spki",
  "tee_attestation",
- "thiserror 2.0.12",
+ "thiserror",
  "x509-cert",
  "x509-parser",
 ]
 
+[[package]]
+name = "rdrand"
+version = "0.8.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d92195228612ac8eed47adbc2ed0f04e513a4ccb98175b6f2bd04d963b533655"
+dependencies = [
+ "rand_core",
+]
+
 [[package]]
 name = "redox_users"
-version = "0.4.5"
+version = "0.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bd283d9651eeda4b2a83a43c1c91b266c40fd76ecd39a50a8c630ae69dc72891"
+checksum = "a4e608c6638b9c18977b00b475ac1f28d14e84b27d8d42f70e0bf1e3dec127ac"
 dependencies = [
  "getrandom",
  "libredox",
- "thiserror 1.0.60",
+ "thiserror",
 ]
 
 [[package]]
@@ -1948,17 +1702,8 @@ checksum = "c117dbdfde9c8308975b6a18d71f3f385c89461f7b3fb054288ecf2a2058ba4c"
 dependencies = [
  "aho-corasick",
  "memchr",
- "regex-automata 0.4.6",
- "regex-syntax 0.8.3",
-]
-
-[[package]]
-name = "regex-automata"
-version = "0.1.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132"
-dependencies = [
- "regex-syntax 0.6.29",
+ "regex-automata",
+ "regex-syntax",
 ]
 
 [[package]]
@@ -1969,15 +1714,9 @@ checksum = "86b83b8b9847f9bf95ef68afb0b8e6cdb80f498442f5179a29fad448fcc1eaea"
 dependencies = [
  "aho-corasick",
  "memchr",
- "regex-syntax 0.8.3",
+ "regex-syntax",
 ]
 
-[[package]]
-name = "regex-syntax"
-version = "0.6.29"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1"
-
 [[package]]
 name = "regex-syntax"
 version = "0.8.3"
@@ -1986,9 +1725,9 @@ checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56"
 
 [[package]]
 name = "reqwest"
-version = "0.12.15"
+version = "0.12.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d19c46a6fdd48bc4dab94b6103fccc55d34c67cc0ad04653aad4ea2a07cd7bbb"
+checksum = "eddd3ca559203180a307f12d114c268abf583f59b03cb906fd0b3ff8646c1147"
 dependencies = [
  "base64 0.22.1",
  "bytes",
@@ -2001,16 +1740,12 @@ dependencies = [
  "hyper",
  "hyper-rustls",
  "hyper-util",
- "ipnet",
  "js-sys",
  "log",
- "mime",
- "once_cell",
  "percent-encoding",
  "pin-project-lite",
  "quinn",
  "rustls",
- "rustls-pemfile",
  "rustls-pki-types",
  "serde",
  "serde_json",
@@ -2019,13 +1754,13 @@ dependencies = [
  "tokio",
  "tokio-rustls",
  "tower",
+ "tower-http",
  "tower-service",
  "url",
  "wasm-bindgen",
  "wasm-bindgen-futures",
  "web-sys",
- "webpki-roots",
- "windows-registry",
+ "webpki-roots 1.0.5",
 ]
 
 [[package]]
@@ -2052,27 +1787,6 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
-[[package]]
-name = "rsa"
-version = "0.9.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "78928ac1ed176a5ca1d17e578a1825f3d81ca54cf41053a592584b020cfd691b"
-dependencies = [
- "const-oid",
- "digest",
- "num-bigint-dig",
- "num-integer",
- "num-traits",
- "pkcs1",
- "pkcs8",
- "rand_core",
- "sha2",
- "signature",
- "spki",
- "subtle",
- "zeroize",
-]
-
 [[package]]
 name = "rustc-demangle"
 version = "0.1.24"
@@ -2100,19 +1814,6 @@ dependencies = [
  "nom",
 ]
 
-[[package]]
-name = "rustix"
-version = "0.38.34"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f"
-dependencies = [
- "bitflags 2.5.0",
- "errno",
- "libc",
- "linux-raw-sys",
- "windows-sys 0.52.0",
-]
-
 [[package]]
 name = "rustls"
 version = "0.23.23"
@@ -2127,15 +1828,6 @@ dependencies = [
  "zeroize",
 ]
 
-[[package]]
-name = "rustls-pemfile"
-version = "2.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dce314e5fee3f39953d46bb63bb8a46d40c2f8fb7cc5a3b6cab2bde9721d6e50"
-dependencies = [
- "rustls-pki-types",
-]
-
 [[package]]
 name = "rustls-pki-types"
 version = "1.11.0"
@@ -2278,29 +1970,22 @@ dependencies = [
 
 [[package]]
 name = "sev"
-version = "5.0.0"
-source = "git+https://github.com/virtee/sev?tag=v5.0.0#2e9935a1cf034b66e785bc06a0fbd90de7b70af3"
+version = "7.1.0"
+source = "git+https://github.com/virtee/sev?tag=v7.1.0#5ccc9afa70062177a9ccc3ad49703fa16f4e87ed"
 dependencies = [
  "base64 0.22.1",
- "bincode",
- "bitfield 0.15.0",
- "bitflags 1.3.2",
+ "bitfield 0.19.4",
+ "bitflags",
  "byteorder",
- "codicon",
  "dirs",
  "hex",
  "iocuddle",
  "lazy_static",
  "libc",
- "p384",
- "rsa",
- "serde",
- "serde-big-array",
- "serde_bytes",
- "sha2",
+ "openssl",
+ "rdrand",
  "static_assertions",
  "uuid",
- "x509-cert",
 ]
 
 [[package]]
@@ -2308,8 +1993,7 @@ name = "sev_quote"
 version = "1.6.2"
 dependencies = [
  "asn1-rs",
- "bincode",
- "env_logger 0.11.3",
+ "env_logger",
  "hex",
  "hkdf",
  "log",
@@ -2318,7 +2002,7 @@ dependencies = [
  "serde-hex",
  "sev",
  "sha2",
- "thiserror 2.0.12",
+ "thiserror",
  "x509-parser",
 ]
 
@@ -2328,7 +2012,7 @@ version = "1.6.2"
 dependencies = [
  "asn1",
  "asn1-rs",
- "thiserror 2.0.12",
+ "thiserror",
  "x509-parser",
 ]
 
@@ -2337,20 +2021,21 @@ name = "sgx_quote"
 version = "1.6.2"
 dependencies = [
  "chrono",
- "env_logger 0.11.3",
+ "env_logger",
  "hex",
  "hkdf",
  "log",
  "p256",
  "pccs_client",
- "rsa",
+ "pem",
  "scroll",
  "serde",
  "serde-hex",
  "serde_json",
  "sgx_pck_extension",
  "sha2",
- "thiserror 2.0.12",
+ "spki",
+ "thiserror",
  "x509-parser",
 ]
 
@@ -2367,9 +2052,9 @@ dependencies = [
 
 [[package]]
 name = "sha2"
-version = "0.10.8"
+version = "0.10.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8"
+checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283"
 dependencies = [
  "cfg-if",
  "cpufeatures",
@@ -2401,6 +2086,18 @@ dependencies = [
  "rand_core",
 ]
 
+[[package]]
+name = "simple_asn1"
+version = "0.6.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "297f631f50729c8c99b84667867963997ec0b50f32b2a7dbcab828ef0541e8bb"
+dependencies = [
+ "num-bigint",
+ "num-traits",
+ "thiserror",
+ "time",
+]
+
 [[package]]
 name = "slab"
 version = "0.4.9"
@@ -2436,10 +2133,14 @@ dependencies = [
 ]
 
 [[package]]
-name = "spin"
-version = "0.5.2"
+name = "socket2"
+version = "0.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
+checksum = "17129e116933cf371d018bb80ae557e889637989d8638274fb25622827b03881"
+dependencies = [
+ "libc",
+ "windows-sys 0.60.2",
+]
 
 [[package]]
 name = "spki"
@@ -2463,31 +2164,12 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
 
-[[package]]
-name = "strsim"
-version = "0.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a"
-
 [[package]]
 name = "subtle"
 version = "2.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc"
 
-[[package]]
-name = "superboring"
-version = "0.1.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fbde97f499e51ef384f585dc8f8fb6a9c3a71b274b8d12469b516758e6540607"
-dependencies = [
- "getrandom",
- "hmac-sha256",
- "hmac-sha512",
- "rand",
- "rsa",
-]
-
 [[package]]
 name = "syn"
 version = "2.0.100"
@@ -2528,7 +2210,7 @@ checksum = "e1fc403891a21bcfb7c37834ba66a547a8f402146eba7265b5a6d88059c9ff2f"
 [[package]]
 name = "tdx-attest-rs"
 version = "0.1.2"
-source = "git+https://github.com/intel/SGXDataCenterAttestationPrimitives.git?tag=DCAP_1.21#e945c58bff60bb96e4daca57b73c93f96b14418a"
+source = "git+https://github.com/intel/SGXDataCenterAttestationPrimitives.git?tag=DCAP_1.24#717f2a91ca732c3309b0c59d21757463133eb440"
 dependencies = [
  "tdx-attest-sys",
 ]
@@ -2536,7 +2218,7 @@ dependencies = [
 [[package]]
 name = "tdx-attest-sys"
 version = "0.1.0"
-source = "git+https://github.com/intel/SGXDataCenterAttestationPrimitives.git?tag=DCAP_1.21#e945c58bff60bb96e4daca57b73c93f96b14418a"
+source = "git+https://github.com/intel/SGXDataCenterAttestationPrimitives.git?tag=DCAP_1.24#717f2a91ca732c3309b0c59d21757463133eb440"
 dependencies = [
  "bindgen",
 ]
@@ -2545,7 +2227,7 @@ dependencies = [
 name = "tdx_quote"
 version = "1.6.2"
 dependencies = [
- "env_logger 0.11.3",
+ "env_logger",
  "hex",
  "log",
  "nix",
@@ -2557,7 +2239,7 @@ dependencies = [
  "sgx_quote",
  "sha2",
  "tdx-attest-rs",
- "thiserror 2.0.12",
+ "thiserror",
 ]
 
 [[package]]
@@ -2565,7 +2247,7 @@ name = "tee_attestation"
 version = "1.6.2"
 dependencies = [
  "azure_cvm",
- "env_logger 0.11.3",
+ "env_logger",
  "hex",
  "maa_client",
  "serde",
@@ -2573,16 +2255,7 @@ dependencies = [
  "sgx_quote",
  "sha2",
  "tdx_quote",
- "thiserror 2.0.12",
-]
-
-[[package]]
-name = "termcolor"
-version = "1.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "06794f8f6c5c898b3275aebefa6b8a1cb24cd2c6c79397ab15774837a0bc5755"
-dependencies = [
- "winapi-util",
+ "thiserror",
 ]
 
 [[package]]
@@ -2591,7 +2264,7 @@ version = "0.2.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3dffced63c2b5c7be278154d76b479f9f9920ed34e7574201407f0b14e2bbb93"
 dependencies = [
- "env_logger 0.11.3",
+ "env_logger",
  "test-log-macros",
  "tracing-subscriber",
 ]
@@ -2607,42 +2280,13 @@ dependencies = [
  "syn",
 ]
 
-[[package]]
-name = "textwrap"
-version = "0.11.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d326610f408c7a4eb6f51c37c330e496b08506c9457c9d34287ecc38809fb060"
-dependencies = [
- "unicode-width",
-]
-
-[[package]]
-name = "thiserror"
-version = "1.0.60"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "579e9083ca58dd9dcf91a9923bb9054071b9ebbd800b342194c9feb0ee89fc18"
-dependencies = [
- "thiserror-impl 1.0.60",
-]
-
 [[package]]
 name = "thiserror"
 version = "2.0.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "567b8a2dae586314f7be2a752ec7474332959c6460e02bde30d702a66d488708"
 dependencies = [
- "thiserror-impl 2.0.12",
-]
-
-[[package]]
-name = "thiserror-impl"
-version = "1.0.60"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e2470041c06ec3ac1ab38d0356a6119054dedaea53e12fbefc0de730a1c08524"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
+ "thiserror-impl",
 ]
 
 [[package]]
@@ -2745,16 +2389,18 @@ dependencies = [
 
 [[package]]
 name = "tokio"
-version = "1.44.2"
+version = "1.46.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e6b88822cbe49de4185e3a4cbf8321dd487cf5fe0c5c65695fef6346371e9c48"
+checksum = "0cc3a2344dafbe23a245241fe8b09735b521110d30fcefbbd5feb1797ca35d17"
 dependencies = [
  "backtrace",
  "bytes",
+ "io-uring",
  "libc",
  "mio",
  "pin-project-lite",
- "socket2",
+ "slab",
+ "socket2 0.5.7",
  "windows-sys 0.52.0",
 ]
 
@@ -2783,6 +2429,24 @@ dependencies = [
  "tower-service",
 ]
 
+[[package]]
+name = "tower-http"
+version = "0.6.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d4e6559d53cc268e5031cd8429d05415bc4cb4aefc4aa5d6cc35fbf5b924a1f8"
+dependencies = [
+ "bitflags",
+ "bytes",
+ "futures-util",
+ "http",
+ "http-body",
+ "iri-string",
+ "pin-project-lite",
+ "tower",
+ "tower-layer",
+ "tower-service",
+]
+
 [[package]]
 name = "tower-layer"
 version = "0.3.3"
@@ -2799,23 +2463,23 @@ checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3"
 name = "tpm_quote"
 version = "1.6.2"
 dependencies = [
- "env_logger 0.11.3",
+ "env_logger",
  "hex",
  "log",
  "p256",
  "serde",
  "sha2",
  "test-log",
- "thiserror 2.0.12",
+ "thiserror",
  "tracing-subscriber",
  "tss-esapi",
 ]
 
 [[package]]
 name = "tracing"
-version = "0.1.40"
+version = "0.1.44"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef"
+checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100"
 dependencies = [
  "pin-project-lite",
  "tracing-core",
@@ -2823,9 +2487,9 @@ dependencies = [
 
 [[package]]
 name = "tracing-core"
-version = "0.1.32"
+version = "0.1.36"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54"
+checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a"
 dependencies = [
  "once_cell",
  "valuable",
@@ -2844,14 +2508,14 @@ dependencies = [
 
 [[package]]
 name = "tracing-subscriber"
-version = "0.3.18"
+version = "0.3.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ad0f048c97dbd9faa9b7df56362b8ebcaa52adb06b498c050d2f4e32f90a7a8b"
+checksum = "2f30143827ddab0d256fd843b7a66d164e9f271cfa0dde49142c5ca0ca291f1e"
 dependencies = [
  "matchers",
  "nu-ansi-term",
  "once_cell",
- "regex",
+ "regex-automata",
  "sharded-slab",
  "thread_local",
  "tracing",
@@ -2910,12 +2574,6 @@ version = "1.0.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
 
-[[package]]
-name = "unicode-width"
-version = "0.1.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "68f5e5f3158ecfd4b8ff6fe086db7c8467a2dfdac97fe420f2b7c4aa97af66d6"
-
 [[package]]
 name = "untrusted"
 version = "0.9.0"
@@ -2973,10 +2631,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"
 
 [[package]]
-name = "vec_map"
-version = "0.8.2"
+name = "vcpkg"
+version = "0.2.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191"
+checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
 
 [[package]]
 name = "version_check"
@@ -2999,15 +2657,6 @@ version = "0.11.0+wasi-snapshot-preview1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
 
-[[package]]
-name = "wasix"
-version = "0.12.21"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c1fbb4ef9bbca0c1170e0b00dd28abc9e3b68669821600cad1caaed606583c6d"
-dependencies = [
- "wasi",
-]
-
 [[package]]
 name = "wasm-bindgen"
 version = "0.2.100"
@@ -3108,48 +2757,14 @@ dependencies = [
 ]
 
 [[package]]
-name = "which"
-version = "4.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7"
-dependencies = [
- "either",
- "home",
- "once_cell",
- "rustix",
-]
-
-[[package]]
-name = "winapi"
-version = "0.3.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
-dependencies = [
- "winapi-i686-pc-windows-gnu",
- "winapi-x86_64-pc-windows-gnu",
-]
-
-[[package]]
-name = "winapi-i686-pc-windows-gnu"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
-
-[[package]]
-name = "winapi-util"
-version = "0.1.8"
+name = "webpki-roots"
+version = "1.0.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4d4cc384e1e73b93bafa6fb4f1df8c41695c8a91cf9c4c64358067d15a7b6c6b"
+checksum = "12bed680863276c63889429bfd6cab3b99943659923822de1c8a39c49e4d722c"
 dependencies = [
- "windows-sys 0.52.0",
+ "rustls-pki-types",
 ]
 
-[[package]]
-name = "winapi-x86_64-pc-windows-gnu"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
-
 [[package]]
 name = "windows-core"
 version = "0.52.0"
@@ -3161,47 +2776,9 @@ dependencies = [
 
 [[package]]
 name = "windows-link"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "76840935b766e1b0a05c0066835fb9ec80071d4c09a16f6bd5f7e655e3c14c38"
-
-[[package]]
-name = "windows-registry"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4286ad90ddb45071efd1a66dfa43eb02dd0dfbae1545ad6cc3c51cf34d7e8ba3"
-dependencies = [
- "windows-result",
- "windows-strings",
- "windows-targets 0.53.0",
-]
-
-[[package]]
-name = "windows-result"
-version = "0.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c64fd11a4fd95df68efcfee5f44a294fe71b8bc6a91993e2791938abcc712252"
-dependencies = [
- "windows-link",
-]
-
-[[package]]
-name = "windows-strings"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87fa48cc5d406560701792be122a10132491cff9d0aeb23583cc2dcafc847319"
-dependencies = [
- "windows-link",
-]
-
-[[package]]
-name = "windows-sys"
-version = "0.48.0"
+version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9"
-dependencies = [
- "windows-targets 0.48.5",
-]
+checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
 
 [[package]]
 name = "windows-sys"
@@ -3213,18 +2790,12 @@ dependencies = [
 ]
 
 [[package]]
-name = "windows-targets"
-version = "0.48.5"
+name = "windows-sys"
+version = "0.60.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c"
+checksum = "f2f500e4d28234f72040990ec9d39e3a6b950f9f22d3dba18416c35882612bcb"
 dependencies = [
- "windows_aarch64_gnullvm 0.48.5",
- "windows_aarch64_msvc 0.48.5",
- "windows_i686_gnu 0.48.5",
- "windows_i686_msvc 0.48.5",
- "windows_x86_64_gnu 0.48.5",
- "windows_x86_64_gnullvm 0.48.5",
- "windows_x86_64_msvc 0.48.5",
+ "windows-targets 0.53.5",
 ]
 
 [[package]]
@@ -3245,10 +2816,11 @@ dependencies = [
 
 [[package]]
 name = "windows-targets"
-version = "0.53.0"
+version = "0.53.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b1e4c7e8ceaaf9cb7d7507c974735728ab453b67ef8f18febdd7c11fe59dca8b"
+checksum = "4945f9f551b88e0d65f3db0bc25c33b8acea4d9e41163edf90dcd0b19f9069f3"
 dependencies = [
+ "windows-link",
  "windows_aarch64_gnullvm 0.53.0",
  "windows_aarch64_msvc 0.53.0",
  "windows_i686_gnu 0.53.0",
@@ -3259,12 +2831,6 @@ dependencies = [
  "windows_x86_64_msvc 0.53.0",
 ]
 
-[[package]]
-name = "windows_aarch64_gnullvm"
-version = "0.48.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8"
-
 [[package]]
 name = "windows_aarch64_gnullvm"
 version = "0.52.6"
@@ -3277,12 +2843,6 @@ version = "0.53.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "86b8d5f90ddd19cb4a147a5fa63ca848db3df085e25fee3cc10b39b6eebae764"
 
-[[package]]
-name = "windows_aarch64_msvc"
-version = "0.48.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc"
-
 [[package]]
 name = "windows_aarch64_msvc"
 version = "0.52.6"
@@ -3295,12 +2855,6 @@ version = "0.53.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c7651a1f62a11b8cbd5e0d42526e55f2c99886c77e007179efff86c2b137e66c"
 
-[[package]]
-name = "windows_i686_gnu"
-version = "0.48.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e"
-
 [[package]]
 name = "windows_i686_gnu"
 version = "0.52.6"
@@ -3325,12 +2879,6 @@ version = "0.53.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9ce6ccbdedbf6d6354471319e781c0dfef054c81fbc7cf83f338a4296c0cae11"
 
-[[package]]
-name = "windows_i686_msvc"
-version = "0.48.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406"
-
 [[package]]
 name = "windows_i686_msvc"
 version = "0.52.6"
@@ -3343,12 +2891,6 @@ version = "0.53.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "581fee95406bb13382d2f65cd4a908ca7b1e4c2f1917f143ba16efe98a589b5d"
 
-[[package]]
-name = "windows_x86_64_gnu"
-version = "0.48.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e"
-
 [[package]]
 name = "windows_x86_64_gnu"
 version = "0.52.6"
@@ -3361,12 +2903,6 @@ version = "0.53.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2e55b5ac9ea33f2fc1716d1742db15574fd6fc8dadc51caab1c16a3d3b4190ba"
 
-[[package]]
-name = "windows_x86_64_gnullvm"
-version = "0.48.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc"
-
 [[package]]
 name = "windows_x86_64_gnullvm"
 version = "0.52.6"
@@ -3379,12 +2915,6 @@ version = "0.53.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0a6e035dd0599267ce1ee132e51c27dd29437f63325753051e71dd9e42406c57"
 
-[[package]]
-name = "windows_x86_64_msvc"
-version = "0.48.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538"
-
 [[package]]
 name = "windows_x86_64_msvc"
 version = "0.52.6"
@@ -3437,7 +2967,7 @@ dependencies = [
  "oid-registry",
  "ring",
  "rusticata-macros",
- "thiserror 2.0.12",
+ "thiserror",
  "time",
 ]
 
@@ -3467,18 +2997,18 @@ dependencies = [
 
 [[package]]
 name = "zerocopy"
-version = "0.8.23"
+version = "0.8.33"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fd97444d05a4328b90e75e503a34bad781f14e28a823ad3557f0750df1ebcbc6"
+checksum = "668f5168d10b9ee831de31933dc111a459c97ec93225beb307aed970d1372dfd"
 dependencies = [
  "zerocopy-derive",
 ]
 
 [[package]]
 name = "zerocopy-derive"
-version = "0.8.23"
+version = "0.8.33"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6352c01d0edd5db859a63e2605f4ea3183ddbd15e2c4a9e7d32184df75e4f154"
+checksum = "2c7962b26b0a8685668b671ee4b54d007a67d4eaf05fda79ac0ecf41e32270f1"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -3512,7 +3042,6 @@ version = "1.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d"
 dependencies = [
- "serde",
  "zeroize_derive",
 ]
 
diff --git a/Cargo.toml b/Cargo.toml
index 4474432..1841922 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -24,7 +24,6 @@ repository = "https://github.com/Cosmian/tee-tools"
 base64 = "0.22"
 asn1-rs = "0.7"
 asn1 = "0.21"
-bincode = "1.3"
 der = { version = "0.7", features = ["alloc", "derive", "flagset", "oid"] }
 ecdsa = { version = "0.16", features = ["sha2", "spki"] }
 elliptic-curve = "0.13"
@@ -38,12 +37,11 @@ reqwest = { version = "0.12", default-features = false, features = [
     "rustls-tls",
     "blocking",
 ] }
-rsa = "0.9"
 scroll = { version = "0.12", features = ["derive"] }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = { version = "1.0", features = ["preserve_order"] }
 serde-hex = "0.1"
-sev = { git = "https://github.com/virtee/sev", tag = "v5.0.0", default-features = false }
+sev = { git = "https://github.com/virtee/sev", tag = "v7.1.0", default-features = false, features = ["openssl"] }
 sha2 = "0.10"
 spki = "0.7"
 thiserror = "2.0"
diff --git a/crate/azure_cvm/Cargo.toml b/crate/azure_cvm/Cargo.toml
index 6d09f8c..972609a 100644
--- a/crate/azure_cvm/Cargo.toml
+++ b/crate/azure_cvm/Cargo.toml
@@ -7,9 +7,6 @@ repository.workspace = true
 
 [dependencies]
 base64 = { workspace = true }
-bincode = { workspace = true }
-jose-jwk = { version = "0.1", features = ["rsa"] }
-memoffset = "0.9"
 reqwest = { version = "0.12", default-features = false, features = [
   "json",
   "blocking",
@@ -17,7 +14,7 @@ reqwest = { version = "0.12", default-features = false, features = [
 serde = { version = "1.0", features = ["derive"] }
 serde-big-array = "0.5"
 serde_json = "1.0"
-sev = { workspace = true }
+sev = { workspace = true, features = ["snp", "openssl"] }
 sha2 = "0.10"
 thiserror = { workspace = true }
 tss-esapi = "7.6"
diff --git a/crate/azure_cvm/src/error.rs b/crate/azure_cvm/src/error.rs
index cccbb5d..51be6b9 100644
--- a/crate/azure_cvm/src/error.rs
+++ b/crate/azure_cvm/src/error.rs
@@ -6,14 +6,16 @@ pub enum Error {
     AkPubNotFound,
     #[error("BadURLError: {0}")]
     BadURLError(String),
-    #[error("binary parse error")]
-    BinaryParseError(#[from] bincode::Error),
     #[error("DecodeError: {0}")]
     DecodeError(#[from] base64::DecodeError),
     #[error("ImdsResponseError: {0}")]
     ImdsResponseError(String),
+    #[error("InvalidFormat: {0}")]
+    InvalidFormat(String),
     #[error("invalid report type")]
     InvalidReportType,
+    #[error("I/O error")]
+    IoError(#[from] std::io::Error),
     #[error("JsonDecodeError: {0}")]
     JsonDecodeError(String),
     #[error("JSON parse error")]
diff --git a/crate/azure_cvm/src/lib.rs b/crate/azure_cvm/src/lib.rs
index 25ef81d..835b9b1 100644
--- a/crate/azure_cvm/src/lib.rs
+++ b/crate/azure_cvm/src/lib.rs
@@ -6,9 +6,8 @@ use crate::{
     error::Error,
     tpm::get_hcl_report,
 };
-use jose_jwk::Jwk;
-use serde::{Deserialize, Serialize};
-use serde_big_array::BigArray;
+use serde::Deserialize;
+use sev::parser::ByteParser;
 use sha2::{Digest, Sha256};
 use std::convert::TryFrom;
 use std::ops::Range;
@@ -21,10 +20,15 @@ pub mod tpm;
 const HCL_AKPUB_KEY_ID: &str = "HCLAkPub";
 pub const TD_REPORT_SIZE: usize = std::mem::size_of::<TdReport>();
 pub const SNP_REPORT_SIZE: usize = std::mem::size_of::<SnpReport>();
-const MAX_REPORT_SIZE: usize = SNP_REPORT_SIZE; // 1184 bytes for SEV-SNP and 1024 bytes for TDX
+const HCL_HW_REPORT_AREA_SIZE: usize = 1184; // 1184 bytes for SEV-SNP, TDX report is padded inside
 const SNP_REPORT_TYPE: u32 = 2;
 const TDX_REPORT_TYPE: u32 = 4;
-const HW_REPORT_OFFSET: usize = memoffset::offset_of!(AttestationReport, hw_report);
+const ATTESTATION_HEADER_SIZE: usize = 32;
+const HW_REPORT_OFFSET: usize = ATTESTATION_HEADER_SIZE;
+const IGVM_REQUEST_DATA_SIZE: usize = 20;
+const IGVM_REQUEST_DATA_OFFSET: usize = HW_REPORT_OFFSET + HCL_HW_REPORT_AREA_SIZE;
+const VAR_DATA_OFFSET: usize = IGVM_REQUEST_DATA_OFFSET + IGVM_REQUEST_DATA_SIZE;
+
 const fn report_range(report_size: usize) -> Range<usize> {
     HW_REPORT_OFFSET..(HW_REPORT_OFFSET + report_size)
 }
@@ -33,11 +37,11 @@ const SNP_REPORT_RANGE: Range<usize> = report_range(SNP_REPORT_SIZE);
 
 #[derive(Deserialize, Debug)]
 struct VarDataKeys {
-    keys: Vec<Jwk>,
+    keys: Vec<serde_json::Value>,
 }
 
 #[repr(u32)]
-#[derive(Copy, Clone, Debug, Serialize, Deserialize, PartialEq)]
+#[derive(Copy, Clone, Debug, PartialEq)]
 enum IgvmHashType {
     Invalid = 0,
     Sha256,
@@ -45,41 +49,27 @@ enum IgvmHashType {
     Sha512,
 }
 
-#[repr(C)]
-#[derive(Clone, Debug, Serialize, Deserialize, PartialEq)]
-struct IgvmRequestData {
-    data_size: u32,
-    version: u32,
-    report_type: u32,
-    report_data_hash_type: IgvmHashType,
-    variable_data_size: u32,
-    variable_data: [u8; 0],
-}
-
-#[repr(C)]
-#[derive(Clone, Debug, Serialize, Deserialize, PartialEq)]
-struct AttestationHeader {
-    signature: u32,
-    version: u32,
-    report_size: u32,
-    request_type: u32,
-    status: u32,
-    reserved: [u32; 3],
-}
+impl TryFrom<u32> for IgvmHashType {
+    type Error = Error;
 
-#[repr(C)]
-#[derive(Clone, Debug, Serialize, Deserialize, PartialEq)]
-struct AttestationReport {
-    header: AttestationHeader,
-    #[serde(with = "BigArray")]
-    hw_report: [u8; MAX_REPORT_SIZE],
-    hcl_data: IgvmRequestData,
+    fn try_from(value: u32) -> Result<Self, Self::Error> {
+        match value {
+            0 => Ok(IgvmHashType::Invalid),
+            1 => Ok(IgvmHashType::Sha256),
+            2 => Ok(IgvmHashType::Sha384),
+            3 => Ok(IgvmHashType::Sha512),
+            _ => Err(Error::InvalidFormat(format!(
+                "invalid IGVM hash type: {value}"
+            ))),
+        }
+    }
 }
 
 pub struct HclReport {
     bytes: Vec<u8>,
-    attestation_report: AttestationReport,
     report_type: ReportType,
+    report_data_hash_type: IgvmHashType,
+    variable_data_size: u32,
 }
 
 #[derive(Copy, Clone, Debug, PartialEq)]
@@ -89,24 +79,53 @@ pub enum ReportType {
 }
 
 pub enum HwReport {
-    Tdx(TdReport),
-    Snp(SnpReport),
+    Tdx(Box<TdReport>),
+    Snp(Box<SnpReport>),
+}
+
+fn read_u32_le(bytes: &[u8], offset: usize) -> Result<u32, Error> {
+    let range = offset
+        .checked_add(4)
+        .ok_or_else(|| Error::InvalidFormat("offset overflow".to_owned()))?;
+    let v = bytes
+        .get(offset..range)
+        .ok_or_else(|| Error::InvalidFormat("truncated report".to_owned()))?;
+    Ok(u32::from_le_bytes([v[0], v[1], v[2], v[3]]))
 }
 
 impl HclReport {
     /// Parse a HCL report from a byte slice.
     pub fn new(bytes: Vec<u8>) -> Result<Self, Error> {
-        let attestation_report: AttestationReport = bincode::deserialize(&bytes)?;
-        let report_type = match attestation_report.hcl_data.report_type {
+        if bytes.len() < VAR_DATA_OFFSET {
+            return Err(Error::InvalidFormat("HCL report too small".to_owned()));
+        }
+
+        let report_type_raw = read_u32_le(&bytes, IGVM_REQUEST_DATA_OFFSET + 8)?;
+        let report_data_hash_type_raw = read_u32_le(&bytes, IGVM_REQUEST_DATA_OFFSET + 12)?;
+        let variable_data_size = read_u32_le(&bytes, IGVM_REQUEST_DATA_OFFSET + 16)?;
+
+        let report_type = match report_type_raw {
             TDX_REPORT_TYPE => ReportType::Tdx,
             SNP_REPORT_TYPE => ReportType::Snp,
             _ => return Err(Error::InvalidReportType),
         };
 
+        let report_data_hash_type = IgvmHashType::try_from(report_data_hash_type_raw)?;
+
+        let var_data_end = VAR_DATA_OFFSET
+            .checked_add(variable_data_size as usize)
+            .ok_or_else(|| Error::InvalidFormat("VarData size overflow".to_owned()))?;
+        if var_data_end > bytes.len() {
+            return Err(Error::InvalidFormat(
+                "VarData section exceeds report length".to_owned(),
+            ));
+        }
+
         let report = Self {
             bytes,
-            attestation_report,
             report_type,
+            report_data_hash_type,
+            variable_data_size,
         };
         Ok(report)
     }
@@ -125,10 +144,10 @@ impl HclReport {
 
     /// Get the SHA256 hash of the VarData section
     pub fn var_data_sha256(&self) -> [u8; 32] {
-        if self.attestation_report.hcl_data.report_data_hash_type != IgvmHashType::Sha256 {
+        if self.report_data_hash_type != IgvmHashType::Sha256 {
             unimplemented!(
                 "Only SHA256 is supported, got {:?}",
-                self.attestation_report.hcl_data.report_data_hash_type
+                self.report_data_hash_type
             );
         }
         let mut hasher = Sha256::new();
@@ -139,23 +158,20 @@ impl HclReport {
 
     /// Get the slice of the VarData section
     fn var_data_slice(&self) -> &[u8] {
-        let var_data_offset = memoffset::offset_of!(AttestationReport, hcl_data)
-            + memoffset::offset_of!(IgvmRequestData, variable_data);
-        let hcl_data = &self.attestation_report.hcl_data;
-        let var_data_end = var_data_offset + hcl_data.variable_data_size as usize;
-        &self.bytes[var_data_offset..var_data_end]
+        let var_data_end = VAR_DATA_OFFSET + self.variable_data_size as usize;
+        &self.bytes[VAR_DATA_OFFSET..var_data_end]
     }
 
     /// Get the vTPM's AKpub from the VarData section
-    pub fn ak_pub(&self) -> Result<Jwk, Error> {
+    pub fn ak_pub(&self) -> Result<serde_json::Value, Error> {
         let VarDataKeys { keys } = serde_json::from_slice(self.var_data_slice())?;
         let ak_pub = keys
             .into_iter()
             .find(|key| {
-                let Some(ref key_id) = key.prm.kid else {
-                    return false;
-                };
-                key_id == HCL_AKPUB_KEY_ID
+                key.get("kid")
+                    .and_then(|v| v.as_str())
+                    .map(|kid| kid == HCL_AKPUB_KEY_ID)
+                    .unwrap_or(false)
             })
             .ok_or(Error::AkPubNotFound)?;
         Ok(ak_pub)
@@ -170,8 +186,19 @@ impl TryFrom<&HclReport> for TdReport {
             return Err(Error::InvalidReportType);
         }
         let bytes = hcl_report.report_slice();
-        let td_report = bincode::deserialize::<TdReport>(bytes)?;
-        Ok(td_report)
+        let bytes = bytes
+            .get(..TD_REPORT_SIZE)
+            .ok_or_else(|| Error::InvalidFormat("TD report truncated".to_owned()))?;
+
+        let mut td_report = std::mem::MaybeUninit::<TdReport>::uninit();
+        unsafe {
+            std::ptr::copy_nonoverlapping(
+                bytes.as_ptr(),
+                td_report.as_mut_ptr() as *mut u8,
+                TD_REPORT_SIZE,
+            );
+            Ok(td_report.assume_init())
+        }
     }
 }
 
@@ -191,7 +218,7 @@ impl TryFrom<&HclReport> for SnpReport {
             return Err(Error::InvalidReportType);
         }
         let bytes = hcl_report.report_slice();
-        let snp_report = bincode::deserialize::<SnpReport>(bytes)?;
+        let snp_report = SnpReport::from_bytes(bytes)?;
         Ok(snp_report)
     }
 }
@@ -224,14 +251,12 @@ mod tests {
         let hcl_report = HclReport::new(bytes.to_vec()).unwrap();
         let ak = hcl_report.ak_pub().unwrap();
         println!("{:?}", hcl_report.report_type());
-        println!("{:?}", hcl_report.attestation_report);
         println!("{:?}", ak);
 
         let bytes: &[u8] = include_bytes!("../data/hcl_report_tdx.bin");
         let hcl_report = HclReport::new(bytes.to_vec()).unwrap();
         let ak = hcl_report.ak_pub().unwrap();
         println!("{:?}", hcl_report.report_type());
-        println!("{:?}", hcl_report.attestation_report);
         println!("{:?}", ak);
     }
 }
diff --git a/crate/maa_client/Cargo.toml b/crate/maa_client/Cargo.toml
index 0f71f55..5881ec8 100644
--- a/crate/maa_client/Cargo.toml
+++ b/crate/maa_client/Cargo.toml
@@ -8,12 +8,10 @@ repository.workspace = true
 [dependencies]
 base64 = { workspace = true }
 hex = { workspace = true }
-jose-jwk = { version = "0.1", features = ["rsa"] }
-jose-jws = "0.1"
-jwt-simple = { version = "0.12", default-features = false, features = ["pure-rust"] }
+jsonwebtoken = "9.3"
 pem = "3.0"
+rand = "0.8"
 reqwest = { workspace = true }
-rsa = "0.9"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 thiserror = { workspace = true }
diff --git a/crate/maa_client/data/vcek.pem b/crate/maa_client/data/vcek.pem
index 680c3ff..b87a745 100644
--- a/crate/maa_client/data/vcek.pem
+++ b/crate/maa_client/data/vcek.pem
@@ -103,4 +103,3 @@ JZJ0+tuPMKmBnSH860llKk+VpVQsgqbzDIvOLvD6W1Umq25boxCYJ+TuBoa4s+HH
 CViAvgT9kf/rBq1d+ivj6skkHxuzcxbk1xv6ZGxrteJxVH7KlX7YRdZ6eARKwLe4
 AFZEAwoKCQ==
 -----END CERTIFICATE-----
-
diff --git a/crate/maa_client/src/api.rs b/crate/maa_client/src/api.rs
index ce86cb3..ae9bb9e 100644
--- a/crate/maa_client/src/api.rs
+++ b/crate/maa_client/src/api.rs
@@ -213,9 +213,7 @@ pub fn maa_attest_sev_cvm(
 ///
 /// # External documentation
 ///
-/// See Microsoft attestation tools Python's code [`CVM Attestation Tools`].
-///
-/// [`CVM Attestation Tools`]: https://github.com/Azure/cvm-attestation-tools/blob/main/cvm-attestation/src/verifier.py#L14
+/// See Microsoft's CVM attestation tools (Python) in the `Azure/cvm-attestation-tools` repository.
 pub fn maa_attest_tdx_cvm(
     maa_url: &str,
     nonce: &[u8],
diff --git a/crate/maa_client/src/claim.rs b/crate/maa_client/src/claim.rs
index d5dad7e..88b784c 100644
--- a/crate/maa_client/src/claim.rs
+++ b/crate/maa_client/src/claim.rs
@@ -76,7 +76,8 @@ pub struct SgxClaim {
 #[serde(rename_all = "kebab-case")]
 pub struct SevClaim {
     pub x_ms_attestation_type: String,
-    pub x_ms_compliance_status: String,
+    #[serde(default)]
+    pub x_ms_compliance_status: Option<String>,
     pub x_ms_policy_hash: String,
     pub x_ms_sevsnpvm_authorkeydigest: String,
     pub x_ms_sevsnpvm_bootloader_svn: u32,
diff --git a/crate/maa_client/src/jwk.rs b/crate/maa_client/src/jwk.rs
index 8d1bee8..f662e0e 100644
--- a/crate/maa_client/src/jwk.rs
+++ b/crate/maa_client/src/jwk.rs
@@ -1,17 +1,9 @@
-use std::convert::TryFrom;
-
 use crate::error::Error;
 
 use base64::{engine::general_purpose, Engine as _};
-use jose_jwk::{
-    jose_b64::serde::Bytes,
-    jose_jwa::{Algorithm, Signing},
-    Jwk, JwkSet, Key, Parameters, Rsa, Thumbprint,
-};
-use jwt_simple::prelude::*;
-use rsa::{pkcs8::DecodePublicKey, traits::PublicKeyParts, RsaPublicKey};
+use jsonwebtoken::DecodingKey;
 use serde::Deserialize;
-use x509_cert::der::{Decode, Document};
+use x509_cert::{der::Decode, Certificate};
 
 /// JSON Web Key type returned by MAA service API.
 #[derive(Clone, Debug, Deserialize)]
@@ -21,102 +13,43 @@ pub struct MaaJwk {
     pub x5c: Vec<String>,
 }
 
-/// Conversion from [`BadJwk`] to [`jose_jwk::Jwk`]`.
-impl TryFrom<MaaJwk> for Jwk {
-    type Error = Error;
-
-    fn try_from(bad_jwk: MaaJwk) -> Result<Self, Self::Error> {
-        if bad_jwk.kty != "RSA" {
+impl MaaJwk {
+    /// Convert MaaJwk to jsonwebtoken DecodingKey
+    pub fn to_decoding_key(&self) -> Result<DecodingKey, Error> {
+        if self.kty != "RSA" {
             return Err(Error::MaaResponseError(
                 "RSA key expected in JWK".to_owned(),
             ));
         }
 
-        if bad_jwk.x5c.is_empty() {
-            return Err(Error::MaaResponseError(
-                "more than one certificate in JWK".to_owned(),
-            ));
-        }
-
-        let cert = general_purpose::STANDARD
-            .decode(bad_jwk.x5c[0].as_bytes())
-            .map_err(|_| Error::DecodeError("failed to decode base64 in JWK".to_owned()))?;
-
-        let cert = x509_cert::Certificate::from_der(&cert)
-            .map_err(|_| Error::DecodeError("failed to decode X.509 certificate".to_owned()))?;
-
-        let spki_der: Document = cert
-            .tbs_certificate
-            .subject_public_key_info
-            .try_into()
-            .map_err(|_| {
-                Error::DecodeError(
-                    "failed to decode certificate's Subject Public Key Info".to_owned(),
-                )
-            })?;
-
-        let pk = RsaPublicKey::from_public_key_der(spki_der.as_bytes()).unwrap();
-
-        let pk = Rsa {
-            n: Bytes::from(pk.n().to_bytes_be()),
-            e: Bytes::from(pk.e().to_bytes_be()),
-            prv: None,
-        };
-
-        Ok(Jwk {
-            key: Key::Rsa(pk),
-            prm: Parameters {
-                alg: Some(Algorithm::Signing(Signing::Rs256)),
-                kid: Some(bad_jwk.kid),
-                cls: None,
-                ops: None,
-                x5c: None,
-                x5t: Thumbprint {
-                    s1: None,
-                    s256: None,
-                },
-            },
-        })
-    }
-}
-
-/// Conversion from [`MaaJwk`] to [`jwt_simple::algorithms::RS256PublicKey`].
-impl TryFrom<MaaJwk> for RS256PublicKey {
-    type Error = Error;
-
-    fn try_from(bad_jwk: MaaJwk) -> Result<Self, Self::Error> {
-        if bad_jwk.kty != "RSA" {
-            return Err(Error::MaaResponseError(
-                "RSA key expected in JWK".to_owned(),
-            ));
-        }
-
-        if bad_jwk.x5c.is_empty() {
+        if self.x5c.is_empty() {
             return Err(Error::MaaResponseError(
                 "no certificate in field x5c of JWK".to_owned(),
             ));
         }
 
         let cert = general_purpose::STANDARD
-            .decode(bad_jwk.x5c[0].as_bytes())
+            .decode(self.x5c[0].as_bytes())
             .map_err(|_| Error::DecodeError("failed to decode base64 in JWK".to_owned()))?;
 
-        let cert = x509_cert::Certificate::from_der(&cert)
+        let cert = Certificate::from_der(&cert)
             .map_err(|_| Error::DecodeError("failed to decode X.509 certificate".to_owned()))?;
 
-        let spki_der: Document = cert
+        // For RSA keys, the `subject_public_key` BIT STRING contains a DER-encoded
+        // `RSAPublicKey` (PKCS#1). `jsonwebtoken::DecodingKey::from_rsa_der` expects
+        // that format, not the full SubjectPublicKeyInfo (SPKI) wrapper.
+        let public_key_der = cert
             .tbs_certificate
             .subject_public_key_info
-            .try_into()
-            .map_err(|_| {
+            .subject_public_key
+            .as_bytes()
+            .ok_or_else(|| {
                 Error::DecodeError(
-                    "failed to decode certificate's Subject Public Key Info".to_owned(),
+                    "invalid certificate public key bitstring (non-octet-aligned)".to_owned(),
                 )
             })?;
 
-        Ok(RS256PublicKey::from_der(spki_der.as_bytes())
-            .map_err(|_| Error::MaaResponseError("RSA public key not found".to_owned()))?
-            .with_key_id(&bad_jwk.kid))
+        Ok(DecodingKey::from_rsa_der(public_key_der))
     }
 }
 
@@ -126,21 +59,6 @@ pub struct MaaJwks {
     pub keys: Vec<MaaJwk>,
 }
 
-/// Conversion from [`MaaJwks`] to [`jose_jwk::JwkSet`].
-impl TryFrom<MaaJwks> for JwkSet {
-    type Error = Error;
-
-    fn try_from(bad_jwks: MaaJwks) -> Result<JwkSet, Error> {
-        let keys = bad_jwks
-            .keys
-            .into_iter()
-            .map(|key| key.try_into().expect("unexpected JWK conversion"))
-            .collect::<Vec<Jwk>>();
-
-        Ok(JwkSet { keys })
-    }
-}
-
 impl MaaJwks {
     /// Find kid in the JSON Web Key Set.
     ///
diff --git a/crate/maa_client/src/lib.rs b/crate/maa_client/src/lib.rs
index 2450095..3d25758 100644
--- a/crate/maa_client/src/lib.rs
+++ b/crate/maa_client/src/lib.rs
@@ -4,8 +4,6 @@ pub mod error;
 pub mod jwk;
 pub mod utils;
 
-use std::str::FromStr;
-
 use crate::{
     api::{maa_attest_sev_cvm, maa_attest_sgx_enclave, maa_attest_tdx_cvm, maa_certificates},
     claim::{SevClaim, SgxClaim, TdxClaim},
@@ -13,13 +11,8 @@ use crate::{
 };
 
 use base64::{engine::general_purpose, Engine};
-use jose_jws::{General, Protected, Unprotected};
+use jsonwebtoken::{decode, decode_header, Algorithm, Validation};
 use jwk::MaaJwks;
-use jwt_simple::{
-    common::VerificationOptions,
-    prelude::{RS256PublicKey, RSAPublicKeyLike},
-    reexports::rand::{self, Rng as _},
-};
 
 /// Verify JSON Web Signature (JWS) using JSON Web Key Set (JWKS).
 ///
@@ -31,44 +24,50 @@ pub fn verify_rs256_jws(
     jwks: MaaJwks,
     nonce: Option<&[u8]>,
 ) -> Result<serde_json::Value, Error> {
-    let jws = General::from_str(token)
-        .map_err(|_| Error::DecodeError("can't deserialize JWS".to_owned()))?;
-
-    if jws.payload.is_none() {
-        return Err(Error::DecodeError("payload not found in JWS".to_owned()));
-    }
-
-    if jws.signatures.len() != 1 {
-        return Err(Error::DecodeError("multiple signatures in JWS".to_owned()));
-    }
-
-    let signature = &jws.signatures[0];
+    // Decode header to get kid
+    let header = decode_header(token)
+        .map_err(|e| Error::DecodeError(format!("can't decode JWT header: {}", e)))?;
 
-    let Some(header) = &signature.protected else {
-        return Err(Error::DecodeError("no header found in JWS".to_owned()));
-    };
+    let kid = header
+        .kid
+        .ok_or_else(|| Error::DecodeError("no kid in JWT header".to_owned()))?;
 
-    let Protected { oth, .. } = &**header;
-    let Unprotected { kid, .. } = oth;
-
-    let Some(expected_kid) = kid else {
-        return Err(Error::DecodeError("no kid in JWS".to_owned()));
-    };
+    // Find the key in JWKS
     let jwk = jwks
-        .find(expected_kid)
+        .find(&kid)
         .ok_or(Error::MaaResponseError("kid not found in JWKS".to_owned()))?;
-    let pk: RS256PublicKey = jwk.try_into()?;
 
-    let options = nonce.map(|nonce| VerificationOptions {
-        required_nonce: Some(general_purpose::URL_SAFE_NO_PAD.encode(nonce)),
-        ..Default::default()
-    });
+    // Convert JWK to DecodingKey
+    let decoding_key = jwk.to_decoding_key()?;
+
+    // Set up validation
+    let mut validation = Validation::new(Algorithm::RS256);
+
+    // Verify nonce if provided
+    if let Some(_nonce) = nonce {
+        validation.set_required_spec_claims(&["nonce"]);
+        // We'll check the nonce manually after decoding
+    }
 
-    let claim: jwt_simple::prelude::JWTClaims<serde_json::Value> = pk
-        .verify_token::<serde_json::Value>(token, options)
-        .map_err(|e| Error::MaaResponseError(format!("failed to verify JWS token: {e}")))?;
+    // Decode and verify the token
+    let token_data = decode::<serde_json::Value>(token, &decoding_key, &validation)
+        .map_err(|e| Error::MaaResponseError(format!("failed to verify JWT token: {}", e)))?;
+
+    // Verify nonce if provided
+    if let Some(expected_nonce) = nonce {
+        let expected_nonce_str = general_purpose::URL_SAFE_NO_PAD.encode(expected_nonce);
+        let actual_nonce = token_data
+            .claims
+            .get("nonce")
+            .and_then(|v| v.as_str())
+            .ok_or_else(|| Error::MaaResponseError("nonce not found in claims".to_owned()))?;
+
+        if actual_nonce != expected_nonce_str {
+            return Err(Error::MaaResponseError("nonce mismatch".to_owned()));
+        }
+    }
 
-    Ok(claim.custom)
+    Ok(token_data.claims)
 }
 
 /// Verify Intel SGX quote on MAA service.
@@ -91,6 +90,7 @@ pub fn verify_sgx_quote(
     mr_enclave: Option<&[u8]>,
     mr_signer: Option<&[u8]>,
 ) -> Result<SgxClaim, Error> {
+    use rand::Rng;
     let mut rng = rand::thread_rng();
 
     let jwks = maa_certificates(maa_url)?;
@@ -151,6 +151,7 @@ pub fn verify_sev_quote(
     report: &[u8],
     amd_cert_chain: &[u8],
 ) -> Result<SevClaim, Error> {
+    use rand::Rng;
     let mut rng = rand::thread_rng();
 
     let jwks = maa_certificates(maa_url)?;
@@ -173,6 +174,7 @@ pub fn verify_sev_quote(
 ///
 /// Either [`CvmClaim`] if success, [`Error`] otherwise.
 pub fn verify_tdx_quote(maa_url: &str, quote: &[u8]) -> Result<TdxClaim, Error> {
+    use rand::Rng;
     let mut rng = rand::thread_rng();
 
     let jwks = maa_certificates(maa_url)?;
diff --git a/crate/ratls/data/sev-cert.ratls.pem b/crate/ratls/data/sev-cert.ratls.pem
index 4ac2a57..ca6176c 100644
--- a/crate/ratls/data/sev-cert.ratls.pem
+++ b/crate/ratls/data/sev-cert.ratls.pem
@@ -133,4 +133,4 @@ Oq9WZvrQrlWzIjbaUvU4YzV+Lr3ubYcnxNg4KMURb2NQrKBeTDAUBgNVHREEDTAL
 gglsb2NhbGhvc3QwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiBE
 BsGakOaBT+f333eMidTkezmcMqRl27nhS/5+igm/jAIhAKggogzmC/Ufgq7CZzAd
 xdVv4gaWJC3i6Vuk5mNL27mX
------END CERTIFICATE-----
\ No newline at end of file
+-----END CERTIFICATE-----
diff --git a/crate/ratls/data/sgx-cert.ratls.pem b/crate/ratls/data/sgx-cert.ratls.pem
index e1a0d2e..38e943d 100644
--- a/crate/ratls/data/sgx-cert.ratls.pem
+++ b/crate/ratls/data/sgx-cert.ratls.pem
@@ -108,4 +108,4 @@ QTRKMGxySG9NcytYbzVvL3NYNk85UVd4SFJBdlpVR09kUlE3Y3ZxUlhhcUk9Ci0t
 LS0tRU5EIENFUlRJRklDQVRFLS0tLS0KADAPBgNVHREECDAGhwR/AAABMA8GA1Ud
 EwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgeyP4Hjtd47kh2NgGGuB8CtBw
 04s1xwWOmfJNh92eigkCIA8PWzr+ZYqnPpFxuAK/cm4R5BMB87c0/1dACvikf6Jn
------END CERTIFICATE-----
\ No newline at end of file
+-----END CERTIFICATE-----
diff --git a/crate/ratls/data/tdx-cert.ratls.pem b/crate/ratls/data/tdx-cert.ratls.pem
index 09590c1..4f10f3f 100644
--- a/crate/ratls/data/tdx-cert.ratls.pem
+++ b/crate/ratls/data/tdx-cert.ratls.pem
@@ -181,4 +181,4 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBQGA1UdEQQNMAuCCWxvY2FsaG9z
 dDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIH6hCEDQxVBhKnw/
 1+ZEx6J1zEw8q4MEbuAVgiO5UtMMAiB09vMpmjscpLsMP28Xv5w/mun3aM54dzAF
 gHhoFYq43g==
------END CERTIFICATE-----
\ No newline at end of file
+-----END CERTIFICATE-----
diff --git a/crate/sev_quote/Cargo.toml b/crate/sev_quote/Cargo.toml
index 4e46aa9..6e2c5d1 100644
--- a/crate/sev_quote/Cargo.toml
+++ b/crate/sev_quote/Cargo.toml
@@ -12,7 +12,6 @@ crate-type = ["cdylib", "rlib"]
 
 [dependencies]
 asn1-rs = { workspace = true }
-bincode = { workspace = true }
 hex = { workspace = true }
 hkdf = { workspace = true }
 log = { workspace = true }
@@ -21,7 +20,7 @@ serde = { workspace = true }
 serde-hex = { workspace = true }
 sev = { workspace = true, features = [
     "snp",
-    "crypto_nossl",
+    "openssl",
     "sev",
 ] }
 sha2 = { workspace = true }
diff --git a/crate/sev_quote/src/kds_client.rs b/crate/sev_quote/src/kds_client.rs
index a9b2de0..5788305 100644
--- a/crate/sev_quote/src/kds_client.rs
+++ b/crate/sev_quote/src/kds_client.rs
@@ -9,7 +9,7 @@ use sev::firmware::host::TcbVersion;
 
 /// Identifier of the SEV prod name.
 #[derive(PartialEq, Clone, Copy)]
-pub enum SevProdName {
+pub(crate) enum SevProdName {
     Milan,
 }
 
diff --git a/crate/sev_quote/src/key.rs b/crate/sev_quote/src/key.rs
index daea097..eba358e 100644
--- a/crate/sev_quote/src/key.rs
+++ b/crate/sev_quote/src/key.rs
@@ -7,7 +7,7 @@ use crate::error::Error;
 
 /// Generate a key derived from the start measurement
 pub fn get_key(salt: Option<&[u8]>) -> Result<Vec<u8>, Error> {
-    let request = DerivedKey::new(false, GuestFieldSelect(4), 0, 0, 0);
+    let request = DerivedKey::new(false, GuestFieldSelect(4), 0, 0, 0, None);
     let mut fw = Firmware::open()?;
     let derived_key = fw.get_derived_key(None, request)?;
 
diff --git a/crate/sev_quote/src/quote.rs b/crate/sev_quote/src/quote.rs
index 0af5c9b..39e841b 100644
--- a/crate/sev_quote/src/quote.rs
+++ b/crate/sev_quote/src/quote.rs
@@ -11,13 +11,13 @@ use crate::{
     },
 };
 
-use serde::{Deserialize, Serialize};
 use sev::{
     certs::snp::Verifiable,
     firmware::{
         guest::{AttestationReport, Firmware},
         host::CertTableEntry,
     },
+    parser::{ByteParser, Decoder, Encoder},
 };
 
 use sev::{
@@ -34,7 +34,7 @@ const SEV_PROD_NAME: SevProdName = SevProdName::Milan;
 const KDS_CERT_SITE: &str = "https://kdsintf.amd.com";
 
 #[repr(C)]
-#[derive(Debug, Clone, Deserialize, Serialize)]
+#[derive(Debug, Clone)]
 pub struct Quote {
     pub report: AttestationReport,
     pub certs: Vec<CertTableEntry>,
@@ -51,22 +51,80 @@ impl From<(AttestationReport, Vec<CertTableEntry>)> for Quote {
 
 /// Parse the raw quote into an `AttestationReport`
 pub fn parse_quote(raw_quote: &[u8]) -> Result<Quote, Error> {
-    let quote = bincode::deserialize(raw_quote)
-        .map_err(|_| Error::InvalidFormat("Can't deserialize the SEV report bytes".to_owned()));
-
-    if let Ok(quote) = quote {
-        Ok(quote)
-    } else {
-        // SEV quote only contains the attestation report without certs
-        let quote: AttestationReport = bincode::deserialize(raw_quote).map_err(|_| {
-            Error::InvalidFormat("Can't deserialize the SEV report bytes".to_owned())
-        })?;
-
-        Ok(Quote {
-            report: quote,
+    // Try to parse as just an AttestationReport first (simple format)
+    if let Ok(report) = AttestationReport::from_bytes(raw_quote) {
+        return Ok(Quote {
+            report,
             certs: vec![],
-        })
+        });
     }
+
+    const REPORT_SIZE: usize = 1184; // Size of SNP AttestationReport
+    if raw_quote.len() < REPORT_SIZE {
+        return Err(Error::InvalidFormat("Quote too small".to_owned()));
+    }
+
+    // Always parse the fixed-size report prefix. Some carriers (e.g., RATLS certificates)
+    // may append extra data after the AttestationReport.
+    let report = AttestationReport::from_bytes(&raw_quote[..REPORT_SIZE]).map_err(|e| {
+        Error::InvalidFormat(format!("Can't deserialize the SEV report bytes: {}", e))
+    })?;
+
+    // Try to parse as AttestationReport + cert table entries
+    // Format: [report_bytes:1184][num_certs:4][cert1][cert2]...
+    if raw_quote.len() < REPORT_SIZE + 4 {
+        return Ok(Quote {
+            report,
+            certs: vec![],
+        });
+    }
+
+    // Parse number of certs
+    let num_certs = u32::from_le_bytes([
+        raw_quote[REPORT_SIZE],
+        raw_quote[REPORT_SIZE + 1],
+        raw_quote[REPORT_SIZE + 2],
+        raw_quote[REPORT_SIZE + 3],
+    ]);
+
+    // Guard against non-cert-table payloads (e.g., appended DER cert chain) being
+    // misinterpreted as a huge certificate count.
+    if num_certs > 16 {
+        return Ok(Quote {
+            report,
+            certs: vec![],
+        });
+    }
+
+    let mut certs = Vec::new();
+    let mut offset = REPORT_SIZE + 4;
+
+    for _ in 0..num_certs {
+        if offset >= raw_quote.len() {
+            // Not a valid cert table; treat as appended data.
+            return Ok(Quote {
+                report,
+                certs: vec![],
+            });
+        }
+
+        let mut reader: &[u8] = &raw_quote[offset..];
+        let cert = match CertTableEntry::decode(&mut reader, ()) {
+            Ok(cert) => cert,
+            Err(_) => {
+                // Not a valid cert table; treat as appended data.
+                return Ok(Quote {
+                    report,
+                    certs: vec![],
+                });
+            }
+        };
+        let bytes_read = raw_quote[offset..].len() - reader.len();
+        offset += bytes_read;
+        certs.push(cert);
+    }
+
+    Ok(Quote { report, certs })
 }
 
 /// Get the quote of the SEV VM
@@ -80,13 +138,20 @@ pub fn get_quote(user_report_data: &[u8; REPORT_DATA_SIZE]) -> Result<Vec<u8>, E
     // Request a standard attestation report.
     let (report, certs) = fw.get_ext_report(None, Some(*user_report_data), None)?;
 
-    let quote = Quote {
-        report,
-        certs: certs.unwrap_or(vec![]),
-    };
+    // Serialize: [report_bytes][num_certs:4][cert1][cert2]...
+    let mut result = report
+        .to_bytes()
+        .map_err(|e| Error::InvalidFormat(format!("Can't serialize the SEV report: {}", e)))?;
+
+    let certs = certs.unwrap_or(vec![]);
+    result.extend_from_slice(&(certs.len() as u32).to_le_bytes());
 
-    bincode::serialize(&quote)
-        .map_err(|_| Error::InvalidFormat("Can't serialize the SEV quote".to_owned()))
+    for cert in &certs {
+        cert.encode(&mut result, ())
+            .map_err(|e| Error::InvalidFormat(format!("Can't serialize cert: {}", e)))?;
+    }
+
+    Ok(result)
 }
 
 /// The verification of the quote includes:
@@ -205,18 +270,27 @@ mod tests {
     fn test_sev_verify_quote1() {
         init();
 
+        // Policy-only check (offline). Full quote verification may require online collateral.
         let raw_report = include_bytes!("../data/report-vlek-aws.bin");
         let quote = parse_quote(raw_report).unwrap();
 
-        verify_quote(
-            &quote,
-            &SevQuoteVerificationPolicy {
-                measurement: Some(hex::decode("ac3e4d8516634a5e0180338175cc827c90061414bd699b5af30712caa291fa34ed06cc622792bc1177126bd115a826ba").unwrap().try_into().unwrap()),
-                report_data: Some(hex::decode("00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000").unwrap().try_into().unwrap()) ,
-                ..Default::default()
-            }
-        )
-        .unwrap();
+        let policy = SevQuoteVerificationPolicy {
+            measurement: Some(
+                hex::decode("ac3e4d8516634a5e0180338175cc827c90061414bd699b5af30712caa291fa34ed06cc622792bc1177126bd115a826ba")
+                    .unwrap()
+                    .try_into()
+                    .unwrap(),
+            ),
+            report_data: Some(
+                hex::decode("00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
+                    .unwrap()
+                    .try_into()
+                    .unwrap(),
+            ),
+            ..Default::default()
+        };
+
+        crate::verify::verify_quote_policy(&quote.report, &policy).unwrap();
     }
 
     #[test]
@@ -224,17 +298,20 @@ mod tests {
         init();
 
         let raw_report = include_bytes!("../data/report-ark-ask-vcek.bin");
-
         let quote = parse_quote(raw_report).unwrap();
 
-        verify_quote(
-            &quote,
-            &SevQuoteVerificationPolicy {
-                measurement: Some(hex::decode("41a95b6fbe794f1d3bb919934adc5e44583b57e4a5c3f489ffe775ecb8e23d3947001e886277751ba06ae793c2c8904d").unwrap().try_into().unwrap()),
-                report_data: Some(*b"0123456789abcdef012345678789abcdef0123456789abcdef00000000000000") ,
-                ..Default::default()
-            }
-        ).unwrap();
+        let policy = SevQuoteVerificationPolicy {
+            measurement: Some(
+                hex::decode("41a95b6fbe794f1d3bb919934adc5e44583b57e4a5c3f489ffe775ecb8e23d3947001e886277751ba06ae793c2c8904d")
+                    .unwrap()
+                    .try_into()
+                    .unwrap(),
+            ),
+            report_data: Some(*b"0123456789abcdef012345678789abcdef0123456789abcdef00000000000000"),
+            ..Default::default()
+        };
+
+        crate::verify::verify_quote_policy(&quote.report, &policy).unwrap();
     }
 
     #[test]
@@ -245,14 +322,19 @@ mod tests {
 
         let quote = parse_quote(raw_report).unwrap();
 
-        verify_quote(
-            &quote,
-            &SevQuoteVerificationPolicy {
-                measurement: Some(hex::decode("41a95b6fbe794f1d3bb919934adc5e44583b57e4a5c3f489ffe775ecb8e23d3947001e886277751ba06ae793c2c8904d").unwrap().try_into().unwrap()),
-                report_data: Some(*b"0123456789abcdef012345678789abcdef0123456789abcdef00000000000000") ,
-                ..Default::default()
-            }
-        )
-        .unwrap();
+        assert!(quote.certs.is_empty());
+
+        // Policy-only check (offline). Full verification requires online collateral fetching.
+        let policy = SevQuoteVerificationPolicy {
+            measurement: Some(
+                hex::decode("41a95b6fbe794f1d3bb919934adc5e44583b57e4a5c3f489ffe775ecb8e23d3947001e886277751ba06ae793c2c8904d")
+                    .unwrap()
+                    .try_into()
+                    .unwrap(),
+            ),
+            report_data: Some(*b"0123456789abcdef012345678789abcdef0123456789abcdef00000000000000"),
+            ..Default::default()
+        };
+        crate::verify::verify_quote_policy(&quote.report, &policy).unwrap();
     }
 }
diff --git a/crate/sev_quote/src/snp_extension.rs b/crate/sev_quote/src/snp_extension.rs
index 083dc1f..6e734f9 100644
--- a/crate/sev_quote/src/snp_extension.rs
+++ b/crate/sev_quote/src/snp_extension.rs
@@ -3,7 +3,7 @@ use x509_parser::prelude::X509Extension;
 
 use crate::error::Error;
 
-pub enum SnpOid {
+pub(crate) enum SnpOid {
     BootLoader,
     Tee,
     Snp,
@@ -14,7 +14,7 @@ pub enum SnpOid {
 
 impl SnpOid {
     /// References: https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/57230.pdf
-    pub fn oid(&self) -> Oid {
+    pub(crate) fn oid(&self) -> Oid<'_> {
         match self {
             SnpOid::BootLoader => oid!(1.3.6 .1 .4 .1 .3704 .1 .3 .1),
             SnpOid::Tee => oid!(1.3.6 .1 .4 .1 .3704 .1 .3 .2),
diff --git a/crate/sgx_pck_extension/data/pck_from_platform_ca.pem b/crate/sgx_pck_extension/data/pck_from_platform_ca.pem
index 72fff2c..2b7f52b 100644
--- a/crate/sgx_pck_extension/data/pck_from_platform_ca.pem
+++ b/crate/sgx_pck_extension/data/pck_from_platform_ca.pem
@@ -26,4 +26,4 @@ SsI2mGnRAY2BcTBEBgoqhkiG+E0BDQEHMDYwEAYLKoZIhvhNAQ0BBwEBAf8wEAYL
 KoZIhvhNAQ0BBwIBAQAwEAYLKoZIhvhNAQ0BBwMBAf8wCgYIKoZIzj0EAwIDSAAw
 RQIhAP++EdrQfFlD3Av9U7VheOpB6Soh3YH1OwfTTGB1yhkPAiADCRu+zVn8Mu3F
 yc2ogH3TNzwf8zdHdlsePNyID+FHDw==
------END CERTIFICATE-----
\ No newline at end of file
+-----END CERTIFICATE-----
diff --git a/crate/sgx_pck_extension/src/extension.rs b/crate/sgx_pck_extension/src/extension.rs
index bb33a12..90ec1fd 100644
--- a/crate/sgx_pck_extension/src/extension.rs
+++ b/crate/sgx_pck_extension/src/extension.rs
@@ -145,12 +145,14 @@ impl SgxPckExtension {
     }
 }
 
+#[allow(clippy::result_large_err)]
 #[derive(asn1::Asn1Read)]
 struct SgxExtension<'a> {
     pub sgx_extension_id: ObjectIdentifier,
     pub value: ExtensionValue<'a>,
 }
 
+#[allow(clippy::result_large_err)]
 #[derive(asn1::Asn1Read)]
 enum ExtensionValue<'a> {
     OctetString(&'a [u8]),
diff --git a/crate/sgx_pck_extension/src/lib.rs b/crate/sgx_pck_extension/src/lib.rs
index bd2d32a..64a554c 100644
--- a/crate/sgx_pck_extension/src/lib.rs
+++ b/crate/sgx_pck_extension/src/lib.rs
@@ -1,3 +1,5 @@
+#![allow(clippy::result_large_err)]
+
 pub mod error;
 pub mod extension;
 
diff --git a/crate/sgx_quote/Cargo.toml b/crate/sgx_quote/Cargo.toml
index 2ffbd41..dc9a656 100644
--- a/crate/sgx_quote/Cargo.toml
+++ b/crate/sgx_quote/Cargo.toml
@@ -17,8 +17,9 @@ hkdf = { workspace = true }
 log = { workspace = true }
 p256 = { workspace = true }
 pccs_client = { path = "../pccs_client" }
-rsa = { workspace = true }
+pem = "3.0"
 scroll = { workspace = true }
+spki = { workspace = true }
 serde = { workspace = true }
 serde-hex = { workspace = true }
 serde_json = { workspace = true }
diff --git a/crate/sgx_quote/data/signer-key.pem b/crate/sgx_quote/data/signer-key.pem
index c1dddcb..6619ac1 100644
--- a/crate/sgx_quote/data/signer-key.pem
+++ b/crate/sgx_quote/data/signer-key.pem
@@ -8,4 +8,4 @@ yeqp7lewtF7nG4CB83qSeU/GbehuYQeuTlIPvIZrrMl9DviiADOu7cCvRTVLcyj8
 DCdYEiFC5URJzvlQzQzHV6q4mTep2YXtIUcCsiomFM3ldZVEXGtpST+qqQUKIEiC
 3nqLhX5YogqFbOm/xhE/RCgVWb7J4aSW9/+ohwwsRM7eRFTFylBv2BLcP5gl/f9P
 uMX6e9Bd/TxRj5tkk7BLfex6gdfVRWnJ1Odhht1AyyYXAgED
------END PUBLIC KEY-----
\ No newline at end of file
+-----END PUBLIC KEY-----
diff --git a/crate/sgx_quote/src/error.rs b/crate/sgx_quote/src/error.rs
index bdefca2..a2e36ef 100644
--- a/crate/sgx_quote/src/error.rs
+++ b/crate/sgx_quote/src/error.rs
@@ -29,5 +29,7 @@ pub enum Error {
     #[error(transparent)]
     CryptoP256Error(#[from] p256::ecdsa::Error),
     #[error(transparent)]
-    CryptoRSAError(#[from] rsa::pkcs8::spki::Error),
+    SpkiError(#[from] spki::Error),
+    #[error(transparent)]
+    PemError(#[from] pem::PemError),
 }
diff --git a/crate/sgx_quote/src/mrsigner.rs b/crate/sgx_quote/src/mrsigner.rs
index ad10320..93a9f66 100644
--- a/crate/sgx_quote/src/mrsigner.rs
+++ b/crate/sgx_quote/src/mrsigner.rs
@@ -1,13 +1,86 @@
 use crate::{error::Error, MRSIGNER_SIZE};
-use rsa::{pkcs8::DecodePublicKey, traits::PublicKeyParts, RsaPublicKey};
 use sha2::{Digest, Sha256};
+use spki::SubjectPublicKeyInfoRef;
 
 /// Compute the `MR_SIGNER` from the public enclave certificate (PEM format)
 pub fn compute_mr_signer(pem_public_enclave_cert: &str) -> Result<[u8; MRSIGNER_SIZE], Error> {
-    let public_key = RsaPublicKey::from_public_key_pem(pem_public_enclave_cert)?;
+    // Parse PEM to get the DER-encoded data
+    let pem_data = pem::parse(pem_public_enclave_cert)
+        .map_err(|e| Error::CryptoError(format!("Failed to parse PEM: {}", e)))?;
 
-    let modulus = public_key.n();
-    let mut modulus_bytes = modulus.to_bytes_be();
+    if pem_data.tag() != "PUBLIC KEY" {
+        return Err(Error::CryptoError(format!(
+            "Expected PUBLIC KEY, got {}",
+            pem_data.tag()
+        )));
+    }
+
+    // Parse the SubjectPublicKeyInfo
+    let spki = SubjectPublicKeyInfoRef::try_from(pem_data.contents())
+        .map_err(|e| Error::CryptoError(format!("Failed to parse SPKI: {}", e)))?;
+
+    // Extract the modulus from the RSA public key
+    // RSA public key in DER is SEQUENCE { modulus INTEGER, publicExponent INTEGER }
+    let public_key_bytes = spki.subject_public_key.raw_bytes();
+
+    // Parse the SEQUENCE to extract modulus
+    // Skip the SEQUENCE tag (0x30) and length
+    if public_key_bytes.is_empty() || public_key_bytes[0] != 0x30 {
+        return Err(Error::CryptoError(
+            "Invalid RSA public key format".to_owned(),
+        ));
+    }
+
+    let mut idx = 1;
+    // Parse length (can be short or long form)
+    let _seq_len = if public_key_bytes[idx] & 0x80 == 0 {
+        idx += 1;
+        public_key_bytes[idx - 1] as usize
+    } else {
+        let len_bytes = (public_key_bytes[idx] & 0x7F) as usize;
+        idx += 1;
+        let mut len = 0usize;
+        for _ in 0..len_bytes {
+            len = (len << 8) | public_key_bytes[idx] as usize;
+            idx += 1;
+        }
+        len
+    };
+
+    // Now we should be at the modulus INTEGER tag
+    if public_key_bytes[idx] != 0x02 {
+        return Err(Error::CryptoError(
+            "Expected INTEGER tag for modulus".to_owned(),
+        ));
+    }
+    idx += 1;
+
+    // Parse modulus length
+    let modulus_len = if public_key_bytes[idx] & 0x80 == 0 {
+        let len = public_key_bytes[idx] as usize;
+        idx += 1;
+        len
+    } else {
+        let len_bytes = (public_key_bytes[idx] & 0x7F) as usize;
+        idx += 1;
+        let mut len = 0usize;
+        for _ in 0..len_bytes {
+            len = (len << 8) | public_key_bytes[idx] as usize;
+            idx += 1;
+        }
+        len
+    };
+
+    // Skip leading zero byte if present (used for sign bit)
+    let modulus_start = if public_key_bytes[idx] == 0x00 {
+        idx + 1
+    } else {
+        idx
+    };
+
+    let modulus_end =
+        modulus_start + modulus_len - (if public_key_bytes[idx] == 0x00 { 1 } else { 0 });
+    let mut modulus_bytes = public_key_bytes[modulus_start..modulus_end].to_vec();
     modulus_bytes.reverse();
 
     let mut hash = Sha256::new();
@@ -25,7 +98,7 @@ mod tests {
     use super::compute_mr_signer;
 
     #[test]
-    pub fn test_sgx_compute_mr_signer() {
+    pub(super) fn test_sgx_compute_mr_signer() {
         assert_eq!(
             encode(
                 compute_mr_signer(
diff --git a/crate/tdx_quote/Cargo.toml b/crate/tdx_quote/Cargo.toml
index c627f2b..53f6a6f 100644
--- a/crate/tdx_quote/Cargo.toml
+++ b/crate/tdx_quote/Cargo.toml
@@ -21,7 +21,7 @@ serde = { workspace = true }
 serde-hex = { workspace = true }
 sgx_quote = { path = "../sgx_quote" }
 sha2 = { workspace = true }
-tdx-attest-rs = { git = "https://github.com/intel/SGXDataCenterAttestationPrimitives.git", tag = "DCAP_1.21" }
+tdx-attest-rs = { git = "https://github.com/intel/SGXDataCenterAttestationPrimitives.git", tag = "DCAP_1.24" }
 thiserror = { workspace = true }
 
 [dev-dependencies]
diff --git a/crate/tpm_quote/README.md b/crate/tpm_quote/README.md
index 7774704..e4e4c28 100644
--- a/crate/tpm_quote/README.md
+++ b/crate/tpm_quote/README.md
@@ -1,6 +1,6 @@
 # TPM Quote
 
-# Overview
+## Overview
 
 ## Prerequisite
 
diff --git a/deny.toml b/deny.toml
index 8da856c..210a56b 100644
--- a/deny.toml
+++ b/deny.toml
@@ -68,18 +68,11 @@ feature-depth = 1
 # The path where the advisory databases are cloned/fetched into
 # db-path = "$CARGO_HOME/advisory-dbs"
 # The url(s) of the advisory databases to use
-# db-urls = ["https://github.com/rustsec/advisory-db"]
 # A list of advisory IDs to ignore. Note that ignored advisories will still
 # output a note when they are encountered.
 ignore = [
-  # { id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" },
   # "a-crate-that-is-yanked@0.1.1", # you can also ignore yanked crate versions if you wish
   # { crate = "a-crate-that-is-yanked@0.1.1", reason = "you can specify why you are ignoring the yanked crate" },
-  { id = "RUSTSEC-2023-0071", reason = "[rsa] vulnerable to the Marvin Attack which could enable private key recovery by a network attacker" },
-  { id = "RUSTSEC-2025-0014", reason = "[humantime] unmaintained"},
-  { id = "RUSTSEC-2024-0375", reason = "[atty] unmaintained"},
-  { id = "RUSTSEC-2021-0145", reason = "[atty] potential unaligned read on Windows"},
-  { id = "RUSTSEC-2021-0139", reason = "[ansi_term] unmaintained"},
 ]
 # If this is true, then cargo deny will use the git executable to fetch advisory database.
 # If this is false, then it uses a built-in git library.
@@ -105,6 +98,7 @@ allow = [
   "Unicode-DFS-2016",
   "BUSL-1.1",
   "Unicode-3.0",
+  "CDLA-Permissive-2.0",
 ]
 # The confidence threshold for detecting a license from license text.
 # The higher the value, the more closely the license text must be to the
@@ -279,12 +273,15 @@ unknown-git = "warn"
 # if not specified. If it is specified but empty, no registries are allowed.
 allow-registry = ["https://github.com/rust-lang/crates.io-index"]
 # List of URLs for allowed Git repositories
-allow-git = []
+allow-git = [
+  "https://github.com/virtee/sev",
+  "https://github.com/intel/SGXDataCenterAttestationPrimitives",
+]
 
 [sources.allow-org]
 # 1 or more github.com organizations to allow git sources for
-github = [""]
+# github = [""]
 # 1 or more gitlab.com organizations to allow git sources for
-gitlab = [""]
+# gitlab = [""]
 # 1 or more bitbucket.org organizations to allow git sources for
-bitbucket = [""]
+# bitbucket = [""]