By default, CCF fetches the AMD collateral via a mounted path, exposed through UVM_SECURITY_CONTEXT_DIR, which also contains the UVM collateral and the container's security policy.

There are two problems with this:

1. That does not work in Confidential AKS, which does not expose the AMD endorsement directly.
2. There is a race condition between the creation of those files and a potential TCB update. So it is necessary to query a service with the relevant tcbm to be guaranteed a fresh endorsement.

Fetching the AMD collateral via the THIM service resolves both problems. Unfortunately it creates a fresh problem: Confidential ACI does not expose THIM yet, and so falling back to the file when present will be necessary.

https://github.com/microsoft/CCF/releases/tag/ccf-5.0.0-dev11 has full support for THIM, and removed hardcoded ACI env vars. THIM is not default though, because the address differs depending on the platform (ACI vs AKS), and so needs configuration unfortunately.