diff --git a/attestation-agent/kbs_protocol/src/client/rcar_client.rs b/attestation-agent/kbs_protocol/src/client/rcar_client.rs
index 7ba4c6fe4..e68076b0e 100644
--- a/attestation-agent/kbs_protocol/src/client/rcar_client.rs
+++ b/attestation-agent/kbs_protocol/src/client/rcar_client.rs
@@ -302,8 +302,10 @@ mod test {
         // a start script
         let mut start_kbs_script = env::current_dir().expect("get cwd");
         let mut kbs_config = start_kbs_script.clone();
+        let mut policy = start_kbs_script.clone();
         start_kbs_script.push("test/start_kbs.sh");
         kbs_config.push("test/kbs-config.toml");
+        policy.push("test/policy.rego");
 
         let image = GenericImage::new(
             "ghcr.io/confidential-containers/staged-images/kbs",
@@ -322,6 +324,10 @@ mod test {
             kbs_config.into_os_string().to_string_lossy(),
             "/etc/kbs-config.toml",
         )
+        .with_volume(
+            policy.into_os_string().to_string_lossy(),
+            "/opa/confidential-containers/kbs/policy.rego",
+        )
         .with_entrypoint("/usr/local/bin/start_kbs.sh");
         let kbs = docker.run(image);
 
@@ -329,7 +335,6 @@ mod test {
         let port = kbs.get_host_port_ipv4(8085);
         let kbs_host_url = format!("http://127.0.0.1:{port}");
 
-        env::set_var("AA_SAMPLE_ATTESTER_TEST", "1");
         let evidence_provider = Box::new(NativeEvidenceProvider::new().unwrap());
         let mut client = KbsClientBuilder::with_evidence_provider(evidence_provider, &kbs_host_url)
             .build()
diff --git a/attestation-agent/kbs_protocol/test/kbs-config.toml b/attestation-agent/kbs_protocol/test/kbs-config.toml
index 067b129f9..8d021c0d0 100644
--- a/attestation-agent/kbs_protocol/test/kbs-config.toml
+++ b/attestation-agent/kbs_protocol/test/kbs-config.toml
@@ -1,3 +1,6 @@
 insecure_http = true
 insecure_api = true
 sockets = ["0.0.0.0:8085"]
+
+[attestation_token_config]
+attestation_token_type = "CoCo"
\ No newline at end of file
diff --git a/attestation-agent/kbs_protocol/test/policy.rego b/attestation-agent/kbs_protocol/test/policy.rego
new file mode 100644
index 000000000..747c5fe82
--- /dev/null
+++ b/attestation-agent/kbs_protocol/test/policy.rego
@@ -0,0 +1,7 @@
+package policy
+
+default allow = false
+
+allow {
+	input["tee"] == "sample"
+}