diff --git a/src/migtd/src/migration/rebinding.rs b/src/migtd/src/migration/rebinding.rs
index f9d28ed9..c5eac850 100644
--- a/src/migtd/src/migration/rebinding.rs
+++ b/src/migtd/src/migration/rebinding.rs
@@ -675,9 +675,11 @@ async fn rebinding_new_prepare(
     let rebind_token = tls_receive_rebind_token(&mut ratls_server).await?;
 
     // The TLS session is established; we can now extract servtd_ext from the peer certificates.
-    let servtd_ext = get_servtd_ext_from_cert(&ratls_server.peer_certs())?;
+    let mut servtd_ext = get_servtd_ext_from_cert(&ratls_server.peer_certs())?;
     write_rebinding_session_token(&rebind_token.token)?;
     write_servtd_rebind_attr(&servtd_ext.cur_servtd_attr)?;
+    servtd_ext.cur_servtd_info_hash.fill(0);
+    servtd_ext.cur_servtd_attr.fill(0);
     write_approved_servtd_ext_hash(&servtd_ext.calculate_approved_servtd_ext_hash()?)?;
 
     shutdown_transport(ratls_server.transport_mut(), info.mig_request_id).await?;
diff --git a/src/migtd/src/migration/servtd_ext.rs b/src/migtd/src/migration/servtd_ext.rs
index c8325163..01d587c1 100644
--- a/src/migtd/src/migration/servtd_ext.rs
+++ b/src/migtd/src/migration/servtd_ext.rs
@@ -33,6 +33,7 @@ pub struct ServtdExt {
     pub init_cpusvn: [u8; 16],
     pub init_tee_tcb_svn: [u8; 16],
     pub init_tee_model: [u8; 12],
+    reserved1: [u8; 4],
     pub cur_servtd_info_hash: [u8; 48],
     pub cur_servtd_attr: [u8; 8],
     reserved2: [u8; 104],
@@ -117,6 +118,7 @@ pub fn read_servtd_ext(
         init_cpusvn,
         init_tee_tcb_svn,
         init_tee_model,
+        reserved1: [0u8; 4],
         cur_servtd_info_hash,
         cur_servtd_attr,
         reserved: [0u8; 8],
@@ -146,6 +148,6 @@ mod test {
 
     #[test]
     fn test_structure_sizes() {
-        assert_eq!(size_of::<ServtdExt>(), 268)
+        assert_eq!(size_of::<ServtdExt>(), 272)
     }
 }