diff --git a/cc/utils/cose/BUILD b/cc/utils/cose/BUILD
index f322c5d4525..950285c68d8 100644
--- a/cc/utils/cose/BUILD
+++ b/cc/utils/cose/BUILD
@@ -62,14 +62,11 @@ cc_test(
     name = "cwt_test",
     size = "small",
     srcs = ["cwt_test.cc"],
-    data = [
-        "//oak_attestation_verification/testdata:oc_evidence.textproto",
-    ],
+    data = ["//oak_attestation_verification/testdata:evidence"],
     deps = [
         ":cwt",
         "//proto/attestation:evidence_cc_proto",
         "@com_google_absl//absl/strings",
         "@com_google_googletest//:gtest_main",
-        "@com_google_protobuf//:protobuf",
     ],
 )
diff --git a/cc/utils/cose/cwt_test.cc b/cc/utils/cose/cwt_test.cc
index 61940ab7fba..094e010542a 100644
--- a/cc/utils/cose/cwt_test.cc
+++ b/cc/utils/cose/cwt_test.cc
@@ -24,8 +24,6 @@
 
 #include "absl/strings/string_view.h"
 #include "gmock/gmock.h"
-#include "google/protobuf/io/zero_copy_stream_impl.h"
-#include "google/protobuf/text_format.h"
 #include "gtest/gtest.h"
 #include "proto/attestation/evidence.pb.h"
 
@@ -36,7 +34,8 @@ using ::oak::attestation::v1::Evidence;
 using ::testing::ElementsAreArray;
 
 constexpr absl::string_view kTestEvidencePath =
-    "oak_attestation_verification/testdata/oc_evidence.textproto";
+    "oak_attestation_verification/testdata/oc_evidence.binarypb";
+
 // Public key extracted from the `kTestEvidencePath`
 // `encryption_public_key_certificate`.
 constexpr uint8_t kTestPublicKey[] = {169, 153, 134, 149, 237, 126, 255, 33,
@@ -47,18 +46,12 @@ constexpr uint8_t kTestPublicKey[] = {169, 153, 134, 149, 237, 126, 255, 33,
 class CertificateTest : public testing::Test {
  protected:
   void SetUp() override {
-    std::ifstream test_evidence_file(kTestEvidencePath.data());
-    ASSERT_TRUE(test_evidence_file);
-    google::protobuf::io::IstreamInputStream test_evidence_protobuf_stream(
-        &test_evidence_file);
-
-    auto test_evidence = std::make_unique<Evidence>();
-    bool parse_success = google::protobuf::TextFormat::Parse(
-        &test_evidence_protobuf_stream, test_evidence.get());
-    ASSERT_TRUE(parse_success);
-
+    std::ifstream stream(kTestEvidencePath.data());
+    ASSERT_TRUE(stream);
+    auto evidence = std::make_unique<Evidence>();
+    ASSERT_TRUE(evidence->ParseFromIstream(&stream));
     public_key_certificate_ =
-        test_evidence->application_keys().encryption_public_key_certificate();
+        evidence->application_keys().encryption_public_key_certificate();
   }
 
   std::string public_key_certificate_;
diff --git a/oak_attestation_verification/testdata/BUILD b/oak_attestation_verification/testdata/BUILD
index 20e5c195e7f..27069705f19 100644
--- a/oak_attestation_verification/testdata/BUILD
+++ b/oak_attestation_verification/testdata/BUILD
@@ -34,16 +34,39 @@ filegroup(
 )
 
 filegroup(
-    name = "evidence",
+    name = "cb_evidence",
     srcs = [
         "cb_endorsement.binarypb",
         "cb_evidence.binarypb",
         "cb_reference_values.binarypb",
+    ],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "fake_evidence",
+    srcs = [
         "fake_evidence.binarypb",
         "fake_expected_values.binarypb",
+    ],
+)
+
+filegroup(
+    name = "evidence",
+    srcs = [
+        ":cb_evidence",
+        ":fake_evidence",
         "genoa_oc_evidence.binarypb",
         "genoa_oc_reference_values.binarypb",
         "oc_evidence.binarypb",
+        # The VCEK cert needs to match the hardware ID of the attestation report in the
+        # test evidence proto. The additional parameters in the URL encode the reported
+        # TCB version in the attestation report.
+        #
+        # URL for downloading the VCEK cert:
+        # https://kdsintf.amd.com/vcek/v1/Milan/cd3c4e6b5b64026ac135d76f888ea6bcc1351ec610d64b0af4028422b84c17ad2571905acfe2eb2181c119df4241e94a926d1b06c02e82845416202151212fdd?ucodeSPL=168&snpSPL=8&teeSPL=0&blSPL=3
+        # ARPT reported TCB version: ucodeSPL=168&snpSPL=8&teeSPL=0&blSPL=3
+        # ARPT current  TCB version: ucodeSPL=209&snpSPL=14&teeSPL=0&blSPL=3
         "oc_vcek_milan.der",
         "oc_vcek_milan.pem",
         "rk_evidence.binarypb",
@@ -52,34 +75,3 @@ filegroup(
         "vcek_genoa.der",
     ],
 )
-
-# DEPRECATED: Don't access files directly and from everywhere.
-# We should restrict access to all testdata to oak_attestation_verification.
-exports_files([
-    "cb_evidence.binarypb",
-    "cb_endorsement.binarypb",
-    "cb_reference_values.binarypb",
-    "fake_evidence.binarypb",
-    "fake_expected_values.binarypb",
-    "genoa_oc_evidence.binarypb",
-    "genoa_oc_reference_values.binarypb",
-    "oc_evidence.binarypb",
-    # TBD: Remove - we should only export binary protos, not the textproto version.
-    "oc_evidence.textproto",
-    # The VCEK cert needs to match the hardware ID of the attestation report in the
-    # test evidence proto. The additional parameters in the URL encode the reported
-    # TCB version in the attestation report.
-    #
-    # URL for downloading the VCEK cert:
-    # https://kdsintf.amd.com/vcek/v1/Milan/cd3c4e6b5b64026ac135d76f888ea6bcc1351ec610d64b0af4028422b84c17ad2571905acfe2eb2181c119df4241e94a926d1b06c02e82845416202151212fdd?ucodeSPL=168&snpSPL=8&teeSPL=0&blSPL=3
-    # ARPT reported TCB version: ucodeSPL=168&snpSPL=8&teeSPL=0&blSPL=3
-    # ARPT current  TCB version: ucodeSPL=209&snpSPL=14&teeSPL=0&blSPL=3
-    "oc_vcek_milan.der",
-    "oc_vcek_milan.pem",
-    "rekor_public_key.pem",
-    "rk_evidence.binarypb",
-    "rk_evidence_20240312.binarypb",
-    "rk_vcek_milan.der",
-    "rk_vcek_milan.pem",
-    "vcek_genoa.der",
-])