The following table describes the top-level supported claims in the attestation token. These items are compliant with the OpenID Connect 1.0 specification.
Read more about attestation tokens
Key | Type | Description |
---|---|---|
Header | ||
x5c | String | Only present in PKI tokens. The certificate chain to validate PKI tokens against. You can download the root certificate from the PKI token validation endpoint. |
JSON data payload | ||
attester_tcb |
String array |
One or more TCB (trusted computing base) components. This claim is to specify the source of attestation evidence. For the |
aud |
String |
The audience. For the default token used with a workload identity
pool, the audience is For tokens with custom audiences, the audience is echoed from the audience in the token request. The maximum length is 512 bytes. |
dbgstat |
String | The debug status for the hardware. In production images, the value is
disabled-since-boot . In debug images, the value is
enabled . |
eat_nonce |
String or string array | One or more nonces for the attestation token. The values are echoed from the token options sent in the custom token request. Each nonce must be between 8 and 88 bytes inclusive. A maximum of six nonces are allowed. |
exp |
Int, Unix timestamp | The expiration time on or after which the token must not be accepted
for processing. The value is a JSON number that represents the number of
seconds from
1970-01-01T0:0:0Z as measured
in UTC until the expiry time.
|
google_service_accounts |
String array | The validated service accounts that are running the Confidential Space workload. |
hwmodel |
String |
The unique identifier for the hardware token. Here are the valid values:
|
iat |
Int, Unix timestamp | The time when the JWT was issued. The value is a JSON number that
represents the number of seconds from
1970-01-01T0:0:0Z as measured
in UTC until the issue time. |
iss |
String | The issuer of the token, which is set to
https://confidentialcomputing.googleapis.com . |
nbf |
Int, Unix timestamp | The time before which the JWT cannot be used for processing. |
oemid |
Uint64 | The Google
Private Enterprise Number (PEN),
which is 11129 .
|
secboot |
Boolean | Whether Secure Boot is enabled, which ensures that the firmware and
operating system were authenticated during the VM boot process. This
value is always true . |
sub |
String | The subject, which is the fully qualified virtual machine ID for the
Confidential VM. For example,
https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_ID .
This format is known as the
instance's selfLink.
|
submods |
Array | An array of various claims. See Submods claims. |
swname |
String |
The name of the approved operating system for the VM. Values are |
swversion |
String array |
The version of the operating system. The value is a string array that contains only one value. The version follows the format |
Submods claims
The following table describes the submods
claims in the attestation token.
Key | Type | Description |
---|---|---|
confidential_space.support_attributes |
String array | The value can contain USABLE , STABLE , and
LATEST . For more information, see
Confidential Space image lifecycle.
|
confidential_space.monitoring_enabled |
Object array | Shows what kind of system monitoring is enabled. The value can be
{"memory":false} or {"memory":true} .
|
container |
Object | See Workload container claims. |
gce |
Object | See Compute Engine claims. |
Workload container claims
The following table describes the container
claims in the attestation token.
For more information about these claims, see
Attestation assertions.
Key | Type | Description |
---|---|---|
args |
String array | The full argv the container is invoked with. This claim
includes the container's entrypoint path and any additional command-line
arguments. |
cmd_override |
String array | The CMD commands and parameters used in the workload image. |
env |
Object array | The environment variables and their values that have been explicitly passed to the container. |
env_override |
Object array | The overwritten environment variables in the container. |
image_digest |
String | The image digest of the workload container. |
image_id |
String | The image ID of the workload container. |
image_reference |
String | The location of the workload container running in Confidential Space. |
image_signatures |
Object array | See Container image signature claims. |
restart_policy |
String | The restart policy of the container launcher when the workload stops.
Valid values are Always , OnFailure , and
Never . Default is Never . |
Compute Engine claims
The following table describes the gce
claims in the attestation token.
Key | Type | Description |
---|---|---|
instance_id |
String | The VM instance ID. |
instance_name |
String | The VM instance name. |
project_id |
String | The project ID for the project that the VM is running in. |
project_number |
String | The project number for the project that the VM is running in. |
zone |
String | The Compute Engine zone where the Confidential VM is running. |
Container image signature claims
The following table describes the image_signatures
claims in the attestation
token.
Key | Type | Description |
---|---|---|
key_id |
String |
The hexadecimal fingerprint of the public key. To get the fingerprint, you can run the following command: openssl pkey -pubin -in public_key.pem -outform DER | openssl sha256 Where |
signature |
String | The base64-encoded signature for a payload that's associated with the signed container and that follows the Simple Signing format. |
signature_algorithm |
String |
The algorithm used to sign the key. One of the following:
|
What's next
See the IETF draft for The Entity Attestation Token (EAT) for more information on attestation claims.
See the OpenID Connect Core 1.0 for more information on OpenID token claims.