The following table describes the top-level supported claims in the attestation token. These items are compliant with the OpenID Connect 1.0 specification.
Read more about attestation tokens
| Key | Type | Description |
|---|---|---|
| Header | ||
| x5c | String | Only present in PKI tokens. The certificate chain to validate PKI tokens against. You can download the root certificate from the PKI token validation endpoint. |
| JSON data payload | ||
aud |
String |
The audience. For the default token used with a workload identity
pool, the audience is For tokens with custom audiences, the audience is echoed from the audience in the token request. The maximum length is 512 bytes. |
dbgstat |
String | The debug status for the hardware. In production images, the value is
disabled-since-boot. In debug images, the value is
enabled. |
eat_nonce |
String or string array | One or more nonces for the attestation token. The values are echoed from the token options sent in the custom token request. Each nonce must be between 10 to 74 bytes inclusive. A maximum of six nonces are allowed. |
exp |
Int, Unix timestamp | The expiration time on or after which the token must not be accepted
for processing. The value is a JSON number that represents the number of
seconds from
1970-01-01T0:0:0Z as measured
in UTC until the expiry time.
|
google_service_accounts |
String array | The validated service accounts that are running the Confidential Space workload. |
hwmodel |
String |
The unique identifier for the hardware token. Here are the valid values:
|
iat |
Int, Unix timestamp | The time when the JWT was issued. The value is a JSON number that
represents the number of seconds from
1970-01-01T0:0:0Z as measured
in UTC until the issue time. |
iss |
String | The issuer of the token, which is set to
https://confidentialcomputing.googleapis.com. |
nbf |
Int, Unix timestamp | The time before which the JWT cannot be used for processing. |
oemid |
Uint64 | The Google
Private Enterprise Number (PEN),
which is 11129.
|
secboot |
Boolean | Whether Secure Boot is enabled, which ensures that the firmware and
operating system were authenticated during the VM boot process. This
value is always true. |
sub |
String | The subject, which is the fully qualified virtual machine ID for the
Confidential VM. For example,
https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_ID.
This format is known as the
instance's selfLink.
|
submods |
Array | An array of various claims. See Submods claims. |
swname |
String |
The name of the approved operating system for the VM. Values are |
swversion |
String array |
The version of the operating system. The value is a string array that contains only one value. The version follows the format |
Submods claims
The following table describes the submods claims in the attestation token.
| Key | Type | Description |
|---|---|---|
confidential_space.support_attributes |
String array | The value can contain USABLE, STABLE, and
LATEST. For more information, see
Confidential Space image lifecycle.
|
confidential_space.monitoring_enabled |
Object array | Shows what kind of system monitoring is enabled. The value can be
{"memory":false} or {"memory":true}.
|
container |
Object | See Workload container claims. |
gce |
Object | See Compute Engine claims. |
Workload container claims
The following table describes the container claims in the attestation token.
For more information about these claims, see Attestation assertions.
| Key | Type | Description |
|---|---|---|
args |
String array | The full argv the container is invoked with. This claim
includes the container's entrypoint path and any additional command-line
arguments. |
cmd_override |
String array | The CMD commands and parameters used in the workload image. |
env |
Object array | The environment variables and their values that have been explicitly passed to the container. |
env_override |
Object array | The overwritten environment variables in the container. |
image_digest |
String | The image digest of the workload container. |
image_id |
String | The image ID of the workload container. |
image_reference |
String | The location of the workload container running in Confidential Space. |
image_signatures |
Object array | See Container image signature claims. |
restart_policy |
String | The restart policy of the container launcher when the workload stops.
Valid values are Always, OnFailure, and
Never. Default is Never. |
Compute Engine claims
The following table describes the gce claims in the attestation token.
| Key | Type | Description |
|---|---|---|
instance_id |
String | The VM instance ID. |
instance_name |
String | The VM instance name. |
project_id |
String | The project ID for the project that the VM is running in. |
project_number |
String | The project number for the project that the VM is running in. |
zone |
String | The Compute Engine zone where the Confidential VM is running. |
Container image signature claims
The following table describes the image_signature claims in the attestation
token.
| Key | Type | Description |
|---|---|---|
key_id |
String |
The hexadecimal fingerprint of the public key. To get the fingerprint, you can run the following command: openssl pkey -pubin -in public_key.pem -outform DER | openssl sha256 Where |
signature |
String | The base64-encoded signature for a payload that's associated with the signed container and that follows the Simple Signing format. |
signature_algorithm |
String |
The algorithm used to sign the key. One of the following:
|
What's next
See the IETF draft for The Entity Attestation Token (EAT) for more information on attestation claims.
See the OpenID Connect Core 1.0 for more information on OpenID token claims.