Confidential VM attestation

Attestation is the process of increasing confidence that a Confidential VM instance is legitimate and operating in an expected state. It's a vital tool in validating that your workload is running in a trusted execution environment (TEE).

Attestation reports are the evidence that your VM is running in a TEE. They are generated by the Confidential VM instance, and depending on the Confidential Computing technology used are signed either by a software-based vTPM, or a dedicated, hardware-based Trusted Security Module (TSM). Attestation reports contain measurements related to bootloader activity, hardware configuration, firmware configuration, and other boot-time logged events that help to validate the Confidential VM instance's state and identity.

The type of attestation report you can request depends on the Confidential Computing technology your Confidential VM instance is using.

Signing source Type Report coverage Confidential Computing technology
SEV SEV-SNP Intel TDX (Preview)
Google-managed vTPM Software-based vTPM Boot loader activity, kernel integrity
AMD Secure Processor Hardware-based TSM Hardware and firmware environment
Intel TDX module Hardware-based TSM Hardware and firmware environment

Request an attestation report

You can request attestation reports from the Google-managed vTPM, AMD's Secure Processor, and Intel's TDX module with the following tools:

The GceNonHostInfo event in the vTPM attestation event log shows what Confidential Computing technology is in use. Go-TPM tools can request an attestation report from the AMD Secure Processor if AMD SEV-SNP is used, or from the Intel TDX module if Intel TDX (Preview) is used.

For hardware attestation reports only, you can send a cryptographic challenge to the TSM with the following tools:

Intel TDX on Ubuntu

For Ubuntu images on kernel 1016 and newer, the tdx_guest module is in the linux-modules-extra package.

To install the linux-modules-extra package, run the following command:

sudo apt-get install linux-modules-extra-gcp

If you encounter problems while installing linux-modules-extra-gcp, you can update the kernel by running the following command:

sudo apt-get upgrade

You must reboot or manually load the module for the changes to take effect. To manually load the module, run the following command:

sudo modprobe tdx_guest

Verify attestation reports with the Google attestation service

If your trust model allows it, instead of writing and running an attestation verifier yourself, you can use the Google attestation service. To do so, use Go-TPM tools to retrieve an attestation quote from an AMD SEV Confidential VM instance's vTPM, and send it to the Google attestation service for verification with the command ./go-tpm token. If it passes verification, the Google attestation service returns a token containing VM information that you can then compare against your own policy to confirm whether or not the VM should be trusted. The Google attestation service supports AMD SEV only.