Confidential VM token claims

This document describes the items that are present in Confidential VM attestation tokens, as defined in the well-known endpoint for Confidential VM. The tokens are JSON web tokens (JWT).

Example token

The following is an example of an encoded attestation token. You can use https://jwt.io/ to decode it:

eyJhbGciOiJSUzI1NiIsImtpZCI6IjFjNjdmYWVhYjRhYzE1ZDJmNmZmODMwY2E2ZmM1N2YyYmVhM2Y0YmIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJcdTAwM2NZT1VSQVVESUVOQ0VcdTAwM2UiLCJleHAiOjE3MTU5NzE2OTcsImlhdCI6MTcxNTk2ODA5NywiaXNzIjoiaHR0cHM6Ly9jb25maWRlbnRpYWxjb21wdXRpbmcuZ29vZ2xlYXBpcy5jb20iLCJuYmYiOjE3MTU5NjgwOTcsInN1YiI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2NvbXB1dGUvdjEvcHJvamVjdHMvcnVpZGV6aGFuZy0yL3pvbmVzL3VzLWNlbnRyYWwxLWMvaW5zdGFuY2VzL2N2bS10b2tlbi1jbGFpbXMiLCJlYXRfbm9uY2UiOlsidGhpc0lzQWN1c3RvbU5vbmNlIiwidGhpc0lzQU11Y2hMb25nZXJDdXN0b21Ob25jZVdpdGhQYWRkaW5nRm9yNzRCeXRlczAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiXSwic2VjYm9vdCI6ZmFsc2UsIm9lbWlkIjoxMTEyOSwiaHdtb2RlbCI6IkdDUF9BTURfU0VWIiwic3duYW1lIjoiR0NFIiwiZGJnc3RhdCI6ImVuYWJsZWQiLCJzdWJtb2RzIjp7ImdjZSI6eyJ6b25lIjoidXMtY2VudHJhbDEtYyIsInByb2plY3RfaWQiOiJydWlkZXpoYW5nLTIiLCJwcm9qZWN0X251bWJlciI6IjQ3MDY1MjQyNjMwNSIsImluc3RhbmNlX25hbWUiOiJjdm0tdG9rZW4tY2xhaW1zIiwiaW5zdGFuY2VfaWQiOiI3MzMzMjUxNTQ2ODE2NDQ2MDY5In19LCJnb29nbGVfc2VydmljZV9hY2NvdW50cyI6WyI0NzA2NTI0MjYzMDUtY29tcHV0ZUBkZXZlbG9wZXIuZ3NlcnZpY2VhY2NvdW50LmNvbSJdfQ.Z8CIreuWj8vQKe9L5f5Ol80LcWBI_pFWwfT8qsky8hjtH3OMmqfUCJJRx-dX5Rqm5n4qe4dHacLgSWQlT9MDYyrtWDuocA2WtfPZLvM0DNc4HuoNPZtVrgMMcZ93Xyl5-tJuI5PbPshiDBT06_QaRm5l37RRL2CsxXZGCkKsxV1vs0gF5xZgSNmhDqg3q1fONhA3VglZ-H0SHAvMNr1qwXDKrQxdYxyFfEMLkcsRxSXlR5mLCbMIFptGTPXt-k83xJzCipuKSiKJrwaRdZTmlapn7UtaTRLvG3YCmXPg6oOvNKtE8T4KeBY36EdzR0Fdmz_pXSbWL-q8-y90VxDxwQ

The following is an example of a decoded token:

{
  "alg": "RS256",
  "kid": "6e66f1aededf736581df2599ee20387718978dcd",
  "typ": "JWT"
}.
{
  "aud": "<YOURAUDIENCE>",
  "exp": 1715359550,
  "iat": 1715355950,
  "iss": "https://confidentialcomputing.googleapis.com",
  "nbf": 1698861565,
  "sub": "https://www.googleapis.com/compute/v1/projects/<YOURPROJECT>/zones/us-central1-c/instances/cvm-token-claims",
  "eat_nonce": [
    "thisIsAcustomNonce",
    "thisIsAMuchLongerCustomNonceWithPaddingFor74Bytes0000000000000000000000000"
  ],
  "secboot": true,
  "oemid": 11129,
  "hwmodel": "GCP_AMD_SEV",
  "swname": "Compute Engine",
  "dbgstat": "disabled-since-boot",
  "submods": {
    "gce": {
      "zone": "us-central1-c",
      "project_id": "<YOURPROJECT>",
      "project_number": "470652426305",
      "instance_name": "cvm-token-claims",
      "instance_id": "7333251546816446069"
    }
  },
  "google_service_accounts": [
    "470652426305-compute@developer.gserviceaccount.com"
  ]
}

The items within the token are further explained in the following sections.

Token items

The following table describes the high-level items in an attestation token. These items are compliant with the OpenID Connect 1.0 specification.

well-known endpoint values Description
claims_supported See Top-level claims.
id_token_signing_alg_values_supported The signing algorithms (alg values) supported by the token. Confidential VM supports the RS256 algorithm.
issuer

The HTTPS scheme that Confidential VM uses as its issuer identifier.

The value is https://confidentialcomputing.googleapis.com.

jwks_uri

The path to the public keys used to verify the token signature. You can publish these keys in a Cloud Storage bucket.

You can find the jwks_uri keys in https://www.googleapis.com/service_accounts/v1/metadata/jwk/signer@confidentialspace-sign.iam.gserviceaccount.com.

An example value is https://example.storage.googleapis.com/jwks.json.

response_types_supported The list of supported Confidential VM response types. Confidential VM supports id_token.
scopes_supported The OAuth 2.0 scope values that the Confidential VM instance supports. Confidential Space supports openid only.
subject_types_supported The subject identifier types that Confidential VM supports. Confidential VM supports public.

Top-level claims

The following table describes the top-level supported claims in the attestation token.

Claim Type Description
aud String

The audience. For the default token used with a workload identity pool, the audience is https://sts.googleapis.com. This token is fetched every hour by the launcher in the Confidential VM instance.

For tokens with custom audiences, the audience is echoed from the audience in the token request. The maximum length is 512 bytes.

dbgstat String The debug status for the hardware. In production images, the value is disabled-since-boot. In debug images, the value is enabled.
eat_nonce String or string array One or more nonces for the attestation token. The values are echoed from the token options sent in the custom token request. Each nonce must be between 10 to 74 bytes inclusive. A maximum of six nonces are allowed.
exp Int, Unix timestamp The expiration time on or after which the token must not be accepted for processing. The value is a JSON number that represents the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the expiry time.
google_service_accounts String array The validated service accounts that are running the Confidential VM workload.
hwmodel String

The unique identifier for the hardware token. The identifier must be one of the following values:

  • GCP_AMD_SEV
  • GCP_AMD_SEV_ES
  • GCP_SHIELDED_VM
  • GCP_INTEL_TDX
iat Int, Unix timestamp The time when the JWT was issued. The value is a JSON number that represents the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the issue time.
iss String The issuer of the token, which is set to https://confidentialcomputing.googleapis.com.
nbf Int, Unix timestamp The time after which the JWT is allowed to be processed. The value is a JSON number that represents the number of seconds from 1970-01-01T0:0:0Z as measured in UTC.
oemid Uint64 The Google Private Enterprise Number (PEN), which is 11129.
secboot Boolean Whether Secure Boot is enabled, which makes sure that the firmware and operating system are authenticated during the VM boot process. This value is always true.
sub String The subject, which is the fully qualified virtual machine ID for the Confidential VM. For example, https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_ID. This format is known as the instance's selfLink.
submods Array An array of various claims. See Submod claims.
swname String

The name of the approved operating system for the VM.

The value is always GCE.

Submods claims

The following table describes the submods claims in the attestation token.

Claim Type Description
gce Object See Compute Engine claims.

Compute Engine claims

The following table describes the gce claims in the attestation token.

Claim Type Description
instance_id String The VM instance ID.
instance_name String The VM instance name.
project_id String The project ID for the project that the VM is running in.
project_number String The project number for the project that the VM is running in.
zone String The Compute Engine zone where the Confidential VM instance is running.

What's next