Confidential VM token claims

This document describes the items that are present in Confidential VM attestation tokens, as defined in the well-known endpoint for Confidential VM. The tokens are JSON web tokens (JWT).

Example token

The following is an example of an encoded attestation token. You can use https://jwt.io/ to decode it:

 eyJhbGciOiJSUzI1NiIsImtpZCI6IjFjNjdmYWVhYjRhYzE1ZDJmNmZmODMwY2E2ZmM1N2YyYmVhM2Y0YmIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJcdTAwM2NZT1VSQVVESUVOQ0VcdTAwM2UiLCJleHAiOjE3MTU5NzE2OTcsImlhdCI6MTcxNTk2ODA5NywiaXNzIjoiaHR0cHM6Ly9jb25maWRlbnRpYWxjb21wdXRpbmcuZ29vZ2xlYXBpcy5jb20iLCJuYmYiOjE3MTU5NjgwOTcsInN1YiI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2NvbXB1dGUvdjEvcHJvamVjdHMvcnVpZGV6aGFuZy0yL3pvbmVzL3VzLWNlbnRyYWwxLWMvaW5zdGFuY2VzL2N2bS10b2tlbi1jbGFpbXMiLCJlYXRfbm9uY2UiOlsidGhpc0lzQWN1c3RvbU5vbmNlIiwidGhpc0lzQU11Y2hMb25nZXJDdXN0b21Ob25jZVdpdGhQYWRkaW5nRm9yNzRCeXRlczAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiXSwic2VjYm9vdCI6ZmFsc2UsIm9lbWlkIjoxMTEyOSwiaHdtb2RlbCI6IkdDUF9BTURfU0VWIiwic3duYW1lIjoiR0NFIiwiZGJnc3RhdCI6ImVuYWJsZWQiLCJzdWJtb2RzIjp7ImdjZSI6eyJ6b25lIjoidXMtY2VudHJhbDEtYyIsInByb2plY3RfaWQiOiJydWlkZXpoYW5nLTIiLCJwcm9qZWN0X251bWJlciI6IjQ3MDY1MjQyNjMwNSIsImluc3RhbmNlX25hbWUiOiJjdm0tdG9rZW4tY2xhaW1zIiwiaW5zdGFuY2VfaWQiOiI3MzMzMjUxNTQ2ODE2NDQ2MDY5In19LCJnb29nbGVfc2VydmljZV9hY2NvdW50cyI6WyI0NzA2NTI0MjYzMDUtY29tcHV0ZUBkZXZlbG9wZXIuZ3NlcnZpY2VhY2NvdW50LmNvbSJdfQ.Z8CIreuWj8vQKe9L5f5Ol80LcWBI_pFWwfT8qsky8hjtH3OMmqfUCJJRx-dX5Rqm5n4qe4dHacLgSWQlT9MDYyrtWDuocA2WtfPZLvM0DNc4HuoNPZtVrgMMcZ93Xyl5-tJuI5PbPshiDBT06_QaRm5l37RRL2CsxXZGCkKsxV1vs0gF5xZgSNmhDqg3q1fONhA3VglZ-H0SHAvMNr1qwXDKrQxdYxyFfEMLkcsRxSXlR5mLCbMIFptGTPXt-k83xJzCipuKSiKJrwaRdZTmlapn7UtaTRLvG3YCmXPg6oOvNKtE8T4KeBY36EdzR0Fdmz_pXSbWL-q8-y90VxDxwQ

The following is an example of a decoded token:

  { 
  
 "alg" 
 : 
  
 "RS256" 
 , 
  
 "kid" 
 : 
  
 "6e66f1aededf736581df2599ee20387718978dcd" 
 , 
  
 "typ" 
 : 
  
 "JWT" 
 } 
 . 
 { 
  
 "aud" 
 : 
  
 "<YOURAUDIENCE>" 
 , 
  
 "exp" 
 : 
  
 1715359550 
 , 
  
 "iat" 
 : 
  
 1715355950 
 , 
  
 "iss" 
 : 
  
 "https://confidentialcomputing.googleapis.com" 
 , 
  
 "nbf" 
 : 
  
 1698861565 
 , 
  
 "sub" 
 : 
  
 "https://www.googleapis.com/compute/v1/projects/<YOURPROJECT>/zones/us-central1-c/instances/cvm-token-claims" 
 , 
  
 "eat_nonce" 
 : 
  
 [ 
  
 "thisIsAcustomNonce" 
 , 
  
 "thisIsAMuchLongerCustomNonceWithPaddingFor74Bytes0000000000000000000000000" 
  
 ], 
  
 "secboot" 
 : 
  
 true 
 , 
  
 "oemid" 
 : 
  
 11129 
 , 
  
 "hwmodel" 
 : 
  
 "GCP_AMD_SEV" 
 , 
  
 "swname" 
 : 
  
 "Compute Engine" 
 , 
  
 "dbgstat" 
 : 
  
 "disabled-since-boot" 
 , 
  
 "submods" 
 : 
  
 { 
  
 "gce" 
 : 
  
 { 
  
 "zone" 
 : 
  
 "us-central1-c" 
 , 
  
 "project_id" 
 : 
  
 "<YOURPROJECT>" 
 , 
  
 "project_number" 
 : 
  
 "470652426305" 
 , 
  
 "instance_name" 
 : 
  
 "cvm-token-claims" 
 , 
  
 "instance_id" 
 : 
  
 "7333251546816446069" 
  
 } 
  
 }, 
  
 "google_service_accounts" 
 : 
  
 [ 
  
 "470652426305-compute@developer.gserviceaccount.com" 
  
 ] 
 }

The items within the token are further explained in the following sections.

Token items

The following table describes the high-level items in an attestation token. These items are compliant with the OpenID Connect 1.0 specification .

`well-known` endpoint values	Description
`claims_supported`	See Top-level claims .
`id_token_signing_alg_values_supported`	The signing algorithms ( `alg` values) supported by the token. Confidential VM supports the `RS256` algorithm.
`issuer`	The HTTPS scheme that Confidential VM uses as its issuer identifier. The value is `https://confidentialcomputing.googleapis.com` .
`jwks_uri`	The path to the public keys used to verify the token signature. You can publish these keys in a Cloud Storage bucket. You can find the `jwks_uri` keys in https://www.googleapis.com/service_accounts/v1/metadata/jwk/signer@confidentialspace-sign.iam.gserviceaccount.com . An example value is `https://example.storage.googleapis.com/jwks.json.`
`response_types_supported`	The list of supported Confidential VM response types. Confidential VM supports `id_token` .
`scopes_supported`	The OAuth 2.0 scope values that the Confidential VM instance supports. Confidential Space supports `openid` only.
`subject_types_supported`	The subject identifier types that Confidential VM supports. Confidential VM supports `public` .

Top-level claims

The following table describes the top-level supported claims in the attestation token.

Claim

Type

Description

aud

String

The audience. For the default token used with a workload identity pool, the audience is https://sts.googleapis.com . This token is fetched every hour by the launcher in the Confidential VM instance.

For tokens with custom audiences, the audience is echoed from the audience in the token request. The maximum length is 512 bytes.

dbgstat

String

The debug status for the hardware. In production images, the value is disabled-since-boot . In debug images, the value is enabled .

eat_nonce

String or string array

One or more nonces for the attestation token. The values are echoed from the token options sent in the custom token request. Each nonce must be between 10 to 74 bytes inclusive. A maximum of six nonces are allowed.

exp

Int, Unix timestamp

The expiration time on or after which the token must not be accepted for processing. The value is a JSON number that represents the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the expiry time.

google_service_accounts

String array

The validated service accounts that are running the Confidential VM workload.

hwmodel

String

The unique identifier for the hardware token. The identifier must be one of the following values:

GCP_AMD_SEV
GCP_AMD_SEV_ES
GCP_SHIELDED_VM
GCP_INTEL_TDX

iat

Int, Unix timestamp

The time when the JWT was issued. The value is a JSON number that represents the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the issue time.

iss

String

The issuer of the token, which is set to https://confidentialcomputing.googleapis.com .

nbf

Int, Unix timestamp

The time after which the JWT is allowed to be processed. The value is a JSON number that represents the number of seconds from 1970-01-01T0:0:0Z as measured in UTC.

oemid

Uint64

The Google Private Enterprise Number (PEN) , which is 11129 .

secboot

Boolean

Whether Secure Boot is enabled, which makes sure that the firmware and operating system are authenticated during the VM boot process. This value is always true .

sub

String

The subject, which is the fully qualified virtual machine ID for the Confidential VM. For example,

https://www.googleapis.com/compute/v1/projects/ PROJECT_ID 
/zones/ ZONE 
/instances/ INSTANCE_ID

. This format is known as the instance's selfLink .

submods

Array

An array of various claims. See Submod claims .

swname

String

The name of the approved operating system for the VM.

The value is always GCE .

Submods claims

The following table describes the submods claims in the attestation token.

Claim	Type	Description
`gce`	Object	See Compute Engine claims .

Compute Engine claims

The following table describes the gce claims in the attestation token.

Claim	Type	Description
`instance_id`	String	The VM instance ID.
`instance_name`	String	The VM instance name.
`project_id`	String	The project ID for the project that the VM is running in.
`project_number`	String	The project number for the project that the VM is running in.
`zone`	String	The Compute Engine zone where the Confidential VM instance is running.

What's next

See the IETF draft for The Entity Attestation Token (EAT) for more information on attestation claims.
See the OpenID Connect Core 1.0 for more information on OpenID token claims.
For more information about tokens and retrieving them, see vTPM Attestation Codelab .