The Alibaba Cloud remote attestation service returns attestation results as JWTs following the EAT profile. Claims are drawn from four sources: JWT, EAT, TEE platform (Intel TDX and NVIDIA nvtrust), and Alibaba Cloud extensions.
JWT claims
Claims from the JWT specification:
| Claim | Description |
|---|---|
iat |
JWT issue time |
exp |
JWT expiration time |
iss |
JWT issuer |
jti |
JWT unique identifier |
nbf |
JWT not-valid-before time |
aud |
JWT intended audience |
EAT claims
Claims from the EAT specification:
| Claim | Description |
|---|---|
eat_profile |
EAT profile URL |
intuse |
Intended use of the EAT |
TEE claims
tcb-status contains all TEE-specific claims as a JSON string. The included claims depend on the TEE platform type.
TDX claims
These claims appear when the TEE platform is Intel Trust Domain Extensions (TDX).
| Claim | Description |
|---|---|
tdx.quote.header.version |
TDX Quote format version |
tdx.quote.header.att_key_type |
TDX Quote signature algorithm |
tdx.quote.header.tee_type |
TDX Quote TEE type |
tdx.quote.header.reserved |
Reserved field |
tdx.quote.header.vendor_id |
Quote Enclave (QE) provider ID |
tdx.quote.header.user_data |
User data in the Quote header |
tdx.quote.body.mr_config_id |
Software-defined ID for non-owner-defined configuration |
tdx.quote.body.mr_owner |
Software-defined ID of the TD owner |
tdx.quote.body.mr_owner_config |
Software-defined ID for owner-defined configuration |
tdx.quote.body.mr_td |
Initial measurement of the TD |
tdx.quote.body.mr_seam |
TDX module measurement |
tdx.quote.body.mrsigner_seam |
TDX module signer measurement |
tdx.quote.body.report_data |
User-defined data in the Quote body |
tdx.quote.body.seam_attributes |
TDX module additional configuration |
tdx.quote.body.tcb_svn |
TDX TCB security version number |
tdx.quote.body.xfam |
CPU extension feature mask supported by TDX |
tdx.quote.body.rtmr_0 |
Runtime measurement register 0 |
tdx.quote.body.rtmr_1 |
Runtime measurement register 1 |
tdx.quote.body.rtmr_2 |
Runtime measurement register 2 |
tdx.quote.body.rtmr_3 |
Runtime measurement register 3 |
tdx.quote.body.tee_tcb_svn2 |
TDX TCB security version number (V2) |
tdx.quote.body.mr_servicetd |
TDX service TD measurement |
tdx.quote.body.td_attributes |
Trusted domain (TD) attributes |
tdx.td_attributes.debug |
Whether the TD runs in debug mode |
tdx.td_attributes.key_locker |
Whether the TD can use Key Locker |
tdx.td_attributes.perfmon |
Whether the TD can use Perfmon and PERF_METRICS |
tdx.td_attributes.protection_keys |
Whether the TD can use Supervisor Protection Keys |
tdx.td_attributes.septve_disable |
Whether EPT violation conversion to #VE is disabled on TD access to PENDING pages |
tdx.quote.type |
TDX V5 Quote type |
tdx.quote.size |
TDX V5 Quote length |
Nvgpu claims
These claims appear when the TEE platform is NVIDIA nvtrust, divided into GPU claims and NVSwitch claims.
GPU claims
| Claim | Description |
|---|---|
nvgpu.gpu.eat_nonce |
Nonce used to generate GPU evidence |
nvgpu.gpu.gpu_num |
Number of attested GPUs |
nvgpu.gpu.x-acs-overall-att-result |
Overall GPU attestation result |
nvgpu.gpu.x-acs-ver |
GPU remote attestation service version |
nvgpu.gpu.GPU-X.x-acs-gpu-arch-check |
Whether the GPU-X architecture has been verified |
nvgpu.gpu.GPU-X.x-acs-gpu-attestation-report-cert-chain-validated |
Whether the GPU certificate chain validation passed |
nvgpu.gpu.GPU-X.x-acs-gpu-attestation-report-nonce-match |
Whether the attestation report nonce matches |
nvgpu.gpu.GPU-X.x-acs-gpu-attestation-report-parsed |
Whether the attestation report parsed successfully |
nvgpu.gpu.GPU-X.x-acs-gpu-attestation-report-signature-verified |
Whether the attestation report signature verified successfully |
nvgpu.gpu.GPU-X.x-acs-gpu-driver-rim-cert-validated |
Whether the driver Reference Integrity Manifest (RIM) certificate validated successfully |
nvgpu.gpu.GPU-X.x-acs-gpu-driver-rim-fetched |
Whether the driver RIM file fetched successfully |
nvgpu.gpu.GPU-X.x-acs-gpu-driver-rim-measurements-available |
Whether golden measurements from the driver RIM were obtained |
nvgpu.gpu.GPU-X.x-acs-gpu-driver-rim-schema-validated |
Whether the driver RIM schema validated successfully |
nvgpu.gpu.GPU-X.x-acs-gpu-driver-rim-signature-verified |
Whether the driver RIM signature verified successfully |
nvgpu.gpu.GPU-X.x-acs-gpu-driver-version |
Attested GPU driver version |
nvgpu.gpu.GPU-X.x-acs-gpu-vbios-index-no-conflict |
Whether the driver RIM and VBIOS RIM golden measurements conflict |
nvgpu.gpu.GPU-X.x-acs-gpu-vbios-rim-cert-validated |
Whether the VBIOS RIM certificate validated successfully |
nvgpu.gpu.GPU-X.x-acs-gpu-vbios-rim-fetched |
Whether the VBIOS RIM file fetched successfully |
nvgpu.gpu.GPU-X.x-acs-gpu-vbios-rim-measurements-available |
Whether golden measurements from the VBIOS RIM were obtained |
nvgpu.gpu.GPU-X.x-acs-gpu-vbios-rim-schema-validated |
Whether the VBIOS RIM schema validated successfully |
nvgpu.gpu.GPU-X.x-acs-gpu-vbios-rim-signature-verified |
Whether the VBIOS RIM signature verified successfully |
nvgpu.gpu.GPU-X.x-acs-gpu-vbios-version |
Attested GPU VBIOS version |
NVSwitch claims
| Claim | Description |
|---|---|
nvgpu.switch.eat_nonce |
Nonce used to generate Switch evidence |
nvgpu.switch.switch_num |
Number of attested NVSwitches |
nvgpu.switch.x-acs-overall-att-result |
Overall NVSwitch attestation result |
nvgpu.switch.x-acs-ver |
NVSwitch remote attestation service version |
nvgpu.switch.SWITCH-X.dbgstat |
Whether the NVSwitch is in debug mode |
nvgpu.switch.SWITCH-X.eat_nonce |
Nonce for the Switch attestation report |
nvgpu.switch.SWITCH-X.hwmodel |
NVSwitch hardware model |
nvgpu.switch.SWITCH-X.measres |
Whether NVSwitch runtime measurements match golden measurements |
nvgpu.switch.SWITCH-X.secboot |
Whether the NVSwitch booted from a trusted state |
nvgpu.switch.SWITCH-X.ueid |
Unique Entity Identifier (UEID) of the NVSwitch |
nvgpu.switch.SWITCH-X.x-acs-switch-arch-check |
Whether the SWITCH-X architecture matches |
nvgpu.switch.SWITCH-X.x-acs-switch-attestation-report-cert-chain-validated |
Whether the NVSwitch certificate chain validation passed |
nvgpu.switch.SWITCH-X.x-acs-switch-attestation-report-nonce-match |
Whether the NVSwitch evidence nonce matches |
nvgpu.switch.SWITCH-X.x-acs-switch-attestation-report-parsed |
Whether the NVSwitch attestation report parsed successfully |
nvgpu.switch.SWITCH-X.x-acs-switch-attestation-report-signature-verified |
Whether the NVSwitch attestation report signature verified successfully |
nvgpu.switch.SWITCH-X.x-acs-switch-bios-rim-cert-validated |
Whether the NVSwitch VBIOS RIM certificate validated successfully |
nvgpu.switch.SWITCH-X.x-acs-switch-bios-rim-fetched |
Whether the NVSwitch VBIOS RIM file fetched successfully |
nvgpu.switch.SWITCH-X.x-acs-switch-bios-rim-measurements-available |
Whether golden measurements from the NVSwitch VBIOS RIM were obtained |
nvgpu.switch.SWITCH-X.x-acs-switch-bios-rim-schema-validated |
Whether the NVSwitch VBIOS RIM schema validated successfully |
nvgpu.switch.SWITCH-X.x-acs-switch-bios-rim-signature-verified |
Whether the NVSwitch VBIOS RIM signature verified successfully |
nvgpu.switch.SWITCH-X.x-acs-switch-bios-version |
Attested NVSwitch VBIOS version |
Attester claims
customized_claims carries attester-provided claims in JSON format from the remote attestation request:
| Claim | Description |
|---|---|
init_data |
TEE startup data the attester expects in the TEE evidence |
runtime_data |
TEE runtime data the attester expects in the TEE evidence |
Evaluation report claims
evaluation-reports contains the Alibaba Cloud remote attestation service's evaluation of the TEE evidence:
| Claim | Description |
|---|---|
policy-hash |
Hash of the policy used to verify TEE evidence. The only supported value is default, meaning only cryptographic verification is performed. |
policy-id |
Policy ID used to verify TEE evidence. This field is blank. |
Alibaba Cloud-specific claims
| Claim | Description |
|---|---|
x-acs-ver |
Alibaba Cloud remote attestation JWT format version |
该文章对您有帮助吗?