LinkedIn
Twitter
Looking at the Google Confidential Spaces EAP token, I'm expecting the swname claim to be "CONFIDENTIAL_SPACE", instead it is coming back as "".
Does anyone know why the swname values is not set correctly in the EAP token? Is it a known bug on Google's end? Or maybe something in how I start the VM?
If swname is blank for everyone, what fields are you checking to make sure that software running in the enclave is correctly isolated?
Based on the documentation
I'm expecting the swname value in the EAP token to be either "CONFIDENTIAL_SPACE" or "GCE". Interestingly the logs on the startup of the VM do show the correct value:
2024/07/16 16:38:04 {
"aud": "https://sts.googleapis.com",
"dbgstat": "disabled-since-boot",
"eat_profile": "https://cloud.google.com/confidential-computing/confidential-space/docs/reference/token-claims",
"exp": 1721151485,
"google_service_accounts": [
"845846737967-compute@developer.gserviceaccount.com"
],
"hwmodel": "GCP_AMD_SEV",
"iat": 1721147885,
"iss": "https://confidentialcomputing.googleapis.com",
"nbf": 1721147885,
"oemid": 11129,
"secboot": true,
"sub": "https://www.googleapis.com/compute/v1/projects/project-cc8855b1/zones/us-central1-a/instances/vm1",
"submods": {
"confidential_space": {
"monitoring_enabled": {
"memory": false
},
"support_attributes": [
"LATEST",
"STABLE",
"USABLE"
]
},
"container": {
"args": [
"/test/app_server"
],
"env": {
"HOSTNAME": "vm1",
"PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
},
"image_digest": "sha256:7b36022de62b3e95adb07ffe2d75a131c91a3997b8923bb229d6bdba51669f0f",
"image_id": "sha256:ea26f1771e80e0e693fa4ee0b41cbafa3ff07f9164ee0ef52e5577aa6f83d8f6",
"image_reference": "us-central1-docker.pkg.dev/project-cc8855b1/repo-cc8855b1/app_server:latest",
"restart_policy": "Never"
},
"gce": {
"instance_id": "8128731407594495836",
"instance_name": "vm1",
"project_id": "project-cc8855b1",
"project_number": "845846737967",
"zone": "us-central1-a"
}
},
"swname": "CONFIDENTIAL_SPACE",
"swversion": [
"240500"
]
}
2024/07/16 16:38:04 EnableTestFeatureForImage is set to false
2024/07/16 16:38:04 EnableOnDemandAttestation is enabled: initializing TEE server.
2024/07/16 16:38:04 MemoryMonitoring is disabled by the VM operator
2024/07/16 16:38:04 Container stdout/stderr will not be redirected.
2024/07/16 16:38:05 workload task started
For reference, also I'm including the full EAP token I'm getting.
{
"iss": "https://confidentialcomputing.googleapis.com",
"sub": "https://www.googleapis.com/compute/v1/projects/project-cc8855b1/zones/us-central1-a/instances/vm1",
"aud": [
"gcs.PlatformVerifier"
],
"exp": 1721152200,
"nbf": 1721148600,
"iat": 1721148600,
"eat_nonce": [
"uaO8SuhzEt5fMrdMWGM3u0rI1I4vnSTSgiCws5ZvnxU=!",
"##########"
],
"secboot": true,
"oemid": 11129,
"hwmodel": "GCP_AMD_SEV",
"swmodel": "",
"swversion": [
"240500"
],
"dbgstat": "disabled-since-boot",
"submods": {
"confidential_space": {
"monitoring_enabled": {
"memory": false
}
},
"container": {
"image_reference": "us-central1-docker.pkg.dev/project-cc8855b1/repo-cc8855b1/app_server:latest",
"image_digest": "sha256:7b36022de62b3e95adb07ffe2d75a131c91a3997b8923bb229d6bdba51669f0f",
"restart_policy": "Never",
"image_id": "sha256:ea26f1771e80e0e693fa4ee0b41cbafa3ff07f9164ee0ef52e5577aa6f83d8f6",
"env": {
"HOSTNAME": "vm1",
"PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
},
"args": [
"/test/app_server"
]
},
"gce": {
"zone": "us-central1-a",
"project_id": "project-cc8855b1",
"project_number": "845846737967",
"instance_name": "vm1",
"instance_id": "8128731407594495836"
}
},
"google_service_accounts": [
"845846737967-compute@developer.gserviceaccount.com"
]
}
