All Products
Search

This Product

    Elastic Compute Service:EAT profile of the remote attestation service

    Document Center

    Elastic Compute Service:EAT profile of the remote attestation service

    Last Updated:Apr 14, 2025

    The JSON Web Token (JWT) profile issued by Alibaba Cloud describes the claims included in the attestation results in the form of Entity Attestation Tokens (EATs) generated by Alibaba Cloud remote attestation service for various Trusted Execution Environment (TEE) environments. The JWT profile includes claims from the IETF JWT specifications, EAT specifications, different TEE platform specifications, and Alibaba Cloud-specific claims.

    JWT claims

    The following claims are defined in JWT specifications:

    • iat: Specifies the time at which the JWT is issued.

    • exp: Specifies the expiration time of the JWT.

    • iss: Specifies the entity that issued the JWT.

    • jti: Specifies the unique identifier of the JWT.

    • nbf: Specifies the time at which the JWT becomes valid.

    • aud: Specifies the entity or service that is the recipient of the JWT.

    EAT claims

    The following claims are defined in EAT specifications.

    • eat_profile: The EAT profile identified by a URL.

    • intuse: The intended use of the EAT indicated to the EAT consumer.

    TEE claims

    tcb-status: A set of TEE claims represented as a JSON string, which contains different specific claims based on the TEE platform type.

    TDX claims

    TEE claims related to Intel Trust Domain Extensions (TDX) TEE platform:

    • tdx.quote.header.version: The format version of the TDX Quote.

    • tdx.quote.header.att_key_type: The algorithm type in the TDX Quote signature.

    • tdx.quote.header.tee_type: The TEE type of the TDX Quote.

    • tdx.quote.header.reserved: The reserved field.

    • tdx.quote.header.vendor_id: The ID of the Quote Enclave (QE) provider.

    • tdx.quote.header.user_data: The user data.

    • tdx.quote.body.mr_config_id: The software-defined ID for non-owner-defined configuration of TDX.

    • tdx.quote.body.mr_owner: The software-defined ID of the TDX owner.

    • tdx.quote.body.mr_owner_config: The software-defined ID for owner-defined configuration of TDX.

    • tdx.quote.body.mr_td: The initial measurement content of TDX.

    • tdx.quote.body.mr_seam: The measurement value of the TDX module.

    • tdx.quote.body.mrsigner_seam: The measurement value of the TDX module signer.

    • tdx.quote.body.report_data: The user-defined data in the TDX Quote.

    • tdx.quote.body.seam_attributes: The additional configuration of the TDX module.

    • tdx.quote.body.tcb_svn: The security version number of the TDX trusted computing base (TCB).

    • tdx.quote.body.xfam: The mask of CPU extension features supported by TDX.

    • tdx.quote.body.rtmr_0: Runtime measurement register 0.

    • tdx.quote.body.rtmr_1: Runtime measurement register 1.

    • tdx.quote.body.rtmr_2: Runtime measurement register 2.

    • tdx.quote.body.rtmr_3: Runtime measurement register 3.

    • tdx.quote.body.tee_tcb_svn2: The security version number of the TDX TCB.

    • tdx.quote.body.mr_servicetd: The measurement value of the TDX service.

    • tdx.quote.body.td_attributes: The attributes of the trusted domain (TD).

    • tdx.td_attributes.debug: Specifies whether the TD is running in debug mode.

    • tdx.td_attributes.key_locker: Specifies whether the TD is allowed to use Key Locker.

    • tdx.td_attributes.perfmon: Specifies whether the TD is allowed to use Perfmon and PERF_METRICS features.

    • tdx.td_attributes.protection_keys: Specifies whether TD is allowed to use Supervisor Protection Keys.

    • tdx.td_attributes.septve_disable: Specifies whether Extended Page Table (EPT) violations are disabled from being converted to #VE on TD access to PENDING pages.

    • tdx.quote.type: The Quote type in TDX V5 Quote.

    • tdx.quote.size: The Quote length in TDX V5 Quote.

    Nvgpu claims

    TEE claims related to the NVIDIA nvtrust platform:

    • nvgpu.gpu.eat_nonce: The random number used to generate GPU evidence.

    • nvgpu.gpu.gpu_num: The number of GPUs to be verified.

    • nvgpu.gpu.x-acs-overall-att-result: The GPU verification result.

    • nvgpu.gpu.x-acs-ver: The GPU remote attestation service version.

    • nvgpu.gpu.GPU-X.x-acs-gpu-arch-check: Specifies whether the architecture of GPU-X has been verified.

    • nvgpu.gpu.GPU-X.x-acs-gpu-attestation-report-cert-chain-validated: Specifies whether the GPU certificate chain validation is successful.

    • nvgpu.gpu.GPU-X.x-acs-gpu-attestation-report-nonce-match: Specifies whether the random number in the attestation report matches.

    • nvgpu.gpu.GPU-X.x-acs-gpu-attestation-report-parsed: Specifies whether the attestation report parsing is successful.

    • nvgpu.gpu.GPU-X.x-acs-gpu-attestation-report-signature-verified: Specifies whether the attestation report signature verification is successful.

    • nvgpu.gpu.GPU-X.x-acs-gpu-driver-rim-cert-validated: Specifies whether the certificate validation in the Driver Rim File is successful.

    • nvgpu.gpu.GPU-X.x-acs-gpu-driver-rim-fetched: Specifies whether the Driver Rim File is successfully obtained.

    • nvgpu.gpu.GPU-X.x-acs-gpu-driver-rim-measurements-available: Specifies whether the golden measurements of the Driver Rim are successfully obtained.

    • nvgpu.gpu.GPU-X.x-acs-gpu-driver-rim-schema-validated: Specifies whether the schema validation of the Driver Rim File is successful.

    • nvgpu.gpu.GPU-X.x-acs-gpu-driver-rim-signature-verified: Specifies whether the signature verification of the Driver Rim is successful.

    • nvgpu.gpu.GPU-X.x-acs-gpu-driver-version: The driver version of the GPU to be verified.

    • nvgpu.gpu.GPU-X.x-acs-gpu-vbios-index-no-conflict: Specifies whether no conflict exists between the golden measurements in the Driver Rim and the golden measurements in the VBios Rim.

    • nvgpu.gpu.GPU-X.x-acs-gpu-vbios-rim-cert-validated: Specifies whether the certificate validation in the VBios Rim File is successful.

    • nvgpu.gpu.GPU-X.x-acs-gpu-vbios-rim-fetched: Specifies whether the VBios Rim File is successfully obtained.

    • nvgpu.gpu.GPU-X.x-acs-gpu-vbios-rim-measurements-available: Specifies whether the golden measurements of the VBios Rim are successfully obtained.

    • nvgpu.gpu.GPU-X.x-acs-gpu-vbios-rim-schema-validated: Specifies whether the schema validation of the VBios Rim File is successful.

    • nvgpu.gpu.GPU-X.x-acs-gpu-vbios-rim-signature-verified: Specifies whether the signature verification of the VBios Rim is successful.

    • nvgpu.gpu.GPU-X.x-acs-gpu-vbios-version: The VBios version of the GPU to be verified.

    • nvgpu.switch.eat_nonce: The random number used to generate Switch evidence.

    • nvgpu.switch.switch_num: The number of Switches to be verified.

    • nvgpu.switch.x-acs-overall-att-result: The Switch verification result.

    • nvgpu.switch.x-acs-ver: The Switch remote attestation service version.

    • nvgpu.switch.SWITCH-X.dbgstat: Specifies whether the switch is in a debuggable state.

    • nvgpu.switch.SWITCH-X.eat_nonce: The random number for the Switch attestation report.

    • nvgpu.switch.SWITCH-X.hwmodel: The HWModel of the Switch.

    • nvgpu.switch.SWITCH-X.measres: Specifies whether the runtime measurements in the Switch attestation match the golden measurements.

    • nvgpu.switch.SWITCH-X.secboot: Specifies whether the Switch boots from a trusted state.

    • nvgpu.switch.SWITCH-X.ueid: The UEID of the Switch.

    • nvgpu.switch.SWITCH-X.x-acs-switch-arch-check: Specifies whether the architecture of SWITCH-X matches.

    • nvgpu.switch.SWITCH-X.x-acs-switch-attestation-report-cert-chain-validated: Specifies whether the Switch certificate chain validation passed.

    • nvgpu.switch.SWITCH-X.x-acs-switch-attestation-report-nonce-match: Specifies whether the random number in the Switch evidence matches the random number used to generate the evidence.

    • nvgpu.switch.SWITCH-X.x-acs-switch-attestation-report-parsed: Specifies whether the Switch attestation report parsing was successful.

    • nvgpu.switch.SWITCH-X.x-acs-switch-attestation-report-signature-verified: Specifies whether the Switch attestation report signature verification is successful.

    • nvgpu.switch.SWITCH-X.x-acs-switch-bios-rim-cert-validated: Specifies whether the certificate validation in the Switch VBios Rim File is successful.

    • nvgpu.switch.SWITCH-X.x-acs-switch-bios-rim-fetched: Specifies whether the Switch's VBios Rim File is successfully obtained.

    • nvgpu.switch.SWITCH-X.x-acs-switch-bios-rim-measurements-available: Specifies whether the golden measurements in the Switch VBios Rim are successfully obtained.

    • nvgpu.switch.SWITCH-X.x-acs-switch-bios-rim-schema-validated: Specifies whether the schema validation of the obtained VBios Rim File is successful.

    • nvgpu.switch.SWITCH-X.x-acs-switch-bios-rim-signature-verified: Specifies whether the signature verification of the Switch VBios Rim is successful.

    • nvgpu.switch.SWITCH-X.x-acs-switch-bios-version: The VBios version of the Switch to be verified.

    Attester claims

    customized_claims: Attester claims in JSON format in the user remote attestation request, which includes:

    • init_data: TEE startup information that the attester expects to be included in the TEE evidence.

    • runtime_data: TEE runtime information that the attester expects to be included in the TEE evidence.

    Evaluation report claims

    evaluation-reports: Reports of TEE evidence evaluation by Alibaba Cloud remote attestation service:

    • policy-hash: The policy hash value used to verify the TEE evidence. The value can only be default, indicating that only cryptographic verification is performed on the TEE evidence.

    • policy-id: The policy ID used to verify the TEE evidence. The value is left empty.

    Alibaba Cloud-specific claims

    x-acs-ver: The version generated in the JWT format by the Alibaba Cloud remote attestation service.