Google Cloud Attestation
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
证明是建立对保密计算信任的过程。认证是一种数字验证机制,可确保机密数据仅在经过严格审查的基于硬件的可信执行环境 (TEE) 中处理。
Google Cloud 证明提供了一种统一的解决方案,用于远程验证所有 Google 保密环境的可信度。该服务支持对由虚拟可信平台模块 (vTPM)(适用于 SEV)和 TDX 模块(适用于 Intel TDX)提供支持的机密环境进行证明。
Google Cloud 证明可应用于以下 Google Cloud服务:
虽然 Google Cloud 证明很方便,但开源工具也可以直接为机密虚拟机实例获取证明报告。如需了解详情,请参阅请求证明报告。
Google Cloud Attestation 的工作原理
Google Cloud 证明会在内部直接从硬件供应商处收集认可,并维护自己的一组参考值和评估政策,这些参考值和评估政策专门针对每个保密环境量身定制。它为 Google Cloud 用户提供用于获取证明结果声明令牌的 API。
Google Cloud 证明会从您的保密环境中收集信息,并根据批准的值和 Google 维护的政策进行检查。这些检查会转换为符合 IETF 远程证明程序 (RATS) 实体证明令牌 (EAT) 标准的可验证声明。然后,Google Cloud 证明会提供这些声明的加密证明,供依赖此类声明的服务(例如 Secret Manager 和 Google Identity and Access Management (IAM))使用。
可通过以下方式验证加密证明:
使用公钥。如需了解详情,请参阅 OIDC 令牌。
此选项更简单,可与 OIDC 兼容的应用原生搭配使用。
使用根证书。如需了解详情,请参阅 PKI 令牌。
此选项支持离线验证,无需每个信赖方发现验证密钥。如需查看离线验证的端到端示例,请参阅 将 Confidential Space 与未存储在云提供商处的受保护资源搭配使用 Codelab。
RATS 架构概览
远程证明程序 (RATS) 架构涉及以下主要实体:
证明者:提供可信度证明的实体。在Google Cloud中,这是一个机密环境(例如机密虚拟机、机密 GKE 节点或 Confidential Space)。
验证方:评估证据并生成证明结果的实体。这是 Google Cloud Attestation。
依赖方:依赖证明结果来做出决策的实体(例如移动应用、存储桶或密钥管理系统)。
RATS 架构包含以下关键角色:
信赖方所有者:为信赖方配置评估政策的实体。
验证方所有者:为验证方(例如 Google)配置评估政策的实体。
背书者:提供背书来验证证明者的能力(例如,AMD、Intel 或 Nvidia 等硬件 OEM)的实体。
参考值提供方:一种实体,可为验证方提供参考值,以验证证明方的声明。
护照模型证明工作流
Google Cloud Attestation 使用护照模型。护照模型的高级工作流程涉及以下步骤:
证明者(保密环境)通过提供证据,从验证者(Google Cloud Attestation)请求证明结果。
验证方评估证据并发布证明结果。
证明者将此结果呈现给信赖方。
在此工作流中,Google Cloud Attestation 充当验证方。机密环境(例如机密虚拟机、机密 GKE 节点或 Confidential Space)充当证明者。信赖方包括 Thales EKM、Google IAM 和其他令牌代理。
为确保证明结果的时效性,Google Cloud 证明使用无法重复使用的加密数字。证明者可以向验证者提供与信赖方商定的随机数。然后,信赖方可以验证此随机数,以确保其新鲜度和正确性。
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2025-09-04。
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-04。"],[[["\u003cp\u003eAttestation is a digital verification process that establishes trust by ensuring confidential data is processed only within vetted, hardware-based Trusted Execution Environments (TEEs).\u003c/p\u003e\n"],["\u003cp\u003eGoogle Cloud Attestation provides a unified solution for remotely verifying the trustworthiness of Google confidential environments, supporting technologies like AMD SEV, SEV-SNP, and Intel TDX across services such as Confidential VM, Confidential Space, and Confidential GKE Nodes.\u003c/p\u003e\n"],["\u003cp\u003eGoogle Cloud Attestation collects data from confidential environments, compares it against approved values and policies, and generates verifiable claims that conform to the IETF RATS EAT standard.\u003c/p\u003e\n"],["\u003cp\u003eThe Remote ATtestation ProcedureS (RATS) architecture involves an Attester (confidential environment), a Verifier (Google Cloud Attestation), and a Relying Party (e.g., mobile app, key management system).\u003c/p\u003e\n"],["\u003cp\u003eGoogle Cloud Attestation follows a passport model, where the attester requests an attestation result from the verifier, which is then presented to the relying party, ensuring data security and trust.\u003c/p\u003e\n"]]],[],null,["# Google Cloud Attestation\n\nAttestation is the process that establishes trust in\n[Confidential Computing](/confidential-computing/docs/confidential-computing-overview).\nAttestation acts as a digital verification mechanism, ensuring that confidential\ndata is only processed within hardware-based Trusted Execution Environments\n(TEEs) that have been rigorously vetted.\n\nGoogle Cloud Attestation provides a unified solution for remotely verifying the\ntrustworthiness of all Google confidential environments. The service supports\nattestation of confidential environments backed by a Virtual Trusted Platform\nModule (vTPM) for SEV and the TDX Module for Intel TDX.\n\nGoogle Cloud Attestation can be applied across the following Google Cloud\nservices:\n\nWhile Google Cloud Attestation is convenient, open-source tools can also\nobtain attestation reports directly for Confidential VM instances.\nFor more details, see [Request an attestation report](/confidential-computing/confidential-vm/docs/attestation#request_an_attestation_report).\n\nHow Google Cloud Attestation works\n----------------------------------\n\nGoogle Cloud Attestation internally gathers endorsements directly from\nhardware vendors and upholds its own set of reference values and appraisal\npolicies specifically tailored for each confidential environment. It provides\nAPIs for Google Cloud users to fetch attestation result claims tokens.\n\nGoogle Cloud Attestation collects information from your confidential\nenvironment and checks it against approved values and Google-maintained\npolicies. These checks are converted into verifiable claims that adhere to the\n[IETF Remote ATtestation ProcedureS (RATS) Entity Attestation Token (EAT)](https://datatracker.ietf.org/doc/draft-ietf-rats-eat/)\nstandard. Then, Google Cloud Attestation provides cryptographic proofs of\nthese claims that can be used by services relying on such claims, such as\nSecret Manager and Google\n[Identity and Access Management (IAM)](/security/products/iam).\n\nThe cryptographic proofs can be validated in the following ways:\n\n1. Using a public key. For more information, see\n [OIDC tokens](/confidential-computing/confidential-space/docs/reference/token-validation-endpoint-fields#oidc).\n This is the simpler option and works natively with OIDC compatible applications.\n\n2. Using a root certificate. For more information, see\n [PKI tokens](/confidential-computing/confidential-space/docs/reference/token-validation-endpoint-fields#pki).\n This option allows offline verification, without the need for each relying\n party to discover the verification key. For an end-to-end example of offline\n validation, see the\n [Use Confidential Space with protected resources that aren't stored with a cloud provider](https://codelabs.developers.google.com/confidential-space-pki#0) codelab.\n\nRATS architecture overview\n--------------------------\n\nThe Remote ATtestation ProcedureS (RATS) architecture involves the following\nprimary entities:\n\n- Attester: An entity providing evidence of its trustworthiness. In\n Google Cloud, this is a confidential environment (for example, Confidential VM,\n Confidential GKE Nodes, or Confidential Space).\n\n- Verifier: An entity evaluating the evidence and generating attestation\n results. This is Google Cloud Attestation.\n\n- Relying party: An entity relying on the attestation results to make decisions\n (for example, a mobile app, storage bucket, or key management system).\n\nThe RATS architecture encompasses the following key roles:\n\n- Relying party owner: An entity configuring the appraisal policy for the\n relying party.\n\n- Verifier owner: An entity configuring the appraisal policy for the verifier\n (for example, Google).\n\n- Endorser: An entity providing endorsements validating the attester's\n capabilities (for example, hardware OEMs like AMD, Intel, or Nvidia).\n\n- Reference value provider: An entity providing reference values for the\n verifier to validate the attester's claims.\n\nPassport model attestation workflow\n-----------------------------------\n\nGoogle Cloud Attestation uses the *passport model*. The high-level workflow of\nthe passport model involves the following steps:\n\n1. The attester (confidential environment) requests an attestation result\n from the verifier (Google Cloud Attestation) by providing evidence.\n\n2. The verifier evaluates the evidence and issues an attestation result.\n\n3. The attester presents this result to the relying party.\n\nIn this workflow, Google Cloud Attestation acts as the verifier. Confidential\nenvironments such as (Confidential VM, Confidential GKE Nodes, or\nConfidential Space) act as the attester. Relying parties include Thales EKM, Google\nIAM, and other token brokers.\n\nTo ensure the freshness of attestation results, Google Cloud Attestation\nuses a cryptographic number that can't be reused. The attester can provide a\nrandom number, which is agreed upon with the relying party, to the verifier.\nThe relying party can then validate this number to ensure freshness and\ncorrectness."]]