The code in this directory (oak_rust_attestation_verifier.cc) performs remote
attestation verification of TEE-hosted ledger applications which form part of
the
ConfidentialAggregations
protocol, as described in the
Confidential Federated Computations paper.
Client devices that use this library to participate in the
ConfidentialAggregations protocol will verify attestation evidence for the
ledger application hosted in the
Confidential Federated Compute
repository. They will also verify the data access policy that the ledger will
enforce, which will specify one or more allowed data transformation applications
which are built from that same repository.
After a successful verification, these devices will log an attestation verification record which can then be inspected.
This functionality is currently only being tested on a small scale population in the Android Gboard app. However, for a device to successfully participate in this population, various conditions have to be met, among which: the beta version of the Gboard app has to be installed, the OS scheduler has to invoke the app, a test needs to be ongoing (we may pause or restart tests at times), and the server has to admit the device by serving a task.
You can attempt to have a device participate in the population and thereafter extract the attestation record logged by the device by using the following instructions. However, note that due to the required conditions listed above, these instructions do not guarantee that your device will actually participate within a certain timeframe.
-
Select an Android phone to use. You must be able to enable 'Developer mode'/
adbaccess on this device (see below). -
Install the app that is using this library and from which you want to gather attestation verification records. E.g. for the ongoing test in Gboard, you must:
- Install the beta version of Gboard on your device by using this link,
- Use the Gboard app at least once on your device.
- Set your primary language in Gboard to "English (United States)".
-
Install the
adbtool on your computer. -
Enable
adbdebugging on your device. -
Connect your computer to the phone using USB.
-
Run the following command to turn on the logging of
AttestationVerificationRecordentries to your device's logcat buffer, for any app that is using this library.adb shell setprop log.tag.fcp.attest D
-
Run the following command:
adb logcat 'fcp.attest:D' '*:S' | tee fcp_attestation_records.txt
This will write all log messages containing attestation verification records to the
fcp_attestation_records.txtfile, as well as to the terminal output. Leave this command running as you proceed to the next step. -
Leave your phone connected to your computer using the USB connection, make sure it is also connected to WiFi, and leave it unattended. You should not interact with the phone in any way at this point and leave the phone for at least a number of hours (see the note above). This helps create the required (but not necessarily sufficient) conditions for your phone to be able to participate in the population.
If one of the apps on the device is using this library, and if the device
successfully participates in a task using the ConfidentialAggregations
protocol (subject to the required conditions listed above), then the device's
logcat stream will contain an entry that looks as follows:
03-28 12:15:12.563 4101 4123 D fcp.attest: This device is contributing data via the confidential aggregation protocol. The attestation verification record follows.
03-28 12:15:12.563 4101 4123 D fcp.attest: <H4sIAAAAAAAAA+M6Ji51WJzrgLhHak5OvqKCQuIoGAWjYBSMglEwCkbBKBgFo2DQAwDdp4nbyQsAAA==>
...
03-28 12:15:12.563 4101 4123 D fcp.attest: <>
These records represent a line-wrapped, base64-encoded, and gzip-compressed
AttestationVerificationRecord protobuf (the encoding is performed in
oak_rust_attestation_verifier.cc). We provide an extract_attestation_records
utility for extracting and parsing such records from a log stream. This utility
will write each extracted record to its own file, in the shape of a serialized
AttestationVerificationRecord proto.
$ mkdir extracted_records
$ bazelisk run :extract_attestation_records -- \
--input=$PWD/fcp_attestation_records.txt \
--output=$PWD/extracted_records/
Wrote a verification record extracted from lines 2-19 to extracted_records/record_l2_to_l19_digest12345678.pb
Found 1 record(s).Once you have gathered one or more such records, you can follow the instructions in the Confidential Federated Compute repository to inspect the information contained in those records, and to identify and inspect the TEE-attested binaries that were allowed to process the data that was uploaded by this device during the session in which the verification record was generated.