Who is this for?
This Learning Path is for developers who would like to learn about attestation in confidential computing, using Arm's Confidential Computing Architecture (CCA).
What will you learn?
Upon completion of this Learning Path, you will be able to:
- Describe the importance of attestation in confidential computing.
- Understand what a CCA attestation token is, and describe its format.
- Inspect the contents of a CCA attestation token using command-line tools.
- Use an attestation verification service to evaluate a CCA attestation token.
- Understand the purpose of the Open-Source Veraison project.
Prerequisites
Before starting, you will need the following:
- An Arm-based or x86 computer running Ubuntu. You can use a server instance from a cloud service provider of your choice.
Summary
AI-assisted
This summary was drafted with an approved AI-assisted workflow and reviewed by Arm contributors before publication.
Human technical review remains part of the process so the final page reflects engineering rigor, accuracy, and Arm editorial standards.
You’ll learn about CCA attestation by connecting the concepts of confidential computing and Arm’s Realm Management Extension to practical token handling. First, you’ll start with an overview of attestation and Veraison, then obtain an example CCA attestation token and set up the required tools by installing Go. You’ll inspect the token’s structure using command-line workflows, then submit it to a Linaro-hosted verification service implemented with Veraison components. By the end, you’ll recognize a successful verification response and be able to relate it back to the token contents that you inspected.
Frequently asked questions
AI-assisted
These FAQs were drafted with an approved AI-assisted workflow and reviewed by Arm contributors before publication.
Human technical review remains part of the process so the final page reflects engineering rigor, accuracy, and Arm editorial standards.
Should I remove an existing Go installation before setting up the tools?Yes. The steps direct you to remove any existing Go installation before downloading and extracting the specified Go release and updating your PATH.
What can I verify locally before using the online verification service?You can inspect the example CCA attestation token with command-line workflows to review its data and format. This helps you understand what the service will evaluate.
How do I know the token I’m using is supported by the verifier?The verifier targets pre-silicon CCA platforms, such as emulated Arm platforms like FVP. The example token provided in this exercise is suitable for this service.
What result should I expect after submitting a token to the verification service?You should receive a verification response from the Veraison-based service indicating the evaluation outcome. Use that result to confirm the token’s validity for the targeted pre-silicon environment.
Do I need access to CCA hardware to follow this Learning Path?No. You’ll use an example token and a publicly available verifier for emulated pre-silicon CCA platforms hosted by Linaro.