diff --git a/google/cloud/confidentialcomputing/v1/BUILD.bazel b/google/cloud/confidentialcomputing/v1/BUILD.bazel
index 5e9711e1cf744..80cb0c7c3dbb7 100644
--- a/google/cloud/confidentialcomputing/v1/BUILD.bazel
+++ b/google/cloud/confidentialcomputing/v1/BUILD.bazel
@@ -72,8 +72,8 @@ java_gapic_library(
     rest_numeric_enums = True,
     service_yaml = "confidentialcomputing_v1.yaml",
     test_deps = [
-        ":confidentialcomputing_java_grpc",
         "//google/cloud/location:location_java_grpc",
+        ":confidentialcomputing_java_grpc",
     ],
     transport = "grpc+rest",
     deps = [
@@ -170,7 +170,8 @@ py_gapic_library(
     rest_numeric_enums = True,
     service_yaml = "confidentialcomputing_v1.yaml",
     transport = "grpc+rest",
-    deps = [],
+    deps = [
+    ],
 )
 
 py_test(
@@ -214,7 +215,9 @@ php_gapic_library(
     rest_numeric_enums = True,
     service_yaml = "confidentialcomputing_v1.yaml",
     transport = "grpc+rest",
-    deps = [":confidentialcomputing_php_proto"],
+    deps = [
+        ":confidentialcomputing_php_proto",
+    ],
 )
 
 # Open Source Packages
@@ -281,9 +284,7 @@ ruby_grpc_library(
 ruby_cloud_gapic_library(
     name = "confidentialcomputing_ruby_gapic",
     srcs = [":confidentialcomputing_proto_with_info"],
-    extra_protoc_parameters = [
-        "ruby-cloud-gem-name=google-cloud-confidential_computing-v1",
-    ],
+    extra_protoc_parameters = ["ruby-cloud-gem-name=google-cloud-confidential_computing-v1"],
     grpc_service_config = "confidentialcomputing_v1_grpc_service_config.json",
     rest_numeric_enums = True,
     service_yaml = "confidentialcomputing_v1.yaml",
@@ -317,6 +318,7 @@ load(
 
 csharp_proto_library(
     name = "confidentialcomputing_csharp_proto",
+    extra_opts = [],
     deps = [":confidentialcomputing_proto"],
 )
 
diff --git a/google/cloud/confidentialcomputing/v1/confidentialcomputing_v1.yaml b/google/cloud/confidentialcomputing/v1/confidentialcomputing_v1.yaml
index e715a709c7e80..9e61d2daccb35 100644
--- a/google/cloud/confidentialcomputing/v1/confidentialcomputing_v1.yaml
+++ b/google/cloud/confidentialcomputing/v1/confidentialcomputing_v1.yaml
@@ -8,6 +8,7 @@ apis:
 - name: google.cloud.location.Locations
 
 documentation:
+  summary: Attestation verifier for Confidential Space.
   rules:
   - selector: google.cloud.location.Locations.GetLocation
     description: Gets information about a location.
@@ -53,7 +54,7 @@ authentication:
         https://www.googleapis.com/auth/cloud-platform
 
 publishing:
-  new_issue_uri: https://issuetracker.google.com/issues/new?component=1166820
+  new_issue_uri: https://issuetracker.google.com/issues/new?component=1134314&template=1640550
   documentation_uri: https://cloud.google.com/confidential-computing
   api_short_name: confidentialcomputing
   github_label: 'api: confidentialcomputing'
diff --git a/google/cloud/confidentialcomputing/v1/service.proto b/google/cloud/confidentialcomputing/v1/service.proto
index 846b4de0470ab..4a97c94e0bad4 100644
--- a/google/cloud/confidentialcomputing/v1/service.proto
+++ b/google/cloud/confidentialcomputing/v1/service.proto
@@ -55,6 +55,21 @@ service ConfidentialComputing {
   }
 }
 
+// SigningAlgorithm enumerates all the supported signing algorithms.
+enum SigningAlgorithm {
+  // Unspecified signing algorithm.
+  SIGNING_ALGORITHM_UNSPECIFIED = 0;
+
+  // RSASSA-PSS with a SHA256 digest.
+  RSASSA_PSS_SHA256 = 1;
+
+  // RSASSA-PKCS1 v1.5 with a SHA256 digest.
+  RSASSA_PKCS1V15_SHA256 = 2;
+
+  // ECDSA on the P-256 Curve with a SHA256 digest.
+  ECDSA_P256_SHA256 = 3;
+}
+
 // A Challenge from the server used to guarantee freshness of attestations
 message Challenge {
   option (google.api.resource) = {
@@ -118,6 +133,14 @@ message VerifyAttestationRequest {
   // Required. The TPM-specific data provided by the attesting platform, used to
   // populate any of the claims regarding platform state.
   TpmAttestation tpm_attestation = 3 [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. Optional information related to the Confidential Space TEE.
+  ConfidentialSpaceInfo confidential_space_info = 4
+      [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. A collection of optional, workload-specified claims that modify
+  // the token output.
+  TokenOptions token_options = 5 [(google.api.field_behavior) = OPTIONAL];
 }
 
 // A response once an attestation has been successfully verified, containing a
@@ -134,6 +157,18 @@ message GcpCredentials {
   repeated string service_account_id_tokens = 2;
 }
 
+// Options to modify claims in the token to generate custom-purpose tokens.
+message TokenOptions {
+  // Optional. Optional string to issue the token with a custom audience claim.
+  // Required if one or more nonces are specified.
+  string audience = 1 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Optional parameter to place one or more nonces in the eat_nonce
+  // claim in the output token. The minimum size for JSON-encoded EATs is 10
+  // bytes and the maximum size is 74 bytes.
+  repeated string nonce = 2 [(google.api.field_behavior) = OPTIONAL];
+}
+
 // TPM2 data containing everything necessary to validate any platform state
 // measured into the TPM.
 message TpmAttestation {
@@ -174,3 +209,45 @@ message TpmAttestation {
   // chain back to a trusted Root Certificate.
   repeated bytes cert_chain = 5;
 }
+
+// ConfidentialSpaceInfo contains information related to the Confidential Space
+// TEE.
+message ConfidentialSpaceInfo {
+  // Optional. A list of signed entities containing container image signatures
+  // that can be used for server-side signature verification.
+  repeated SignedEntity signed_entities = 1
+      [(google.api.field_behavior) = OPTIONAL];
+}
+
+// SignedEntity represents an OCI image object containing everything necessary
+// to verify container image signatures.
+message SignedEntity {
+  // Optional. A list of container image signatures attached to an OCI image
+  // object.
+  repeated ContainerImageSignature container_image_signatures = 1
+      [(google.api.field_behavior) = OPTIONAL];
+}
+
+// ContainerImageSignature holds necessary metadata to verify a container image
+// signature.
+message ContainerImageSignature {
+  // Required. The binary signature payload following the SimpleSigning format
+  // https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#simple-signing.
+  // This payload includes the container image digest.
+  bytes payload = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. A signature over the payload.
+  // The container image digest is incorporated into the signature as follows:
+  // 1. Generate a SimpleSigning format payload that includes the container
+  // image digest.
+  // 2. Generate a signature over SHA256 digest of the payload.
+  // The signature generation process can be represented as follows:
+  // `Sign(sha256(SimpleSigningPayload(sha256(Image Manifest))))`
+  bytes signature = 2 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. An associated public key used to verify the signature.
+  bytes public_key = 3 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. The algorithm used to produce the container image signature.
+  SigningAlgorithm sig_alg = 4 [(google.api.field_behavior) = REQUIRED];
+}