What Is Attestation in Confidential Computing?

Think of it like presenting your driver's license to prove your identity—but for computing environments. Just as your license contains tamper-evident features and official signatures, attestation provides cryptographic proof about the state and authenticity of a computing environment.

In formal terms, attestation is a cryptographic signature provided as evidence of official verification that something is true or authentic. This definition builds on the traditional dictionary meaning but adds the crucial cryptographic element that makes it useful for secure computing.

You may have encountered attestation in other contexts, such as SLSA or in-toto attestations for software supply chain security, or in legal documents where attestation refers to official verification. In confidential computing, attestation serves a similar function but operates at the hardware and software level.

Local vs Remote Attestation in TEEs

Confidential computing supports two distinct types of attestation, each serving different security needs:

Local Attestation

In local attestation, a TEE provides proof of its current state to other components on the same physical machine. Think of this as an internal security check—the TEE generates a cryptographic signature of its state, and other local processes verify this signature against known trusted keys (typically device-specific identifiers like a MAC address or hardware security module).

Local attestation is useful for establishing trust between components on the same system, but its impact is limited since verification happens only locally.

Remote Attestation

Remote attestation is far more powerful and is what makes confidential computing a game changer for cloud applications. Here, a TEE provides cryptographic proof of its state to applications running on entirely different machines, potentially across the internet.

Consider this scenario: A hospital wants to use a cloud-based AI service to analyze patient data, but regulations require that the data never be accessible to the cloud provider. With remote attestation, the hospital can:

  1. Verify that the AI application is running in a genuine TEE
  2. Confirm that the application code matches what they expect
  3. Establish an encrypted communication channel directly with the TEE
  4. Send sensitive patient data knowing it's protected even from the cloud provider

This capability transforms how organizations can use external computing resources while maintaining strict data security and compliance requirements.

How Remote Attestation Works (Step-by-Step)

Remote attestation follows a well-defined process that establishes trust between a data owner (the verifier) and a remote computing environment (the TEE):

Step 1: State Measurement

The TEE begins by computing a comprehensive measurement of its current state. This measurement typically includes:

  • Code integrity: A cryptographic hash of the application code currently loaded
  • Configuration data: Runtime parameters and settings
  • TEE identity: Information about the specific hardware and firmware versions
  • Load-time measurements: Verification that the code was loaded correctly

Step 2: Cryptographic Signing

The TEE uses a private key that's permanently embedded in the hardware to sign this state measurement. This hardware-backed signing ensures that the attestation cannot be forged by software running on the same machine.

Step 3: Attestation Delivery

The signed attestation is sent to the verifier (the party that wants to verify the TEE's state). This can happen over any network connection since the attestation itself is cryptographically protected.

Step 4: Verification

The verifier performs several critical checks:

  • Signature verification: Uses the corresponding public key to verify the attestation's authenticity
  • State comparison: Compares the reported state against known-good reference values
  • Freshness checks: Ensures the attestation is recent and not a replay of an old attestation

Step 5: Secure Channel Establishment

If verification succeeds, the verifier uses the TEE's public key to establish an encrypted communication channel (typically using TLS) directly with the TEE, bypassing any potentially untrusted infrastructure.

If any verification step fails, the verifier should refuse to send sensitive data or trust results from the TEE.

Addressing the Trust Gap in Remote Attestation

You might wonder: how does the verifier know which public keys to trust and what constitutes a "good" state? This is one of the most critical aspects of remote attestation, and the security of the entire system depends on getting this right.

For the cryptographic keys, trust typically flows from the hardware manufacturer. Each manufacturer maintains a public key infrastructure (PKI) that allows verifiers to validate that attestations come from genuine hardware.

Determining what constitutes a "good" application state is typically the responsibility of the application developer or deployer. This might involve publishing cryptographic hashes of approved application versions, maintaining a registry of trusted configurations, or implementing continuous integration pipelines that automatically generate and sign reference measurements. 

The challenge is that both the hardware trust chain and the application state references must be communicated securely to all verifiers. Any compromise in this trust establishment process undermines the entire security model.

TEE Technologies That Support Remote Attestation

Different TEE technologies offer varying levels of attestation support:

TEE Technology Local Attestation Remote Attestation Key Features
Intel SGX Mature ecosystem, fine-grained control
Intel TDX VM-level protection, newer technology
AMD SEV-SNP Full VM encryption, good performance
ARM TrustZone Limited Primarily mobile/embedded use
AWS Nitro Enclaves Cloud-native, integrated with AWS services
Azure Confidential VMs Multi-TEE support, managed service

Remote Attestation is Gaining Traction 

Despite the known good state being up for interpretation, remote attestation is becoming increasingly important as organizations seek to leverage external computing resources while maintaining strict security and compliance requirements. Key trends include:

Standardization efforts: Industry groups are working on standardized attestation formats and protocols to improve interoperability between different TEE technologies.

Integration with existing systems: Cloud providers are building attestation capabilities into their managed services, making it easier for organizations to adopt without deep technical expertise.

Regulatory compliance: As data protection regulations become more stringent, attestation provides a cryptographic foundation for demonstrating compliance with security requirements.

AI and machine learning: Confidential AI applications are driving demand for attestation capabilities that can verify the integrity of model training and inference processes.

Remote attestation represents one of confidential computing's most transformative capabilities, enabling organizations to verify the integrity and authenticity of remote computing environments before trusting them with sensitive data. While the technology involves complex cryptographic protocols and trust establishment challenges, the security benefits are substantial for applications that require the highest levels of data protection.