Hasty Briefsbeta

Bilingual

Remote Attestation

2 hours ago
  • #remote-attestation
  • #TPM-security
  • #measured-boot
  • Remote attestation uses a TPM to cryptographically verify a host's hardware, firmware, kernel, init image, and root filesystem.
  • It enables measured boot, which records hashes in PCRs to ensure boot integrity, unlike secure boot that blocks boot.
  • Applications include encrypting root filesystems with TPM sealing, issuing mTLS certificates only to attested hosts, and backing TLS certs with TPMs.
  • The process involves Endorsement Keys (EK), Attestation Keys (AK), and LDevIDs to prove host legitimacy and tie keys to specific TPMs.
  • While not perfect against physical attacks, remote attestation provides a trust foundation for EDR, immutable filesystems, and workload security.