> For the complete documentation index, see [llms.txt](https://docs.enclaive.cloud/nitride/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.enclaive.cloud/nitride/documentation/concepts/attestation/methods/raw-attestation.md).

# Raw Attestation

**Raw Attestation** is the most fundamental remote attestation capability offered by a Trusted Execution Environment (TEE). It establishes a baseline of trust by having the platform's security processor measure the system's initial state.

This process captures cryptographic measurements of the system's foundational components, which include:

* The underlying platform configuration.
* The virtual firmware such as UEFI.
* The initial state of the virtual CPUs (vCPUs).

<figure><img src="https://docs.enclaive.cloud/~gitbook/image?url=https%3A%2F%2F3478727215-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FetGMTZNbCMxe3nxgUCdF%252Fuploads%252Fch3WMksaFKq4G9gTDF9n%252Ffile.excalidraw.svg%3Falt%3Dmedia%26token%3Dc1fa9fca-0cb6-44e6-9f0a-d4f3918b5191&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=7def6999&#x26;sv=2" alt=""><figcaption></figcaption></figure>

### Raw Attestation Implementations

While the goal of Raw Attestation is the same, the implementation differs between CPU vendors.

#### **AMD SEV-SNP**

In AMD SEV-SNP, raw attestation is a streamlined, single-step process.

1. Report Generation: The CPU measures the initial state of the virtual machine, including its firmware and vCPUs, and generates a single, comprehensive attestation report.
2. Signing: This report is cryptographically signed using a private key unique to the chip. This key is part of a certificate chain that originates from an AMD Certificate Authority (CA), effectively proving the report came from a genuine AMD processor.
3. Verification: A relying party can verify the platform's authenticity by validating the report's signature against the public key found in the certificate and then verifying the entire certificate chain against AMD's CA.

#### **Intel TDX**

In Intel TDX, raw attestation uses a two-step process that distinguishes between local and remote verification.

*Step 1*: `TDREPORT` Generation (for Local Attestation)

* The CPU first generates a `TDREPORT`. This report is encrypted in such a way that it can only be verified by other trusted workloads running on the same physical machine.
* Use Case: This is primarily used for confidential VMs on the same host to attest to one another without involving external services.

*Step 2*: `TDQUOTE` Generation (for Remote Attestation)

* To be verified by an external party, the `TDREPORT` must be converted into a `TDQUOTE`. This conversion is handled by a special, Intel-provided Quoting Enclave (QE).
* The resulting `TDQUOTE` is signed with a key that can be verified by Intel's remote Attestation Service. A relying party sends the `TDQUOTE` to this service to confirm the platform's genuineness.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.enclaive.cloud/nitride/documentation/concepts/attestation/methods/raw-attestation.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.