Remote attestation

Remote attestation is the security process that allows the attester (or the "prover"), such as a VM or container to prove to another party (or the "verifier") it is running trusted software in a secure enclaved environment. This process is crucial in cloud, edge and AI confidential computing scenarios, where workloads need to prove their integrity and identity before being granted access to sensitive resources or secrets.

Remote attestation typically involves three steps:

• The verifier issues a challenge, often a nonce to the attester.

• The attester generates a cryptographically signed report, including the nonce and measurements of its environment.

• The verifier validates the report to ensure the attester is genuine and uncompromised.