Skip to content

feat(tee): TPM 2.0 attestation verifier (Tier 3)#29

Merged
imran-siddique merged 1 commit into
mainfrom
feat/tpm-attestation
Jul 1, 2026
Merged

feat(tee): TPM 2.0 attestation verifier (Tier 3)#29
imran-siddique merged 1 commit into
mainfrom
feat/tpm-attestation

Conversation

@imran-siddique

Copy link
Copy Markdown
Contributor

What

The third attestation backend, completing the documented trio (SEV-SNP, TDX, TPM).

  • ca2a_runtime.tee.tpm: parses TPMS_ATTEST (magic, attest type, qualifying data / nonce, PCR digest). TpmProvider.attest fails closed off a real TPM.
  • ca2a_verify.tpm.verify_tpm_quote: AK chain → a caller-supplied trusted vendor root; AK signature over the attest blob (ECDSA-SHA256 or RSA PKCS#1 v1.5); magic/type checks; qualifying-data and PCR-digest binding.

Scope / honesty

Unlike AMD/Intel, TPM AKs chain to per-vendor EK roots, so there is no single published root to validate against; the caller supplies its trusted roots and the verifier is exercised against synthetic self-consistent vectors. Quote generation requires a real TPM.

Suite: 145 passed, 97% coverage.

Closes #4

🤖 Generated with Claude Code

Add TPM 2.0 attestation appraisal, all fail-closed:
- ca2a_runtime.tee.tpm: TPMS_ATTEST parsing (magic, attest type, qualifying
  data / nonce, PCR digest) and TpmProvider (attest requires a real TPM).
- ca2a_verify.tpm: AK certificate chain to a caller-supplied trusted vendor
  root, AK signature over the attest blob (ECDSA-SHA256 or RSA PKCS#1 v1.5),
  magic/type checks, and qualifying-data / PCR-digest binding.

Unlike SEV-SNP and TDX, TPM AKs chain to per-vendor EK roots, so there is no
single published root; the caller supplies its trusted roots and the verifier
is exercised against synthetic self-consistent vectors. Completes the three
documented attestation backends (SEV-SNP, TDX, TPM). Suite: 145 passed, 97%.

Closes #4

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@imran-siddique imran-siddique merged commit 30a8c86 into main Jul 1, 2026
11 checks passed
@imran-siddique imran-siddique deleted the feat/tpm-attestation branch July 1, 2026 20:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

feat(tee): TPM 2.0 attestation backend (AK cert + checkquote)

1 participant