Skip to content

harden: fail closed at runtime when per-session attested report cannot be produced #372

Description

@imran-siddique

Tracked follow-up from the June 2026 org-wide security hardening review. Wave 1/2 fixes are merged and published; this is remaining hardening. (flagged in #368)

When the per-session TEE report call fails, close_session() falls back to the startup report, which carries no chain-root commitment. The verifier rejects this for hardware platforms (fail-closed at verify), but the runtime still issues the claim. Consider failing closed at runtime (refuse to issue an unbound claim) or clearly marking it.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions