The goal of attestation is to convince a third party that a specific piece of code is running on a genuine and secure TEE. This is initiated by the TEE upon a request of the third party. Usually, the process is as follows. It compiles some data about itself in a so-called enclave quote, which might contain the following:
- The TEEs unique identifier
- Security related hardware context, e.g. the microcode version.
- The enclave measurement, .i.e, essentially the hash of the enclave binary
- Maybe some software vendor information.
Subsequently, this data is sent to the hardware manufacturer, which verifies the report and responds with the remote attestation, signed by the hardware manufacturer's well-known certificate. This attestation confirms:
- That the enclave is indeed a genuine TEE of the hardware manufacturer.
- That the TEE microcode is up-to-date (to guarantee patches against the latest known security vulnerabilities).
- The specific software running in the enclave.
By verifying the remote attestation’s signature, the user has a proof that the TEEs is genuine, secure, and that it is running the expected software.