Attestation

Full Title or Meme

Attestation in computing devices typically means a statement from a Trust Authority about the security of statements made by some other computing device.

Context

A Remote Attestation Service was proposed as a service that would accept statements from a TPM to verify that the code running on the computer was that approved by the manufacturer.

Solutions

• US CISA Secure Software Development Attestation Form Instructions The purpose of this form is to provide the Federal Government assurances that software used by agencies is securely developed. (2024-03)
• Verifying hardware-backed key pairs with Key Attestation in Android for Smartphones.

  Key Attestation gives you more confidence that the keys you use in your app are stored in a device's hardware-backed keystore. The link describes how to verify the properties of hardware-backed keys and how to interpret the schema of the attestation certificate's extension data.

• attestKey(_:clientDataHash:completionHandler:) Asks Apple to attest to the validity of a generated cryptographic key.

References

• See wiki page Attested for details of an Attestation.
• See wiki page Hardware-Enabled Security