Attested Logging with Existing Hardware

The Idea

Assess whether existing hardware roots of trust can produce internationally-trusted attestations. Candidates: TEE/Confidential Computing for software attestation, GPU firmware for kernel and performance counter logging, DC-SCM for power usage, NIC firmware for network connections.

Key questions: How difficult is it to extract secret keys from Hopper or Blackwell chips? Is there non-volatile memory that could be manually extracted by verifiers to avoid relying on device signing keys? How can this memory be protected against secret modification?

Why It Matters

New verification hardware takes years to design and deploy. If existing attestation mechanisms can be trusted (or modified to be trustworthy), verification could be deployed much faster. Even partial trust in existing hardware narrows the attack surface.

Open Questions

• Which existing attestation mechanisms are closest to internationally trustworthy?
• What modifications (tamper-evident enclosures, hardware audits) could close the gap?
• Can TEE attestation be made robust against nation-state attackers?

References

• Concrete Applications of Confidential Computing for AI Transparency
• Trail of Bits CC blog
• wiretap.fail
• batteringram.eu