Bastionchip silicon in evaluation — now accepting qualified partner requests. Request Eval Kit →
Technology

Remote Attestation

Hardware-signed attestation tokens anchored to the PUF device identity. A verifiable chain from silicon die through boot firmware to running workload — no software trust required.

Trust anchor Silicon
Protocol Flow

Attestation token generation and verification

The attestation flow begins at the silicon die and produces a token that a remote verifier can check without trusting any software on the host system.

Remote attestation protocol flow diagram showing silicon root of trust, boot chain, attestation token generation, and verifier steps
Chain of Trust

Each link hardware-signed

01
Silicon Die — PUF Root Key
The PUF array derives the 256-bit device root key from silicon manufacturing variation. This key seeds the certificate hierarchy. It never leaves the die and cannot be extracted.
02
Device Certificate Issuance
During device provisioning, the PUF-derived key is used to generate an ECDSA P-384 device key pair. The public key is certified by the Bastionchip vendor CA. The device certificate binds the public key to hardware identity.
03
Boot Chain Measurement
At each stage of the boot sequence, the bootloader image is hashed using SHA-3/256. Measurements are stored in hardware-protected registers. The crypto engine signs the full measurement chain using the device key.
04
Attestation Token Generation
On request (bound to a verifier nonce), the chip generates a signed attestation report: device identity, boot measurements, nonce, and timestamp. Signed by the device key — hardware-rooted, not software-generated.
05
Remote Verifier Validation
The verifier checks the token signature against the Bastionchip vendor CA, validates the device certificate, checks the measurement values against a known-good reference, and confirms the nonce to prevent replay attacks.
Token Format

Verifier-friendly attestation report

Attestation Report Structure (JSON-encoded, ECDSA P-384 signed)
{
  "version": "1.0",
  "device_id": "bc1-puf-derived-serial",
  "device_cert": "PEM-encoded ECDSA P-384 certificate",
  "nonce": "verifier-supplied 256-bit nonce",
  "timestamp": "RFC3339 UTC timestamp",
  "measurements": {
    "rom_hash":  "SHA3-256 of ROM image",
    "bl0_hash":  "SHA3-256 of bootloader stage 0",
    "bl1_hash":  "SHA3-256 of bootloader stage 1",
    "os_hash":   "SHA3-256 of OS image"
  },
  "tamper_status": "clean",
  "signature": "ECDSA P-384 signature over all above fields"
}
Replay Protection
Verifier-supplied nonce bound to token. Each attestation is single-use.
Offline Verification
Verifier needs only Bastionchip CA public key. No live network call to Bastionchip required.
Tamper Visibility
Tamper status field reflects hardware log. Compromised device reports tamper state in every subsequent token.

Attestation protocol documentation

Full attestation API reference and verifier integration guide available under NDA for qualified design partners.

Schedule Technical Briefing Read Attestation Chain Post