For inquiries about GlobalPlatform or website assistance, contact secretariat@globalplatform.org.

Back to all Blogs

Scaling Remote Attestation: Key Takeaways From the GlobalPlatform Attestation Workshop

By Jeremy O’Donoghue, Vice Chair, TES Committee, GlobalPlatform

Remote attestation is foundational to establishing digital trust in today’s connected systems. Yet widespread adoption has been slowed by fragmented, vertical-specific approaches that do not easily interoperate or scale.

These are precisely the types of challenges GlobalPlatform was built to tackle. We recently convened a pioneering cross-industry workshop dedicated to delivering attestation at scale. Bringing together experts from standards bodies, industry, and academia, the meeting explored how multiple vertical-specific approaches might converge toward an interoperable, vertical-agnostic framework.

A dominant theme throughout the workshop was increasing momentum around the IETF RATS architecture as a common foundation for attestation. RATS provides a shared model for how attestation evidence is created, conveyed, and verified—an essential step for achieving interoperability across different vendors and vertical sectors.

Participants acknowledged the challenges ahead. Because legacy attestation mechanisms remain deeply embedded across industries, pre-standard solutions have emerged to meet urgent needs. Given the length of standards development cycles, coexistence between legacy and standardized approaches is expected to persist for some time with transition strategies being needed. GlobalPlatform is well-positioned to enable industry to navigate this gradual convergence.

Another key insight was that real-world platforms rarely consist of a single attester. Modern systems are composed of multiple components from multiple vendors, often spanning different trust domains. Scaling attestation in such environments requires support for multiple verifiers, consistent ways to convey attestation results to relying parties and robust mechanisms for handling complex platform compositions. We explored several ongoing initiatives within IETF RATS to address these needs, including the use of CoRIM for conveying reference values and endorsements, architectural considerations for supporting multiple verifiers, and standardized mechanisms for delivering attestation results.

We also discussed the growing role of open-source projects such as Veraison which provide practical environments for validating policies, endorsements, and reference values, helping to inform future commercial deployments.

The group also addressed privacy-preserving techniques, underscoring that effective attestation must balance trust with data minimization. Striking this balance will be key to ensuring that future attestation frameworks are not only secure and interoperable but also aligned with evolving privacy expectations.

Overall, the workshop reinforced that scaling remote attestation is as much a problem of ecosystem coordination as it is a technical challenge. By aligning with IETF RATS and collaborating across industries, standards and industry bodies, GlobalPlatform is working to bridge vertical silos, support coexistence in the near term, and enable interoperable, hardware-rooted attestation models that can scale across sectors in the long-term.

This workshop marked an important step on that journey, and GP will continue driving the cross‑industry dialogue and harmonization needed to turn this shared vision into reality.

Welcome & Introduction: Jeremy O'Donoghue (GlobalPlatform)

  • Session Objectives
  • Challenges of Attestation Standardization

 

Standards Overview

Overview of Attestation Ecosystem: Ned Smith (IETF & Intel)

  • Work strands occurring in IETF RATS

 

Overview of IETF RATS: Henk Birkholz (IETF & Fraunhofer SIT & ATHENE Center)

  • RATS architecture
  • CoRIM

 

TCG Attestation Technologies: Michael Eckel (TCG & Fraunhofer SIT & ATHENE Center)

  • TPM
  • DICE
  • BIT

 

Ecosystem Requirements

Attested TLS: Muhammad Usama Sardar (Dresden University of Technology)

  • Pre-handshake attestation
  • Intra-handshake attestation
  • Post-handshake attestation

 

Automotive Requirements: Yonatan Appel (Upstream)

  • Digital twins
  • Right to repair

 

Use Cases

Confidential Computing Attestation using Project Veraison: Thomas Fossati (Confidential Computing Consortium & Linaro)

  • Overview of the project
  • Software architecture
  • How to contribute extensions
  • Hot topics (e.g., multi-verifier support)

Attestation with Multiple Verifiers: Yogesh Deshpande (Confidential Computing Consortium & Arm)

  • Composite Attesters – Draft and support in Veraison
  • Multi Verifiers
    • Architecture options
    • Plan and ongoing support in Project Veraison

 

Remote Attestation and Stable Workload Identities: Mark Novak (Confidential Computing Consortium and JPMorgan Chase)

  • The need for stable workload identities
  • Limitations of the RATS reference architecture
  • Achieving stable workload identities within the RATS framework

 

Panel Discussion

Panel Discussion: Yogesh Deshpande, Thomas Fossati, Paul Waller and Jermey O’Donoghue

  • Moderator led Questions
  • Open Q&A

 

Wrap Up

Wrap-up and Closing Remarks: Jeremy O'Donoghue (GlobalPlatform)

  • Summary of Discussion
  • Next Steps

If you are a media representative, analyst, or conference organizer with a question, please email us at: pressoffice@globalplatform.org

Chat with us
GlobalPlatform
Hey There!

It seems you are using an outdated browser, unfortunately this means that our website will not render properly for you. Update your browser to view this website correctly.

GOOGLE CHROME
DOWNLOAD
FIREFOX
DOWNLOAD
MICROSOFT EDGE
DOWNLOAD