Open your CVM in the Phala Cloud dashboard. Click View Details on your CVM card.Navigate to the Attestations tab. You’ll see the default attestation quote that was generated during CVM bootstrap.
Click the Check Attestation button in the certificate chain section.This automatically opens the TEE Proof Explorer in a new tab with your quote already loaded and verified.You’ll see verification results showing:
✓ Hardware signature is valid (genuine Intel TDX)
✓ Quote measurements (MRTD, RTMR0-3)
✓ Security status (TCB level, no known vulnerabilities)
You just verified your CVM runs in genuine TEE hardware. The cryptographic proof shows Intel TDX signed your quote, making it impossible to fake.You can share the proof URL with anyone who needs to verify your CVM’s security.
Hardware authenticity: Intel’s signature proves genuine TDX hardware generated this quote.Measurement integrity: The quote includes cryptographic hashes (measurements) of your OS, application, and hardware configuration. Change one byte anywhere, and the measurements won’t match.Unforgeable proof: The signature binds all measurements together. No one can modify the quote without invalidating Intel’s signature.
Attach challenges, public keys, or nonces to your quotes. This proves freshness and prevents replay attacks.See Get Attestation: Attaching Custom Data for reportData patterns.
Prove your exact Docker images are running unmodified. This verifies no one substituted your code.See Verify Your Application for compose-hash verification.
Verify the OS, KMS, and infrastructure end-to-end. This proves Phala’s platform integrity without trust assumptions.See Verify the Platform for complete platform verification.
Verify everything with no trust assumptions. Security researchers and auditors need the complete checklist.See Complete Chain of Trust for necessary and sufficient verification.
