Skip to main content
Confidential responses carry typed claims about the upstream that served the request, including TCB (Trusted Computing Base) freshness. Claims appear in the receipt’s upstream.verified.claims and in the attested session referenced by session_id. A claim is not just a boolean. It has a status, a source, and often a reason. 
{
  "tee_attested": {
    "status": "asserted",
    "source": "hardware_proven",
    "reason": "verified TEE quote and bound request channel"
  }
}

Claim Status

StatusMeaning
assertedEvidence backs this claim.
refutedEvidence contradicts this claim, such as a stale TCB.
unknownThe verifier did not establish this claim. Treat it as not proven.

Claim Source

SourceAssurance
hardware_provenComes from verified TEE quote or collateral.
verifier_derivedComputed by the verifier from checked evidence.
provider_assertedPublished by the provider, not independently proven.
operator_assertedDeclared by the gateway operator.

Common Claims

ClaimMeaning
tee_attestedA genuine CPU TEE was verified and bound to the channel.
tcb_up_to_dateThe platform Trusted Computing Base is current.
os_known_goodThe OS or platform image maps to reviewed source or known measurements.
serving_software_known_goodServing software maps to reviewed source or build provenance.
gpu_attestedNVIDIA confidential-computing GPU evidence was verified and nonce-bound.
model_weights_provenanceModel weights and quantization match a reviewed provenance chain.

TCB Freshness

tcb_up_to_date is intentionally tri-state:
  • Up-to-date evidence asserts the claim.
  • Stale evidence refutes the claim and records the stale status.
  • Missing evidence leaves the claim unknown.
Your verifier policy decides whether a refuted TCB is acceptable. The receipt’s job is to expose the fact.

GPU Attestation

gpu_attested proves a confidential-computing GPU attestation was verified for the provider’s evidence. It does not by itself prove model weights, serving software, or CPU-to-GPU binding for every provider. Read it as supplemental evidence unless your policy says otherwise.

Suggested Policy

  1. Require tee_attested: asserted from hardware_proven.
  2. Require upstream.verified.result = verified and required = true for sensitive prompts.
  3. Treat unknown as not proven.
  4. Decide whether to reject tcb_up_to_date: refuted.
  5. Use serving_software_known_good and gpu_attested to increase assurance when available.

Providers

Get Session