Existing remote attestation mechanisms suffer from limited coverage and are vulnerable to manipulation by powerful adversaries, potentially misleading relying parties. This work proposes a hierarchical attestation architecture that incrementally gathers evidence from critical system components while enforcing architectural constraints to ensure that only trusted components influence the trust decision, thereby achieving end-to-end resilience against strong adversaries. Leveraging TPM, Linux/SELinux, and AMD SEV-SNP, we present the first structured and scalable remote attestation framework on commodity hardware and software platforms. Experimental evaluation demonstrates the scheme’s effectiveness under both standard and enhanced adversary models, with a performance overhead of only approximately 1.3%. Furthermore, our analysis identifies two key improvement pathways to address more sophisticated attacks.

Attestation means providing evidence that a remote target system is worthy of trust for some sensitive interaction. Although attestation is already used in network access control, security management, and trusted execution environments, it mainly concerns only a few system components. A clever adversary might manipulate these shallow attestations to mislead the relying party. Reliable attestations require layering. We construct attestations whose layers report evidence about successive components of the target system. Reliability also requires structuring the target system so only a limited set of components matters. We show how to structure an example system for reliable attestations despite a well-defined, relatively strong adversary. It is based on widely available hardware, such as Trusted Platform Modules, and software, such as Linux with SELinux. We isolate our principles in a few maxims that guide system development. We provide a cogent analysis of our mechanisms against our adversary model, as well as an empirical appraisal of the resulting system. We also identify two improvements to the mechanisms so attestation can succeed against strengthened adversaries. The performance burden of our attestation is negligible, circa 1.3 percent. After our first example, we vary our application level, and then also its underlying hardware anchor to use confidential computing with AMD's SEV-SNP. The same maxims help us achieve trustworthy attestations.