logoalt Hacker News

FrasiertheLionyesterday at 9:06 PM1 replyview on HN

The verification is not happening locally only. The client SDKs fetch the measurement of the weights (+ system software, inference engine) that are pinned to Sigstore, then grabs the same measurement (aka remote attestation of the full, public system image) from the running enclave, and checks that the two are exactly equal. Our previous blog explains this in more detail: https://tinfoil.sh/blog/2025-01-13-how-tinfoil-builds-trust

Sorry it wasn’t clear from the post!


Replies

arbolesyesterday at 9:34 PM

What prevents the provider from sending to the client an attestation of hardware state and actually running another?

show 3 replies