Why Nobody Can Verify What Booted Your Server
Summary
The article analyzes the verification gap in TPM-based attestation for fleet deployments, explaining why public PCR reference values are impractical and how event logs provide a workable alternative. It outlines practical verification approaches (exact PCR, event-log policy, signed baselines, and minimal node identity) and calls for cross-vendor collaboration to publish signed measurements and establish transparent, verifiable reference data across hardware and firmware.