Q: How does Intel TDX remote attestation work on OpenMetal bare metal servers?
Intel TDX remote attestation on OpenMetal bare metal servers generates a hardware-rooted ECDSA-signed quote containing a cryptographic measurement of a Trust Domain’s firmware, configuration, and runtime state, allowing an external verifier to confirm the workload is running on genuine, unmodified hardware.
Explore bare metal dedicated servers
The attestation flow starts with the Trust Domain requesting a quote from the CPU. The Xeon 6505P generates this quote using hardware-provisioned keys that cannot be forged or replicated in software. The quote includes a measured boot log: the full boot sequence from firmware through guest OS loader is recorded in a hardware-maintained event log, and any deviation from the expected measurement is reflected in the quote and detectable by the verifier. This means a relying party can confirm not just that TDX is active, but that the specific software stack running inside the TD matches a known-good baseline.
The signed quote is submitted to an attestation verification service for validation. Intel Tiber Trust Services provides a hosted verification path; organizations with stricter data residency or air-gap requirements can deploy a self-hosted verifier. Verification confirms that the quote was signed by a genuine Intel CPU, that the firmware measurements match expected values, and that the TD configuration has not been altered since the measured boot.
In practice, attestation is used to satisfy compliance evidence requirements: HIPAA risk assessments, PCI DSS audit documentation, and key custody frameworks that require cryptographic proof of the hardware environment before sensitive inputs are submitted to a confidential workload.
Interested in OpenMetal Products?
Schedule a Consultation
Get a deeper assessment and discuss your unique requirements.