Back to Glossary
VEX

Silicon-Rooted Identity

TPM 2.0TEE attestationhardware root of trust

Silicon-rooted identity anchors an AI agent's cryptographic identity in a hardware security module — specifically a TPM 2.0 or Trusted Execution Environment (TEE) — rather than in software key stores.

WHY SOFTWARE IDENTITY IS INSUFFICIENT

Software keys are subject to extraction via memory access. Hardware-rooted identity eliminates this: the private key material never leaves the secure enclave, making impersonation impossible without physical access.

PROTOCOL CONTEXT (ARCHITECTURE.TSX / ATTEST-RS)

ProvnAI's architecture references attest-rs for TPM 2.0 attestation. The flow generates a TPM-signed Quote reflecting the full software stack hash — detecting any runtime modification to the agent binary.

ProvnAI Mitigation

Agent instances undergoes hardware attestation at startup. Only attested agents receive an authority-bearing Evidence Capsule. Unattested or mismatched agents are rejected before any tool call authorization.