attestation key
also: AK, attestation key pair
A cryptographic key used to prove the identity and integrity of hardware or software components, typically in secure boot and TPM systems.
An attestation key (AK) is a specialized cryptographic key stored in a Trusted Platform Module (TPM) or secure hardware that digitally signs evidence about a system's configuration and state. It allows a system to prove to external parties that its software and firmware have not been tampered with.
Attestation keys are commonly used in remote attestation scenarios, where a client system cryptographically demonstrates to a server that it is running authorized, unmodified software. For example, a cloud provider might require a virtual machine to attest to its kernel version and security settings before granting access to sensitive data.
The attestation key signs claims about measurements (typically TPM Platform Configuration Registers or PCRs) that represent checksums of boot components and the kernel, creating a chain of trust that can be verified remotely.