Attested Workload
An attested workload is software whose identity and execution environment can be checked using hardware-backed evidence. The workload may run inside an enclave, a confidential virtual machine, or another environment capable of remote attestation.
The evidence commonly binds together:
- A measurement of the workload or boot state
- The TEE and platform security version
- Configuration or policy claims
- A public key controlled by the workload
- A freshness value such as a nonce
Verifiers compare those claims with an approved policy before trusting the workload. Attestation can establish what was launched and where it is running, but application-level correctness still depends on reviewed code, secure configuration, and appropriate operational controls.
Attested workloads are a foundation for verifiable agents, private services, and other systems that need to prove how offchain computation is executed.