3 Initial Attestation report

The attestation report returned by the Attestation API is formatted and encoded as a signed PSA Attestation Token. This is defined in Arm's Platform Security Architecture (PSA) Attestation Token [RFC9783].

The PSA Attestation Token is an incompatible evolution of the original attestation format, that was specified in version 1.0 of the Attestation API.

To comply with version 2.0 of the Attestation API, an implementation must only produce attestation reports that conform to [RFC9783].

Table 4 provides specific recommendations for the construction of some of the token claims.

Table 4 Recommended construction of the token claims

Claim	Recommended construction
Instance ID	The construction of the 32-byte key-hash component of this claim depends on the type of Initial Attestation Key (IAK): When using an asymmetric key-pair for the IAK, the Instance ID is a hash of the corresponding public key — InstanceID = H(IAK). When using a symmetric key for the IAK, it is recommended that the Instance ID is a double hash of the key — InstanceID = H(H(IAK)).