# What is Attestation

#### What is Attestation?

**Attestation** is a cryptographic process that produces **verifiable evidence** about the integrity and identity of a computing environment.

In the context of **Confidential Computing**, attestation allows a third party to verify that:

* The workload is executing inside a **genuine Confidential Virtual Machine (CVM)**.
* The CVM is running on **authentic Trusted Execution Environment (TEE)** hardware (e.g. Intel TDX or AMD SEV).
* The environment is running a **specific, expected software stack**—down to the exact Docker container image.

#### Attestation in SecretVM

Within **SecretVM**, attestation is foundational to trust and decentralization. It ensures that:

* The VM is **built from open-source, independently auditable components** (including the kernel, rootfs, and runtime).
* A particular **Docker container**, defined by the user, is the actual workload running inside the VM.
* No tampering has occurred at any stage of the boot process or workload initialization.

The attestation process produces a **quote**, which is submitted to an **on-chain Key Management System (KMS)** contract on Secret Network. This quote is verified on-chain, allowing **confidential keys to be released** only to trusted, verified workloads.

> In essence, attestation bridges **privacy with verifiability**, making SecretVM workloads secure, trusted, and provably confidential.