logoalt Hacker News

arbolesyesterday at 10:08 PM2 repliesview on HN

I understand hardware attestation at this level, it's why you couldn't route a hardware attestation from a different machine, that's not the one the user cares about, that I'm working on understanding.


Replies

viraptoryesterday at 10:34 PM

Because to obtain the result of attestation, you'd need to actually run the prompt on the verified machine in the first place. (And in practice the signature would be bound to your response as well)

show 1 reply
3syesterday at 10:17 PM

The attestation is tied to the Modelwrap root hash (the root hash is included in the attestation report) so you know that the machine that is serving the model has the right model weights