Evidence Reference
LapEE exposes evidence through HyperBEAM devices. The normal operator path is
one URL from the splash screen, then ~tpm@2.0a/boot-attestation.
Set the node URL from the splash screen:
export LAPEE_URL=http://HOST:8734
Core Endpoints
| Endpoint | Purpose |
|---|---|
GET $LAPEE_URL/~tpm@2.0a/info | TPM device readiness and node identity metadata. |
GET $LAPEE_URL/~tpm@2.0a/pcr-read&pcr=N | Read one TPM PCR. |
GET $LAPEE_URL/~tpm@2.0a/quote | Fresh TPM quote over the default PCR selection unless overridden. |
GET $LAPEE_URL/~tpm@2.0a/attestation | Full nonce-capable TPM attestation envelope. |
GET $LAPEE_URL/~tpm@2.0a/boot-attestation | Cached boot bundle produced by the on.start hook. This is the main launch verifier input. |
GET $LAPEE_URL/~system@1.0/all | Redacted system evidence from /proc, /sys, DMI, kernel, CPU, TPM, IOMMU, and integrity probes. |
GET $LAPEE_URL/~tpm-interpret@1.0/checks | Verifier check catalog and severity descriptions. |
POST $LAPEE_URL/~tpm-interpret@1.0/verify | Verify an attestation envelope inside HyperBEAM. |
POST $LAPEE_URL/~tpm-interpret@1.0/claim | Return the flat policy surface used by the dashboard. |
Use accept: application/json and accept-bundle: true when fetching evidence.
curl -fsSL \
-H 'accept: application/json' \
-H 'accept-bundle: true' \
"$LAPEE_URL/~tpm@2.0a/boot-attestation" \
-o boot-attestation.json
Boot Attestation Shape
The boot-attestation bundle commits three sections:
| Section | Contents |
|---|---|
system | Kernel, firmware, CPU, memory, TPM, IOMMU, integrity, device, and filesystem evidence. Sensitive serial-like values are redacted. |
node | HyperBEAM node message, loaded public config, wallet identity, and metadata such as trusted device signers. |
tpm | EK certificate material, AK public material, AK policy, TPM quote, PCR values, runtime event log, TCG event log, and verification signals. |
The startup hook builds this subject, computes its HyperBEAM message id, extends PCR 15 with that id, commits the TCG event-log tip when present, creates an AK with the PCR policy, then quotes the default PCR selection.
Verification Invariants
The primary verifier checks:
- EK certificate chain anchors to the measured TPM vendor root bundle.
- TPM2 quote signature, nonce, selected PCR values, and
pcrDigestmatch. - AK
authPolicyis bound to PCRs0,1,7,10,11,14,15. - Runtime event log replay of PCR 15 matches the quoted PCR 15 value.
- PCR 15 contains an event that commits to the
node-message-id. - Embedded
node-messageandnode-message-idhave the expected shape.
Firmware TCG replay for PCRs 0..14 is reported separately. It is useful boot
context, but the core LapEE identity binding is the PCR 15 runtime event that
commits the HyperBEAM node message.
PCR Roles
| PCR | Role |
|---|---|
0 | Firmware SRTM measurements. |
1 | Platform firmware configuration. |
7 | Secure Boot policy. |
10 | IMA runtime measurements. |
11 | UKI kernel image measurements. |
12 | UKI kernel command line. |
14 | Secure Boot authority and MOK-style policy. |
15 | LapEE runtime node identity. |
Claim Surface
~tpm-interpret@1.0/claim returns policy-oriented sections:
secure-boot
secure-boot-policy
firmware
boot-loader
boot-chain
kernel
cpu
system
quote
pcr-match
quote-integrity
freshness
pcr-replay
ima
platform-config
tpm
ek
ak
tme
iommu
lockdown
kernel-integrity
verity
timeline
policy-verdict
attestation-summary
evidence-digest
Use policy-verdict for the high-level result. Use the sections above when a
policy needs to decide why a node was accepted, warned, or rejected.