Security
Every root we trust, named — with its provenance.
Every cert that needs to be trusted is pinned in our binary at build time, with a SHA-256 fingerprint manifest the host integrity-checks at startup. No runtime-fetched roots, no surprise additions. The source of record is Microsoft's central TPM-manufacturer CA distribution.
The manifest
Counts, live from the embedded anchors
Manufacturer trust anchors
40
Intermediates pinned
2,093
Manufacturers covered
6
Last refreshed from TrustedTpm.cab @ 2026-05-16. Integrity-gated by SHA-256 manifest at host startup.
Process
How the list stays current
A scripted quarterly refresh (tools/refresh-trust-anchors.ps1) downloads TrustedTpm.cab from go.microsoft.com/fwlink/?linkid=2097925, Authenticode-verifies the cab against Microsoft's signer, expands it, and copies per-vendor root + intermediate folders into our repo. The script regenerates MANIFEST.json with SHA-256 fingerprints per cert; an operator git-diffs, commits, and opens a PR. CI builds, embeds the files as resources in the assembly, and the deployed host fails closed on startup if the manifest doesn't match.
AMD
3 roots · 53 intermediates
3 root certificate(s) tracked. Run a build against the live manifest to render fingerprints here.
Infineon
3 roots · 140 intermediates
3 root certificate(s) tracked. Run a build against the live manifest to render fingerprints here.
Intel
4 roots · 54 intermediates
4 root certificate(s) tracked. Run a build against the live manifest to render fingerprints here.
Microsoft
1 root · 1,824 intermediates
1 root certificate(s) tracked. Run a build against the live manifest to render fingerprints here.
Nuvoton
17 roots · 4 intermediates
17 root certificate(s) tracked. Run a build against the live manifest to render fingerprints here.
STMicro
6 roots · 18 intermediates
6 root certificate(s) tracked. Run a build against the live manifest to render fingerprints here.
Cloud trust roots
Pinned for cross-validation
- AWS Nitro Enclaves Root G1: for NitroTPM attestation document COSE_Sign1 validation.
- DigiCert Global Root G2: for Azure IMDS attested data PKCS#7 validation.
- 16 AWS per-region EC2 IID signing certs: for instance-identity-document signature checks.
- Google OIDC JWKS: live, fetched via ConfigurationManager with caching for GCP instance-identity JWT validation.