Skip to content

Security

Every root we trust, named — with its provenance.

Every cert that needs to be trusted is pinned in our binary at build time, with a SHA-256 fingerprint manifest the host integrity-checks at startup. No runtime-fetched roots, no surprise additions. The source of record is Microsoft's central TPM-manufacturer CA distribution.

The manifest

Counts, live from the embedded anchors

Manufacturer trust anchors

40

Intermediates pinned

2,093

Manufacturers covered

6

Last refreshed from TrustedTpm.cab @ 2026-05-16. Integrity-gated by SHA-256 manifest at host startup.

Process

How the list stays current

A scripted quarterly refresh (tools/refresh-trust-anchors.ps1) downloads TrustedTpm.cab from go.microsoft.com/fwlink/?linkid=2097925, Authenticode-verifies the cab against Microsoft's signer, expands it, and copies per-vendor root + intermediate folders into our repo. The script regenerates MANIFEST.json with SHA-256 fingerprints per cert; an operator git-diffs, commits, and opens a PR. CI builds, embeds the files as resources in the assembly, and the deployed host fails closed on startup if the manifest doesn't match.

AMD

3 roots · 53 intermediates

3 root certificate(s) tracked. Run a build against the live manifest to render fingerprints here.

Infineon

3 roots · 140 intermediates

3 root certificate(s) tracked. Run a build against the live manifest to render fingerprints here.

Intel

4 roots · 54 intermediates

4 root certificate(s) tracked. Run a build against the live manifest to render fingerprints here.

Microsoft

1 root · 1,824 intermediates

1 root certificate(s) tracked. Run a build against the live manifest to render fingerprints here.

Nuvoton

17 roots · 4 intermediates

17 root certificate(s) tracked. Run a build against the live manifest to render fingerprints here.

STMicro

6 roots · 18 intermediates

6 root certificate(s) tracked. Run a build against the live manifest to render fingerprints here.

Cloud trust roots

Pinned for cross-validation

  • AWS Nitro Enclaves Root G1: for NitroTPM attestation document COSE_Sign1 validation.
  • DigiCert Global Root G2: for Azure IMDS attested data PKCS#7 validation.
  • 16 AWS per-region EC2 IID signing certs: for instance-identity-document signature checks.
  • Google OIDC JWKS: live, fetched via ConfigurationManager with caching for GCP instance-identity JWT validation.