Show HN: Monitoring Confidential Inference Providers
A zero-trust attestation dashboard that independently verifies hardware evidence from confidential inference providers, with 107 total checks covering TEE verification, channel security, and provenance. Results show 57 verified, 22 partial, 9 failed, and 19 unavailable endpoints.
Zero-Trust Attestation
TEE Verification
Independent cryptographic verification of hardware attestation evidence from confidential inference providers. Raw quotes are parsed and verified against vendor roots of trust — no server-side claims are trusted.
107 Total Checks
57 Verified
22 Partial
9 Failed
19 Unreachable
8 TEE-Terminated TLS 48 Attested E2EE 23 TEE-only Gateway
Last checked: Jun 8, 2026, 6:04 AM Methodology: Raw TDX/SNP quotes verified via Intel DCAP quote verification (dcap-qvl) using Intel PCS (default) / AMD KDS VCEK path; compose hashes are recomputed and compared against claimed tcb_info; pinned image digests are verified against OCI registries. Hardware-verified checks with incomplete image or Sigstore provenance are reported as partial, not failed. Privatemode public manifests are reference values only and are not counted as verification. Trust model: Zero-trust — verified channels are categorized as TEE-Terminated TLS, Attested E2EE, or TEE-only Gateway
Availability issue The verifier could not fetch fresh evidence for every check in this run.
3 verified 0 partial 0 failed 9 unavailable
Intel TDX Attested E2EE
Hardware 3/12 good Freshness 3/12 good Key binding 3/12 good Workload Not shown Provenance 3/12 good Availability 9 warning
Endpoint unavailable 9
Endpoint unavailable Fresh evidence could not be fetched in this run.
Check No public attestation endpoint
Verified All required verifier gates passed for this check.
Quote Intel TDX (DCAP QVL)
TCB Level status=UpToDate, advisories=[]
Report Data 431fef7802e48fd9ef4a1b73254ca5439a320d7e295749390f321b7f2ca32eb3187474f0c373e9fe90d348ef29cc7bccac9347a60733bf3ba48a0511a3fd4499
Signature ECDSA-P384 ✓
Confidential Channel E2EE to attested enclave key ✓
Signer Bound Yes ✓
Nonce Bound Yes ✓
Security Model Attested E2EE
What This Means Payloads are encrypted to an attested enclave key; gateway TLS termination is expected
E2EE Protocol ML-KEM-768 E2E
Signing Key ml-kem-768:a075ece9-20d6-49ae-8b2d-621f59d048d0
chute:google/gemma-4-31B-turbo-TEEinstance:a075ece9-20d6-49ae-8b2d-621f59d048d0certificate-present:truegpu-evidence-count:1
Endpoint unavailable Fresh evidence could not be fetched in this run.
Check No public attestation endpoint
Endpoint unavailable Fresh evidence could not be fetched in this run.
Check No public attestation endpoint
Endpoint unavailable Fresh evidence could not be fetched in this run.
Check No public attestation endpoint
Endpoint unavailable Fresh evidence could not be fetched in this run.
Check No public attestation endpoint
Verified All required verifier gates passed for this check.
Quote Intel TDX (DCAP QVL)
TCB Level status=UpToDate, advisories=[]
Report Data b7253ae8494a27c871a4de005814993b18be2a06ee5512e155d67708689adc72d97802b76c1e85685460bbb91d01c64e623b39a618569d1c509764b988027945
Signature ECDSA-P384 ✓
Confidential Channel E2EE to attested enclave key ✓
Signer Bound Yes ✓
Nonce Bound Yes ✓
Security Model Attested E2EE
What This Means Payloads are encrypted to an attested enclave key; gateway TLS termination is expected
E2EE Protocol ML-KEM-768 E2E
Signing Key ml-kem-768:13494d77-4c5f-4111-98f5-f57692972a5b
chute:Qwen/Qwen3-32B-TEEinstance:13494d77-4c5f-4111-98f5-f57692972a5bcertificate-present:truegpu-evidence-count:8
Endpoint unavailable Fresh evidence could not be fetched in this run.
Check No public attestation endpoint
Endpoint unavailable Fresh evidence could not be fetched in this run.
Check No public attestation endpoint
Endpoint unavailable Fresh evidence could not be fetched in this run.
Check No public attestation endpoint
Endpoint unavailable Fresh evidence could not be fetched in this run.
Check No public attestation endpoint
Verified All required verifier gates passed for this check.
Quote Intel TDX (DCAP QVL)
TCB Level status=UpToDate, advisories=[]
Report Data 21ea64262cf706869afcad99ffb0d6f969536ca1bff9639c0af0aa3d1dd6a4eed7f16d65d909365c7d200130bd9668006d530f862cf5d55a17055ce3f5706240
Signature ECDSA-P384 ✓
Confidential Channel E2EE to attested enclave key ✓
Signer Bound Yes ✓
Nonce Bound Yes ✓
Security Model Attested E2EE
What This Means Payloads are encrypted to an attested enclave key; gateway TLS termination is expected
E2EE Protocol ML-KEM-768 E2E
Signing Key ml-kem-768:d924d0d8-0a3b-4cc4-830a-872cb2188589
chute:zai-org/GLM-5.1-TEEinstance:d924d0d8-0a3b-4cc4-830a-872cb2188589certificate-present:truegpu-evidence-count:8
Fully verified Every check passed its required attestation, channel, and provenance gates.
1 verified 0 partial 0 failed 0 unavailable
Attested E2EE
Hardware 1/1 good Freshness Not shown Key binding 1/1 good Workload Not shown Provenance 1/1 good Availability 1/1 good
No open issues
Verified All required verifier gates passed for this check.
Check Liveness only
Hardware verified, provenance incomplete TEE evidence passed, but source or image provenance is not fully pinned for every check.
16 verified 6 partial 0 failed 6 unavailable
TDX + SNP TEE-only Gateway Phala/dstack
Hardware 22/28 good Freshness 11/28 good Key binding 11/28 good Workload 6 bad Provenance 6 warning Availability 6 warning
Endpoint unavailable 6 Image provenance incomplete 6
Endpoint unavailable Fresh evidence could not be fetched in this run.
Check No public attestation endpoint
Verified All required verifier gates passed for this check.
Quote Intel TDX (DCAP QVL)
TCB Level status=UpToDate, advisories=[]
Report Data 834838d358e090a126a608a1ef01bea07afae3fc6d8f71533d66a2a53b83f750a01290db927a5c92bb9b39d45a02cb19c3d66643baa9dcc8d762518453cf351c
Signature ECDSA-P384 ✓
Enclave TLS Pin 2c6f1d204141eedccd3c589ce916e535989285a1b185a112d8ff546c12af2e6a ✗
Security Model TEE-only Gateway
What This Means Model runs in TEE but gateway sees plaintext prompts
Verified All required verifier gates passed for this check.
Quote Intel TDX (DCAP QVL)
TCB Level status=UpToDate, advisories=[]
Report Data 2a218f267e5099e61f04993b099851c483be1ea7c49278007c7022edc6c8c72712f1e4709a4a6e4b008709b8c42b7751a1afc88f0cf817058b011db2e4a4ea28
Signature ECDSA-P384 ✓
Enclave TLS Pin 2c6f1d204141eedccd3c589ce916e535989285a1b185a112d8ff546c12af2e6a ✗
Security Model TEE-only Gateway
What This Means Model runs in TEE but gateway sees plaintext prompts
Verified All required verifier gates passed for this check.
Quote Intel TDX (DCAP QVL)
TCB Level status=UpToDate, advisories=[]
Report Data 0adf4ddf0161e5bcebce3473e2a97a78e174cd94f373c4749ec72916e35097027167c3900b2000a8e9d307a2ce2f5254a9c24dd5dba0abd5e25b79f277f57685
Signature ECDSA-P384 ✓
Compose Hash Mismatch ✗
Enclave TLS Pin 2c6f1d204141eedccd3c589ce916e535989285a1b185a112d8ff546c12af2e6a ✗
Security Model TEE-only Gateway
What This Means Model runs in TEE but gateway sees plaintext prompts
Verified All required verifier gates passed for this check.
Quote Intel TDX (DCAP QVL)
TCB Level status=UpToDate, advisories=[]
Report Data 56d070df1c6be444b007839ef9cf67cec7c12b8b000000000000000000000000778579d9a533e4a816018f00b12bccfd25e39ba3734b82abe8e276ee8943ab88
Signature ECDSA-P384 ✓
Compose Hash Verified ✓
TCB Consistent sha256 match ✓
Images Registry verified ✓
Signer Bound Yes ✓
Nonce Bound Yes ✓
Enclave TLS Pin 2c6f1d204141eedccd3c589ce916e535989285a1b185a112d8ff546c12af2e6a ✗
App dstack-nvidia-0.5.5
Images 5 containers
datadog/agent@sha256:5556fb80b952832719a76b016f905616c76ee0989a239c4680c6220148e865d6certbot/dns-cloudflare@sha256:742dbd2e61c8709b930712c38958386c3cb3928e09eeb1f1e490600c127e2edbcertbot/dns-cloudflare@sha256:742dbd2e61c8709b930712c38958386c3cb3928e09eeb1f1e490600c127e2edbnearaidev/compose-manager@sha256:5165400d9eb43ab5da36986a85de0ba55f3fb4d05211c4397ecc4bde3ef0113bnearaidev/compose-manager-launcher@sha256:d652f92b64f57ef8aa086bd77a4cf932c1976965b3cea2814a7ee82fe73aa993
RTMR0 bc122d143ab768565ba5c3774ff5f03a63c89a4df7c1f5ea38d3bd173409d14f8cbdcc36d40e703cccb996a9d9687590
OS Image 9b69bb1698bacbb6985409a2c272bcb892e09cdcea63d5399c6768b67d3ff677
Security Model TEE-only Gateway
What This Means Model runs in TEE but gateway sees plaintext prompts
Infrastructure Phala/dstack
Verified All required verifier gates passed for this check.
Quote Intel TDX (DCAP QVL)
TCB Level status=UpToDate, advisories=[]
Report Data afbe312e74f55dd2737c345908833af721109be9ea007fba372b8b0117334a5af8ff05b30584005072f589ce8cd904306fb6a59a09246864a62af5582c973742
Signature ECDSA-P384 ✓
Compose Hash Mismatch ✗
Enclave TLS Pin 2c6f1d204141eedccd3c589ce916e535989285a1b185a112d8ff546c12af2e6a ✗
Security Model TEE-only Gateway
What This Means Model runs in TEE but gateway sees plaintext prompts
Verified All required verifier gates passed for this check.
Quote AMD SEV-SNP (VCEK)
Policy 0x30000
Report Data 281ad7bea31b1c428d5100ee142478e76ab48f091b84e4f9505df75b1cde68840e1d011d09c176637d27a2c2b62406d2d0795f88c0c452b4a9d561d3bbaaea3d
Signature ECDSA-P384 ✓
Enclave TLS Pin 2c6f1d204141eedccd3c589ce916e535989285a1b185a112d8ff546c12af2e6a ✗
Security Model TEE-only Gateway
What This Means Model runs in TEE but gateway sees plaintext prompts
Endpoint unavailable Fresh evidence could not be fetched in this run.
Check No public attestation endpoint
Verified All required verifier gates passed for this check.
Quote Intel TDX (DCAP QVL)
TCB Level status=UpToDate, advisories=[]
Report Data 6525e128afcffebf7eed05d485d7be983cdae934000000000000000000000000b00b4a3ab4f5dcd585ce0def4f99c8a610315cdaf7951f9834f26b30023a6e9f
Signature ECDSA-P384 ✓
Compose Hash Verified ✓
TCB Consistent sha256 match ✓
Images Registry verified ✓
Signer Bound Yes ✓
Nonce Bound Yes ✓
Enclave TLS Pin 2c6f1d204141eedccd3c589ce916e535989285a1b185a112d8ff546c12af2e6a ✗
App dstack-nvidia-0.5.5
Images 5 containers
datadog/agent@sha256:5556fb80b952832719a76b016f905616c76ee0989a239c4680c6220148e865d6certbot/dns-cloudflare@sha256:742dbd2e61c8709b930712c38958386c3cb3928e09eeb1f1e490600c127e2edbcertbot/dns-cloudflare@sha256:742dbd2e61c8709b930712c38958386c3cb3928e09eeb1f1e490600c127e2edbnearaidev/compose-manager@sha256:44aa2344d68609700074a8076ed177bb1989c7f5fd1e175a13084d512be475e9nearaidev/compose-manager-launcher@sha256:171c1cffea23625628fc11038a590173745d83e3570d855e53ab5a91279f95bf
RTMR0 bc122d143ab768565ba5c3774ff5f03a63c89a4df7c1f5ea38d3bd173409d14f8cbdcc36d40e703cccb996a9d9687590
OS Image 9b69bb1698bacbb6985409a2c272bcb892e09cdcea63d5399c6768b67d3ff677
Security Model TEE-only Gateway
What This Means Model runs in TEE but gateway sees plaintext prompts
Infrastructure Phala/dstack
Verified All required verifier gates passed for this check.
Quote Intel TDX (DCAP QVL)
TCB Level status=UpToDate, advisories=[]
Report Data 834838d358e090a126a608a1ef01bea07afae3fc6d8f71533d66a2a53b83f750a01290db927a5c92bb9b39d45a02cb19c3d66643baa9dcc8d762518453cf351c
Signature ECDSA-P384 ✓
Enclave TLS Pin 2c6f1d204141eedccd3c589ce916e535989285a1b185a112d8ff546c12af2e6a ✗
Security Model TEE-only Gateway
What This Means Model runs in TEE but gateway sees plaintext prompts
Image provenance incomplete Hardware evidence passed, but one or more container image pins could not be verified.
Quote Intel TDX (DCAP QVL)
TCB Level status=UpToDate, advisories=[]
Report Data a6df16ebbc510d97a32b99b4dfd33793acc90e2b000000000000000000000000190b4c2332eca0ec7fe826bc7af7ac01c63ca685639d45c370fe7d8031af1326
Signature ECDSA-P384 ✓
Compose Hash Verified ✓
TCB Consistent sha256 match ✓
Signer Bound Yes ✓
Nonce Bound Yes ✓
Enclave TLS Pin 2c6f1d204141eedccd3c589ce916e535989285a1b185a112d8ff546c12af2e6a ✗
Images 11 containers
dstacktee/dstack-ingress:1.2dstacktee/dstack-ingress:1.2python:3.10-slimdstacktee/vllm-proxy:v0.2.19vllm/vllm-openai:v0.10.2alpine:latestpython:3.10-slimdstacktee/vllm-proxy:v0.2.19vllm/vllm-openai:v0.10.2alpine:latesthaproxy:2.9-alpine
RTMR0 6ffe4a2c12f07eccb857f70f370a5af848a7062905cd95adc43abb1f62c39e330aa3c8aeb8f162656c025f3f5276
[truncated for AI cost control]