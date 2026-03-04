The COMex in the switch tray is equipped with a server-grade CPU, connected to a discrete TPM. During boot, the firmware performs a measured boot and extends each measurement to the appropriate PCRs, in accordance with TCG standards.

Currently, attestation supports measurements of the core UEFI, drivers, and security configurations through PCRs 0 and 7.

TPM remote attestation reports these measurements and the platform's state externally.

A verifier queries the attester about its state and measurements

The TPM then sends a quote, signed by its Attestation Key

This quote serves as a cryptographic attestation of the device's state, including the PCRs measured during boot

An external verifier validates the quote and compares it against known good measurements

The following table describes the measurements returned by the TPM attestation feature, and whether they have a measurement reference: