// 001 / EVIDENCE PACKET 001

REDACTED EVIDENCE / INTERNAL POC

AWS-NATIVE
NITRO PoC
EVIDENCE.

Redacted Verification Center packet generated from the AWS Nitro smoke-test bundle uploaded on 2026-05-03. The packet contains a Runtime Passport for the deployment, a linked Execution Report with tee_provenance assurance, and the bundle SHA256SUMS. This is technical execution evidence, not a compliance determination.

StatusPASS

Run date2026-05-03

RuntimeAWS NITRO

Instancem7i.xlarge

Regionus-east-1

AssuranceTEE_PROVENANCE

// 002 / LIMITATION FIRST 002

UNSIGNED EIF · INTERNAL POC ONLY

Production buyer evidence is not yet complete.

The doctor EIF check is rendered as Skip, not Pass, because the host did not have an adjacent ephemeralml-pilot.eif.cosign.bundle at run time and the explicit internal-PoC override was enabled. Both the Runtime Passport and the linked Execution Report preserve this fact in a top-level warning and in limitations[].

Production buyer release evidence requires the release pipeline to attach and verify the EIF cosign bundle.
The flow must then be rerun without CYNTRISEC_DOCTOR_ALLOW_UNSIGNED_EIF_FOR_POC.
Until that closes, the Runtime Passport is correct internal AWS runtime / evidence-chain proof, not buyer release-signing evidence.

// 003 / RUNTIME PASSPORT 003

DEPLOYMENT EVIDENCE

RUNTIME PASSPORT.

The Runtime Passport is a deployment-level report that binds the AWS Nitro stack — region, runtime type, doctor result, smoke-test result, hashed key/role references, and redacted evidence S3 URI — to a stable hash that downstream Execution Reports can reference.

runtime-passport.json / overall_status PASS

Passport SHA-256: 20b69eec5fec2b905878c865c613ed31005fcb2835d22a91c5564394a99b55f9
Cloud / Runtime: AWS / Nitro Enclaves on m7i.xlarge, region us-east-1
Account ID: aws-account-redacted
Stack name: cyntrisec-aws-poc-redacted
KMS key ref: sha256:bb467b3c701972a200ea368c66a451a4908584168f1c528b44662c07b6832ce0 (hashed; raw ARN not exposed)
IAM role ref: sha256:0188e3ba297801c862337bee3104c207bfd9e16f09e03a6319c524cb64a81f91 (hashed; raw ARN not exposed)
Evidence S3 URI: s3://redacted-customer-evidence-bucket/smoke-tests/20260503T142806Z/
Doctor: 6/6 PASS in 1262 ms (EIF cosign rendered Skip under the internal-PoC override; see panel 002)
Smoke test: bundle-derived PASS · manifest + 12/12 hashed files + 3/3 negative tests rejected

// 004 / EXECUTION REPORT 004

PER-EVENT EVIDENCE

EXECUTION REPORT.

The Execution Report turns the AIR receipt for the sampled inference into a reviewer-readable object. It records receipt structure, signing-key binding, attestation hash binding (ADHASH), and the assurance level the verifier was willing to assert from the supplied evidence.

execution-report/verification-report.json / overall_status PASS

Report SHA-256: d84be7201028379afcae6fe2c5d22523046829bfe815c10041725d7ffcf6be48
Assurance level: tee_provenance
Attestation provenance: bundle (sidecar is part of the hashed evidence bundle, not an unaudited loose file)
Platform attestation: PASS (Nitro PCR0 binds the EIF measurement carried by the receipt)
Signing-key binding: PASS (receipt public key matches the public key carried by the attestation sidecar)
Receipt SHA-256: c1bfd0b9f805945a3305ea57866a97bcaaf99c80a34eed91280b5353fbed7603
Attestation SHA-256: 16da86e81ad656d88600571a00b22ede4bc408db8e1911db2eda4a5ee01c1d76

AIR offline verification COSE_Sign1 signature, CWT/EAT claims, model_hash + measurements present.

pass

Attestation hash binding (ADHASH) Receipt's attestation_doc_hash matches SHA-256 of the supplied attestation sidecar.

pass

Signing-key binding Receipt's Ed25519 public key matches the key carried by the attestation sidecar.

pass

EIF cosign No ephemeralml-pilot.eif.cosign.bundle available; explicit internal-PoC override active. Rendered as Skip by design (see panel 002).

skip

Negative tests 3/3 expected-rejects rejected: tampered receipt, wrong attestation sidecar, wrong model hash.

pass

// 005 / CRYPTO INPUTS 005

PUBLIC MEASUREMENTS

HARDWARE MEASUREMENTS.

PCRs and EIF SHA-384 are stable measurements of the Nitro Enclave image and are intentionally public. The bundle SHA256SUMS allows independent recomputation of every file in the redacted artifact directory.

nitro / pcr

PCR0 / EIF: 184b2a72e7bbe6d84dfddc586d3ce7ecc49085c044f31594e67042b6a5ff4e010f7a2052e430190b6bb54762059c4b21
PCR1: 4b4d5b3661b3efc12920900c80e126e4ce783c522de6c02a2a5bf7af3a2b9327b86776f188e4be1c1c404a129dbda493
PCR2: 46dc284c9e5c517f8a7bebf30cf041565dfb2a5682f87cab430f2ded1a235d2f599853a51f55eaa98495573471427c21
EIF SHA-384: 184b2a72e7bbe6d84dfddc586d3ce7ecc49085c044f31594e67042b6a5ff4e010f7a2052e430190b6bb54762059c4b21

bundle / sha256

Runtime Passport: 20b69eec5fec2b905878c865c613ed31005fcb2835d22a91c5564394a99b55f9
Execution Report: d84be7201028379afcae6fe2c5d22523046829bfe815c10041725d7ffcf6be48
AIR receipt: c1bfd0b9f805945a3305ea57866a97bcaaf99c80a34eed91280b5353fbed7603
Attestation: 16da86e81ad656d88600571a00b22ede4bc408db8e1911db2eda4a5ee01c1d76

// 006 / TIMINGS 006

SMOKE PATH

END-TO-END TIMINGS.

Five-stage smoke run from doctor through enclave launch, synthetic inference, AIR verification, and SSE-KMS upload to the customer-owned evidence bucket.

Doctor total1262ms

Enclave launch19184ms

Synthetic inference748ms

Receipt verification37ms

S3 upload (SSE-KMS)641ms

Total smoke path21965ms

// 007 / BUNDLE CONTENTS 007

REDACTED FILES

EVIDENCE BUNDLE.

Repository path: artifacts/verification-center/aws-native-poc-20260503/. Twelve hashed files including the raw attestation.cbor are listed in the smoke-test manifest; this redacted bundle exposes only the reviewer-facing artifacts and bundle hashes.

README.mdHuman-readable redacted packet summary, evidence URI, and limitation note.
runtime-passport.jsonDeployment-level Runtime Passport (machine-readable).
runtime-passport.mdReviewer-readable Runtime Passport.
runtime-passport.htmlPrint-ready Runtime Passport.
execution-report/verification-report.jsonPer-event Execution Report tied to the AIR receipt (machine-readable).
execution-report/verification-report.mdReviewer-readable Execution Report.
execution-report/verification-report.htmlPrint-ready Execution Report.
execution-report/SHA256SUMSHashes for the execution-report sub-bundle.
SHA256SUMSTop-level hashes covering passport files and the execution-report SHA256SUMS.

// 008 / OPERATIONAL NOTE 008

RUN HYGIENE

POST-RUN CLEANUP.

A narrow KMS key-policy statement was added during the run to allow the deployer to upload the smoke-test binary through the bucket's mandatory SSE-KMS policy. The temporary statement was removed after the run, and the Nitro host was stopped. The hashed KMS key reference and IAM role reference in the Runtime Passport are SHA-256 hashes of the canonical references rather than raw ARNs.

// 009 / LIMITATIONS 009

Limitations

This packet uses redacted operational identifiers throughout (aws-account-redacted, cyntrisec-aws-poc-redacted, hashed KMS / IAM references, redacted evidence bucket URI). Raw cloud identifiers are not exposed.
Internal PoC: the EIF cosign bundle was not present and the unsigned-EIF override was active. Production buyer release evidence requires that flow to close (see panel 002).
Proves the AWS CPU Nitro path only. Does not prove GPU attestation, multi-cloud parity, or pipeline-mode evidence.
Does not prove model correctness, fairness, safety, or legal compliance. Does not prove irrecoverable deletion.
This page is a redacted public summary. For a real buyer review, use the private evidence bundle under an explicit review context and verify the SHA-256 hashes against your local copy.

AWS-NATIVENITRO PoCEVIDENCE.

Production buyer evidence is not yet complete.

RUNTIME PASSPORT.

EXECUTION REPORT.

HARDWARE MEASUREMENTS.

END-TO-END TIMINGS.

EVIDENCE BUNDLE.

POST-RUN CLEANUP.

AWS-NATIVE
NITRO PoC
EVIDENCE.