attestation: fail closed on Nitro and ARM parser paths

Author: ramtamilselvan

docs/audits/EVIDENCE_INDEX.md

@@ -388,6 +388,8 @@ The current evidence branch is a pre-audit hardening candidate on top of
 | Drand relay boundary regression | `go test ./x/pouw/keeper -run 'TestHTTPDrandPulseProvider_|TestAssignmentEntropyFromContext_'` | `x/pouw/keeper/drand_pulse_test.go` |
 | Worker backend proxy boundary regression | `go test ./services/tee-worker/executor` | `services/tee-worker/executor/main_test.go` |
 | Lightweight attestation collateral fail-closed regression | `cargo test --manifest-path services/tee-worker/nitro-sdk/Cargo.toml --features attestation-evidence fails_closed_without_backend` | `services/tee-worker/nitro-sdk/src/attestation/engine.rs` |
+| Nitro parser fail-closed regression | `cargo test --manifest-path services/tee-worker/nitro-sdk/Cargo.toml --features attestation-evidence nitro` | `services/tee-worker/nitro-sdk/src/attestation/aws_nitro.rs` |
+| ARM attestation fail-closed regression | `cargo test --manifest-path services/tee-worker/nitro-sdk/Cargo.toml --features attestation-evidence arm` | `services/tee-worker/nitro-sdk/src/attestation/arm_trustzone.rs` |
 | Seal verifier regression | `go test ./x/seal/keeper/...` | `x/seal/keeper/` |
 | Vault relay governance regression | `go test ./x/vault/keeper` | `x/vault/keeper/keeper_test.go` |
 | Sovereign access-control regression | `cargo test --manifest-path services/tee-worker/nitro-sdk/Cargo.toml --features full-sdk lib_full::sovereign::` | `services/tee-worker/nitro-sdk/src/sovereign/` |

docs/audits/REMEDIATION_REGISTER.md

@@ -216,6 +216,8 @@ part of the `main`-branch CLOSED statistics below.
 | HS-2026-04-16-49 | Medium | Consensus / Drand Relay Boundary | Apply the shared endpoint safety validator to the consensus drand relay configuration and bound the localhost fallback decoder so malformed, metadata, or private-address relay targets fail closed instead of being probed, and local fallback responses cannot consume unbounded memory | `ramesh/protocol-hardening-sweep-20260416` / PR `#141` | `go test ./x/pouw/keeper -run 'TestHTTPDrandPulseProvider_|TestAssignmentEntropyFromContext_'`, `go test ./x/pouw/keeper`, and `go test ./app ./x/pouw/keeper ./x/verify/... ./x/seal/keeper ./x/validator/keeper ./x/vault/keeper` |
 | HS-2026-04-16-50 | Medium | Worker / Backend Proxy Boundary | Apply the shared endpoint safety validator to the TEE worker backend proxy configuration and runtime forwarding path so unsafe backend URLs fail closed at startup and at request time instead of allowing `/execute` and `/verify` traffic to be forwarded to malformed, metadata, or private-address targets | `ramesh/protocol-hardening-sweep-20260416` / PR `#141` | `go test ./services/tee-worker/executor` and `go test ./app ./x/pouw/keeper ./x/verify/... ./x/seal/keeper ./x/validator/keeper ./x/vault/keeper` |
 | HS-2026-04-16-51 | Medium | Worker / Attestation Collateral Truthfulness | Fail closed in the lightweight attestation engine when Intel PCCS or AMD KDS collateral backends are unavailable, instead of fabricating empty collateral bundles that could be mistaken for partial verification state | `ramesh/protocol-hardening-sweep-20260416` / PR `#141` | `cargo test --manifest-path services/tee-worker/nitro-sdk/Cargo.toml --features attestation-evidence fails_closed_without_backend` and `cargo check --manifest-path services/tee-worker/nitro-sdk/Cargo.toml --features attestation-evidence` |
+| HS-2026-04-16-52 | Medium | Worker / Nitro Parser Truthfulness | Fail closed in the Nitro attestation wrapper when the COSE/CBOR parsing backend is unavailable, instead of constructing a placeholder attestation document after only validating the outer COSE shell | `ramesh/protocol-hardening-sweep-20260416` / PR `#141` | `cargo test --manifest-path services/tee-worker/nitro-sdk/Cargo.toml --features attestation-evidence nitro` and `cargo check --manifest-path services/tee-worker/nitro-sdk/Cargo.toml --features attestation-evidence` |
+| HS-2026-04-16-53 | Medium | Worker / ARM Attestation Truthfulness | Fail closed in the ARM TrustZone / CCA wrapper when parser or signature-verification backends are unavailable, instead of fabricating placeholder token state or returning success from non-cryptographic signature paths | `ramesh/protocol-hardening-sweep-20260416` / PR `#141` | `cargo test --manifest-path services/tee-worker/nitro-sdk/Cargo.toml --features attestation-evidence arm` and `cargo check --manifest-path services/tee-worker/nitro-sdk/Cargo.toml --features attestation-evidence` |
 
 See `docs/audits/protocol-hardening-sweep-2026-04-16.md` for the detailed
 scope and verification record.

docs/audits/STATUS.md

@@ -101,7 +101,7 @@ March 30 verified baseline.
 | Branch / PR | Scope | Current Head | Status | Evidence |
 |---|---|---|---|---|
 | `ramesh/broad-review-cleanup-20260416` / `#139` | Repo review-surface cleanup for TypeScript SDK and VSCode tooling | Branch head in PR | In Review | PR checks + local `npm run typecheck`, `npm run compile`, `npm run lint`, `npm test` |
-| `ramesh/protocol-hardening-sweep-20260416` / `#141` | Bridge relayer persistence and authority, burn nonce extraction, fail-closed zk proof and TEE/VM verification, authenticated simulated keeper attestations, deterministic simulated EZKL verification, deterministic simulated keeper zk proof binding, secure-by-default TEE precompile registry wiring, seal verifier fail-closed defaults, stateful seal revocation approval/execution, removal of the ordinary privileged seal-revocation bypass, narrowed raw keeper revoke entrypoints, quorumed emergency seal revocation, explicit authority enforcement on governance-only vault keeper methods, authority-gated non-overwritable relay liveness challenges with audit logging, loopback-by-default admin consensus-audit endpoint enforcement with explicit bearer-token authorization for remote exposure, truthful simulated/degraded health reporting with `503` reserved for genuinely unhealthy runtime posture, redacted public health diagnostics with detailed output gated to loopback or explicit token authorization, loopback-by-default metrics endpoint enforcement with explicit bearer-token authorization for remote scraping, forwarded proxy traffic no longer inheriting unauthenticated loopback trust on admin, metrics, or detailed health routes, fail-closed remote TEE endpoint validation across startup and health probing, fail-closed readiness endpoint probing for configured verifier targets, fail-closed EZKL remote prover/verifier endpoint validation, fail-closed DCAP collateral and CRL endpoint validation, fail-closed mirrored worker Nitro remote endpoint validation, fail-closed drand relay endpoint validation with bounded local fallback decoding, fail-closed TEE worker backend proxy endpoint validation, fail-closed lightweight attestation collateral backends, fail-closed TEE startup gating for real remote verifier modes, explicit simulated Nitro client identity with schema-consistent quote/proof artifacts, fail-closed Nitro payload confidentiality handling, fail-closed seal signature verification semantics, fail-closed seal export provenance semantics, honest PQC backend availability gating, fail-closed enhanced seal signature semantics, fail-closed seal import provenance semantics, aligned simulated TEE platform taxonomy across app and PoUW validation, ABCI vote-extension request binding for validator identity and height, runtime enforcement of locked PoUW governance parameters, governance compatibility and compliance alignment with runtime lock policy, auditable trusted-measurement registry mutations with legacy Nitro index reconciliation, bonded-quorum trusted-measurement emergency revocation, aligned security audit and threat-model narratives with the hardened production governance posture, cryptographic mempool signature enforcement, fail-closed VM job-registry proof verification, owner-bound sovereign payload encryption and fail-closed sovereign access control, validator slashing economic-penalty enforcement, timelock-safe automation keeper ownership, fail-closed non-local deployment authority resolution, real hybrid secp256k1 + Dilithium signer/verification in the worker runtime, governance bootstrap, Cruzible deployability | Latest branch head in PR | In Review | `docs/audits/protocol-hardening-sweep-2026-04-16.md` |
+| `ramesh/protocol-hardening-sweep-20260416` / `#141` | Bridge relayer persistence and authority, burn nonce extraction, fail-closed zk proof and TEE/VM verification, authenticated simulated keeper attestations, deterministic simulated EZKL verification, deterministic simulated keeper zk proof binding, secure-by-default TEE precompile registry wiring, seal verifier fail-closed defaults, stateful seal revocation approval/execution, removal of the ordinary privileged seal-revocation bypass, narrowed raw keeper revoke entrypoints, quorumed emergency seal revocation, explicit authority enforcement on governance-only vault keeper methods, authority-gated non-overwritable relay liveness challenges with audit logging, loopback-by-default admin consensus-audit endpoint enforcement with explicit bearer-token authorization for remote exposure, truthful simulated/degraded health reporting with `503` reserved for genuinely unhealthy runtime posture, redacted public health diagnostics with detailed output gated to loopback or explicit token authorization, loopback-by-default metrics endpoint enforcement with explicit bearer-token authorization for remote scraping, forwarded proxy traffic no longer inheriting unauthenticated loopback trust on admin, metrics, or detailed health routes, fail-closed remote TEE endpoint validation across startup and health probing, fail-closed readiness endpoint probing for configured verifier targets, fail-closed EZKL remote prover/verifier endpoint validation, fail-closed DCAP collateral and CRL endpoint validation, fail-closed mirrored worker Nitro remote endpoint validation, fail-closed drand relay endpoint validation with bounded local fallback decoding, fail-closed TEE worker backend proxy endpoint validation, fail-closed lightweight attestation collateral backends, fail-closed Nitro parser placeholder path, fail-closed ARM parser and signature placeholder paths, fail-closed TEE startup gating for real remote verifier modes, explicit simulated Nitro client identity with schema-consistent quote/proof artifacts, fail-closed Nitro payload confidentiality handling, fail-closed seal signature verification semantics, fail-closed seal export provenance semantics, honest PQC backend availability gating, fail-closed enhanced seal signature semantics, fail-closed seal import provenance semantics, aligned simulated TEE platform taxonomy across app and PoUW validation, ABCI vote-extension request binding for validator identity and height, runtime enforcement of locked PoUW governance parameters, governance compatibility and compliance alignment with runtime lock policy, auditable trusted-measurement registry mutations with legacy Nitro index reconciliation, bonded-quorum trusted-measurement emergency revocation, aligned security audit and threat-model narratives with the hardened production governance posture, cryptographic mempool signature enforcement, fail-closed VM job-registry proof verification, owner-bound sovereign payload encryption and fail-closed sovereign access control, validator slashing economic-penalty enforcement, timelock-safe automation keeper ownership, fail-closed non-local deployment authority resolution, real hybrid secp256k1 + Dilithium signer/verification in the worker runtime, governance bootstrap, Cruzible deployability | Latest branch head in PR | In Review | `docs/audits/protocol-hardening-sweep-2026-04-16.md` |
 
 These branches are additive hardening tranches and do not reopen any finding
 that was already marked CLOSED on the March 30 baseline. They exist to reduce

docs/audits/protocol-hardening-sweep-2026-04-16.md

@@ -754,6 +754,39 @@ already merged.
   Intel and AMD lightweight-engine collateral paths under the
   `attestation-evidence` feature.
 
+### 3zo. Nitro parser fail-closed hardening
+
+- Tightened `services/tee-worker/nitro-sdk/src/attestation/aws_nitro.rs`,
+  where the Nitro wrapper still returned a placeholder attestation document
+  after only checking the outer COSE marker, leaving later verification steps
+  to fail on fabricated empty fields.
+- `parse_document(...)` now fails closed with an explicit
+  `AwsNitro("Nitro COSE/CBOR parsing backend is not implemented")` error
+  instead of constructing fake attestation state that could be mistaken for a
+  partially parsed real document.
+- Added a focused regression in
+  `services/tee-worker/nitro-sdk/src/attestation/aws_nitro.rs` covering the
+  fail-closed parse behavior under the `attestation-evidence` feature.
+
+### 3zp. ARM attestation parser and signature fail-closed hardening
+
+- Tightened `services/tee-worker/nitro-sdk/src/attestation/arm_trustzone.rs`,
+  where the ARM TrustZone / CCA wrapper still relied on placeholder token
+  parsing and signature-verification methods that returned success once a
+  non-empty signature was present.
+- `parse_cca_token(...)` and `parse_psa_token(...)` now fail closed with
+  explicit backend-unavailable errors instead of fabricating placeholder token
+  state.
+- `verify_platform_signature(...)`, `verify_realm_signature(...)`, and
+  `verify_tz_signature(...)` now fail closed with explicit
+  `ArmTrustZone("...not implemented")` errors once signature presence has been
+  checked, instead of returning `Ok(())` without real cryptographic
+  verification.
+- Added focused regressions in
+  `services/tee-worker/nitro-sdk/src/attestation/arm_trustzone.rs` covering
+  fail-closed parser and signature paths under the `attestation-evidence`
+  feature.
+
 ### 4. Cruzible deployability and reviewability
 
 - Reduced `Cruzible.sol` deployed bytecode under the EIP-170 limit without
@@ -974,6 +1007,13 @@ already merged.
   AMD collateral bundles that could be mistaken for partial verification state.
   Those collateral paths now fail closed until a real fetch backend is wired
   into that engine surface.
+- The Nitro attestation wrapper no longer fabricates a placeholder parsed
+  document after only recognizing a COSE shell. Nitro parsing now stops
+  immediately with an explicit backend-unavailable error until a real CBOR/COSE
+  parser is wired in.
+- The ARM attestation wrapper no longer fabricates placeholder token state or
+  report success from signature-verification methods that lack real crypto
+  backends. Its parser and signature paths now fail closed explicitly.
 - The built-in security audit and threat model now describe the same hardened
   governance posture the runtime enforces, which removes an internal
   claim-vs-control mismatch around consensus threshold policy, one-way