Consumers and operators can independently verify provider attestation state.
curl https://api.darkbloom.dev/v1/providers/attestationReturns, per provider:
- Secure Enclave P-256 public key,
- hardware info (chip, model, serial, system volume hash),
- security state (SIP, SecureBoot, ARV, SE),
- MDM verification status,
- Apple MDA certificate chain (base64 DER),
- MDA-extracted properties (serial, UDID, OS version, SepOS version).
- Download Apple's Enterprise Attestation Root CA from apple.com/certificateauthority.
- Decode the
mda_cert_chain_b64certificates from base64 to DER. - Verify the cert chain against Apple's root CA using any x509 library.
- Check that the serial number in the Apple cert matches the provider's self-reported attestation.
hardwaretrust means the device is genuine Apple hardware with SIP on and Secure Boot Full, verified by Apple's MDA certificate chain.self_signedtrust means the provider sent a SE-signed attestation and is passing periodic challenge-response, but has not completed MDM/MDA.nonemeans no attestation was provided.
The strongest production gate is APNs-based code-identity attestation. It is
not exposed as a separate consumer-visible field today, but it gates whether a
provider is eligible for private-tier routing. See
architecture/decisions/apns-code-attestation.md.