A CPHAR deployment is composed of five logical components. They can be implemented as separate services or co-located, but the trust boundaries between them should be explicit and documented.
Components
Tamper-responsive hardware. Holds the non-exportable signing key. Records firmware measurement. Destroys or disables the key on tamper detection.
Records seal identities, lot commitments, manufacturer attestation, firmware measurement, status, and revocation. Publishes content-addressed snapshots.
Issues random nonces, validates
SealAttestation messages, checks registry status, enforces freshness windows, evaluates claim constraints.Bridges the human inspection process to the registry. Submits inspection records under audit controls and binds lot commitments to seal identities.
Read-only interface giving auditors registry inclusion proofs, attestation history, revocation events, and snapshot transparency-log proofs.
Detailed pages for each component will live under /docs/architecture/. This index will then function as the navigation root.