The Linux Foundation Projects
Skip to main content
Blog

Shaping the Future of Attestation: Linaro to Host Endorsement API Workshop at Linaro Connect 2025

This year’s Linaro Connect conference in Lisbon promises to be a landmark event for the confidential computing community. With multiple talks, workshops, and roundtables focused on trusted execution environments, attestation, and supply chain trust, confidential computing has emerged as an important theme of the 2025 conference.

Among the highlights: a keynote address from Mike Bursell, Executive Director of the Confidential Computing Consortium, who will share his insights on how industry-wide collaboration and open source are essential for the long-term success of this technology as it becomes mainstream.
Mike’s keynote is especially timely and relevant in the context of this year’s conference, where no fewer than 10 technical sessions are listed in the confidential computing track, from organisations including Arm, Linaro, Fujitsu and Huawei.

And it doesn’t end there.

On Tuesday May 13th (the day before the main conference), Linaro have allocated a full-day workshop on the topic of Endorsement APIs. This workshop brings together engineers, researchers, standards bodies, and open source contributors to tackle one of the most pressing challenges in remote attestation: how to securely and efficiently distribute Endorsements and Reference Values across the diverse ecosystem of confidential computing platforms and applications.

Why Endorsement APIs Matter

In Remote Attestation (RATS) architecture, Endorsements and Reference Values are essential artefacts for attestation evidence appraisal. They can originate from various sources throughout the supply chain, including silicon manufacturers, hardware integrators, firmware providers, and software providers. Their distribution is influenced by technical, commercial, and even geopolitical factors. The potential consumers of these artefacts, referred to as “Verifiers” in RATS terms, include cloud-hosted verification services, local verifiers bundled with relying parties, constrained nodes, and endpoint devices. This acute diversity creates challenges for software integration and poses fragmentation risks. Aligning on data formats and APIs will help address these challenges and maximise software component reuse for data transactions between endpoints.

A Space for Open Collaboration

Sharing its venue with the main Linaro Connect conference — the Corinthia Hotel in Lisbon — the workshop will combine hackathon-style prototyping sessions in the morning with interactive presentations and roundtables in the afternoon.
Confirmed participants include representatives from:

  • Arm
  • Intel
  • Microsoft Azure
  • Fujitsu
  • Oracle
  • IBM Research
  • NIST
  • Fraunhofer SIT
  • Alibaba
  • CanaryBit
  • and several university research groups

Activities on the day will include:

  • Gathering requirements from stakeholders
  • Surveying existing services and tools
  • Examining the interaction models between producers and consumers
  • Designing standardised APIs for retrieving endorsement artefacts from the supply chain
  • Hands-on prototyping

And most importantly, this is a space where implementers and spec authors can come together to turn ideas into prototypes, and prototypes into common solutions.

What is Linaro Connect?

If you’re new to the event, Linaro Connect is the premier open engineering forum for Arm software ecosystems. It brings together maintainers of open source projects, engineers from major silicon vendors, and contributors to key standards and security initiatives — all under one roof.

Whether you’re working on Linux kernel internals, UEFI, Trusted Firmware, or emerging attestation stacks, Linaro Connect is the place to share ideas, get feedback, and shape the direction of trusted computing.

You can view the full schedule for this year’s conference here.

Stay Tuned

We’ll publish a follow-up blog after the workshop, summarizing key outcomes, emerging standards proposals, and concrete next steps. Whether you’re building a verifier, defining a token format, or just starting to explore confidential computing, this is a conversation you’ll want to follow.

See you in Lisbon.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.