Hardware Binding

Software-only identity is insufficient for high-stakes governance. Any identity that exists purely in software can be copied, replayed, or fabricated. Hardware binding answers the question: which physical machine actually performed this action?

Four levels of hardware security provide different trust ceilings. TPM 2.0(Trusted Platform Module) provides hardware-rooted key storage and attestation — trust ceiling 1.0. The key never leaves the chip. FIDO2security keys provide portable hardware attestation — trust ceiling 0.9. Strong but physically separable from the machine. Secure Enclave(Apple, ARM TrustZone) provides on-processor isolation — trust ceiling 0.85. Hardware-backed but vendor-controlled. Software-only attestation — trust ceiling 0.4. Better than nothing, but fundamentally spoofable.

The chain from digital action to physical device works as follows: an AIArtificial IntelligenceSystems that learn, adapt, and act with real-world impactagent performs an action. The action is signed with a key held in the TPM. The signature proves the action originated on a specific physical machine. The machine's identity is bound to its LCTLinked Context TokenAn entity's witnessed presence — permanent, non-transferable, cryptographically anchoredthrough hardware attestation. The provenance chain is: action → signature → TPM key → physical device → LCTLinked Context TokenAn entity's witnessed presence — permanent, non-transferable, cryptographically anchored→ trust history.

This matters for AIArtificial IntelligenceSystems that learn, adapt, and act with real-world impact governance because agents that can prove where they ran, on what hardware, with what attestation chain, are structurally more trustworthy than agents that merely claim an identity. When the question is “did this agent actually do what it says it did, on the machine it claims to have used?” — hardware binding provides a cryptographic answer.