Hardware Root-of-Trust · Air-Gapped

The blue checkmark for the physical world.

A $50,000 accelerator crosses six jurisdictions before it reaches a rack. It has a serial number — not a history. Sovereign Proof gives every server, GPU, and rack a cryptographically signed biography, binds it to the silicon, and anchors it to Bitcoin — so not even we can rewrite it.

Signed custody ledger Silicon attestation Bitcoin-anchored On-device LLM · air-gapped

The Trust Deficit

Secure Boot checks the signature. It never checks the biography.

A correctly signed OS will boot happily on a server that sat unlocked in a parking lot for six hours. Between the loading dock and the boot sequence, hardware can be swapped, backdoored, or cloned — and no one would know.

GENESIS
Fab
▲ THE DARK ZONE
Freight · Ports · Warehouses · Unverified hands
ARRIVAL
Rack

This isn't hypothetical. A Senate investigation found over 1 million suspect counterfeit parts already inside the U.S. defense supply chain — more than 70% traced to China. — U.S. Senate Armed Services Committee


Why now

Provenance isn't a feature anymore. It's a filing.

Federal law already forces contractors to prove where their silicon came from — and almost none of them can. We're the evidence behind a signature they're already on the hook for.

In force today

DFARS traceability

Defense contractors must trace parts to the original manufacturer. Today that's a binder of supplier PDFs. Paperwork can be forged. Silicon can't.

Dec 23, 2027

NDAA §5949

Every federal contractor must certify no banned-fab (SMIC/YMTC/CXMT) semiconductors — after a "reasonable inquiry," with a 72-hour report duty and False-Claims-Act exposure.

Direction of travel

Chip Security Act

Chip-level ownership records, location verification, and tamper reporting to BIS. The provenance ledger, proposed as federal law. Proposed legislation — a tailwind, not yet enacted.


The Solution

We give every machine a biography — and a voice.

Built on the Social Identity of Objects patent suite, Sovereign Proof treats each device as a social entity with a birth certificate and a life story.

01 / LEDGER

The Ledger

An air-gapped, tamper-evident chain of every life event — foundry genesis to rack install. Each handler signs its own custody events; any retroactive edit breaks the chain.

02 / INTERROGATOR

The Interrogator

An on-device LLM that turns that history into plain language. Ask the hardware where it's been — it answers in the first person, and never phones home.

03 / TRUST SCORE

The Trust Score

A deterministic 0–100 integrity score, computed from cryptographic evidence — not the LLM. If the story doesn't add up, the machine never boots.


How it works

Every event recorded, signed, scored — before boot.

STEP 01

Enroll at genesis

We verify the device's manufacture-time identity — the key NVIDIA or the TPM fused into the silicon — and record it. No foundry access needed.

STEP 02

Sign & chain

Every life event — transport, scan, install — is signed by its handler and hash-linked to the last.

STEP 03

Challenge

At each checkpoint the device must prove it still holds the key it was enrolled with — catching a swap or clone.

STEP 04

Anchor

The fleet's integrity fingerprint is committed to Bitcoin — history becomes unrewritable.

STEP 05

Trust gate

The score is computed and gated. Boot — or quarantine.


The difference

Perfect paperwork. Wrong machine.

Documents can be forged by insiders. Silicon can't lie. We check both — which is why a unit with a flawless custody record still fails if the device answering the challenge isn't the one we enrolled.

Custody ledger — signatures
Genesis · TSMC Fab 18 · signed
Transport · FedEx Custom Critical · signed
Scan · Node 0 Rack 4 · signed
Chain intact · 3/3 verified
LEDGER: VERIFIED
Silicon challenge — attestation
Vendor identity verified at enrollment
Challenge answered with a different key
Not the silicon we enrolled
Swap or clone suspected
CRITICAL FAILURE — DO NOT INSTALL

And it's not just swaps. The engine detects the full taxonomy a compliance team faces:

counterfeit · no genesis record gray-market · untrusted foundry tamper · chassis opened in transit forged custody · unauthorized signer diversion · unaccounted transit gap ✓ remediated · recertified & recovered

  Anchored to Bitcoin

A ledger asks you to trust the operator. We remove even that.

Every custody record is signed and hash-linked — so an outsider can't edit history. But a permissioned operator theoretically could. So we commit the fleet's integrity fingerprint to the Bitcoin blockchain via OpenTimestamps. After a fingerprint is anchored, not even Sovereign Proof can alter earlier history without the public record disagreeing.

No coin. No gas. Just one hash — OpenTimestamps batches millions of them into a single Bitcoin transaction. The device stays fully air-gapped; a connected node publishes the fingerprint.


The Moat

Three things the incumbents can't copy.

A neutral, audited, air-gapped standard — not a chipmaker's in-house tool. You can't self-certify your own trust.

Cloud IoT
Azure Sphere
Provenance
IBM · TPM
Sovereign Proof
SovereigntyCloud-dependentCentralized ledgerAir-gapped & offline
LogicPass / failStatic scanBehavioral trust score
AnchorAccount trustStatic certificatesSigned chain + live silicon challenge
Rewrite resistanceVendor-controlledOperator-controlledAnchored to Bitcoin — trustless
Key custodyCloud-managedPer-device, staticHSM/TPM — key never leaves the token
InterfaceDev consoleIT dashboardNatural-language interrogator

The network

A decentralized network of physical trust.

Every party that touches the hardware runs a Sentinel node and signs the events it witnesses. The more of the chain that participates, the more complete and trustworthy every device's provenance becomes — a DePIN for hardware trust.

Foundry
Freight
Customs
Integrator
Data center

No token required. The security comes from the cryptography, and public anchoring gives blockchain-grade immutability without it. The core standard is designed to be neutral and adopted — a referee every chipmaker and nation can trust, because you can't self-certify your own hardware.


FAQ

Questions we get in every room.

How is this different from a TPM or Secure Boot?
Those verify the device at boot — is the firmware correctly signed. We verify the journey — where the device has been and whether it's physically the same one that left the foundry. We even use the TPM as one of our signals, and add the custody history and supply-chain reasoning on top.
Why won't NVIDIA just build this themselves?
NVIDIA attests its own GPU at boot — "genuine part, here are its measurements." We consume that and add what it can't: the custody biography across the whole multi-vendor supply chain, and neutrality. A standard owned by one chipmaker isn't trusted by its rivals or by nations — you can't self-certify your own trust. The method is patent-protected (SIO, US 10,594,831 B2) and exclusively licensed to us. We're not competing with NVIDIA's attestation — we're a customer of it, and the neutral layer above it.
Do you need the foundry or the chipmakers to cooperate?
No. Modern silicon already ships with a manufacture-time identity — TPM Endorsement Key certificates, NVIDIA's device attestation, DICE. We verify that existing identity (proving the part is genuine) and bind the custody chain from the first point we can reach. We consume infrastructure that ships today — nobody has to enroll anything for us at the fab.
Is this blockchain? Do you have a token?
No token, and we'd never issue one — it would scare off exactly the defense and sovereign buyers we need. We anchor a single hash to Bitcoin (via OpenTimestamps) purely for tamper-proof timestamping: blockchain-grade immutability, zero token risk, no gas.
Is our cargo history visible on the blockchain?
No — nothing readable ever leaves your premises. Your full custody history stays in your own air-gapped ledger. What's published (only when you choose) is a single 32-byte fingerprint, batched by OpenTimestamps with thousands of unrelated hashes into one Bitcoin transaction — it can't be reversed, linked to you, or even identified as yours. To prove custody to an auditor you share exactly what you choose, per unit, off-chain. Bitcoin is our notary, not our database: it proves when your records existed, never what they say.
Does it need the cloud or internet?
No. It runs entirely air-gapped — the ledger, the AI model, and the verdict all live inside the box. Nothing ever phones home. That's the whole point for a classified or sovereign environment.
What's driving urgency now?
Regulation. DFARS already requires defense contractors to trace parts to the original manufacturer (today via paperwork). NDAA §5949 requires certifying no banned-fab silicon by December 23, 2027, with False Claims Act exposure. We're the evidence behind that certification.
What do I actually have to do to use it?
Feed it the custody events you already collect — scans, manifests, handoffs. You can even import a chain-of-custody CSV and score your real supply chain in seconds. For the highest assurance, add a hardware attestation step at receiving. You get a go/no-go trust gate before anything touches your network.
Is it real, or a demo?
The engine is real and running today — cryptographic ledger, silicon challenge, Bitcoin anchoring, and the interrogator. What's ahead is the physical flight case and integrating production TPM quotes on your hardware. The software is done; we're hardening for your environment.

See it testify

Open the case. Scan the blade. Ask it a question.

The Sentinel runs entirely offline — the ledger, the model, and the verdict all live inside the chassis. Interrogate a verified unit, watch a compromised one indict itself, then import your own custody data and score your real supply chain in seconds.