Explainer · 5 min read
Dual-source validation.
Why one sensor is never enough.
A single sensor reading is a measurement. Two independent sensors agreeing is a proof. Dual-source validation is the difference between a number you can edit and a number a court can rely on.
The single-source problem
NVML gives the GPU's view of its own energy. RAPL gives the CPU package's view of its own energy. Each is hardware-grounded — but each is a single oracle. If that oracle is compromised, the reading is compromised, and there is no way to detect it from a single-sensor certificate.
What dual-source actually does
When the agent submits a measurement with rapl_metrics_url set,
the backend:
- Fetches the RAPL exporter as an independent second source.
- Compares NVML's GPU-side energy reading against RAPL's host-side energy reading across the same time window.
- Checks the ratio is physically plausible — GPU energy must be at least 15% and at most 97% of host energy.
- Records the result as
cross_checks.dual_sourcein the signed canonical payload.
If GPU energy exceeds host energy, the cross-check fails with an error
severity flag and the trust posture stays at self_reported — no
amount of marketing can override the math.
Why three sensors are not three times better
The trust score is not linear in sensor count. The graduated weights are:
dual_source0.30 — NVML × RAPL agree
signed_exporter0.30 — exporter response carries Ed25519 signature
machine_fingerprint0.20 — exporter machine_id matches the agent's
tee_attested0.40 — TEE quote verified (SGX / SEV-SNP / Nitro)
The combined ceiling is 1.20, but the score is clamped to 1.0. Three
evidence sources reach hardware_attested at exactly 0.80 — a
deliberate threshold that requires both cross-validation and at least one
cryptographic proof of source integrity.
See a dual-source certificate in action
The verifier shows each evidence flag with pass / fail / skipped state.
Verify a certificate →
What it costs an attacker
To forge a dual-source attestation, an attacker has to:
- Control the agent (already hard — runs inside the customer's infrastructure).
- Control or spoof the RAPL exporter (must produce values that agree with the forged NVML value, within the 0.15–0.97 ratio band).
- Sign the spoofed exporter response with an Ed25519 key registered under the same tenant (or the signed_exporter flag drops, reducing the score).
- Inject a matching
machine_idlabel (or the fingerprint flag drops too).
Each layer multiplies the cost. Single-sensor certificates require none of this; dual-source certificates require all of it.