MICKAI
Sentinel, the Olympian guardian of the Mickai operator key sealed inside the hardware
MICKAI™
TPM // ROOT OF TRUST

Hardware Root of Trust

Identity anchored to silicon.

The operator key is generated and sealed inside a TPM 2.0 chip, proven by an attestation quote, and bound to the platform with PCR-bound mode. The hardware-attestation subsystem of the Mickai Sovereign Intelligence Operating System.

Mickai · SIOS subsystem

Mickai TPM Attestation

The TPM 2.0 attestation subsystem of the Mickai SIOS. Hardware-rooted operator-held identity for every signed audit record.

View capabilities
TPM 2.0PCR-boundAttestedPQ

The Mickai SIOS

Mickai is a Sovereign Intelligence Operating System (SIOS). It runs entirely on your own hardware, on Windows, Linux, or macOS. No cloud, no telemetry. This page describes one subsystem of the Mickai SIOS. Request a key to install on your hardware.

A subsystem of the Mickai SIOS. Hardware identity at the operator-key level. ML-DSA-65 keys generated on a TPM 2.0 chip, with attestation quotes proving it.

Read the patentsVerify a Mickai audit chain

TPM. A subsystem of the Mickai Sovereign Intelligence Operating System.

What TPM Attestation guarantees

Seven primitives that bind the operator key to the chip. TPM 2.0 and Apple Secure Enclave, attestation quote, PCR-bound sealing, public discoverability, dev-machine fallback, hardware-rotation flow, ML-DSA-65 from the chip.

01 / Function

Core function

The TPM 2.0 attestation subsystem of the Mickai SIOS. Hardware-rooted operator-held identity for every signed audit record.

02 / Audit

Signed audit

Every state transition emits an Open Inter-Vendor Audit Record signed under FIPS 204 ML-DSA-65, walkable end to end by an offline verifier.

03 / Sovereignty

Operator-held keys

Cryptographic identity sits in TPM 2.0, secure enclave, or HSM controlled by the operator. The vendor cannot edit history.

01 / Sealed to the platform

The key only unseals on the machine it was born on.

PCR-bound mode ties the operator key to the platform configuration registers of the chip, so it unseals only when the hardware boots into a known good state. The attestation quote is published at /.well-known/mickai-operator-key.json, where any verifier can check it. Anchored in filed UK patent applications across the Mickai SIOS attestation family.

Phalanx, the Olympian shield-wall, standing for PCR-bound sealing and defence in depth around the operator key

Patent anchors

TPM Attestation sits on three of the 101 filed UK patent applications behind the Mickai SIOS. Patent 08 anchors ML-DSA-65 signing, patent 24 the trust-domain externalisation via /.well-known/, patent 26 PCR-bound mode attestation.

GB2607309.8 to GB2611702.8, GB2611885.1 onwards, and GB2612762.1 to GB2612793.6 · 101 filed UK patent applications · Approximately 2,234 claims

Wired with

  • ML-DSA-65 signed records (FIPS 204)
  • Open Audit Record (OAR) emit pipeline
  • TPM 2.0 / secure-enclave key custody
  • Trust-domain externalisation pattern
Read

Operator identity, anchored to silicon.

Mickai TPM Attestation seals the operator key to a TPM 2.0 chip and publishes a quote any verifier can check. Read the attestation patent, or request an access key and bind your first signing key to your hardware.

Read patent 08

Engineered by Mickai LTD, United Kingdom · @mickyirons