This work proposes a novel remote attestation paradigm that shifts the security focus from prevention to verifiable detection in response to microarchitectural vulnerabilities like Rowhammer, which undermine hardware’s role as a trusted root. By integrating remote attestation with microarchitectural attack detection, the approach leverages a TPM-anchored hash chain to protect memory-level evidence—including machine check exceptions (MCEs) from ECC DRAM and PRAC row activation counters—enabling tamper-resistant, verifiable identification of Rowhammer activity. Implemented as the HammerWatch protocol on commodity hardware, this method reliably distinguishes malicious Rowhammer attacks from benign memory accesses using a conservative heuristic, demonstrating consistent accuracy across 20,000 simulated access patterns.

Microarchitectural vulnerabilities increasingly undermine the assumption that hardware can be treated as a reliable root of trust. Prevention mechanisms often lag behind evolving attack techniques, leaving deployed systems unable to assume continued trustworthiness. We propose a shift from prevention to detection through microarchitectural-aware remote attestation. As a first instantiation of this idea, we present HammerWatch, a Rowhammer-aware remote attestation protocol that enables an external verifier to assess whether a system exhibits hardware-induced disturbance behavior. HammerWatch leverages memory-level evidence available on commodity platforms, specifically Machine-Check Exceptions (MCEs) from ECC DRAM and counter-based indicators from Per-Row Activation Counting (PRAC), and protects these measurements against kernel-level adversaries using TPM-anchored hash chains. We implement HammerWatch on commodity hardware and evaluate it on 20000 simulated benign and malicious access patterns. Our results show that the verifier reliably distinguishes Rowhammer-like behavior from benign operation under conservative heuristics, demonstrating that detection-oriented attestation is feasible and can complement incomplete prevention mechanisms