Both claim to solve remote attestation for TEEs. Both are still black boxes from our perspective. Opaqueness isn't binary; it's about what evidence they expose and how we can verify it.

Azure Attestation (for Intel SGX/AMD SEV-SNP)
* Evidence includes the attestation report, collateral (certs, CRLs), and parsed claims.
* You get a JSON with claims like `sgx.quote`, `svn`, `product_id`.
* You must fetch and validate collateral against Microsoft's PKI. The service abstracts this, but you can do it yourself.
* Key question: How do you know the service itself is correct? You're trusting Azure's API and infrastructure.

AWS Nitro Enclaves attestation
* Evidence is the attestation document (CBOR-encoded).
* Contains the PCR values, the instance's identity, and a user-provided nonce.
* Signed by the Nitro Hypervisor's KMS-backed key.
* You validate the signature chain to the AWS Nitro root cert.
* Key question: PCRs are opaque measurements. You need AWS-provided documentation to map them to components.

Comparison points for auditability:
* Collateral freshness: Azure requires online validation of CRLs. Nitro uses static cert chain.
* Reproducibility: Can you independently reproduce the measurement from a known image? With Nitro, you need the exact kernel/ramfs hashes. With Azure SGX, you need the enclave's MRENCLAVE.
* Transparency of failures: What logs are exposed if attestation fails? Azure gives error codes; Nitro returns an invalid signature.

Example of verifying a Nitro attestation document locally (partial):
```python
import aws_kms_pds_signing
import cbor2

with open('document.bin', 'rb') as f:
doc = cbor2.load(f)
# Verify signature using AWS Nitro root cert
# Then check PCRs against expected values for your known kernel/ramfs
expected_pcr0 = 'a1b2...'
if doc['pcrs'][0] != expected_pcr0:
raise ValueError('PCR0 mismatch - image tampered.')
```

Which is less opaque? Neither. But Azure gives you more discrete claims to check against your own policy. Nitro gives you a simpler, self-contained document. The opacity shifts from the evidence format to the trust in the cloud provider's virtualization layer and measurement process.

I need to see actual failure mode logs from both to judge. Has anyone done a comparative audit on the telemetry exposed during an attestation failure?