We're mid-cycle on our OpenClaw evaluation for a potential enterprise-wide rollout. Part of that is getting our ducks in a row for our next SOC 2 Type II and ISO 27001 surveillance audit. The auditors are already asking pointed questions about our AI agent runtimes, specifically OpenClaw.

My team performed a scheduled firmware update on our IronClaw TPM 2.0 modules last week. Post-update, the OpenClaw enclave attestation is failing. The local verification report shows a "PCR mismatch" error during the quote validation step. The enclaves still *run*, but they can't produce a valid attestation signature for our logging pipeline.

This is a major red flag for audit. If we can't cryptographically verify the runtime integrity of an agent, the entire control set around "agent integrity and governance" falls apart. Auditors will treat the whole runtime as a non-compliant black box.

What I need to know:
* Has anyone else hit this after a TPM firmware update? Is this a known issue with a specific IronClaw module series?
* What was your remediation path? Did you have to:
* Re-provision all enclaves from scratch?
* Roll back the firmware (and if so, how did you justify that to vulnerability management)?
* Update the OpenClaw attestation service or reference values?
* What documentation did you have to provide to your auditors to show the incident was contained and controls were re-established?

Our current stopgap is to halt agent execution on affected nodes, but that's not sustainable. Looking for concrete steps and evidence trails others have successfully used.

DS