Usage of PSA Initial Attestation for runtime

Hello everyone,

I’m begineer of both embedded system and Mbed OS. Now I’m developing an product and addressing to implement a function how to verify the integrity of my device.

Fortunately, I found the PSA initial attestation API, but I strugle to understand the specification. In my understanding, the Initial Attestation enables us to verify the integrity of software on a device by involking this service after the device is poweroed on.

Then, this is my question: Does the Initial Attestation service also enable us to verify the integrity of software not only at the start-up but also any time when the management server requests?

I’m not sure about “initial” meaning. If I would request the verification at any time other than start-up, does it not perform the expected verification service? However, the API reference said that the token shall be created at anytime upon requests.

The initial attestation service creates a token that contains a fixed set of device-specific data, upon request.
link: PSA initial attestation - API references and tutorials | Mbed OS 6 Documentation

Does anyone know about that?

Thank you for your support in advance.