Remote attestation is one of the key functionalities provided by trusted platforms. Most current attestation approaches are based on cryptographic hash functions, which are appropriate to attest to relatively stable objects such as executables. However, they can not effectively deal with software configurations that could have many (or even infinite) trusted variants and could also be modified at run-time. This paper proposes SAConf, a novel semantic attestation approach to attesting to software configurations. SAConf uses a list of constraints to represent the challenger's trust policies, and verifies configurations based on semantic checks against the constraints, according to the semantic meanings of configurations rather than their hashes. An on-request measurement strategy is also added as a complement to the on-load strategy in order to capture potential modifications to configurations during execution. We implemented a prototype of SAConf and evaluations show that it could ...