diff --git a/Cargo.lock b/Cargo.lock
index 9dc69cbc5..e61c876fb 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -837,7 +837,7 @@ checksum = "33415e24172c1b7d6066f6d999545375ab8e1d95421d6784bdfff9496f292387"
 dependencies = [
  "bitcoin_hashes",
  "rand",
- "rand_core 0.6.4",
+ "rand_core 0.5.1",
  "serde",
  "unicode-normalization",
  "zeroize",
@@ -7881,7 +7881,7 @@ checksum = "4e69bf016dc406eff7d53a7d3f7cf1c2e72c82b9088aac1118591e36dd2cd3e9"
 dependencies = [
  "bitcoin_hashes",
  "rand",
- "rand_core 0.6.4",
+ "rand_core 0.5.1",
  "serde",
  "unicode-normalization",
 ]
@@ -14414,7 +14414,7 @@ checksum = "61c41af27dd6d1e27b1b16b489db798443478cef1f06a660c96db617ba5de3b1"
 [[package]]
 name = "tdx-quote"
 version = "0.0.1"
-source = "git+https://github.com/entropyxyz/tdx-quote.git?branch=peg%2Fcert-chain-parse#a0cad09e8030b322ebb878fad0247bae8e62f141"
+source = "git+https://github.com/entropyxyz/tdx-quote.git?branch=peg%2Fcert-chain-parse#ae3b869572fc4ff68218570e699a4acc227f833b"
 dependencies = [
  "nom",
  "p256",
diff --git a/pallets/attestation/src/lib.rs b/pallets/attestation/src/lib.rs
index 0d2db323c..a8827e007 100644
--- a/pallets/attestation/src/lib.rs
+++ b/pallets/attestation/src/lib.rs
@@ -133,6 +133,8 @@ pub mod pallet {
         NoPCKForAccount,
         /// Unacceptable VM image running
         BadMrtdValue,
+        /// Cannot encode verifying key (PCK)
+        CannotEncodeVerifyingKey,
         /// Cannot decode verifying key (PCK)
         CannotDecodeVerifyingKey,
         /// Could not verify PCK signature
@@ -205,7 +207,6 @@ pub mod pallet {
         fn verify_quote(
             attestee: &T::AccountId,
             x25519_public_key: entropy_shared::X25519PublicKey,
-            // provisioning_certification_key: entropy_shared::BoundedVecEncodedVerifyingKey,
             quote: Vec<u8>,
             context: QuoteContext,
         ) -> Result<entropy_shared::BoundedVecEncodedVerifyingKey, DispatchError> {
@@ -231,13 +232,19 @@ pub mod pallet {
             let accepted_mrtd_values = pallet_parameters::Pallet::<T>::accepted_mrtd_values();
             ensure!(accepted_mrtd_values.contains(&mrtd_value), Error::<T>::BadMrtdValue);
 
-            let pck = verify_pck_certificate_chain::<T>(&quote).unwrap();
+            let pck =
+                verify_pck_certificate_chain::<T>(&quote).map_err(|_| Error::<T>::PckVerification);
 
             PendingAttestations::<T>::remove(attestee);
 
             // TODO #982 If anything fails, don't just return an error - do something mean
 
-            Ok(BoundedVec::try_from(encode_verifying_key(&pck).unwrap().to_vec()).unwrap())
+            Ok(BoundedVec::try_from(
+                encode_verifying_key(&pck)
+                    .map_err(|_| Error::<T>::CannotEncodeVerifyingKey)?
+                    .to_vec(),
+            )
+            .map_err(|_| Error::<T>::CannotEncodeVerifyingKey)?)
         }
 
         fn request_quote(who: &T::AccountId, nonce: [u8; 32]) {
@@ -258,9 +265,12 @@ pub mod pallet {
     ) -> Result<VerifyingKey, DispatchError> {
         let provisioning_certification_key =
             quote.pck_cert_chain().map_err(|_| Error::<T>::NoPckCertChain)?;
-        let provisioning_certification_key =
-            tdx_quote::decode_verifying_key(&provisioning_certification_key.try_into().unwrap())
-                .unwrap();
+        let provisioning_certification_key = tdx_quote::decode_verifying_key(
+            &provisioning_certification_key
+                .try_into()
+                .map_err(|_| Error::<T>::CannotDecodeVerifyingKey)?,
+        )
+        .map_err(|_| Error::<T>::CannotDecodeVerifyingKey)?;
         Ok(provisioning_certification_key)
     }
 }