diff --git a/docs/docs/workflows/verify-cluster.md b/docs/docs/workflows/verify-cluster.md
index 524ca737a..74d26adab 100644
--- a/docs/docs/workflows/verify-cluster.md
+++ b/docs/docs/workflows/verify-cluster.md
@@ -15,6 +15,17 @@ This command performs the following steps:
 2. Verify the signature of the measurements. This will use Edgeless Systems' [public key](https://edgeless.systems/es.pub).
 3. Write measurements into configuration file.
 
+After the command succeeded the configuration file will contain a list of key value pairs (index, hash) under the `measurements` key and a list of indices under `enforcedMeasurements`.
+Not all keys under `measurements` will have a matching index under `enforcedMeasurements`.
+This is because only a subset of the available measurements can be locally reproduced and verified.
+These non-reproducible values typically measure parts of the boot process that are controlled by the CSP.
+You can find a list with descriptions in the [runtime measurements](../architecture/attestation.md#runtime-measurements) section.
+
+During attestation, the validating side (CLI or [join service](../architecture/components.md#joinservice)) will compare each [measurement](../architecture/attestation.md##runtime-measurement) reported by the issuing side (first node or joining node) individually.
+For mismatching measurements that are set under the `measurements` key a warning will be emitted.
+For mismatching measurements that are additionally set under `enforcedMeasurements` an error will be emitted and attestation fails.
+If attestation fails, the new node can't join the cluster.
+
 ## The *verify* command
 
 :::note