Understanding Verifiability

Enclave verifiability is a critical security feature that allows users to confirm that code is running in genuine hardware with hardware security features enabled. Tinfoil’s integrity features ensure that all code and data remain unchanged and verifiable through cryptographic remote attestation performed with the Trusted Execution Environment (TEE). When connecting to a Tinfoil secure enclave, the Tinfoil client automatically verifies the TEE’s attestation and compares the runtime code measurement (signed hash of the code running inside the TEE) to the measurement of the code committed to by Tinfoil on GitHub and Sigstore.
Attestation verification is performed automatically by the Tinfoil client library. This happens transparently without requiring explicit developer action, but can be customized for advanced use cases.

Attestation Process

The attestation process establishes a chain of trust from the hardware level up to the application level. Each step builds upon the security guarantees of the previous one to create a chain of trust connecting the hardware to the publicly auditable code it is running.

How It Works

  1. Hardware Authentication The process begins by verifying the authenticity of the physical hardware components. This step ensures the TEE is running on genuine confidential computing chips with proper security features enabled, not on simulated or otherwise compromised hardware.
  2. Configuration Verification Once hardware authenticity is confirmed, the system validates that all security-critical settings are properly configured. This ensures the TEE environment is set up with the correct parameters and isolation boundaries.
  3. Code Measurement The system creates cryptographic measurements (hashes) of all code and configuration files being loaded into the TEE. This prevents modification of the code during runtime.

Attestation Chain of Trust

The attestation chain is established through a series of cryptographic validations:
  1. Hardware Root of Trust: Hardware manufacturers (Intel, AMD, NVIDIA) embed cryptographic keys in their processors
  2. Firmware Validation: Hardware validates firmware integrity during boot
  3. TEE Initialization: Firmware initializes the TEE with verified security parameters
  4. Measurement: TEE measures loaded code and creates cryptographic evidence
  5. Attestation Report: TEE signs the measurements with hardware keys
  6. Verification: Clients verify signatures and measurements against known good values
  7. Transparency Log: Code measurements are recorded on Sigstore for public auditability

Tinfoil’s Verification Flow

The attestation flow illustrates the key steps in verifying a TEE’s authenticity and integrity. When a client needs to verify the trustworthiness of a TEE, it initiates a multi-step process involving hardware-level verification and code measurements. The TEE requests a cryptographically signed report from the underlying hardware (signed by Intel or AMD’s attestation root keys), which proves the environment’s authenticity. This evidence is then shared with the client, who can verify both the hardware attestation and the code measurements against Sigstore’s transparency log to ensure the TEE is running the expected, unmodified code.

Attestation Flow

The Sigstore verification step provides an auditable proof that the binary running in the TEE matches the source code published by Tinfoil, establishing a verifiable link from source to execution environment.