Tinfoil Enclaves serve the remote attestation document (RAD) over HTTP at the well known endpoint /.well-known/tinfoil-attestation
.
The document is a JSON object containing a type and a signed enclave remote attestation payload.
The RAD is represented as a JSON object with the following fields:
format
string (TypeURI), required
URI identifying the type of attestation format. This URI is identical to the predicate TypeURI field in the enclave’s Sigstore attestations, conformant to in-toto.io/Statement/v1.
body
string, required
The attestation document body containing the measurements and verification data. Format and content requirements depend on the specified attestation format.
Tinfoil currently supports the following remote attestation formats:
Format URI: https://tinfoil.sh/predicate/sev-snp-guest/v1
AMD SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging) provides hardware-based memory encryption and integrity protection for virtual machines. The attestation format is the base64 representation of the AMD SEV-SNP Guest Attestation specification.
Format URI: https://tinfoil.sh/predicate/aws-nitro-enclave/v1
AWS Nitro Enclaves provide isolated compute environments to protect and process highly sensitive data. The attestation format is the base64 representation of the AWS Nitro Enclave attestation specification.
Tinfoil Enclaves serve the remote attestation document (RAD) over HTTP at the well known endpoint /.well-known/tinfoil-attestation
.
The document is a JSON object containing a type and a signed enclave remote attestation payload.
The RAD is represented as a JSON object with the following fields:
format
string (TypeURI), required
URI identifying the type of attestation format. This URI is identical to the predicate TypeURI field in the enclave’s Sigstore attestations, conformant to in-toto.io/Statement/v1.
body
string, required
The attestation document body containing the measurements and verification data. Format and content requirements depend on the specified attestation format.
Tinfoil currently supports the following remote attestation formats:
Format URI: https://tinfoil.sh/predicate/sev-snp-guest/v1
AMD SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging) provides hardware-based memory encryption and integrity protection for virtual machines. The attestation format is the base64 representation of the AMD SEV-SNP Guest Attestation specification.
Format URI: https://tinfoil.sh/predicate/aws-nitro-enclave/v1
AWS Nitro Enclaves provide isolated compute environments to protect and process highly sensitive data. The attestation format is the base64 representation of the AWS Nitro Enclave attestation specification.