Tinfoil Enclaves serve the remote attestation document (RAD) over HTTP at the well known endpoint /.well-known/tinfoil-attestation. The document is a JSON object containing a type and a signed enclave remote attestation payload.

Schema

{
  "format": "<PREDICATE_TYPE>",
  "body": "<ATTESTATION_BODY>"
}

Fields

The RAD is represented as a JSON object with the following fields: format string (TypeURI), required
URI identifying the type of attestation format. This URI is identical to the predicate TypeURI field in the enclave’s Sigstore attestations, conformant to in-toto.io/Statement/v1.
body string, required
The attestation document body containing the measurements and verification data. Format and content requirements depend on the specified attestation format.

Supported Formats

Tinfoil currently supports the following remote attestation formats:

AMD SEV-SNP Guest Attestation v1

Format URI: https://tinfoil.sh/predicate/sev-snp-guest/v1 AMD SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging) provides hardware-based memory encryption and integrity protection for virtual machines. The attestation format is the base64 representation of the AMD SEV-SNP Guest Attestation specification. Registers:
  • Register 0: SEV-SNP launch measurement

Intel TDX Guest Attestation v1

Format URI: https://tinfoil.sh/predicate/tdx-guest/v1 Intel TDX (Trust Domain Extensions) provides hardware-based isolation for virtual machines using Intel’s CPU security features. The attestation format contains TDX-specific measurements including MRTD (Measurement Register of Trust Domain) and RTMRs (Runtime Measurement Registers). Registers: (follow TDX standard)
  • Register 0: MRTD
  • Register 1: RTMR0
  • Register 2: RTMR1
  • Register 3: RTMR2
  • Register 4: RTMR3 (empty)

SNP-TDX Multi-Platform Attestation v1

Format URI: https://tinfoil.sh/predicate/snp-tdx-multiplatform/v1 A unified attestation format that supports both AMD SEV-SNP and Intel TDX platforms within a single measurement structure. This format enables cross-platform verification and measurement comparison between SEV-SNP and TDX hardware attestation technologies. Registers:
  • Register 0: SEV-SNP launch measurement (equivalent to https://tinfoil.sh/predicate/sev-snp-guest/v1 register 0)
  • Register 1: TDX RTMR1
  • Register 2: TDX RTMR2

Hardware Measurements v1

Format URI: https://tinfoil.sh/predicate/hardware-measurements/v1 A generic hardware measurement format for attestation documents that contain platform-specific measurement registers and verification data.