Skip to main content
Tinfoil Enclaves serve the remote attestation document over HTTP at the well known endpoint /.well-known/tinfoil-attestation. The document is a JSON object containing a format identifier and a signed enclave remote attestation payload.

Schema

{
  "format": "<PREDICATE_TYPE>",
  "body": "<ATTESTATION_BODY>"
}

Fields

The attestation document is represented as a JSON object with the following fields: format string (TypeURI), required
URI identifying the type of attestation format. This URI is identical to the predicate TypeURI field in the enclave’s Sigstore attestations, conformant to in-toto.io/Statement/v1.
body string, required
Base64 encoding of the gzip-compressed hardware attestation report. The report embeds user data whose structure depends on the format version:
  • v1 formats: 32-byte TLS public key fingerprint (SHA-256)
  • v2 formats: 32-byte TLS public key fingerprint + 32-byte HPKE public key
Both v1 and v2 predicates use the same register format per below.

Supported Formats

Tinfoil currently supports the following remote attestation formats:

AMD SEV-SNP Guest Attestation

Format URI: https://tinfoil.sh/predicate/sev-snp-guest/VERSION The attestation format is the base64 encoding of the attestation report structure defined by the AMD SEV-SNP specification. Registers:
  • Register 0: SEV-SNP launch measurement

Intel TDX Guest Attestation

Format URI: https://tinfoil.sh/predicate/tdx-guest/VERSION The attestation format contains TDX-specific measurements including MRTD (Measurement Register of Trust Domain) and RTMRs (Runtime Measurement Registers). Registers: (follow TDX standard)
  • Register 0: MRTD
  • Register 1: RTMR0
  • Register 2: RTMR1
  • Register 3: RTMR2
  • Register 4: RTMR3 (empty)

SNP-TDX Multi-Platform Attestation

Format URI: https://tinfoil.sh/predicate/snp-tdx-multiplatform/VERSION A unified attestation format that supports both AMD SEV-SNP and Intel TDX platforms within a single measurement structure. This format enables cross-platform verification and measurement comparison between SEV-SNP and TDX hardware attestations. Registers:
  • Register 0: SEV-SNP launch measurement (equivalent to https://tinfoil.sh/predicate/sev-snp-guest/v1 register 0)
  • Register 1: TDX RTMR1
  • Register 2: TDX RTMR2

Hardware Measurements

Format URI: https://tinfoil.sh/predicate/hardware-measurements/VERSION A generic hardware measurement format for attestation documents that contain platform-specific measurement registers and verification data.