Skip to main content
Tinfoil Enclaves serve the remote attestation document (RAD) over HTTP at the well known endpoint /.well-known/tinfoil-attestation. The document is a JSON object containing a type and a signed enclave remote attestation payload.

Schema

{
  "format": "<PREDICATE_TYPE>",
  "body": "<ATTESTATION_BODY>"
}

Fields

The RAD is represented as a JSON object with the following fields: format string (TypeURI), required
URI identifying the type of attestation format. This URI is identical to the predicate TypeURI field in the enclave’s Sigstore attestations, conformant to in-toto.io/Statement/v1.
body string, required
The attestation document body containing the measurements and verification data. Format and content requirements depend on the specified attestation format.
  • v1 formats: Contains only the TLS key fingerprint as a hex-encoded string
  • v2 formats: Contains the TLS key fingerprint + optionally 32 bytes HPKE public key Both v1 and v2 predicates use the same register format per below.

Supported Formats

Tinfoil currently supports the following remote attestation formats:

AMD SEV-SNP Guest Attestation

Format URI: https://tinfoil.sh/predicate/sev-snp-guest/VERSION AMD SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging) provides hardware-based memory encryption and integrity protection for virtual machines. The attestation format is the base64 representation of the AMD SEV-SNP Guest Attestation specification. Registers:
  • Register 0: SEV-SNP launch measurement

Intel TDX Guest Attestation

Format URI: https://tinfoil.sh/predicate/tdx-guest/VERSION Intel TDX (Trust Domain Extensions) provides hardware-based isolation for virtual machines using Intel’s CPU security features. The attestation format contains TDX-specific measurements including MRTD (Measurement Register of Trust Domain) and RTMRs (Runtime Measurement Registers). Registers: (follow TDX standard)
  • Register 0: MRTD
  • Register 1: RTMR0
  • Register 2: RTMR1
  • Register 3: RTMR2
  • Register 4: RTMR3 (empty)

SNP-TDX Multi-Platform Attestation

Format URI: https://tinfoil.sh/predicate/snp-tdx-multiplatform/VERSION A unified attestation format that supports both AMD SEV-SNP and Intel TDX platforms within a single measurement structure. This format enables cross-platform verification and measurement comparison between SEV-SNP and TDX hardware attestation technologies. Registers:
  • Register 0: SEV-SNP launch measurement (equivalent to https://tinfoil.sh/predicate/sev-snp-guest/v1 register 0)
  • Register 1: TDX RTMR1
  • Register 2: TDX RTMR2

Hardware Measurements

Format URI: https://tinfoil.sh/predicate/hardware-measurements/VERSION A generic hardware measurement format for attestation documents that contain platform-specific measurement registers and verification data.