Remote Attestation Document Specification
Tinfoil Enclaves serve the remote attestation document (RAD) over HTTP at the well known endpoint /.well-known/tinfoil-attestation.
The document is a JSON object containing a type and a signed enclave remote attestation payload.
Schema
Fields
The RAD is represented as a JSON object with the following fields:
format string (TypeURI), required
URI identifying the type of attestation format. This URI is identical to the predicate TypeURI field in the enclave’s Sigstore attestations, conformant to in-toto.io/Statement/v1.
body string, required
The attestation document body containing the measurements and verification data. Format and content requirements depend on the specified attestation format.
Supported Formats
Tinfoil currently supports the following remote attestation formats:
AMD SEV-SNP Guest Attestation v1
Format URI: https://tinfoil.sh/predicate/sev-snp-guest/v1
AMD SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging) provides hardware-based memory encryption and integrity protection for virtual machines. The attestation format is the base64 representation of the AMD SEV-SNP Guest Attestation specification.
AWS Nitro Enclave Attestation v1
Format URI: https://tinfoil.sh/predicate/aws-nitro-enclave/v1
AWS Nitro Enclaves provide isolated compute environments to protect and process highly sensitive data. The attestation format is the base64 representation of the AWS Nitro Enclave attestation specification.