Tinfoil Enclaves serve the remote attestation document (RAD) over HTTP at the well known endpoint /.well-known/tinfoil-attestation. The document is a JSON object containing a type and a signed enclave remote attestation payload.

Schema

{
  "format": "<PREDICATE_TYPE>",
  "body": "<ATTESTATION_BODY>"
}

Fields

The RAD is represented as a JSON object with the following fields: format string (TypeURI), required
URI identifying the type of attestation format. This URI is identical to the predicate TypeURI field in the enclave’s Sigstore attestations, conformant to in-toto.io/Statement/v1.
body string, required
The attestation document body containing the measurements and verification data. Format and content requirements depend on the specified attestation format.

Supported Formats

Tinfoil currently supports the following remote attestation formats:

AMD SEV-SNP Guest Attestation v1

Format URI: https://tinfoil.sh/predicate/sev-snp-guest/v1 AMD SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging) provides hardware-based memory encryption and integrity protection for virtual machines. The attestation format is the base64 representation of the AMD SEV-SNP Guest Attestation specification.

AWS Nitro Enclave Attestation v1

Format URI: https://tinfoil.sh/predicate/aws-nitro-enclave/v1 AWS Nitro Enclaves provide isolated compute environments to protect and process highly sensitive data. The attestation format is the base64 representation of the AWS Nitro Enclave attestation specification.