README
ΒΆ
Tinfoil Verifier
Portable remote-attestation verifier & secure HTTP client for enclave-backed services.
Overview
Tinfoil Verifier is a Go library that verifies the integrity of remote enclaves (AMD SEV-SNP & Intel TDX) and binds that verification to TLS connections.βIt also ships a drop-in secure http.Client that performs attestation transparently.
Features
- π Hardware-rooted remote attestation for SEV-SNP & TDX
- π¦ Self-contained with no external attestation service
- πΈ Secure HTTP client with automatic certificate pinning
- π‘ Sigstore integration for reference measurements
- π§βπ» WASM build for browser/nodejs
Installation
go get github.com/tinfoilsh/verifier@latest
Note Until
go-sev-guestupstreams a required feature, add the temporary replace directive:go mod edit -replace github.com/google/go-sev-guest=github.com/tinfoilsh/go-sev-guest@v0.0.0-20250704193550-c725e6216008
Quick Start
import "github.com/tinfoilsh/verifier/client"
// 1. Create a client
tinfoilClient, err := client.NewDefaultClient()
// 2. Perform HTTP requests β attestation happens automatically
resp, err := tinfoilClient.Get("/api/data", nil)
To verify manually and expose the verification state:
state, err := tinfoilClient.Verify() // β³ returns *client.State with details
Secure HTTP Client
The client package wraps net/http and adds:
- Attestation gate β the first request verifies the enclave.
- TLS pinning β the enclave-generated certificate fingerprint is pinned for the session.
- Round-tripping helpers β convenience
Get,Post, and genericDomethods.
headers := map[string]string{"Content-Type": "application/json"}
body := []byte(`{"key": "value"}`)
resp, err := cli.Post("/api/submit", headers, body)
For advanced usage retrieve the underlying *http.Client:
httpClient, err := tinfoilClient.HTTPClient()
Remote Attestation
Tinfoil Verifier currently supports two platforms:
| Platform | Technique | Docs |
|---|---|---|
| AMD SEV-SNP | VCEK certificates & SNP report validation | AMD Spec |
| Intel TDX | TDX quote validation & TD report checks | Intel Guide |
Verification Flow
sequenceDiagram
participant Client
participant Enclave
participant TrustRoot
participant Sigstore
Client->>Enclave: Request attestation
Enclave-->>Client: Report + TLS pubkey
Client->>TrustRoot: Verify signature chain
Client->>Sigstore: Fetch reference measurement
Client->>Client: Compare measurements & pin cert
JavaScript / WASM
The same verifier is compiled to WebAssembly and published as verifier-js for use in browser or Node.js.
Auditing Guide
- Certificate chain β see
/attestation/genoa_cert_chain.pem - Attestation logic β start with
/attestation/attestation.goand platform files: - Measurement matching β inspect
/sigstore/sigstore.go
Reporting Vulnerabilities
Please report security vulnerabilities by emailing contact@tinfoil.sh
We aim to respond to security reports within 24 hours and will keep you updated on our progress.
Directories