Portable remote-attestation verifier & secure HTTP client for enclave-backed services.
Tinfoil Verifier is a Go library that verifies the integrity of remote enclaves (AMD SEV-SNP & Intel TDX) and binds that verification to TLS connections. It also ships a drop-in secure http.Client that performs attestation transparently.
- Hardware-rooted remote attestation for AMD SEV-SNP & Intel TDX
- Self-contained with no external attestation service
- Secure HTTP client with automatic TLS certificate pinning
- Sigstore integration for code provenance verification
- Attested HPKE public keys for use with EHBP clients
- WASM build for browser/Node.js environments
- Swift bindings via gomobile for iOS/macOS integration
go get github.com/tinfoilsh/verifier@latestimport "github.com/tinfoilsh/verifier/client"
// 1. Create a client
tinfoilClient := client.NewSecureClient("enclave.example.com", "org/repo")
// 2. Perform HTTP requests – attestation happens automatically
resp, err := tinfoilClient.Get("/api/data", nil)
if err != nil {
log.Fatal(err)
}
log.Printf("Status: %s, Body: %s", resp.Status, string(resp.Body))To verify manually and expose the verification state:
groundTruth, err := tinfoilClient.Verify()
if err != nil {
log.Fatal(err)
}
// Access verified measurements and keys
log.Printf("TLS Cert Fingerprint: %s", groundTruth.TLSPublicKey)
log.Printf("HPKE Public Key: %s", groundTruth.HPKEPublicKey)The client package wraps net/http and adds:
- Attestation gate – the first request verifies the enclave.
- TLS pinning – the enclave-generated certificate fingerprint is pinned for the session.
- Round-tripping helpers – convenience
Get,Postmethods.
headers := map[string]string{"Content-Type": "application/json"}
body := []byte(`{"key": "value"}`)
resp, err := tinfoilClient.Post("/api/submit", headers, body)For advanced usage retrieve the underlying *http.Client:
httpClient, err := tinfoilClient.HTTPClient()Tinfoil Verifier currently supports two platforms:
| Platform | Technique | Docs |
|---|---|---|
| AMD SEV-SNP | VCEK certificates & SNP report validation | AMD Spec |
| Intel TDX | TDX quote validation & TD report checks | Intel Guide |
sequenceDiagram
participant Client
participant Enclave
participant TrustRoot
participant Sigstore
Client->>Enclave: Request attestation
Enclave-->>Client: Report + TLS pubkey
Client->>TrustRoot: Verify signature chain
Client->>Sigstore: Fetch reference measurement
Client->>Client: Compare measurements & pin cert
Note: The Bundled Verification flow aggregates all these steps into a single request via Tinfoil ATC.
You can fetch a pre-aggregated bundle from Tinfoil ATC (air-traffic-control) that contains all verification data in a single request:
Note: Bundled verification currently supports AMD SEV-SNP only. Intel TDX support is coming soon.
// Single-request verification via ATC
groundTruthJSON, err := client.VerifyFromATCJSON("org/repo", nil)
if err != nil {
log.Fatal(err)
}
// Or via your own bundle proxy URL
groundTruthJSON, err := client.VerifyFromATCURLJSON("https://proxy.example.com", "org/repo", nil)If you've already fetched the bundle yourself:
groundTruthJSON, err := client.VerifyFromBundleJSON(bundleJSON, "org/repo", nil)For production JavaScript/TypeScript applications, use the tinfoil-js package, which provides:
- OpenAI-compatible API with built-in verification
- Native JavaScript verification implementation
- EHBP (Encrypted HTTP Body Protocol) for end-to-end encryption
- Support for browsers, Node.js 20+, Deno, Bun, and Cloudflare Workers
- Comprehensive verification reporting with step-by-step diagnostics
npm install tinfoilSee the tinfoil-js documentation for usage examples.
Recommended: For browser verification, use tinfoil-js instead. See the JavaScript SDK documentation for details.
For custom integrations requiring the Go verification logic in browsers, you can use the WASM verifier directly. Built from the same Go source code, it's compiled to WebAssembly to run natively in browsers.
When new versions are tagged, our GitHub Actions workflow automatically:
- Compiles the Go verification logic to WebAssembly
- Generates versioned WASM files with integrity guarantees
- Deploys them to GitHub Pages for secure, cached distribution
- Updates version tags so clients always load the correct module
The WASM verifier is hosted at:
https://tinfoilsh.github.io/verifier/tinfoil-verifier.wasm
Include the Go WASM runtime and load the verifier:
<script src="wasm_exec.js"></script>
<script>
// Load the WASM verifier
const go = new Go();
WebAssembly.instantiateStreaming(
fetch("https://tinfoilsh.github.io/verifier/tinfoil-verifier.wasm"),
go.importObject
).then((result) => {
go.run(result.instance);
// Complete end-to-end verification (recommended)
verify("inference.example.com", "tinfoilsh/confidential-llama-qwen")
.then(groundTruthJSON => {
const groundTruth = JSON.parse(groundTruthJSON);
console.log("TLS Cert Fingerprint:", groundTruth.tls_public_key);
console.log("HPKE Public Key:", groundTruth.hpke_public_key);
console.log("Verification successful!");
})
.catch(error => {
console.error("Verification failed:", error);
});
});
</script>- Certificate chain – see
/attestation/genoa_cert_chain.pem - Attestation verification – platform-specific attestation logic:
/attestation/sev.go– AMD SEV-SNP attestation/attestation/tdx.go– Intel TDX attestation
- Measurement comparison – see
Measurement.Equals()in/attestation/attestation.go - Code provenance verification – Sigstore/Rekor integration in
/sigstore/sigstore.go - End-to-end verification flow –
client.Verify()in/client/client.go
Please report security vulnerabilities by either:
-
Emailing [email protected]
-
Opening an issue on GitHub on this repository
We aim to respond to (legitimate) security reports within 24 hours.