{"id":28380678,"url":"https://github.com/0xsequence/tee-verifier","last_synced_at":"2025-06-24T21:31:18.453Z","repository":{"id":288603404,"uuid":"968169849","full_name":"0xsequence/tee-verifier","owner":"0xsequence","description":"TEE Verifier","archived":false,"fork":false,"pushed_at":"2025-04-25T16:48:20.000Z","size":20,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-06-06T03:39:57.354Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xsequence.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-17T16:11:46.000Z","updated_at":"2025-04-25T16:48:12.000Z","dependencies_parsed_at":"2025-04-19T02:22:59.605Z","dependency_job_id":"38fa8f31-673d-4699-82d1-99d911f16f54","html_url":"https://github.com/0xsequence/tee-verifier","commit_stats":null,"previous_names":["0xsequence/tee-verifier"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/0xsequence/tee-verifier","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xsequence%2Ftee-verifier","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xsequence%2Ftee-verifier/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xsequence%2Ftee-verifier/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xsequence%2Ftee-verifier/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xsequence","download_url":"https://codeload.github.com/0xsequence/tee-verifier/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xsequence%2Ftee-verifier/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261759078,"owners_count":23205491,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-30T03:09:03.402Z","updated_at":"2025-06-24T21:31:18.444Z","avatar_url":"https://github.com/0xsequence.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# TEE verifier\n\nLibrary and CLI tool for verifying TEE (Trusted Execution Environment) enclave attestations. Currently only AWS Nitro Enclaves is supported.\n\n## Install\n\nInstall using Go:\n\n```\ngo install github.com/0xsequence/tee-verifier/cmd/tee-verifier@latest\n```\n\nOr, build from source and install (Linux \u0026 macOS only):\n\n```\ngit clone https://github.com/0xsequence/tee-verifier\ncd tee-verifier\nmake\nsudo make install\n```\n\n## CLI usage\n\nExample verifying the [Sequence WaaS enclave](https://github.com/0xsequence/waas-authenticator) attestation:\n\n```\ntee-verifier https://waas.sequence.app/health\n```\n\nYou can compare the PCR0 attested by the deployed service against the measurement listed at https://github.com/0xsequence/waas-authenticator/releases. Building the application from source at the specific git tag should result in the same PCR0 measurement. Read more about the way attestation works below.\n\n### Full usage:\n\n```\nNAME:\n   tee-verifier - Verify enclave attestation documents\n\nUSAGE:\n   tee-verifier [global options] URL\n\nGLOBAL OPTIONS:\n   --json                    output in JSON format (default: false)\n   --pcr0 string             expected PCR0 value\n   --nonce string            expected nonce\n   --data string, -d string  HTTP POST data\n   --version, -v             show version information\n   --help, -h                show help\n```\n\n## How it works\n\nApplications like [Sequence WaaS](https://github.com/0xsequence/waas-authenticator) run inside a secure, isolated environment known as a **Nitro Enclave**, built on the [AWS Nitro system](https://aws.amazon.com/ec2/nitro/). The Nitro Enclave ensures strong isolation and allows cryptographic attestation of the software running inside it.\n\nTo verify the enclave’s integrity, the Nitro Hypervisor generates cryptographic **measurements** of the enclave image. One such measurement, **PCR0**, is a SHA-384 hash over the entire initial image file loaded into the enclave. These measurements are included in an **attestation document**, which is cryptographically signed by a certificate chain rooted at the Amazon CA. [AWS's cryptographic attestation documentation](https://docs.aws.amazon.com/enclaves/latest/user/set-up-attestation.html) explains this process in more detail.\n\nThe attestation document is a Base64-encoded [COSE_Sign1](https://datatracker.ietf.org/doc/html/rfc8152) structure, with content in CBOR format. It includes several fields that are signed using a leaf certificate, which is itself signed by the full certificate chain (the `CABundle`) leading to the AWS root certificate.\n\nKey attested fields include:\n\n- `Timestamp`: Time the attestation was generated\n- `PCRs`: Platform Configuration Register values, including PCR0\n- `Certificate`: The leaf certificate used to sign the COSE structure\n- `CABundle`: Full certificate chain ending with the AWS root certificate\n- `Nonce`: A random value included by the verifier to ensure freshness; matches the `X-Attestation-Nonce` HTTP request header\n- `UserData`: Application-specific field; in Sequence’s case, this contains a content hash representing the request and response, ensuring binding to a specific transaction\n\nEach request to a Sequence enclave triggers a fresh attestation, which is returned in the `X-Attestation-Document` HTTP response header.\n\nThe verifier performs multiple levels of validation:\n\n1. **Semantic validation**: The attestation’s structure and field presence are verified\n2. **PCR validation**: Measured PCRs are compared against expected values, ensuring the enclave runs the intended code\n3. **Signature validation**: The COSE signature is verified using the included certificate\n4. **Certificate chain validation**: The chain is validated up to the root, ensuring trust in the signer\n5. **Root of trust validation**: The fingerprint of the root certificate is compared against [AWS's published CA fingerprint](https://docs.aws.amazon.com/enclaves/latest/user/verify-root.html#validation-process)\n6. **Content binding and replay prevention**: `UserData` must contain the expected request/response hash, and `Nonce` must match the original request header, preventing reuse of attestations across requests\n\n\n### UserData format\n\nSyntax:\n\n```\n\"Sequence/1:\" + base64(sha256(HttpMethod + \" \" + HttpPath + \"\\n\" + RequestBody + \"\\n\" + ResponseBody))\n```\n\n## Acknowledgements\n\n- https://github.com/anjuna-security/go-nitro-attestation\n- https://aws.amazon.com/blogs/compute/validating-attestation-documents-produced-by-aws-nitro-enclaves/\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xsequence%2Ftee-verifier","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xsequence%2Ftee-verifier","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xsequence%2Ftee-verifier/lists"}