The CMC repository provides software to enable remote attestation of computing platforms, as well as secure attested TLS and HTTPS channels between those platforms. Currently, the CMC repository supports Trusted Platform Modules (TPMs), AMD SEV-SNP, Intel SGX, as well as Intel TDX. The goal is to make attestation easy for verifiers without prior knowledge of the peer's software stack. This is achieved through a set of trusted CAs and self-contained attestation reports that include signed metadata and reference hash values.
A detailed description of the architecture can be found in our paper and in the documentation
Refer to Setup for instructions on how to setup, build, configure and run the CMC on various hardware platforms.
For a quick demo without installing software or requiring actual hardware, use Docker and the Virtual Machine (VM) with attached swTPM as described in Setup.
The following contents can be found in the doc folder:
For detailed instructions on how to setup TPM, Intel SGX, Intel TDX or AMD SEV-SNP platforms including PKI and metadata generation, refer to the Setup Documentation
See Build And Install Documentation for instructions on how to build and install the go binaries.
For configuring and running the go binaries, refer to the Run Documentation.
An overview of the architecture is given in Architecture.
Detailed information on how to generate, sign and parse metadata is given in Metadata.
Refer to Developer Documentation for instructions on developing custom applications using attested TLS or attested HTTPS, as well as for developing the CMC.
For an alternative demo setup with a more complex PKI and policies based on the requirements of the International Data Spaces (IDS), see IDS Example Setup