Verifiers for proofofcloud.org. A simple API backend to verify TEE attestation reports and query hardware IDs.
- Intel DCAP Support: Verify Intel TDX and SGX attestations (via Phala Cloud API)
- Extensible Architecture: Easy to add AMD SEV-SNP and AWS Nitro Enclave verifiers
- Simple API: Two straightforward endpoints for verification and hardware ID queries
- TypeScript: Full type safety with Hono framework
- Node.js 18+ or Bun
- npm or yarn
npm installnpm run devThe server will start on http://localhost:3000 with hot reload enabled.
npm startnpm testThe test verifies Intel DCAP attestation using a real quote from tests/quote-no-poc.bin. It demonstrates:
- Reading binary quote files and converting to hex
- Calling the verification API
- Parsing all returned fields (header, body, certificates, etc.)
POST /attestations/verify
Verify a TEE attestation quote and check if it passes Proof-of-Cloud verification.
Request:
curl -X POST "http://localhost:3000/attestations/verify" \
-H "Content-Type: application/json" \
-d '{"type": "intel", "hex": "0x040002000..."}'Request Body:
{
"type": "intel",
"hex": "0x040002000..."
}Response (Success):
{
"success": true,
"quote": {
"verified": true,
"header": {
"tee_type": "TEE_TDX"
}
},
"proof_of_cloud": true
}Response (Error):
{
"success": false,
"error": "verification_failed",
"message": "Intel DCAP verification failed: ..."
}Similarly, for AMD SEV-SNP you can do:
curl -X POST "http://localhost:3000/attestations/verify" \
-H "Content-Type: application/json" \
-d '{
"type": "amd",
"hex": "0xdeadbeef..."
}'Response (Success):
{
"success": true,
"quote": {
"verified": true,
"header": {
"tee_type": "TEE_AMD_SEV_SNP"
}
},
"proof_of_cloud": true
}GET /hardware_id/:id
Query if a hardware ID is verified and accepted by Proof-of-Cloud.
Request:
curl "http://localhost:3000/hardware_id/abc123"Response (Found):
{
"success": true
}Response (Not Found):
{
"success": false,
"error": "not_found",
"message": "Hardware ID 'abc123' is not verified"
}GET /
Check service status and available endpoints.
Response:
{
"name": "Proof-of-Cloud Verifiers",
"version": "1.0.0",
"status": "running",
"endpoints": {
"attestation_verify": "POST /attestations/verify",
"hardware_check": "GET /hardware_id/:id"
}
}Simple, flat structure - just ~130 lines of code:
src/
├── index.ts # Main app (50 lines)
├── verifiers.ts # Verification functions (53 lines)
├── hardware.ts # Hardware registry (17 lines)
└── types.ts # Type definitions (9 lines)
| Vendor | Status | Notes |
|---|---|---|
| Intel TDX/SGX | ✅ Implemented | Via Phala Cloud API |
| AMD SEV-SNP | ✅ Implemented | Via Nillion verifier |
| AWS Nitro | 🚧 Stub | Contributors welcome |
We welcome contributions to add support for additional TEE vendors!
Add a function to src/verifiers.ts that takes a string input and returns an AttestationResponse:
export async function verifyYourTee(input: string): Promise<AttestationResponse> {
// Call your verification API or implement verification logic
return {
success: true,
proof_of_cloud: true,
quote: detaildQuoteData,
};
}Then update src/index.ts to call your verifier. You can add a type field to the request, auto-detect from hex format, or try verifiers sequentially. See the existing verifyIntelDcap() implementation for reference.
Apache 2.0