Skip to content

2.0.0b1 — TEE-attestation bridge (experimental preview)

Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 03 Jul 06:45

Warning

Research preview — not the recommended install. The stable v1.x line is the product;
pip install proofbundle will never pull this pre-release (PEP 440). This beta exists to
be reviewed, not to be trusted. Install only via:
pip install --pre "proofbundle[experimental]"

What this preview explores

Offline verification of TEE attestation results (proofbundle.experimental.enclave):
following the IETF RATS Passport model (RFC 9334),
a Verifier appraises raw TEE evidence out of band and signs an EAT
(RFC 9711); proofbundle verifies that token
offline and checks it is cryptographically bound to a specific receipt
(eat_nonce == enclave_binding_for(receipt)). CLI: proofbundle verify-enclave.

Note

Honest scope: proofbundle does not parse or appraise raw hardware evidence — that is
the Verifier's role. It verifies the Verifier's signed result and the receipt binding.
It does not prove the enclave is genuine, and never will claim to.

Deliberately hard to misuse

  • Lives under proofbundle.experimentalnot re-exported from the top-level package
  • Emits an ExperimentalWarning on import; the stable v1 core imports none of it
  • Doubly gated: pre-release channel and [experimental] extra
  • Promotion to 2.0.0 only after the preview stabilises and, ideally, an external audit
Verification discipline

320 tests (303 v1.9.1 base + 16 enclave + 1 EAT fuzz case) — including an adversarial red
matrix: wrong verifier key, cross-receipt binding, alg=none, typ confusion, profile
mismatch, claim tamper, garbage input. Mutation gate: 31 operators, all killed.
No wire-format or behavior change to any v1 path.

Docs: EXPERIMENTAL_ENCLAVE.md ·
example

Full Changelog: v1.9.1...v2.0.0b1