To generate and verify Intel SGX/TDX quotes, Intel provides a Quote Provider Library (QPL). This library comes in two parts:
-
Quote Generation
Generate an SGX/TDX quote using Intel's secure processor.
-
Quote Verification
Verify a quote issued by an SGX/TDX TEE
This repo provides a simple Go library to enable these features and is used by Constellation to enable TDX attestation.
-
The current version is based on DCAP 1.15. It has been tested with the kernel and libraries from the tdx-tools release 2023ww01. Given that the UAPI for TDX is yet to be finished and upstreamed, newer versions might not be supported.
-
This library only supports a subset of the PCS API v4. SGX and other versions of the API are not supported and currently out of scope.
In case you encounter any issues despite the known restrictions, feel free to open an issue.
An example quote can be found here. Other example and test data can also be found in the blobs directory, or alternatively directly from Intel's DCAP repo.
Take a look at the generate example.
Take a look at the verify example.
This project is based on code from Intel(R) Software Guard Extensions Data Center Attestation Primitives, which is licensed under the BSD license.