TrustFlow Attestation Library provides the ability to generate and verify remote attestation reports for different TEE hardware devices. Currently, it supports Intel SGX2, Intel TDX and Hygon CSV.
Bazel supports building the generation and verification modules for the Linux platform.
Compiling the verification module
bazel build //trustflow/attestation/verification/wrapper:libverification.so -c opt
The generated path for libverification.so is bazel-bin/trustflow/attestation/verification/wrapper/libverification.so
Compiling the generation module
Because the generation needs to be bound to a specific TEE platform, you need to specify the platform type when compiling:
Intel SGX2 and running with Occlum: --define tee_type=sgx2
Intel TDX: --define tee_type=tdx
Hygon CSV: --define tee_type=csv
For example, Intel TDX:
bazel build --define tee_type=tdx //trustflow/attestation/generation/wrapper:libgeneration.so -c opt
The generated path for libgeneration.so is bazel-bin/trustflow/attestation/generation/wrapper/libgeneration.so
CMake currently only supports compiling the verification module using WebAssembly to enable remote attestation execution on the Web.
cmake -H. -Bbuild
cd build && make
The generated JS file path is trustflow/attestation/verification/trustflow_verifier.js
For sample code using this JS file, refer to here
Currently supports C/C++, Python, Rust