Skip to content

prem-research/reticle

BranchesTags

Repository files navigation

reticle

Hardware attestation stack for confidential computing environments.

Verifies the integrity of CPUs (AMD SEV-SNP, Intel TDX) and GPUs (NVIDIA) through cryptographic attestation.

Includes an attestation server serving REST APIs and a portable SDK with support for Node.js, Bun, Deno, and browser runtimes.

Architecture

┌─────────────────────────────────────────────────────┐
│                  attestation-server                 │  REST API
│              runtime module detection               │
└──────┬──────────────┬──────────────┬────────────────┘
       │              │              │
┌──────▼─────┐ ┌──────▼─────┐ ┌──────▼─────────┐  ┌───────────┐
│ snp-attest │ │ tdx-attest │ │ nvidia-attest  │  │ libattest │ (Core primitives)
│  AMD SNP   │ │ Intel TDX  │ │  GPU (EAT/JWT) │  └───────────┘
└──────┬─────┘ └──────┬─────┘ └──────┬─────────┘
       │              │              │
       └──────────────┼──────────────┘
                      |
                      │
                ┌─────▼─────┐
                │  reticle  │  Unified WASM SDK
                └───────────┘
Crate Description
libattest Core library: nonce generation, pluggable VerificationRule trait, module detection
snp-attest AMD SEV-SNP attestation — report generation & verification via X.509 cert chains
tdx-attest Intel TDX attestation — DCAP quote verification via Intel PCS
nvidia-attest NVIDIA GPU attestation — EAT/JWT token parsing & signature verification
reticle Unified WASM SDK aggregating all modules, published to npm
attestation-server REST server with runtime hardware detection

Prerequisites

  • Rust toolchain (stable)
  • CMake and a C++ compiler (for NVIDIA attestation SDK)
  • libssl-dev, pkg-config
  • wasm-pack (for WASM builds)
  • Optional: libtss2-dev (for AMD SEV-SNP with Hyper-V support)

Build

NVIDIA C++ SDK

make nvidia-cpp-sdk

This clones, builds, and installs the NVIDIA attestation SDK (libnvat).

Rust binaries

make bins

Optionally build a specific package or feature set:

make bins PACKAGE=snp-attest FEATURES=hyperv

WASM SDK

make wasm

Produces the @premai/reticle npm package in reticle/pkg/.

Docker (attestation-server)

The attestation server ships as a Docker image built via the CI pipeline. See attestation-server/Dockerfile.

Development

Testing the WASM SDK locally

  1. Build the WASM package: 
    make wasm
  2. Link the local package: 
    cd reticle/pkg && npm link
  3. Use it in an example: 
    cd examples/bun && bun link @premai/reticle

Running the attestation server

cargo run -p attestation-server

The server auto-detects available hardware modules (SEV-SNP, TDX, NVIDIA GPU) and exposes matching endpoints under /attestation/.

API

Endpoint Description
GET /attestation/modules Lists available attestation modules on this host
CPU attestation routes Dynamically registered based on detected CPU TEE (SNP or TDX)
GPU attestation routes Registered when NVIDIA GPU module is available

License

See LICENSE.

About

Hardware attestation stack for confidential computing — AMD SEV-SNP, Intel TDX and NVIDIA GPU verification via REST API. Rust, NodeJS and WASM

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

6 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages