Skip to main content
Turnkey Verified is a new feature launched in Turnkey’s dashboard and Embedded Wallet Kit. As outlined in our Whitepaper, Turnkey deploys software in secure enclaves and can remotely attest to the software running inside of them. We’ve done this since day one, internally: remote attestations are at the core of our deployment process and are a crucial tool to ensure Turnkey operators are provisioning enclaves with the correct configuration. For the first time we’re exposing proofs produced by our TEEs to the outside world. Turnkey’s infrastructure produces two types of proofs: Boot Proofs and App Proofs.

Boot Proof

A Boot Proof is a proof that a particular AWS Nitro Enclave has booted with a particular configuration. A Boot Proof contains:
  • An AWS attestation document, which contains AWS-level information: PCR measurements, certificate chain, public key, and user data.
  • A signed QOS manifest which contains information about the application running in this particular enclave: binary hash and arguments, operator public keys, quorum public key, and more.

App Proofs

An App Proof is a signature produced by an enclave Ephemeral Key to prove application-specific facts about functionality. What is an Ephemeral Key? Upon boot, enclaves create a unique Ephemeral Key which never leaves the enclave. As a result, data signed by an Ephemeral Key proves that it was signed by a particular machine. We envision enclave applications will need to prove many different types of facts about processed inputs, or about their outputs, or both. For this reason we’re standardizing App Proof content (the “message” that is signed by Ephemeral Keys) to be strictly typed: each App Proof must have a well-defined type (“proof type”), and a well-defined schema for any data associated with that proof. To summarize: App Proofs contain JSON payloads, serialized and signed by enclave Ephemeral Keys.

Claims and verification

Boot Proofs are application-agnostic. They prove 3 claims:
  • A particular machine is a legitimate AWS Nitro Enclave. This can be verified by checking the signature of the attestation and the associated certificate bundle: it contains a chain of certificates going up to the root certificate for the commercial AWS partitions (can be downloaded from https://aws-nitro-enclaves.amazonaws.com/AWS_NitroEnclaves_Root-G1.zip).
  • A particular machine is running within Turnkey’s AWS account. This can be verified by looking at the PCR3 measurement inside of the AWS attestation document. It should be b798abfdbd591d5e1b7db6485a6de9e65100f5796d9e3a2bd7c179989cd663338b567162974974fbcc45d03847e70d8b (this is the sha384 digest of the parent instance role: arn:aws:iam::705331783682:role/talos-worker. The role is talos-worker because Turnkey uses a Talos-based Kubernetes cluster to deploy all software, including enclave software).
  • A particular machine runs the correct, expected software. This can be verified in a few steps:
    • Verify that PCR0, PCR1, and PCR2 values are correct and match a known QOS version. You can reproduce these hashes yourself or look at our tkhq/core-enclaves repository for known good values.
    • Verify that the AWS attestation document’s user_data is the digest of the QOS manifest, to ensure you are looking at the correct QOS manifest.
    • Parse the QOS manifest and inspect it to find the digest of the application.
    • Verify this digest against known good digests published in our tkhq/core-enclaves repository.
App Proofs and Boot Proofs are linked together by the public_key field of the AWS attestation document. So, in addition to proving the key claims outlined above, a Boot Proof proves the validity of all App Proofs signed by the Ephemeral Key it references. In other words, a Boot Proof attests to the fact that the public key referenced in its public_key field is indeed the Ephemeral Key of a particular enclave, provisioned with a very specific configuration, operating system, and application. Verifying an App Proof thus involves 3 simple steps:
  • Verify that the App Proof public key matches the public_key field of a valid Boot Proof.
  • Verify the App Proof signature validity (standard P-256 signature verification)
  • Parse the content of the App Proof payload (JSON) and use the data within it to verify claimed facts (see below for an example).

Use cases

The use-case we’re starting with is address derivation. Turnkey Verified will automatically fetch and verify proofs for you when new wallets are created through Turnkey’s Embedded Wallet Kit, or via Turnkey’s dashboard. Under the covers, App Proof payloads are human-readable and look like the following:
{
  "type": "APP_PROOF_TYPE_ADDRESS_DERIVATION",
  "timestampMs": "1758909116",
  "addressDerivationProof": {
    "organizationId": "your-organization-id",
    "walletId": "your-wallet-id",
    "derivationPath": "m/44'/60'/0'/0/0",
    "address": "0x61f4Ec0630DD50F1393cbDB60e5ccA1ed98f5100"
  }
}
Enclave applications sign these payloads to produce App Proofs. For example:
{
  "scheme": "SIGNATURE_SCHEME_EPHEMERAL_KEY_P256",
  // Fake Ephemeral Public Key used for demonstration purposes
  "publicKey": "04dc8333ff552b2ffa91d410c10ad0ae36055a9232f176e07f115db460aafbb959057834d367d1724b699b56bd2fd5ca30d3ee755f93c68c24a67e8e60bf37c7dd045417fb43faadacd8471cfbbf3733f4b4ea5602b9d84d3731d581fe7a69b7de42a025e5f63b8580bdb38c76b8ac3c2ae17ed047993c19835eca0491753de52f01",
  // Serialized payload matching the example from above
  "proofPayload":"{\"type\":\"APP_PROOF_TYPE_ADDRESS_DERIVATION\",\"timestampMs\":\"1758909116\",\"addressDerivationProof\":{\"organizationId\":\"your-organization-id\",\"walletId\":\"your-wallet-id\",\"derivationPath\":\"m/44'/60'/0'/0/0\",\"address\":\"0x61f4Ec0630DD50F1393cbDB60e5ccA1ed98f5100\"}}",
  // P-256 signature by the Ephemeral Key over the proofPayload (JSON) bytes
  "signature":"ecdff31d3543cd65cc9c9f8e4e758be226243b212d44426a8f9e8fefe7ba2a95410a661818560b43e92404a2ec6e6dcbe2bb79e329be0b4df441ba715d6fce44"
}
By combining App Proof and Boot Proof verification, Turnkey Verified guarantees that your crypto address was derived:
  • in the context of your Turnkey organization
  • with Turnkey’s signer application
  • inside of a legitimate and precise version of QuorumOS
  • inside of a legitimate AWS Nitro Enclave
  • inside Turnkey’s canonical AWS production account

Open-source tooling

We have written open-source code in our Rust SDK and Typescript SDK to verify App Proofs and Boot Proofs. This logic powers the “Verified” UI component you’ll see when new address are derived via our Embedded Wallet Kit or dashboard. Feel free to inspect this code and run it locally on your own hardware, and reach out if you run into bugs or if you have further questions!
I