Boot Proof
A Boot Proof is a proof that a particular AWS Nitro Enclave has booted with a particular configuration. A Boot Proof contains:- An AWS attestation document, which contains AWS-level information: PCR measurements, certificate chain, public key, and user data.
- A signed QOS manifest which contains information about the application running in this particular enclave: binary hash and arguments, operator public keys, quorum public key, and more.
App Proofs
An App Proof is a signature produced by an enclave Ephemeral Key to prove application-specific facts about functionality. What is an Ephemeral Key? Upon boot, enclaves create a unique Ephemeral Key which never leaves the enclave. As a result, data signed by an Ephemeral Key proves that it was signed by a particular machine. We envision enclave applications will need to prove many different types of facts about processed inputs, or about their outputs, or both. For this reason we’re standardizing App Proof content (the “message” that is signed by Ephemeral Keys) to be strictly typed: each App Proof must have a well-defined type (“proof type”), and a well-defined schema for any data associated with that proof. To summarize: App Proofs contain JSON payloads, serialized and signed by enclave Ephemeral Keys.Claims and verification
Boot Proofs are application-agnostic. They prove 3 claims:- A particular machine is a legitimate AWS Nitro Enclave. This can be verified by checking the signature of the attestation and the associated certificate bundle: it contains a chain of certificates going up to the root certificate for the commercial AWS partitions (can be downloaded from https://aws-nitro-enclaves.amazonaws.com/AWS_NitroEnclaves_Root-G1.zip).
- A particular machine is running within Turnkey’s AWS account. This can be verified by looking at the
PCR3
measurement inside of the AWS attestation document. It should beb798abfdbd591d5e1b7db6485a6de9e65100f5796d9e3a2bd7c179989cd663338b567162974974fbcc45d03847e70d8b
(this is the sha384 digest of the parent instance role:arn:aws:iam::705331783682:role/talos-worker
. The role istalos-worker
because Turnkey uses a Talos-based Kubernetes cluster to deploy all software, including enclave software). - A particular machine runs the correct, expected software. This can be verified in a few steps:
- Verify that
PCR0
,PCR1
, andPCR2
values are correct and match a known QOS version. You can reproduce these hashes yourself or look at ourtkhq/core-enclaves
repository for known good values. - Verify that the AWS attestation document’s
user_data
is the digest of the QOS manifest, to ensure you are looking at the correct QOS manifest. - Parse the QOS manifest and inspect it to find the digest of the application.
- Verify this digest against known good digests published in our
tkhq/core-enclaves
repository.
- Verify that
public_key
field of the AWS attestation document. So, in addition to proving the key claims outlined above, a Boot Proof proves the validity of all App Proofs signed by the Ephemeral Key it references.
In other words, a Boot Proof attests to the fact that the public key referenced in its public_key
field is indeed the Ephemeral Key of a particular enclave, provisioned with a very specific configuration, operating system, and application.
Verifying an App Proof thus involves 3 simple steps:
- Verify that the App Proof public key matches the
public_key
field of a valid Boot Proof. - Verify the App Proof signature validity (standard P-256 signature verification)
- Parse the content of the App Proof payload (JSON) and use the data within it to verify claimed facts (see below for an example).
Use cases
The use-case we’re starting with is address derivation. Turnkey Verified will automatically fetch and verify proofs for you when new wallets are created through Turnkey’s Embedded Wallet Kit, or via Turnkey’s dashboard. Under the covers, App Proof payloads are human-readable and look like the following:- in the context of your Turnkey organization
- with Turnkey’s signer application
- inside of a legitimate and precise version of QuorumOS
- inside of a legitimate AWS Nitro Enclave
- inside Turnkey’s canonical AWS production account