An MCP server that runs inside a trusted execution environment (TEE) using Intel SGX and Gramine, providing remote attestation through RA-TLS, which allows MCP clients to cryptographically verify the integrity of the server code before connecting.

Installation

From Source Code with Docker and Gramine

uv sync
docker build -t attestable-mcp-server .
gramine-sgx-gen-private-key
git clone https://github.com/gramineproject/gsc docker/gsc
cd docker/gsc
uv run ./gsc build-gramine --rm --no-cache -c ../gramine_base.config.yaml gramine_base
uv run ./gsc build -c ../attestable-mcp-server.config.yaml --rm attestable-mcp-server ../attestable-mcp-server.manifest
uv run ./gsc sign-image -c ../attestable-mcp-server.config.yaml attestable-mcp-server "$HOME"/.config/gramine/enclave-key.pem
uv run ./gsc info-image gsc-attestable-mcp-server

Running on Secure Hardware

docker run -itp --device=/dev/sgx_provision:/dev/sgx/provision --device=/dev/sgx_enclave:/dev/sgx/enclave -v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket -p 8000:8000 --rm gsc-attestable-mcp-server

Running on Local Machine for Development

docker run -p 8000:8000 --rm gsc-attestable-mcp-server

Features

• MCP clients can remotely attest code running on any MCP server
• MCP servers can optionally remotely attest MCP clients
• Uses RA-TLS protocol for client-server remote attestation
• Embeds SGX quote in X.509 certificate extension field
• Generates signed attestation of code running inside TEE
• Docker images signed by GitHub Actions
• Independent verification possible with or without secure hardware

Notes

Requires Intel SGX hardware, Gramine, Python 3.13, Ubuntu 22.04, and Intel SGX SDK & PSW. The server runs on GitHub Actions with self-hosted runners inside TEE. Planned features: JSON Web Key (JWK) attestation claim validation and MCP client demonstration.