Securely Attest MCP Server Integrity
Attestable MCP Server providing remote attestation through RA-TLS and Intel SGX.
Why it matters
Establish cryptographically verifiable trust for your MCP server by leveraging remote attestation within a Trusted Execution Environment (TEE). Ensure the integrity of your server code before establishing connections.
Outcomes
What it gets done
Implement remote attestation using RA-TLS for MCP servers.
Verify server code integrity via cryptographic means before connection.
Optionally enable MCP servers to remotely attest MCP clients.
Generate signed attestations of code running inside a TEE.
Install
Add it to your toolbox
Run in your project directory:
curl -fsSL https://spark.entire.vc/get/vb-attestable-mcp | bash Overview
Attestable MCP Server
What it does
The MCP server runs within a Trusted Execution Environment (TEE) using Intel SGX and Gramine. It provides remote attestation through RA-TLS, enabling MCP clients to cryptographically verify the integrity of the server's code before establishing a connection.
How it connects
Use this MCP server when you need to ensure the integrity and trustworthiness of your server's code before connecting clients. It is ideal for scenarios requiring strong security guarantees and verifiable code execution. Do not use this server if you do not have the necessary Intel SGX hardware, as it is a prerequisite for running within a TEE.
Source README
Gramine Shielded Containers (GSC)
.. image:: https://readthedocs.org/projects/gramine-gsc/badge/?version=latest
:target: http://gramine-gsc.readthedocs.io/en/latest/?badge=latest
:alt: Documentation Status
.. This is not |~|, because that is in rst_prolog in conf.py, which GitHub cannot parse.
GitHub doesn't appear to use it correctly anyway...
.. |nbsp| unicode:: 0xa0
:trim:
Docker containers are widely used to deploy applications in the cloud. Using
Gramine Shielded Containers (GSC) we provide the infrastructure to deploy Docker
containers protected by Intel SGX enclaves using the Gramine Library OS.
The GSC tool transforms a Docker image into a new image which includes the
Gramine Library OS, manifest files, Intel SGX related information, and executes
the application inside an Intel SGX enclave using the Gramine Library OS. It
follows the common Docker approach to first build an image and subsequently run
this image inside of a container. At first a Docker image has to be graminized
via the gsc build command. When the graminized image should run within an
Intel SGX enclave, the image has to be signed via a gsc sign-image command.
Subsequently, the image can be run using docker run.
NOTE: As part of the gsc build step, GSC generates the manifest file
with a list of trusted files (files with integrity protection). This list
contains hashes of all files present in the original Docker image. Therefore,
GSC's manifest creation capability depends on packaging of the original Docker
image: if the original Docker image is bloated (contains unnecessary files),
then the generated manifest will also be bloated. Though this doesn't worsen
security guarantees of Gramine/GSC, it may affect startup performance. Please
exercise care in pulling in only the dependencies truly required for your Docker
image.
Gramine and GSC documentation
The official Gramine Library OS documentation can be found at
https://gramine.readthedocs.io.
The official GSC documentation can be found at
https://gramine.readthedocs.io/projects/gsc.
How to contribute?
We welcome contributions through GitHub pull requests. Please keep in mind that
they are governed by the same rules as the main project <https://gramine.readthedocs.io/en/latest/devel/contributing.html>_.
Getting help
For any questions, please send an email to users@gramineproject.io
(public archive <https://groups.google.com/g/gramine-users>__).
For bug reports, post an issue on our GitHub repository:
https://github.com/gramineproject/gsc/issues.
Discussion
Questions & comments · 0
Sign In Sign in to leave a comment.