There are 3 repositories under attestation topic.
Spoof locked bootloader on local attestations
Hardware-based attestation / intrusion detection app for Android devices. It provides both local verification with another Android device via QR codes and optional scheduled server-based verification with support for alert emails. It uses hardware-backed keys and attestation support as the foundation and chains trust to the app for software checks.
Chainloop is an Open Source Metadata Vault for your Software Supply Chain metadata, SBOMs, VEX, SARIF files, QA reports, and more.
Confidential Computing Zoo provides confidential computing solutions based on Intel SGX, TDX, HEXL, etc. technologies.
inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques
A compilation of resources in the software supply chain security domain, with emphasis on open source
attestation.app remote attestation server. Server code for use with the Auditor app: https://github.com/GrapheneOS/Auditor. It provides two services: submission of attestation data samples and a remote attestation implementation with email alerts to go along with the local implementation based on QR code scanning in the app.
Verax is a shared registry for storing attestations of public interest on EVM chains, designed to enhance data discoverability and consumption for dApps across the network.
MultiZone® Security TEE is the quick and safe way to add security and separation to any RISC-V processors. The RISC-V standard ISA doesn't define TrustZone-like primitives to provide hardware separation. To shield critical functionality from untrusted third-party components, MultiZone provides hardware-enforced, software-defined separation of multi
Server-side library to validate the authenticity of Apple App Attest artifacts, written in Kotlin.
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
Umbrella repository for blockchain based supply-chain services and clients
(Android) Hide encrypted secret API keys in C/C++ code, retrieve and decrypt them via JNI. Google SafetyNet APIs example.
📜 "Coinbase Verifications" is a set of Coinbase-verified onchain attestations that enable access to apps and other onchain benefits.
Calculate AMD SEV/SEV-ES/SEV-SNP measurement for confidential computing
Documentation source and development of the PSA Certified API
vexctl is a tool to attest VEX impact statements
Attestation and Secret Delivery Components
A small subset of the submitted sample data from https://github.com/GrapheneOS/Auditor. It has a sample attestation certificate chain per device model (ro.product.model) along with a subset of the system properties from the sample as supplementary information.
Remote Key Attestation
Simple and scalable Linux tools for verifying TPM-based remote attestations 🔬⚖️🔐⛓📏📜
An experimental (but fully functional) Remote Attestation Engine and Applications for TPM2.0 based systems (cloud, edge, IoT etc)
MultiZone® Trusted Firmware is the quick and safe way to build secure IoT applications with any RISC-V processor. It provides secure access to commercial and private IoT clouds, real-time monitoring, secure boot, and remote firmware updates. The built-in Trusted Execution Environment provides hardware-enforced separation ...
MultiZone® Security Enclave for Linux
Verify and assert policy on YubiKey attestation certificates
Understand iOS 14's DeviceCheck and DCDevice classes.
MultiZone® Security TEE for Arm® Cortex®-M is the quick and safe way to add security and separation to any Cortex-M based device. MultiZone® software can retrofit existing designs. If you don’t have TrustZone®, or if you require finer granularity than one secure world, you can take advantage of high security separation without the need for hardware and software redesign, eliminating the complexity associated with managing a hybrid hardware/software security scheme.
Webauthn demo with react.js and Spring boot
Github EAS Attestation Action
A middleware tool to assist step-ca with posture info during an ACME device-attest-01 challenge.