Attestable Mcp Server
What is Attestable Mcp Server
The attestable-mcp-server is a verifiable MCP server that utilizes a trusted execution environment to provide remote attestation to MCP clients, ensuring that the code running on the server is authentic and has not been tampered with.
Use cases
Use cases include secure data processing in cloud environments, remote verification of server integrity in distributed applications, and ensuring compliance with data governance regulations.
How to use
To use the attestable-mcp-server, clients initiate a TLS handshake where the server presents a certificate that includes a remote attestation. This certificate can be verified against the code built on GitHub actions, ensuring the integrity of the server’s code.
Key features
Key features include remote attestation via RA-TLS, integration of SGX quotes in X.509 certificates, and the ability to independently validate the server’s code against local or secure hardware environments.
Where to use
The attestable-mcp-server can be used in fields requiring high security and data integrity, such as financial services, healthcare, and any application where sensitive data is processed and needs to be protected from tampering.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Overview
What is Attestable Mcp Server
The attestable-mcp-server is a verifiable MCP server that utilizes a trusted execution environment to provide remote attestation to MCP clients, ensuring that the code running on the server is authentic and has not been tampered with.
Use cases
Use cases include secure data processing in cloud environments, remote verification of server integrity in distributed applications, and ensuring compliance with data governance regulations.
How to use
To use the attestable-mcp-server, clients initiate a TLS handshake where the server presents a certificate that includes a remote attestation. This certificate can be verified against the code built on GitHub actions, ensuring the integrity of the server’s code.
Key features
Key features include remote attestation via RA-TLS, integration of SGX quotes in X.509 certificates, and the ability to independently validate the server’s code against local or secure hardware environments.
Where to use
The attestable-mcp-server can be used in fields requiring high security and data integrity, such as financial services, healthcare, and any application where sensitive data is processed and needs to be protected from tampering.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Content
➡️ attestable-mcp-server
remotely attestable MCP server
Overview
This project contains an MCP Server that is remotely attestable by MCP clients. To achieve this, a trusted execution environment is used, which generates a certificate representing the currently-running code of the attestable-mcp-server. The attestable-mcp-server sends this certificate in the TLS handshake to an MCP client before connecting that proves the code it’s running is the same code built on github actions, and can be independently validated by building and running the code locally on emulated hardware or secure hardware; these values will be the same. The protocol used for client <-> server remote attestation is RA-TLS, an extension to TLS that adds machine and code specific measurements that can be verified by an MCP client.
The most important concept behind this RA-TLS certificate is that it embeds an SGX quote in the standardized X.509 extension field with the TCG DICE “tagged evidence” OID, which in turn embeds the SGX report and the complete Intel SGX certificate chain. In addition to the SGX quote, the certificate also contains the evidence claims, with the most important one being the “pubkey-hash” claim that contains the hash of the ephemeral public key (in DER format) generated by the TEE of the memory image of the running MCP server.
Features
- MCP Clients can remotely attest the code running on any MCP Server
- MCP Servers can optionally remotely attest MCP Clients
Producing Signed Artifacts
The github action script in this repo runs on a self-hosted github runner inside of a trusted execution environment (TEE). The action script will build a docker container containing the attestable-mcp-server and generate a signed attestation of the code running inside the TEE. This docker image is then signed by github. You can independently generate the same values with or without secure hardware, and query our running server and get the same values.
Dependencies
- Intel SGX Hardware
- Gramine
- python 3.13
- Ubuntu 22.04
- Intel SGX SDK & PSW
Quickstart
uv sync docker build -t attestable-mcp-server . gramine-sgx-gen-private-key git clone https://github.com/gramineproject/gsc docker/gsc cd docker/gsc uv run ./gsc build-gramine --rm --no-cache -c ../gramine_base.config.yaml gramine_base uv run ./gsc build -c ../attestable-mcp-server.config.yaml --rm attestable-mcp-server ../attestable-mcp-server.manifest uv run ./gsc sign-image -c ../attestable-mcp-server.config.yaml attestable-mcp-server "$HOME"/.config/gramine/enclave-key.pem uv run ./gsc info-image gsc-attestable-mcp-server
Starting Server on Secure Hardware
docker run -itp --device=/dev/sgx_provision:/dev/sgx/provision --device=/dev/sgx_enclave:/dev/sgx/enclave -v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket -p 8000:8000 --rm gsc-attestable-mcp-server
Starting Server on local development machine
docker run -p 8000:8000 --rm gsc-attestable-mcp-server
TODO
- add MCP client demonstrating ra-tls
- add intel-signed measurements from our github action to this readme for simple independent verification
Future Plans
- JSON Web Key (JWK) attestation claim validation
cobrowser.xyz
Dev Tools Supporting MCP
The following are the main code editors that support the Model Context Protocol. Click the link to visit the official website for more information.
