Attestable MCP Server

该项目是一个可远程验证的MCP服务器，利用可信执行环境（如Intel SGX）和RA-TLS协议，确保客户端可以验证服务器运行代码的真实性和完整性。

评分 : 2分

下载量 : 22

更新时间 : 2025-04-29

What is Attestable MCP Server?

This is a secure server implementation of the Model Context Protocol (MCP) that allows clients to verify its authenticity before connecting. It uses Intel SGX secure hardware to generate cryptographic proof that the server is running the exact code you expect.

How does remote attestation work?

The server provides a special certificate during connection that contains hardware-verified measurements of its running code. Clients can compare these measurements against known-good values to ensure the server hasn't been tampered with.

When should you use this?

Ideal for sensitive AI model deployments where you need to verify server integrity, or for regulatory compliance scenarios requiring proof of secure computation environments.

Key Features

Client-Verifiable IntegrityClients can cryptographically verify the server is running approved code before sharing sensitive data

Hardware-Protected ExecutionRuns in Intel SGX secure enclaves that protect against host system compromise

Reproducible BuildsAll build artifacts are verifiable against GitHub Actions logs for complete transparency

Benefits and Considerations

Benefits

Eliminates trust in server operators - verify code yourself

Protects against supply chain attacks and runtime tampering

Maintains confidentiality even if the host system is compromised

Considerations

Requires Intel SGX compatible hardware for full security benefits

Slightly higher performance overhead than regular servers

Initial setup requires understanding of attestation concepts

Getting Started

Build the Server

Compile the server inside a secure environment to generate attestation materials

Generate Security Keys

Create cryptographic keys for the secure enclave

Package for SGX

Prepare the server for secure hardware execution

Run Securely

Start the server with hardware protection enabled

Usage Scenarios

Secure Model DeploymentDeploy sensitive AI models with verifiable integrity guarantees

Regulatory ComplianceDemonstrate secure computation environment for auditors

Frequently Asked Questions

Can I use this without SGX hardware?

How do clients verify the server?

Where can I find the reference measurements?

Learn More

MCP Specification

Official protocol documentation

RA-TLS Explained

Technical details of remote attestation TLS

Intel SGX Overview

Official documentation for the security technology

🚀 可验证的MCP服务器

本项目提供一个可被MCP客户端远程验证的MCP服务器，借助受信任执行环境生成证书，确保服务器运行的是指定代码，保障代码运行的安全性和可验证性。

🚀 快速开始

MCP服务器启动命令如下：

go run main.go --listen :8080

使用 Docker 构建并运行：

docker build -t mcp-server .
docker run -p 8080:8080 mcp-server

✨ 主要特性

MCP 客户端可以远程验证任何 MCP 服务器上运行的代码。
MCP 服务器可以选择性地远程验证 MCP 客户端。

📦 安装指南

本项目的运行依赖以下环境：

Intel SGX 硬件
Gramine
Python 3.13
Ubuntu 22.04
Intel SGX 马甲

📚 详细文档

概述

此项目包含一个 MCP 服务器，该服务器可以被 MCP 客户端远程验证。为了实现这一点，使用了受信任的执行环境 (TEE)，该环境会生成一个证书，表示当前正在运行的代码。这个证书会在 TLS 握手过程中发送给 MCP 客户端，并证明该服务器运行的是 GitHub Actions 上构建的相同代码。通过在安全硬件或受信任环境中独立构建和运行代码，可以验证这些值是否一致。

用于客户端与服务器之间远程验证的协议是 RA-TLS，这是 TLS 的一个扩展，添加了机器和代码特定的测量值，这些测量值可以通过 MCP 客户端进行独立验证。

实现远程验证的关键证书特性在于，它嵌入了一个 SGX 报告到标准的 X.509 扩展字段中，并使用了 TCG DICE "标记证据" OID 进行编码。这些 SGX 报告和完整的 Intel SGX 证书链都会被包含在内。除了 SGX 报告之外，证书还包含证据声明，其中最重要的一个声明是 "pubkey-hash"，它包含了受信任执行环境生成的内存镜像中运行的 MCP 服务器的临时公钥 (DER 格式) 的哈希值。

生成签名工件

此仓库中的 GitHub 操作脚本在一个自托管的 GitHub 运行器上执行，该运行器位于受信任的执行环境中 (TEE)。该操作会构建一个 Docker 容器，其中包含可验证的MCP服务器，并生成该容器在 TEE 中运行代码的签名证明。此 Docker 镜像由 GitHub 签名。您可以在有或没有安全硬件的情况下独立生成相同的值，并通过查询正在运行的服务器来获取相同值。