Attestable MCP Server

Overview

This project contains an MCP Server that is remotely attestable by MCP clients. To achieve this, a trusted execution environment is used, which generates a certificate representing the currently-running code of the attestable-mcp-server. The attestable-mcp-server sends this certificate in the TLS handshake to an MCP client before connecting that proves the code it's running is the same code built on github actions, and can be independently validated by building and running the code locally on emulated hardware or secure hardware; these values will be the same.

Features

• MCP Clients can remotely attest the code running on any MCP Server
• MCP Servers can optionally remotely attest MCP Clients

Dependencies

• Intel SGX Hardware
• Gramine
• python 3.13
• Ubuntu 22.04
• Intel SGX SDK & PSW

Quickstart

uv sync docker build -t attestable-mcp-server .
gramine-sgx-gen-private-key
git clone https://github.com/gramineproject/gsc
docker/gsc
cd docker/gsc
uv run ./gsc build-gramine --rm --no-cache -c ../gramine_base.config.yaml gramine_base
uv run ./gsc build -c ../attestable-mcp-server.config.yaml --rm attestable-mcp-server ../attestable-mcp-server.manifest
uv run ./gsc sign-image -c ../attestable-mcp-server.config.yaml attestable-mcp-server "$HOME"/.config/gramine/enclave-key.pem
uv run ./gsc info-image gsc-attestable-mcp-server

Starting Server on Secure Hardware

docker run -itp --device=/dev/sgx_provision:/dev/sgx/provision --device=/dev/sgx_enclave:/dev/sgx/enclave -v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket -p 8000:8000 --rm gsc-attestable-mcp-server

Starting Server on local development machine

docker run -p 8000:8000 --rm gsc-attestable-mcp-server

TODO

• add MCP client demonstrating ra-tls
• add intel-signed measurements from our github action to this readme for simple independent verification

Future Plans

• JSON Web Key (JWK) attestation claim validation