Verification Guide

This guide walks through how to independently verify that a KnowledgeFlowDB instance is running with TEE protection and encryption enabled.

Quick Verification

Check the security posture in a single request:

curl -s https://tee.knowledgedataflow.org/health | jq .security_posture

A fully protected instance returns:

{
  "tee_platform": "GCE_AMD_SEV",
  "attestation_verified": true,
  "encryption_at_rest": true,
  "memory_encrypted": true,
  "trust_posture": "Enforced",
  "binary_hash": "sha256:a1b2c3d4e5f6..."
}

What to Check

Field	Expected Value	Meaning
`tee_platform`	`"GCE_AMD_SEV"`	Running on AMD SEV-SNP hardware
`attestation_verified`	`true`	TEE platform was detected
`encryption_at_rest`	`true`	Property encryption is active
`memory_encrypted`	`true`	AMD SEV memory encryption is active
`trust_posture`	`"Enforced"`	Server requires TEE to operate
`binary_hash`	`"sha256:..."`	Container image digest (auditable)

warning

If trust_posture is "Permissive", the instance is not enforcing TEE requirements. Data may be stored in plaintext. This is expected for development instances but not for production confidential workloads.

Step-by-Step Attestation Verification

Step 1: Check TEE Platform

curl -s https://tee.knowledgedataflow.org/api/v1/attestation | jq .

Verify that:

attestation_available is true
platform is "GCE_AMD_SEV"
image_digest is present (matches the expected release)

Step 2: Challenge-Response Verification

Generate a random nonce and send a challenge to prove freshness:

# Generate 32 random bytes as hex
NONCE=$(openssl rand -hex 32)
echo "Nonce: $NONCE"

# Send challenge
RESPONSE=$(curl -s -X POST https://tee.knowledgedataflow.org/api/v1/attestation/challenge \
  -H "Content-Type: application/json" \
  -d "{\"nonce\": \"$NONCE\"}")

echo "$RESPONSE" | jq .

Verify that:

The returned nonce matches what you sent (proves the response is for your challenge)
platform and image_digest are present
signature and public_key are present

Step 3: Verify the Signature

The server signs SHA-256(nonce || image_digest || platform || timestamp) with Ed25519. Verify it:

#!/usr/bin/env python3
"""Verify KFDB TEE attestation challenge response."""

import hashlib
import json
import os
import subprocess

# 1. Generate nonce
nonce_hex = os.urandom(32).hex()

# 2. Send challenge
result = subprocess.run([
    "curl", "-s", "-X", "POST",
    "https://tee.knowledgedataflow.org/api/v1/attestation/challenge",
    "-H", "Content-Type: application/json",
    "-d", json.dumps({"nonce": nonce_hex})
], capture_output=True, text=True)

response = json.loads(result.stdout)

# 3. Verify nonce echo
assert response["nonce"] == nonce_hex, "Nonce mismatch!"

# 4. Recompute attestation hash
nonce_bytes = bytes.fromhex(response["nonce"])
image_digest = (response["image_digest"] or "unknown").encode()
platform = (response["platform"] or "unknown").encode()
timestamp = response["timestamp"].encode()

expected_hash = hashlib.sha256(
    nonce_bytes + image_digest + platform + timestamp
).hexdigest()

assert expected_hash == response["attestation_hash"], "Hash mismatch!"

# 5. Verify Ed25519 signature
from nacl.signing import VerifyKey
verify_key = VerifyKey(bytes.fromhex(response["public_key"]))
verify_key.verify(
    bytes.fromhex(response["attestation_hash"]),
    bytes.fromhex(response["signature"])
)

print("Attestation VERIFIED")
print(f"  Platform:     {response['platform']}")
print(f"  Image Digest: {response['image_digest']}")
print(f"  Timestamp:    {response['timestamp']}")

Step 4: Verify Registered TEE Nodes

Check which TEE nodes are registered in the network:

curl -s https://tee.knowledgedataflow.org/api/v1/tee/nodes | jq '.nodes[] | {id, platform, voting_power, moniker}'

Step 5: Verify Encrypted Storage

To confirm that data is actually encrypted at rest, you can check what the database stores directly. With a TEE-encrypted tenant, ScyllaDB contains ciphertext:

# What ScyllaDB stores for an encrypted tenant:
{
  "path": "__enc_str:DMfK8x2Qa1bN+7hG...",
  "content": "__enc_str:Rk9PQkFSIGV4YW1w...",
  "lines": "__enc_int:YWJjZGVmMTIzNDU2..."
}

The __enc_ prefix confirms property-level encryption is active. Without the tenant's derived key, these values cannot be decrypted.

Automated Verification

Using the Verification UI

Visit tee.knowledgedataflow.org/security for an interactive verification page that runs all checks automatically and displays pass/fail results.

Using curl (One-Liner)

Quick check that all critical security properties are enabled:

curl -s https://tee.knowledgedataflow.org/health | \
  jq -e '.security_posture |
    .tee_platform != null and
    .attestation_verified == true and
    .encryption_at_rest == true and
    .memory_encrypted == true and
    .trust_posture == "Enforced"' \
  && echo "PASS: All security checks passed" \
  || echo "FAIL: One or more security checks failed"

CI/CD Integration

Add attestation verification to your deployment pipeline:

# GitHub Actions example
- name: Verify TEE Attestation
  run: |
    HEALTH=$(curl -sf https://tee.knowledgedataflow.org/health)
    POSTURE=$(echo "$HEALTH" | jq -r '.security_posture.trust_posture')
    ENCRYPTED=$(echo "$HEALTH" | jq -r '.security_posture.encryption_at_rest')
    TEE=$(echo "$HEALTH" | jq -r '.security_posture.tee_platform')

    if [ "$POSTURE" != "Enforced" ] || [ "$ENCRYPTED" != "true" ] || [ "$TEE" = "null" ]; then
      echo "::error::TEE verification failed"
      echo "  Trust Posture: $POSTURE"
      echo "  Encryption: $ENCRYPTED"
      echo "  TEE Platform: $TEE"
      exit 1
    fi

    echo "TEE verification passed"
    echo "  Trust Posture: $POSTURE"
    echo "  Encryption: $ENCRYPTED"
    echo "  TEE Platform: $TEE"

Interpreting Results

All Checks Pass

tee_platform:         GCE_AMD_SEV    -- Hardware TEE active
attestation_verified: true           -- Platform confirmed
encryption_at_rest:   true           -- Properties encrypted
memory_encrypted:     true           -- VM memory encrypted
trust_posture:        Enforced       -- TEE required to operate

Your data is protected by hardware-encrypted memory and property-level encryption. Database administrators see only ciphertext.

TEE Missing (Permissive Mode)

tee_platform:         null           -- No hardware TEE
attestation_verified: false          -- Cannot verify
encryption_at_rest:   false          -- Properties in plaintext
memory_encrypted:     false          -- Standard VM memory
trust_posture:        Permissive     -- TEE not required

This is a standard deployment without confidential computing. Suitable for public data or development, but not for sensitive workloads.

Encryption Without TEE

tee_platform:         null           -- No hardware TEE
attestation_verified: false          -- Cannot verify
encryption_at_rest:   true           -- Properties encrypted
memory_encrypted:     false          -- Standard VM memory
trust_posture:        Audit          -- Warning logged

Properties are encrypted in the database, but memory is not hardware-protected. An operator with VM access could potentially extract keys from memory. This provides defense-in-depth but is weaker than full TEE enforcement.

Source Code

Attestation endpoints: crates/kfdb-api/src/tee_attestation.rs
Health/security posture: crates/kfdb-api/src/health.rs

Quick Verification​

What to Check​

Step-by-Step Attestation Verification​

Step 1: Check TEE Platform​

Step 2: Challenge-Response Verification​

Step 3: Verify the Signature​

Step 4: Verify Registered TEE Nodes​

Step 5: Verify Encrypted Storage​

Automated Verification​

Using the Verification UI​

Using curl (One-Liner)​

CI/CD Integration​

Interpreting Results​

All Checks Pass​

TEE Missing (Permissive Mode)​

Encryption Without TEE​

Source Code​