· 02/13/2025 ·
The Intel® Trust Authority Client for Python is a library of Python modules used to perform remote attestation of a Trusted Execution Environment (TEE) using Intel Trust Authority as the verifier. The client packages enable you to collect evidence from the TEE, request an attestation token (JWT), and verify the cryptographic signature of the token.
The Python client currently supports the following TEEs:
- Intel® Software Guard Extensions (Intel® SGX).
- Intel® Trust Domain Extensions (Intel® TDX) for on-premises Intel TDX platforms.
- Google Cloud Platform* (GCP) confidential VMs with Intel TDX.
- Azure* confidential VMs with Intel TDX.
- NVIDIA* H100 GPU and Intel TDX Trust Domain.
- /inteltrustauthorityclient/connector: Contains the main ITAConnector class to connect to Intel Trust Authority.
- /inteltrustauthorityclient/nvgpu: Contains the NVIDIA H100 GPU adapter.
- /inteltrustauthorityclient/cli: Contains the Intel Trust Authority Python CLI. This version of the CLI includes support for NVIDIA H100 GPU attestation. This feature is in limited preview status.
- /inteltrustauthorityclient/examples: Contains sample applications to demonstrate the usage of the client. See Sample applications for more information.
- inteltrustauthorityclient/sgx/intel: Contains the Intel SGX adapter.
- inteltrustauthorityclient/tdx: Contains the Intel TDX bare metal and Google Cloud Platform (GCP) adapter (one adapter supports both platforms), and Azure TDX adapters.
- test: Contains unit tests for the client.
- Python 3.8 or newer.
- Ubuntu 22.04 with kernel 6.7 or later, or Ubuntu 24.04. Support for the ConfigFS-TSM subsystem is required for Intel TDX attestation.
The following installation steps assume that you are installing the Intel Trust Authority Client for Python on an Intel TDX TD, running on an Intel TDX-enabled host server. For information about how to prepare the Intel TDX host server, see Setup Remote Attestation on Host OS and Inside TD in the Canonical/TDX repo on GitHub.
To install the latest version of the Intel TDX + NVIDIA H100 client on a TD:
- Clone the repository, which automatically checks out the main branch.
git clone https://github.com/intel/trustauthority-client-for-python.gitRun the following commands from the inteltrustauthorityclient directory.
-
Install poetry by running the following command:
pip3 install --no-cache-dir poetry
-
Create a wheel package using poetry:
Spawn a poetry shell:
poetry shell
Build wheel package:
poetry build
-
Run pip install to install the inteltrustauthorityclient package in site-packages:
cd ../dist pip install applications_security_amber_trustauthority_client_for_python-1.1.0-py3-none-any.whl
Note
When you install the client, you might see the following error: "ERROR: pip's dependency resolver does not currently take into account all the packages that are installed." That is followed by a list of version mismatch messages. You can safely ignore this error. The client uses newer versions of the Python libraries than the NVIDIA SDK.
More information about how to use this library is available in the READMEs for each package. Library structure, above, has links to the READMEs for each package.
The primary documentation is the Python Connector Reference in the Intel Trust Authority documentation.
For more information on how to use the client, see the sample applications in the examples folder.
-
Intel TDX sample app — Works on Intel TDX hosts/VMs and Azure TDX VMs.
-
Create Adapter using:
For more information on how to run the unit tests, see the Unit Tests README.
See the Contributing file for more information on how to contribute to this project. This project follows the Code of Conduct.
This library is distributed under the BSD-style license found in the LICENSE file.
* Other names and brands may be claimed as the property of others.