tls-attestproxy is currently only a shell of a program. However, reproducible aarch64-linux images (ready for import to run on cloud providers) can be produced now using nix flakes. The image performs measured boot into the TPM2 PCRs, using grub2 and Linux, before calling into an initramfs with a tiny init script (that gets an IPv6 using udhcpc6 from busybox) and then executes the Rust HTTP server.

The firmware measures the grub2 EFI (with a reproducible hash) into PCRs, and the grub2 EFI measures the hashes of the kernel, initramfs, and grub command line. The attestation will be that the private key corresponding to a public key has a policy locking it down to the expected PCR values - and since it is a reproducible build over Free/Open Source software, anyone can verify what tls-attestproxy does and doesn’t do with the keys.

For now, it is available on GitHub, but I might consider moving it to somewhere else later!