← Field notes Connect wallet

Verify a Darkroom attestation yourself

5 min readDarkroom

Don't trust us — check the room. A step-by-step guide to verifying Darkroom's live Intel TDX attestation and pinning the MRTD.

The point of this page#

Every privacy product asks for trust. The difference here is you don't have to give it. Darkroom runs inside an Intel TDX enclave that produces a hardware quote, and the quote is independently verifiable. If it doesn't check out, the whole product is a lie — and you can prove that without us.

What you're checking#

Three things:

  • the quote is genuine Intel TDX (DCAP-valid),
  • the room's MRTD matches the published image fingerprint,
  • the enclave key the room seals to is bound into the quote (anti-replay).

The published fingerprint#

The Darkroom room's measurement is:

MRTD <the room's published MRTD>

This is the hash of the exact image running inside the trust domain. If a single byte of that image changed — a sneaky logger, a swapped model — this number would change.

Step 1: pull the live quote#

The room exposes an attestation endpoint that returns a fresh quote bound to a nonce you supply. Challenge it with random bytes so the response can't be a replay.

Step 2: verify the quote (DCAP)#

Submit the raw quote to any open DCAP verifier (for example, a public attestation-verification API). A valid result confirms:

  • the certificate chain goes back to Intel's root,
  • the platform TCB isn't revoked,
  • the signature over the measurements is valid.

Step 3: pin the MRTD#

Compare the mrtd field in the verified quote against the published value above. They must match exactly. A match means the code running is the audited image and nothing else.

Step 4: confirm the key binding#

Recompute sha256(enclavePublicKey || nonce) and check it equals the quote's report data. This proves the key your prompt gets sealed to lives inside *this* measured enclave, answering *your* challenge — not a key an operator pasted in.

Do it from the command line#

The open-source Darkroom client ships a verifier:

npm run verify-room -- <ROOM_URL> --mrtd <ROOM_MRTD>

It performs all four checks and prints the result. If the MRTD doesn't match, it fails loudly.

What a pass actually buys you#

A passing attestation means: the operator cannot read your prompt, the model wasn't swapped, and no logging was added — enforced by hardware, signed by Intel, checkable by anyone. That's the difference between "we promise we don't log" and "you can prove we can't."

attestationverificationIntel TDXMRTD
Related
How TEE attestation works (Intel TDX, plain English)
Remote attestation is how a server proves what code it's running before you trust it with a secret. A practical walk through Intel TDX, DCAP, MRTD, and report data.
Open a sealed room →More field notes