sigil

Double-click anywhere. I know everything about Sigil.

or I can help you find anything

Ask about Sigil — or anything in the ecosystem

Enter to askEsc to close
Vendor-attested computeRead the spec

Trust the chip. Not the operator.

AI workloads on Sigil run inside vendor-attested hardware enclaves — AMD SEV-SNP, Intel SGX, Intel TDX, and Arm CCA. The chain verifies every attestation against the vendor's own collateral before a single MINT moves. Hardware is the witness.

Read the TEE specCompute marketplace →
sigil · liverunning
SEV-SNPAMD SEV-SNP01trust anchors02strict parse03allowlist04freshness05receipt bind06settleSGX-DCAPIntel SGX DCAP01trust anchors02strict parse03allowlist04freshness05receipt bind06settleTDXIntel TDX01trust anchors02strict parse03allowlist04freshness05receipt bind06settleARM-CCAArm CCA01trust anchors02strict parse03allowlist04freshness05receipt bind06settlePASS · 12,421REJECT · 86fail-closed · trust anchors required · receipt-bound to result_commitment
01 / 07
Trust

The trust problem

Trust the chip. Not the operator.

A provider can lie about what it ran. A hypervisor can be compromised. An operator can swap code at the last second. None of that matters if the workload runs inside a hardware-attested enclave — and the chip itself signs a quote saying so.

Step 1 · Enclave

The workload runs inside the chip.

A small region of the CPU — SEV-SNP on AMD, SGX or TDX on Intel, CCA on Arm — is walled off from the rest of the system. The workload code and its inputs live inside that wall. Nothing outside can read or modify what runs in there.

Step 2 · Quote

The chip emits a signed quote.

When the workload finishes, the enclave emits a 'quote' — a structured statement signed by the chip's hardware key. The quote names the exact code that ran, the exact inputs, and the exact output commitment.

Step 3 · Cert chain

The chain walks the certificate chain.

The quote's signature is verified against the enclave's certificate, which is signed by an intermediate, which is signed by the vendor's root cert (AMD, Intel, Arm). Sigil's on-chain verifier walks the chain end-to-end.

Step 4 · Match

The measurement matches the allowlist.

The quote contains a hash of the exact code that ran. The chain compares it against an allowlist of approved measurements — set at genesis or rotated through governance. Off-list code is off-payout.

Step 5 · Bind

The receipt binds to the result.

The quote's output commitment must equal the receipt's result_commitment. This binds the attested execution to the specific job the buyer paid for. Mismatched binding fails the payout closed.

Step 6 · Settle

MINT releases to the provider.

Five passes, one settlement. The chain releases escrow to the provider. The audit trail — quote, cert chain, measurement, binding — persists on chain. The buyer can replay it any time.

The four vendors

Four vendors. One verification surface.

AMD SEV-SNP, Intel SGX, Intel TDX, and Arm CCA each ship their own attestation format and certificate chain. Sigil consumes all four through the same on-chain verifier and settles to the provider — one contract, four vendors, identical behaviour.

TRUST ANCHORS · compute_params per vendoridleSEV-SNPAMD SEV-SNPREQUIRED FIELDS· VCEK chain root· host measurement allowlist· ID-block / launch-data· freshness_window_seconds· populatedSGX-DCAPIntel SGX DCAPREQUIRED FIELDS· QE / PCK chain roots· TCB info JWS· MRENCLAVE allowlist· freshness_window_seconds· populatedTDXIntel TDXREQUIRED FIELDS· attestation key chain· MRTD / RTMR allowlist· TD report version· freshness_window_seconds· populatedARM-CCAArm CCAREQUIRED FIELDS· CCA token chain root· RIM / REM allowlist· platform ID allowlist· freshness_window_seconds· populatedmissing anchors yield FixtureMaterialRequired · fail-closed by construction

Six checks before payout

Six checks. One pass. No exceptions.

Every attestation walks six sequential checks: signature, certificate chain, measurement allowlist, freshness, binding, and the result commitment. Any failure stops the payout. Pass all six and the chain settles MINT to the provider.

ATTESTATIONS01trust anchors requiredrejects → fixtureMaterialRequiredfixtureMaterialRequired002strict parserejects → malformedAttestationmalformedAttestation003allowlist enforcedrejects → measurementNotAllowlistedmeasurementNotAllowlisted004freshness windowrejects → collateralStalecollateralStale005receipt bindingrejects → receiptBindingMismatchreceiptBindingMismatch006settlesettle · MINT released · 12,421fail-closed by construction · no fallback · receipt-bound to result_commitment

Deploy compute. Prove it ran.

Bring your provider. Pick a vendor. Ship a workload. Sigil handles the verification, the receipt, and the settlement.

Operator guideCompute marketplace →