Skip to content

hyperpolymath/verified-container-spec

BranchesTags

Repository files navigation

Verified Container Specification

MPL-2.0 Palimpsest

Protocol specifications for supply-chain-verified containers.

This repository defines the shared protocol between container image producers (build systems) and consumers (runtimes). Any compliant producer can create images that any compliant consumer can verify.

Overview

┌─────────────────────────────────────────────────────────────────────────┐
│                     VERIFIED CONTAINER PROTOCOL                          │
├─────────────────────────────────────────────────────────────────────────┤
│                                                                          │
│  ┌────────────────┐                      ┌────────────────┐             │
│  │    PRODUCER    │                      │    CONSUMER    │             │
│  │                │                      │                │             │
│  │  Build system  │  ── OCI Image ────►  │  Container     │             │
│  │  that creates  │  ── Attestation ──►  │  runtime that  │             │
│  │  verified      │  ── Trust Store ──►  │  verifies      │             │
│  │  images        │                      │  before exec   │             │
│  └────────────────┘                      └────────────────┘             │
│                                                                          │
│  Examples:                               Examples:                       │
│  • Cerro Torre                           • Svalinn/Vordr                │
│  • Wolfi                                 • Cosign-aware runtimes        │
│  • Any SLSA L3+ builder                  • Policy engines               │
│                                                                          │
└─────────────────────────────────────────────────────────────────────────┘

Specifications

Spec Description Status

Attestation Bundle

Format for packaging in-toto attestations with log proofs

Draft

Trust Store

Schema for distributing and managing public keys

Draft

Verification Protocol

Procedure for verifying images before execution

Draft

Transparency Log

Requirements for federated transparency logs

Draft

Trust Store Schema

JSON Schema for trust store validation

Draft

Design Principles

1. Content-Addressed

Everything is identified by cryptographic hash. No mutable references cross the protocol boundary.

2. Stateless

No sessions, tokens, or negotiation. Each verification is independent.

3. Federated Trust

No single point of trust. Threshold signatures and multiple log operators required.

4. Implementation Agnostic

Producers and consumers can be implemented in any language. Only the wire format matters.

Implementations

Producers

  • Cerro Torre — Ada/SPARK supply-chain-verified Linux distribution

Consumers

  • Svalinn/Vordr — Rust/SPARK container runtime with formal verification

Contributing

Proposals for spec changes should be submitted as pull requests with:

  1. Rationale for the change

  2. Backwards compatibility analysis

  3. Security impact assessment

License

Specifications are dual-licensed under MIT OR Apache-2.0.

Implementations may use any compatible license.

About

Attestation and verification protocol for supply-chain-verified containers

Topics

infrastructure documentation devops automation containers reliability standards orchestration governance documents-and-standards

Resources

Readme

License

View license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

10 tags

Sponsor this project

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages