From e65ecab51291fb30a163040b2a05f872bbe0d6fc Mon Sep 17 00:00:00 2001
From: Nate Sales <nate@natesales.net>
Date: Wed, 20 Nov 2024 20:05:35 -0500
Subject: [PATCH] docs: add manual verification steps

---
 docs/manual.md | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 docs/manual.md

diff --git a/docs/manual.md b/docs/manual.md
new file mode 100644
index 0000000..9c2b0ce
--- /dev/null
+++ b/docs/manual.md
@@ -0,0 +1,33 @@
+# Verify Enclave Attestation
+
+### 1. Download enclave image
+
+```bash
+curl -L https://static.tinfoil.sh/tinfoil-enclave-ollama-v0.0.4.eif -o tinfoil-enclave.eif
+```
+
+### 2. Verify Attestation
+
+#### 2.1. Download Attestation Document
+
+```bash
+DIGEST="sha256:$(sha256sum tinfoil-enclave.eif | cut -d ' ' -f 1)"
+curl -sL "https://api.github.com/repos/tinfoilanalytics/nitro-private-inference-image/attestations/$DIGEST" | jq -r ".attestations[0].bundle" > attestation.jsonl
+```
+
+#### 2.2. Verify Attestation with [cosign](https://github.com/sigstore/cosign)
+
+```bash
+cosign verify-blob-attestation \
+  --new-bundle-format \
+  --bundle attestation.jsonl \
+  --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
+  --certificate-identity-regexp="^https://github.com/tinfoilanalytics/nitro-private-inference-image/.github/workflows/release.yml.?" \
+  tinfoil-enclave.eif
+```
+
+### 3. Extract PCR measurement predicate
+
+```bash
+jq -r ".dsseEnvelope.payload" attestation.jsonl | base64 -d | jq -r ".predicate"
+```