Privasys
Enclave OSAttestation

X.509 OID Scheme

Complete reference of the Privasys X.509 OID extensions used in RA-TLS certificates across Enclave OS Mini and Virtual.

All Privasys OIDs live under the Private Enterprise Number arc 1.3.6.1.4.1.65230. The scheme is shared across both Enclave OS editions so that verification libraries work regardless of the TEE backend.

Hardware Quote OIDs

These OIDs carry the raw hardware attestation quote. Each certificate contains exactly one, depending on the TEE type.

OIDNamePresent in
1.2.840.113741.1.13.1.0Intel SGX DCAP QuoteEnclave OS Mini
1.2.840.113741.1.5.5.1.6Intel TDX QuoteEnclave OS Virtual

Platform-Level OIDs (arc 1.3.6.1.4.1.65230)

Platform OIDs describe the TEE instance as a whole: its configuration, loaded workloads, and operational parameters.

OIDNameDescriptionPresent in
1.1Config Merkle RootSHA-256 root of the platform configuration treeBoth
2.1Egress CA HashSHA-256 of the egress CA bundleMini
2.4Runtime Version HashSHA-256 of the runtime version stringBoth
2.5Combined Workloads HashSHA-256 covering all loaded workload digestsBoth
2.6Data Encryption Key Origin"byok:<fingerprint>" or "generated"Virtual
2.7Attestation Servers HashSHA-256 of the attestation server URL listBoth
2.8Image Profile"production" or "dev" — the build flavor of the VM image, read from the dm-verity-measured marker /etc/privasys/image-profile. Verifiers reject dev unless explicitly opted in. Absent on images that predate the marker.Virtual

Per-workload code hashes live under the 3.* arc (OID 3.2), not here.

Per-Workload OIDs (arc 1.3.6.1.4.1.65230.3.*)

Per-workload OIDs appear in certificates served via SNI routing. Each workload (WASM app in Mini, OCI container in Virtual) gets its own leaf certificate with these extensions.

OIDNameDescription
3.1Workload Config Merkle RootSHA-256 root of a per-workload configuration tree
3.2Workload Image/Code DigestSHA-256 of the WASM bytecode or OCI image
3.3Container Image RefFull OCI image reference string (Virtual only)
3.4Volume/Key Source"byok:<fingerprint>" or "generated"
3.5Workload Configuration / Model DigestSHA-256 of the workload's configuration metadata (Mini) or of the AI/ML model weights loaded in the container (Virtual, when reported)
3.5.<n>App-Defined ExtensionsSub-arc for workload-supplied extensions, installed at runtime via the SDK (set-attestation-extension) or pinned at deploy time (e.g. attested environment variables)

OID Hierarchy

1.2.840.113741.1.13.1.0              Intel SGX DCAP Quote
1.2.840.113741.1.5.5.1.6             Intel TDX Quote

1.3.6.1.4.1.65230                    Privasys arc
+-- 1.1                              Config Merkle root (platform-wide)
+-- 2.*                              Platform OIDs
|   +-- 2.1                          Egress CA bundle hash (Mini)
|   +-- 2.4                          Runtime version hash
|   +-- 2.5                          Combined workloads hash
|   +-- 2.6                          Data encryption key origin (Virtual)
|   +-- 2.7                          Attestation servers hash
|   +-- 2.8                          Image profile (Virtual)
+-- 3.*                              Per-workload OIDs
    +-- 3.1                          Workload config Merkle root
    +-- 3.2                          Workload image/code digest
    +-- 3.3                          Container image ref (Virtual)
    +-- 3.4                          Volume/key source
    +-- 3.5                          Workload config hash / model digest
        +-- 3.5.<n>                  App-defined extensions

Verification Strategies

In addition to the Configuration Merkle Tree root (OID 1.1), both editions embed individual OID extensions for common properties. This gives clients two complementary approaches:

  • Full audit: Request the configuration manifest and recompute the Merkle root to verify all inputs.
  • Fast-path: Check a single OID (for example, "does the workload hash match my expectation?") without any Merkle computation.
StrategyOIDs to checkWhat it proves
Code identity onlyHardware quote OIDCorrect binary, but configuration unknown
Code + Merkle rootHardware quote + 1.1Code and full configuration verified
Fast-path OIDsSpecific 2.* or 3.* OIDsIndividual properties without full Merkle audit
Full manifest auditRequest manifest, recompute 1.1Complete transparency of all inputs

See RA-TLS Certificates: Verification for the step-by-step verification flow.

Edit on GitHub

RA-TLS Certificates

How RA-TLS certificates carry attestation evidence: key generation, certificate structure, generation flows, per-workload SNI routing, trust chains, and verification strategies.

Configuration Merkle Tree

How Enclave OS attests runtime configuration via a binary Merkle tree embedded in RA-TLS certificates.

On this page

Hardware Quote OIDs
Platform-Level OIDs (arc 1.3.6.1.4.1.65230)
Per-Workload OIDs (arc 1.3.6.1.4.1.65230.3.*)
OID Hierarchy
Verification Strategies