Skip to main content
Atlas is a library implementing an attested TLS (aTLS) protocol that delivers verified TLS connections to Trusted Execution Environments (TEEs) from different platforms.
Atlas vs aTLS: Atlas is the library name, while aTLS refers to the attested TLS protocol.

What is aTLS?

Attested TLS (aTLS) extends standard TLS with cryptographic proof that the server is running inside a genuine Trusted Execution Environment (TEE). This ensures:
  • Verified execution: The server code is running in hardware-protected memory
  • Integrity validation: The workload matches expected measurements
  • Session binding: Attestations are cryptographically bound to TLS sessions via EKM (RFC 9266)
  • Protection against relay attacks: Prevents key compromise scenarios

Key features

Multi-platform support

Native bindings for Node.js, WASM for browsers, and a Rust crate for native applications

Configurable policy engine

Enforce TCB levels, bootchain measurements, and application configurations

Supported TEEs

Intel TDX support with AMD SEV-SNP planned

Session binding

Cryptographic binding of attestations to TLS sessions via EKM (RFC 9266)

Use cases

AI/LLM inference: Connect to language models running in TEEs with cryptographic proof of confidentiality 
import { createAtlsFetch } from "@concrete-security/atlas-node"
import { createOpenAI } from "@ai-sdk/openai"

const fetch = createAtlsFetch({ target: "llm.example.com", policy })
const openai = createOpenAI({ baseURL: "https://llm.example.com/v1", fetch })
Confidential computing: Verify that sensitive workloads are running in genuine TEEs before sending data Zero-trust architectures: Add hardware-based attestation to your security model

Get started

Quickstart

Get up and running with Atlas in 5 minutes

Installation

Install Atlas for Node.js, Browser/WASM, or Rust

Node.js guide

Complete guide for Node.js applications

Browser/WASM guide

Complete guide for browser applications

Rust guide

Complete guide for Rust applications

Policy configuration

Learn how to configure attestation policies

How it works

Atlas implements a three-step verification protocol:
  1. TLS handshake: Establishes TLS 1.3 with session binding via EKM
  2. Quote retrieval: Fetches TEE attestation quote from the server
  3. Verification: Validates quote against your policy using Intel DCAP
All verification happens automatically. The attestation result is exposed for audit logging or policy enforcement. For detailed protocol specification, see Protocol specification.

Next steps

1

Choose your platform

Select Node.js, Browser/WASM, or Rust based on your application
2

Install Atlas

Follow the installation guide for your platform
3

Try the quickstart

Run a working example from the quickstart guide
4

Configure policies

Learn about policy configuration for production deployments

Build docs developers (and LLMs) love

Get started for freeTalk to us