Tenzro Testnet is live. Get testnet TNZO

Trusted Execution Environments (TEE)

Tenzro leverages Trusted Execution Environments (TEEs) to provide hardware-based security, confidential computing, and cryptographic attestation for validators, AI model providers, and key management.

Supported TEE Providers

Intel TDX (Trust Domain Extensions)

Intel's confidential computing technology for isolating VMs with hardware-enforced memory encryption.

Feature flag: intel-tdx

AMD SEV-SNP (Secure Encrypted Virtualization)

AMD's memory encryption and integrity protection for confidential VMs.

Feature flag: amd-sev-snp

AWS Nitro Enclaves

Amazon's isolated compute environments with cryptographic attestation.

Feature flag: aws-nitro

NVIDIA GPU Confidential Computing

NVIDIA Hopper/Blackwell/Ada Lovelace GPU architectures with Confidential Computing support and NRAS attestation.

Feature flag: nvidia-gpu

TEE Detection

Tenzro automatically detects available TEE hardware at runtime:

use tenzro_tee::{detect_tee, TeeType}; // Detect TEE at startup let tee = detect_tee().await?; match tee { TeeType::IntelTdx => println!("Running in Intel TDX"), TeeType::AmdSevSnp => println!("Running in AMD SEV-SNP"), TeeType::AwsNitro => println!("Running in AWS Nitro Enclave"), TeeType::NvidiaGpu => println!("NVIDIA GPU with Confidential Computing"), TeeType::None => println!("No TEE detected"), }

Attestation

TEE attestation provides cryptographic proof that code is running in a genuine TEE with expected measurements:

Generate Attestation

use tenzro_tee::{IntelTdxProvider, TeeProvider}; let provider = IntelTdxProvider::new()?; let attestation = provider.generate_attestation(&nonce).await?; // Attestation contains: // - TEE type (IntelTdx, AmdSevSnp, etc.) // - Quote (signed measurement) // - Certificate chain // - Timestamp // - Custom data (nonce, public key, etc.)

Verify Attestation

use tenzro_tee::AttestationVerifier; let verifier = AttestationVerifier::new(); let result = verifier.verify(&attestation).await?; if result.is_valid { println!("✓ Attestation valid"); println!(" TEE: {:?}", result.tee_type); println!(" Hardware verified: {}", result.hardware_verified); println!(" Measurements match: {}", result.measurements_valid); } else { println!("✗ Attestation invalid: {}", result.error); }

Use Cases

1. TEE-Attested Validators

Validators running in TEEs receive 2x weight in leader selection:

// Register as TEE-attested validator let attestation = tee_provider.generate_attestation(&validator_pubkey).await?; // Submit attestation to network consensus.register_validator( validator_address, stake_amount, Some(attestation), // TEE attestation ).await?; // Result: 2x weight in leader selection lottery

2. Confidential AI Inference

Run AI models in TEEs to protect model weights and user inputs:

// Load model inside TEE let model = load_model_in_tee("llama-3-70b").await?; // Generate attestation proving model is running in TEE let attestation = tee_provider.generate_attestation( &model_hash ).await?; // Publish attestation to network model_registry.register_provider( model_id, provider_address, attestation, ).await?; // Users can verify model runs in genuine TEE before sending queries

3. MPC Key Management

Store MPC key shares in TEE-protected enclaves:

// Generate MPC shares inside TEE let shares = tee_provider.generate_mpc_shares( threshold: 2, total: 3, ).await?; // Key shares never leave TEE memory // Signing happens inside TEE let partial_sig = tee_provider.sign_with_share( &share_id, &message_hash, ).await?; // Attestation proves signing happened in TEE let attestation = tee_provider.generate_attestation( &signing_event_id ).await?;

4. Hybrid ZK-in-TEE

Combine ZK proofs with TEE attestation for maximum verifiability:

// Generate ZK proof inside TEE let proof = tee_provider.generate_zk_proof_in_tee( circuit, witness, ).await?; // TEE attestation proves proof generation was correct let attestation = tee_provider.generate_attestation( &proof_hash ).await?; // Verifier checks both: // 1. ZK proof is cryptographically valid // 2. TEE attestation confirms proof was generated correctly let valid = verify_zk_proof(&proof)? && verify_tee_attestation(&attestation)?;

NVIDIA GPU Confidential Computing

NVIDIA Hopper (H100), Blackwell (B100/B200), and Ada Lovelace (L40S) GPUs support Confidential Computing with hardware-based memory encryption and attestation.

GPU TEE Features

  • Memory Encryption — GPU memory encrypted at rest and in-use
  • NRAS Attestation — NVIDIA Remote Attestation Service for cryptographic proof
  • GPU Isolation — Compute workloads isolated from host and other VMs
  • AI Workloads — Run LLMs and other AI models with input/output confidentiality
// NVIDIA GPU attestation let gpu_provider = NvidiaGpuProvider::new()?; // Generate NRAS attestation let attestation = gpu_provider.generate_attestation(&nonce).await?; // Attestation includes: { "tee_type": "NvidiaGpu", "gpu_model": "H100", "driver_version": "550.54.15", "nras_report": "0xabc123...", "certificate_chain": [...], "timestamp": "2026-03-20T12:30:45Z" } // Report max age: 24 hours // Expired reports rejected during verification

Enclave Encryption

All four TEE providers use AES-256-GCM for enclave data encryption with vendor-specific key derivation:

Shared Enclave Crypto Module

The enclave_crypto module provides unified encryption across all TEE providers:

use tenzro_tee::enclave_crypto::{encrypt, decrypt}; // Encrypt data inside TEE enclave let plaintext = b"MPC key share for wallet"; let key_id = "wallet-share-1"; let ciphertext = encrypt(key_id, plaintext)?; // Wire format: nonce(12 bytes) || ciphertext || tag(16 bytes) // Decrypt data let recovered = decrypt(key_id, &ciphertext)?; assert_eq!(plaintext, recovered.as_slice());

Key Derivation

Keys are derived using HKDF-SHA256 with vendor-specific domain separation:

// Vendor-specific tags for domain separation Intel TDX: "tenzro-tdx-enclave-key-v1" AMD SEV-SNP: "tenzro-sev-snp-enclave-key-v1" AWS Nitro: "tenzro-nitro-enclave-key-v1" NVIDIA GPU: "tenzro-nvidia-gpu-enclave-key-v1" // Key derivation derived_key = HKDF-SHA256( ikm: hardware_root_key, salt: key_id, info: vendor_tag )

Production vs Simulation

ProviderProduction Key SourceSimulation Key Source
Intel TDXMKTME (Multi-Key Total Memory Encryption)UUID-derived key
AMD SEV-SNPVMSA (VM Saved Area) sealed keyUUID-derived key
AWS NitroAWS KMS with PCRsUUID-derived key
NVIDIA GPUConfidential Computing memory encryptionUUID-derived key

In production, keys are sealed by hardware and never exposed to the host. In simulation mode (for development and testing), keys are derived from the key UUID using HKDF-SHA256.

TEE Implementation Status

PRODUCTION

Enclave Encryption (AES-256-GCM)

Real cryptographic operations with vendor-specific HKDF key derivation. Used by all 4 TEE providers.

PRODUCTION

Hardware Detection

Real detection of TEE hardware via /dev/tdx-guest, /dev/sev-guest, /dev/nsm, nvidia-smi, and TPM devices.

SIMULATED

Attestation Generation & Verification

TEE attestation uses simulation mode with env vars (TENZRO_SIMULATE_TDX, etc.) when real hardware is unavailable. Certificate chain verification against vendor PKI (Intel PCS, AMD KDS, AWS Nitro CA, NVIDIA NRAS) awaits hardware integration.

TEE Registry

The TeeRegistry tracks all TEE-attested entities in the network:

// Register TEE provider registry.register_provider( provider_id, TeeType::IntelTdx, attestation, ).await?; // Query providers by TEE type let tdx_providers = registry .get_providers_by_type(TeeType::IntelTdx) .await?; // Verify active attestation let is_valid = registry .verify_provider_attestation(provider_id) .await?;

Verification API

TEE attestations can be verified via the Web Verification API:

# Verify TEE attestation curl -X POST http://localhost:8080/api/verify/tee-attestation \ -H "Content-Type: application/json" \ -d '{ "attestation": "0xdef456...", "provider": "IntelTdx" }' # Response { "valid": true, "provider": "IntelTdx", "hardware_verified": true, "measurements_valid": true, "certificate_chain_valid": true }

CLI Commands

Detect TEE Hardware

# Via desktop app tenzro-desktop: Provider → Detect TEE Hardware # Output: # TEE Type: Intel TDX # Version: 1.5 # Ready: true

Register TEE Provider

tenzro-cli provider register \ --type tee \ --tee-type intel-tdx \ --generate-attestation
← ConsensusNext: ZK Proofs →