Security and verification

TEE attestation.

Quote and JWT formats, KDS certificate chains, and the signature verification helpers in attestation.rs.

STATUS: Testnet
CRATE: tenzro-tee
STABILITY: Stable
REFERENCE: attestation.rs

Certificate chains

Shared verify_certificate_chain() with pinned vendor root CAs (Intel, AMD, AWS, NVIDIA). Validity period and key usage extensions are enforced.

Signature verification

verify_ecdsa_p256_raw_pubkey   Intel TDX QE over Quote[0..632]
verify_ecdsa_p384_raw_pubkey   AWS Nitro COSE_Sign1 ES384
extract_ec_point_from_spki     shared SPKI utility

Verify a quote

curl -X POST https://api.tenzro.network/verify/tee-attestation   -H "content-type: application/json"   -d '{"vendor":"intel-tdx","quote":"..."}'

External cross-binding

bind_external_attestation_result binds an externally-verified AttestationResult (e.g. from IntelTiberClient::verify_quote) to a TeeZkProof by enforcing vendor and measurement parity.

TEE→
Security→

← All docs