TEE Attestation
Tenzro provides native support for four Trusted Execution Environment platforms: Intel TDX, AMD SEV-SNP, AWS Nitro Enclaves, and NVIDIA GPU Confidential Computing. TEE providers earn TNZO by offering confidential computation services — key management, private inference, and verifiable computation. Each platform has real hardware integration with proper attestation verification and certificate chain validation.
Supported Platforms
| Platform | Device | Attestation | Key Sealing |
|---|---|---|---|
| Intel TDX | /dev/tdx-guest | TDREPORT to Quote pipeline, Intel PCS certificate chain | MKTME hardware key |
| AMD SEV-SNP | /dev/sev-guest | SNP_GET_REPORT, AMD KDS VCEK certificate | VMSA hardware key |
| AWS Nitro | /dev/nsm | CBOR attestation documents, P-384 ECDSA signature | KMS integration |
| NVIDIA GPU CC | NRAS HTTP API | GPU evidence collection, JWT token verification | CC memory protection |
Runtime Detection
Tenzro automatically detects the available TEE platform at startup via detect_tee(). If no hardware TEE is available, it falls back to simulation mode (controlled by environment variables) for development:
use tenzro_tee::{detect_tee, TeeProvider};
// Auto-detect available TEE platform
let provider = detect_tee().await?;
match provider.platform() {
TeePlatform::IntelTdx => println!("Running in Intel TDX"),
TeePlatform::AmdSevSnp => println!("Running in AMD SEV-SNP"),
TeePlatform::AwsNitro => println!("Running in AWS Nitro Enclave"),
TeePlatform::NvidiaGpu => println!("Running with NVIDIA GPU CC"),
TeePlatform::Simulated => println!("Simulation mode"),
}
// Simulation env vars for development:
// TENZRO_SIMULATE_TDX=1
// TENZRO_SIMULATE_SEV=1
// TENZRO_SIMULATE_NITRO=1
// TENZRO_SIMULATE_GPU=1Generate Attestation
// Generate an attestation report with user data
let report_data = b"my-custom-nonce-or-challenge";
let attestation = provider.generate_attestation(report_data).await?;
println!("Platform: {:?}", attestation.platform);
println!("Quote size: {} bytes", attestation.quote.len());
println!("Timestamp: {}", attestation.timestamp);
// The attestation contains:
// - Hardware-signed quote proving enclave identity
// - Measurement of the running code (MRTD/MRENCLAVE equivalent)
// - User-supplied report data (for challenge-response protocols)
// - Certificate chain back to the vendor root CAVerify Attestation
# Verify a TEE attestation via the Web API
curl -X POST https://api.tenzro.network/api/verify/tee-attestation \
-H "Content-Type: application/json" \
-d '{
"attestation": "<base64-encoded-attestation>",
"expected_report_data": "<base64-expected-nonce>",
"platform": "intel-tdx"
}'
# Response:
# {
# "valid": true,
# "platform": "intel-tdx",
# "measurement": "0xabcdef...",
# "report_data_matches": true,
# "certificate_chain_valid": true,
# "timestamp": "2026-04-12T10:30:00Z"
# }Certificate Chain Verification
Each TEE platform has a vendor-specific certificate chain that roots back to a pinned CA. The shared verify_certificate_chain() function validates:
Intel TDX
Intel PCS root CA → Platform CA → Provisioning Certificate → Quote signature. Certificates fetched from Intel Provisioning Certification Service.
AMD SEV-SNP
AMD Root Key (ARK) → AMD SEV Key (ASK) → VCEK (Versioned Chip Endorsement Key). VCEK certificate fetched from AMD Key Distribution Service.
AWS Nitro
AWS Nitro Root CA → Intermediate CA → Enclave Certificate. P-384 ECDSA signatures. CBOR-encoded attestation documents.
NVIDIA GPU CC
NVIDIA attestation service (NRAS) API. JWT token verification with SPDM-based measurements. Report max age: 24 hours.
Seal and Unseal Data
TEE enclaves can seal data so it can only be decrypted inside the same enclave. This is used for key storage, model weights protection, and confidential computation results. The sealing uses AES-256-GCM with keys derived via HKDF-SHA256(key_id, vendor_tag) with domain separation per TEE vendor.
use tenzro_tee::enclave_crypto::{seal, unseal};
// Seal data inside the TEE enclave
let plaintext = b"sensitive-key-material";
let key_id = "wallet-share-1";
let sealed = seal(plaintext, key_id, &provider).await?;
// Sealed format: nonce(12) || ciphertext || tag(16)
println!("Sealed size: {} bytes", sealed.len());
// Unseal (only works inside the same enclave)
let decrypted = unseal(&sealed, key_id, &provider).await?;
assert_eq!(decrypted, plaintext);
// In production: keys derived from hardware (MKTME/VMSA/KMS/CC memory)
// In simulation: keys derived from key UUID (deterministic)TEE Validators
Validators running in TEE enclaves receive 2x weight in consensus leader selection. This incentivizes hardware-secured validation:
# Register as a TEE-attested validator
tenzro-cli stake deposit --amount 10000 --role validator
# The node automatically detects TEE hardware and includes
# attestation in the validator registration. TEE-attested
# validators get 2x weight in HotStuff-2 leader selection.
# Check provider status (shows TEE platform)
tenzro-cli provider statusMCP Tools
TEE attestation is available through the MCP server at https://mcp.tenzro.network/mcp:
| Tool | Description |
|---|---|
verify_zk_proof | Verify Groth16, PlonK, or STARK proof with public inputs |
register_provider | Register as a TeeProvider with attestation |
get_provider_stats | Query provider stats including TEE platform info |