TEE Security
Hardware-secured computation with Intel TDX, AMD SEV-SNP, AWS Nitro, and NVIDIA Confidential Computing
Trusted Execution Environments provide hardware-level isolation for sensitive computation. Tenzro integrates with four major TEE platforms for attestation, confidential AI inference, and secure key management.
TEE-secured nodes can prove they are running unmodified code inside genuine hardware enclaves, enabling trustless verification without relying on the operator's honesty.
Key Features
Runtime Detection
detect_tee() automatically identifies available hardware: Intel TDX, AMD SEV-SNP, AWS Nitro, or NVIDIA GPU
Remote Attestation
Cryptographic proofs that code is running inside genuine hardware enclaves. Verify without trusting the operator
Confidential AI
Run inference inside TEEs. Model weights and user prompts never leave the enclave. Ideal for healthcare, legal, financial
Secure Key Management
MPC wallet key shares generated and stored inside TEEs. Keys never exist in plaintext outside hardware
Attestation Registry
On-chain registry of TEE providers with verified attestations. 2x consensus weight for TEE-attested validators
NVIDIA GPU TEE
Confidential computing on Hopper/Blackwell/Ada Lovelace GPUs. NRAS attestation with 24-hour report validity
Supported Platforms
Intel TDX
Trust Domain Extensions on 4th and 5th generation Xeon processors. Memory encryption with per-VM keys ensures complete isolation from the hypervisor and host OS.
Feature flag: intel-tdx
- • Hardware-encrypted memory
- • Per-VM cryptographic keys
- • Remote attestation via Intel SGX DCAP
- • Supports confidential containers
AMD SEV-SNP
Secure Encrypted Virtualization with Secure Nested Paging on AMD EPYC processors. GHCB (Guest-Hypervisor Communication Block) protocol for secure VM communication.
Feature flag: amd-sev-snp
- • Memory encryption at VM level
- • GHCB secure communication
- • AMD PSP attestation reports
- • Integrity protection against hypervisor attacks
AWS Nitro
Isolated compute on Amazon EC2 Nitro Enclaves. No persistent storage, no interactive access, no external networking from within the enclave. Perfect for confidential workloads.
Feature flag: aws-nitro
- • Isolated CPU and memory
- • Cryptographic attestation documents
- • No SSH, no persistent storage
- • Integration with AWS KMS
NVIDIA GPU
Confidential computing on Hopper H100/H200, Blackwell B100/B200, and Ada Lovelace architectures. NVIDIA Remote Attestation Service (NRAS) provides GPU attestation with 24-hour report validity.
Feature flag: nvidia-gpu
- • GPU memory encryption
- • Confidential AI inference
- • NRAS attestation reports
- • 24-hour attestation validity window
Code Examples
Detect and Attest
use tenzro_tee::{detect_tee, TeeProvider};
// Auto-detect available TEE hardware
let provider = detect_tee()?;
println!("TEE: {:?}", provider.platform());
// Generate attestation
let attestation = provider.attest(&report_data)?;
// Verify attestation (can be done on any node)
let valid = provider.verify(&attestation)?;Build with TEE Features
# Build with Intel TDX support
cargo build --features intel-tdx
# Build with NVIDIA GPU support
cargo build --features nvidia-gpu
# Build with all TEE providers
cargo build --features intel-tdx,amd-sev-snp,aws-nitro,nvidia-gpuRegister TEE Provider On-Chain
use tenzro_tee::{TeeRegistry, detect_tee};
// Initialize registry
let registry = TeeRegistry::new();
// Generate attestation
let provider = detect_tee()?;
let attestation = provider.attest(&report_data)?;
// Register on-chain (2x consensus weight for validators)
registry.register(node_id, provider.platform(), attestation)?;
// Check if provider is registered
let is_registered = registry.is_registered(&node_id)?;Confidential AI Inference
use tenzro_tee::detect_tee;
use tenzro_model::InferenceRouter;
// Run inference inside TEE
let tee = detect_tee()?;
// Model weights and prompts never leave hardware enclave
let result = router.route_request_with_tee(
&request,
&tee,
RoutingStrategy::TeeOnly, // Only route to TEE providers
)?;
// Result includes TEE attestation proving execution environment
assert!(result.tee_attestation.is_some());Deploy TEE-Secured Infrastructure
Run validators, AI inference, or key management with hardware attestation. TEE providers earn 2x consensus weight and premium fees for confidential computation.