Remote Attestation Enables Verifiable Compute
TEEs are designed to guarantee the confidentiality and integrity of the software running inside them by prohibiting access from the host operating system or even the physical owner. When implemented correctly, the hardware ensures the correctness and confidentiality of the program running inside.
The TEE convinces users that their application is indeed running within a genuine TEE by a protocol called Remote Attestation. It ensures:
- The hardware is a genuine TEE
- The software deployed to the TEE is unmodified
- It’s possible to establish a secure communication channel between the user and the software
With Remote Attestation, complex computing tasks can be offloaded to TEE but verified onchain.
Workflow of Remote Attestation
Attestation is implemented by signing a message with the measurement of the program and the environment, by a special key only known to the hardware. The attestation is verified when the signature of the message is cryptographically verified.
The attestation protocols vary by different processor vendors. Intel SGX, the most popular TEE, uses DCAP as its remote attestation protocol.
Report Generation
- When a user sends a remote attestation request to Intel SGX, a report is generated inside the enclave measuring the hash of the program and the hardware information.
- The report is then signed by the TEE with the attestation private key.
- The report is then sent to the verifier to check.
Collateral Preparation
- Before verifying the report, the verifier needs to fetch the verification collateral (the information needed to verify the report) from Intel.
- The collateral includes the public key to verify the report, as well as other information such as the hardware version and whether the TEE is up-to-date.
- The collateral is signed by Intel. The signature is verified to ensure the integrity of the collateral.
Verification
- The verifier then matches the report with the verification collateral to determine whether the report is valid, and if the hardware is bug-free.