📖
Dev Documents
  • README
  • Basic Concepts
    • TEA Developer Prerequisites
    • The TEA Economic Revolution for Developers
    • The Future of Layer-2s
    • What Makes a Web3 App?
    • Magic of the State Machine
  • Step by Step Tutorial
    • Install Dev Environment
    • Hello World
      • Step 1: Build sample-actor and Run Unit Test
      • Step 2: Start the Local Dev Environment
      • Sample Actor Code Walkthrough
      • Sample Front-end Code Walkthrough
      • 025_understand_request_and_response
    • Deploy Hello World on Testnet
    • Add Login Feature
      • Sample-actor Code Walkthrough - Login Branch
        • tea_sdk_utils
      • Sample Front-end Walkthrough - Login Branch
    • SQL
      • Sample Txn Executor
      • Sample Actor
      • Sample Front-end
    • Reward Fund Transfer
      • Sample Txn Executor
    • Retweet Task
      • Retweet Frontend
      • Retweet Sample Actor
      • Retweet Txn Executor
      • Retweet FAQ
    • Gas Fees
      • Query logs
      • A deep dive into gas measurement and settlement
    • Summary
  • Billing
    • Billing FAQ
    • Gas Fee Billing
    • Gas & Fuse Limits
    • Local Debugging Environment
    • State Maintainer Billing
    • TApp Billing
  • Example TApps
  • Advanced TApps
    • TEA Party TApp Intro
    • TEA Party Code Walkthrough
  • Functions
    • Actors vs Functions
    • Function Calls Between Native & Wasm
    • Native vs Wasm Functions
  • Glossary
    • Actor
    • Adapter
    • App AES Key
    • AuthKey
    • back_end_actor
    • Birth Control
    • Blockchain Listener
    • Capability
    • CML Auctions
    • Commands
    • Consensus
    • Context
    • Conveyor
    • Conveyor: Mutable vs Immutable
    • enclave
    • Followup
    • Front-end
    • GlueSQL
    • GPS
    • Hosting Actor Handlers
    • Hosting CML
    • hosting_profitability
    • Magic of WASM
    • mini-runtime
    • OrbitDb
    • Order of Txns
    • party-actor
    • party-fe
    • Party-state-actor
    • Providers
    • Public Service
    • queries
    • Remote Attestation
    • Staking to Hosting CML
    • Staking to TApp
    • State
    • State Machine
    • State Machine Actor
    • State Machine Replica
    • TEA ID
    • TPM
    • Transactions
    • VMH - Virtual Messaging Hub
    • Where Messages are Stored
Powered by GitBook
On this page
  • Enclave
  • The rule of data transfer in and out
  • The key of an enclave
  • There's no network or file system inside an enclave
  • Communication between enclave and parent instance
  • Remote Attestation
  • Only verified enclaves can join the TEA network
  1. Glossary

enclave

PreviousConveyor: Mutable vs ImmutableNextFollowup

Last updated 2 years ago

Enclave

In the TEA Project, we use hardware TPM to verify a special area called an enclave is trusted. The enclave is a special area inside of a mining node. The area outisde of the enclave is called the parent instance of the enclave.

A parent instance is a regular area that the OS or the miner (human) can access. But the enclave is a special area that the OS and human miners cannot access.

That is to say, anything that's running inside the enclave is unknown to the outside world. It can be compared to the physical concept of a "blackhole horizon". However, an enclave is not a blackhole as the computing result can be sent back to the outside world.

The rule of data transfer in and out

If a data (or code) is supposed to be secret when it's tranferring out from the enclave, it will be encrypted. After encryption, it can be transferred to other nodes or stored to any storage. But when it's loaded into the enclave again, it will be decrypted.

The key of an enclave

The encryption key is the TPM's hardware key. This key will never be exposed to outside world (see the TPM security documents).

Besides the main key generated by the TPM hardware, there are derived keys that will be used for multiple purpose. All of them will stay inside the enclave's memory at all times. If they have to leave the enclave, they'll be encrypted using a higher level key with the very top level key being the hardware TPM key.

There's no network or file system inside an enclave

Inside of an enclave, a special stripped version of NixOS (a distribution of the linux operating system) is used. In order to reduce the attack surface, only a few core features are compiled into this special version of the NixOS. Some popular features are forbidden; for example, a file system or networking will not exist inside the enclave.

Communication between enclave and parent instance

Since there's no file system or network inside the enclave, an actor's only channel to contact the outside world would be through the (Virtual Messaging Hub). The VMH API is wrapped inside providers. If an actor has a , the code in this actor can call the provider's API to send messages to the VMH. The outside components will receive such messages asynchronously.

Remote Attestation

The TPM genreates the PCR hash array against the enclave. When a verifier is assgiend to remote attest a testee, the testee will send the PCR data signed by the TPM. The verifier first verifies the TPM signature and then verifies the PCR value against the testee's publicly revealed information. If they match, the verifier signs a "true" result to layer one. If not, the verifier signs a "false" result to layer one.

Layer one (blockchain) runs basic BFT to consider whether a testee passes or fails remote attestation or not.

The content of the PCR hash includes all hardware and software fingerprints in the enclave. Any changes to the enclave may cause remote attestation failure.

Only verified enclaves can join the TEA network

Every enclave will have a . This TEAID has an entry in our layer one that stores the verification status. When an enclave wants to contact another enclave, they'll first check their TEAID verification status. If the status is not "verified", the connection will not be estabilished.

vmh
capability
tea_id