TEE Attestation
Tenzro Platform runs AI inference inside Trusted Execution Environments (TEEs), providing hardware-level security guarantees. TEE attestation proves that code executed in a secure enclave with memory encryption and isolation.
Supported TEE Types
| TEE Type | Hardware | Key Features |
|---|---|---|
| Intel TDX | Intel Xeon (4th Gen+) | Trust Domain Extensions, VM-level isolation, hardware encryption |
| AMD SEV-SNP | AMD EPYC | Secure Encrypted Virtualization, memory integrity protection |
| AWS Nitro | AWS Nitro Enclaves | Isolated compute, cryptographic attestation, no persistent storage |
How TEE Attestation Works
┌────────────────────────────────────────────────────────────────┐
│ Trusted Execution Environment │
│ ┌──────────────────────────────────────────────────────────┐ │
│ │ Secure Enclave │ │
│ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │
│ │ │ AI Model │───▶│ Inference │───▶│ Attestation │ │ │
│ │ │ (Encrypted)│ │ Execution │ │ Generation │ │ │
│ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │
│ │ │ │ │
│ │ Hardware Signing Key ────┘ │ │
│ └──────────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ Signed Attestation Report │
└────────────────────────────────────────────────────────────────┘Attestation Structure
interface EnhancedTEEAttestation {
// TEE type identifier
type: 'intel_tdx' | 'amd_sev_snp' | 'aws_nitro';
// Cryptographic measurement of the enclave
enclaveMeasurement: string;
// Runtime data measurement
runtimeMeasurement?: string;
// Raw attestation report (base64)
rawAttestation: string;
// Hardware certificates
certificates: {
platform: string; // Platform certificate chain
endorsement: string; // Hardware endorsement key
};
// Security metadata
securityVersion: number;
debugMode: boolean;
// Timestamp
timestamp: string;
// Additional fields for specific TEE types
intelTdx?: {
tdReportData: string;
mrEnclave: string;
mrSigner: string;
isvProdId: number;
isvSvn: number;
};
amdSevSnp?: {
reportData: string;
measurement: string;
hostData: string;
guestSvn: number;
policy: number;
};
awsNitro?: {
pcrs: Record<number, string>;
userData: string;
nonce: string;
cabundle: string[];
};
}Getting Attestation
import { TenzroPlatform } from '@tenzro/platform';
const platform = new TenzroPlatform({
apiKey: process.env.TENZRO_API_KEY!,
tenantId: process.env.TENZRO_TENANT_ID!,
});
// Run inference with attestation
const result = await platform.ai.infer({
modelId: 'llama-3.1-70b',
prompt: 'Analyze transaction risk',
attestation: true, // Request TEE attestation
});
// Access attestation
const attestation = result.teeAttestation;
console.log('TEE Type:', attestation?.type);
console.log('Enclave Measurement:', attestation?.enclaveMeasurement);
console.log('Security Version:', attestation?.securityVersion);
console.log('Debug Mode:', attestation?.debugMode);
console.log('Timestamp:', attestation?.timestamp);
// Intel TDX specific
if (attestation?.type === 'intel_tdx' && attestation.intelTdx) {
console.log('MR Enclave:', attestation.intelTdx.mrEnclave);
console.log('MR Signer:', attestation.intelTdx.mrSigner);
}
// AMD SEV-SNP specific
if (attestation?.type === 'amd_sev_snp' && attestation.amdSevSnp) {
console.log('Measurement:', attestation.amdSevSnp.measurement);
console.log('Guest SVN:', attestation.amdSevSnp.guestSvn);
}
// AWS Nitro specific
if (attestation?.type === 'aws_nitro' && attestation.awsNitro) {
console.log('PCRs:', attestation.awsNitro.pcrs);
console.log('User Data:', attestation.awsNitro.userData);
}Verifying Attestation
// Verify attestation
const verification = await platform.ai.verifyAttestation({
attestation: result.teeAttestation!.rawAttestation,
type: result.teeAttestation!.type,
expectedMeasurement: 'abc123...', // Optional: expected enclave measurement
});
console.log('Valid:', verification.valid);
console.log('Enclave Match:', verification.enclaveMatch);
console.log('Certificate Chain Valid:', verification.certificateChainValid);
console.log('Signature Valid:', verification.signatureValid);
console.log('Not Expired:', verification.notExpired);
if (!verification.valid) {
console.log('Errors:', verification.errors);
}React Integration
import {
useTEEAttestation,
useVerifyTEEAttestation,
TEEAttestationViewer,
TEEAttestationBadge,
} from '@tenzro/platform-ui';
function TEEDemo() {
const { attestation, loading, refresh } = useTEEAttestation('llama-3.1-70b');
const { verify, loading: verifying, result } = useVerifyTEEAttestation();
return (
<div>
{/* Compact badge for showing TEE status */}
<TEEAttestationBadge
attestation={attestation}
size="md"
showType={true}
/>
{/* Detailed viewer */}
<TEEAttestationViewer
attestation={attestation}
showRaw={false}
onVerify={async (attest) => {
await verify({
attestation: attest.rawAttestation,
type: attest.type,
});
}}
/>
{/* Verification result */}
{result && (
<div>
<h3>Verification Result</h3>
<p>Valid: {result.valid ? 'Yes' : 'No'}</p>
<p>Certificate Chain: {result.certificateChainValid ? 'Valid' : 'Invalid'}</p>
<p>Signature: {result.signatureValid ? 'Valid' : 'Invalid'}</p>
</div>
)}
</div>
);
}TEE Security Guarantees
Memory Encryption
All data in the TEE is encrypted in memory. Even with physical access to the hardware, attackers cannot read the enclave's memory.
Code Integrity
The enclave measurement (e.g., MR_ENCLAVE for Intel TDX) cryptographically verifies that the correct code is running. Any modification changes the measurement.
Attestation Chain
Attestations are signed by hardware keys rooted in the CPU manufacturer's certificate chain, providing cryptographic proof of execution environment.
Validating Measurements
// Known good measurements for your models
const KNOWN_MEASUREMENTS = {
'llama-3.1-70b': {
intel_tdx: 'abc123...',
amd_sev_snp: 'def456...',
aws_nitro: 'ghi789...',
},
};
// Verify measurement matches expected value
function validateMeasurement(
attestation: EnhancedTEEAttestation,
modelId: string
): boolean {
const expected = KNOWN_MEASUREMENTS[modelId]?.[attestation.type];
if (!expected) return false;
return attestation.enclaveMeasurement === expected;
}
// Use in your application
const result = await platform.ai.infer({ modelId: 'llama-3.1-70b', attestation: true });
if (result.teeAttestation) {
const valid = validateMeasurement(result.teeAttestation, result.modelId);
if (!valid) {
throw new Error('Enclave measurement mismatch - possible tampering');
}
}Security Considerations
- Debug Mode - Always verify
debugMode: falsein production - Security Version - Check
securityVersionis up to date - Certificate Expiry - Ensure certificates haven't expired
- Measurement Pinning - Pin expected measurements for critical operations
- Timestamp Freshness - Verify attestation timestamp is recent
Best Practices
- Always request attestation for sensitive operations
const result = await platform.ai.infer({ attestation: true, ... }); - Verify attestation before trusting results
const verification = await platform.ai.verifyAttestation({ ... }); if (!verification.valid) throw new Error('Invalid attestation'); - Store attestations for audit
await platform.ai.recordInference({ attestation: result.teeAttestation, ... }); - Monitor for security updates - Check
securityVersionregularly
API Reference
| Method | Description |
|---|---|
ai.infer({ attestation: true }) | Run inference with TEE attestation |
ai.verifyAttestation() | Verify an attestation report |
ai.getAttestation(modelId) | Get current attestation for a model |