WHY Remote Attestation?

A Trusted Execution Environment (TEE) is an environment where the code executed and the data accessed are isolated and protected in terms of confidentiality (no one has access to the data except the code running inside the TEE) and integrity (no one can change the code and its behavior). Intel Software Guard Extensions (SGX) and Trusted Domain (TDX) are two different types of Trusted Execution environments. They have an attestation and sealing capability that can be used to remotely provision (deliver) secrets and secure secrets to an enclave.

These trusted execution environment are composed of different enclaves. These enclaves are created without secrets. Secrets can be delivered after the enclave has been instantiated and verified on the platform. Intel provides a remote attestation as a way to prove the integrity of the SGX application execution on the cloud. In other words, it ensures the user that the application is running on an authentic trusted SGX hardware, running the correct code and processing the sensitive data securely.

Use cases:

• Store secret keys for a user's wallet which is used by an Agent.
• Storing and processing of sensitive data, such as financial & health institutes or communication privacy (like Signal)
• In blockchain and cryptocurrency, e.g., keeping the bidding auction safe from tampering as well as not leaking sensitive information which can prevent frontrunning.
• Also, it could potentially help improve consensus protocols (e.g. BFT protocols SplitBFT, Hybster) since trusted hardware might potentially decrease some intermediary steps or nodes that were introduced for security reasons.( You can ask yourself the question do we need relay nodes if builders and proposers are both running in TEEs ? maybe not ?) Check out these OG posts by Flashbots geth inside sgx and block building sgx for more information.

DIFF Between SGX and TDX?

Intel® SGX (Software Guard Extensions)

• Process-level or application-level isolation (enclaves).
• Typically uses frameworks like Gramine (formerly Graphene), SCONE, Occlum, etc. to port standard applications into an enclave. This includes singing a hash of the binary. The developer provides a manifest file which contains the files and dependencies to be mounted into the enclave[1]. The network calls are executed outside the enclave, but the encrypted data is returned and decrypted inside the enclave.

reference: Gramine

Intel® TDX (Trust Domain Extensions)

• VM-level isolation (called Trust Domains, or “TDs”).
• An entire guest OS runs inside a TD, protected from the untrusted hypervisor.
• You usually run unmodified applications inside the protected VM.
• Remote attestation and secret provisioning happen at the VM (TD) boundary.
• Key difference: TDX isolates the entire VM from the host/hypervisor, whereas SGX enclaves isolate a specific process (or portion of a process) from the untrusted OS.