Trusted Execution Environment

Cover Image for Trusted Execution Environment

What is a Trusted Execution Environment (TEE) ??? 🔐

TEE also called enclave is a secure area inside the main processor, it runs parallel to the operating system in an isolated environment. It guarantees that code and data are loaded in the TEE are protected with respect to confidentiality and integrity. A hardware-based TEE uses hardware-backed techniques to provide increased security guarantees for the execution of code and protection of data within that environment

One would ask why TEE'S, why is hardware necessary for confidential computing??, let me quote what i have written down after research 😃

To provide security though the lowest layers of hardware, with a minimum of dependencies, ie., the list of required trusted parties are reduced thereby reducing exposure to potential compromise. — Unknown January 2022

Properties of a TEE

🔍 Data confidentiality - Unauthorized entities cannot view data while it is in use within the TEE.

🔏 Data integrity - Unauthorized entities cannot add, remove, or alter data while it is in use within the TEE.

🔑 Code integrity - Unauthorized entities cannot add, remove, or alter code executing in the TEE.

Together, these attributes provide not only an assurance that the data is kept confidential, but also that the computations performed are actually the correct computations, allowing one to trust the results of the computation as well.

Depending on the particulars of a specific TEE, it may also provide:

  • Code Confidentiality: In addition to protecting data, some TEEs may protect code while in use from being viewed by unauthorized entities. For example, this can protect an algorithm that is considered to be sensitive intellectual property.

  • Authenticated Launch: Some TEEs may enforce authorization or authentication checks prior to launching a requested process and may refuse to launch a process that is not authorized or authenticated.

  • Programmability: Some TEEs may be programmed with arbitrary code, while some may only support a limited set of operations. A TEE might even include or be composed entirely of code fixed at the time of manufacture.

  • Attestability: Often, a TEE can provide evidence or measurements of its origin and current state, so that the evidence can be verified by another party and programmatically or manually it can decide whether to trust code running in the TEE. It is typically important that such evidence is signed by hardware that can be vouched for by a manufacturer, so that the party checking the evidence has strong assurances that it was not generated by malware or other unauthorized parties.

  • Recoverability: Some TEEs may provide a mechanism for recovery from a non-compliant or potentially compromised state

The different types of TEEs


There are currently two leading models of TEEs:

Process-based TEE's: current implementations include Intel's SGX (Software Guard eXtensions). Intel SGX is an extension to intel processor that provides record level, secure hardware enabled execution environment for program and data to ensure its confidentiality and integrity in both local and remote confidentiality.

VM-based TEE's: current implementations include AMD's SEV (Secure Encrypted Virtualization). SEV is an extension to the AMD-V architecture which supports running virtual machines (VMs) under the control of a hypervisor. When enabled, the memory contents of a VM will be transparently encrypted with a key unique to that VM.