Trait EnclaveContext 

pub trait EnclaveContext {
    // Required methods
    fn attest(&self, user_data: &[u8]) -> Result<Vec<u8>, SignerError>;
    fn verify_attestation(
        &self,
        attestation: &[u8],
    ) -> Result<bool, SignerError>;

    // Provided methods
    fn seal(&self, plaintext: &[u8]) -> Result<Vec<u8>, SignerError> { ... }
    fn unseal(&self, sealed: &[u8]) -> Result<Zeroizing<Vec<u8>>, SignerError> { ... }
}

Enclave attestation context for remote verification.

Implement this trait to integrate chains-sdk with your enclave’s attestation mechanism (SGX quotes, Nitro attestation documents, TDX reports, etc.).

Example

use chains_sdk::security::EnclaveContext;
use chains_sdk::error::SignerError;

struct NitroEnclave;

impl EnclaveContext for NitroEnclave {
    fn attest(&self, _user_data: &[u8]) -> Result<Vec<u8>, SignerError> {
        // Call /dev/nsm to generate attestation document
        Ok(vec![]) // placeholder
    }
    fn verify_attestation(&self, _doc: &[u8]) -> Result<bool, SignerError> {
        // Verify attestation signature chain
        Ok(true) // placeholder
    }
}

Required Methods

fn attest(&self, user_data: &[u8]) -> Result<Vec<u8>, SignerError>

Generate an attestation document/quote binding to user_data.

For SGX: EREPORT → quote (via QE) For Nitro: NSM attestation document For TDX: TD report → quote

fn verify_attestation(&self, attestation: &[u8]) -> Result<bool, SignerError>

Verify an attestation document/quote.

Returns true if the attestation is valid and trusted.

Provided Methods

fn seal(&self, plaintext: &[u8]) -> Result<Vec<u8>, SignerError>

Seal data for persistent storage within the enclave.

The sealed data can only be unsealed by the same enclave identity. Default implementation: passthrough (no sealing).

fn unseal(&self, sealed: &[u8]) -> Result<Zeroizing<Vec<u8>>, SignerError>

Unseal previously sealed data.

Default implementation: passthrough (no unsealing).

Implementors