tenzro-tee
Hardware TEE (Trusted Execution Environment) abstraction layer for the Tenzro Network.
Overview
tenzro-tee provides a unified abstraction layer for multiple hardware TEE vendors, enabling secure computation, key management, and attestation across Intel TDX, AMD SEV-SNP, AWS Nitro Enclaves, and NVIDIA Confidential Computing platforms. The crate supports runtime detection of available TEE hardware and provides a consistent API across all vendors.
Modules
10 modules: attestation, certs, detection, enclave_crypto, error, registry, traits, intel_tdx (feature), amd_sev_snp (feature), aws_nitro (feature), nvidia_gpu (feature)
TEE Provider Abstraction
TeeProvidertrait - Unified interface for all TEE vendorsTeeRegistry- Manages and tracks available TEE providersAttestationVerifier- Verifies TEE attestation reports with X.509 certificate chainsdetect_tee()- Runtime detection of available TEE hardware
Supported Vendors
- Intel TDX -
IntelTdxProviderfor Intel Trust Domain Extensions- Real
/dev/tdx-guestioctl integration - TDREPORT to Quote pipeline
- Intel PCS certificate chain verification
- QE P-256 ECDSA signature verification over
Quote[0..632]against the PCK leaf SPKI
- Real
- AMD SEV-SNP -
AmdSevSnpProviderfor AMD Secure Encrypted Virtualization- Real
/dev/sev-guestioctl integration - SNP_GET_REPORT command
- AMD KDS VCEK certificate fetching and ARK→ASK→VCEK chain verification
- Real
- AWS Nitro -
AwsNitroProviderfor AWS Nitro Enclaves- Real NSM device (
/dev/nsm) integration - CBOR attestation documents
- COSE_Sign1 ES384 (P-384 ECDSA) signature verification per RFC 8152 §4.4 — rebuilds
Sig_structure1and verifies the 96-byte signature against the leaf cert SPKI - AWS Nitro root CA chain validation
- Real NSM device (
- NVIDIA GPU -
NvidiaGpuProviderfor NVIDIA Confidential Computing- Supports Hopper, Blackwell, and Ada Lovelace architectures
- NRAS (NVIDIA Remote Attestation Service) HTTP API integration
- GPU evidence collection and JWT token verification
- SPDM-based measurements
Attestation
- Hardware attestation report generation
- Remote attestation verification
- X.509 certificate chain validation with pinned vendor root CAs (Intel, AMD, AWS, NVIDIA)
- TEE measurement verification
- Validity period and key usage extension validation
- Functions:
verify_certificate_chain(),parse_x509_certificate(),verify_certificate_signature()
Enclave Encryption
- Shared AES-256-GCM encryption module (
enclave_crypto.rs) used by all vendors - Key derivation:
HKDF-SHA256(key_id, vendor_tag)with domain separation - Wire format:
nonce(12) || ciphertext || tag(16) - In production: keys sealed by hardware (MKTME/VMSA/KMS/CC memory)
- In simulation: keys derived from key UUID
Simulation Support
- Runtime detection via
detect_tee()with automatic fallback - Environment variables for simulation:
TENZRO_SIMULATE_TDX,TENZRO_SIMULATE_SEV_SNP,TENZRO_SIMULATE_NITRO,TENZRO_SIMULATE_GPU - Consistent API in both real and simulated modes
Feature Flags
Control which TEE vendors to compile:
intel-tdx- Enable Intel TDX support (requiresreqwest)amd-sev-snp- Enable AMD SEV-SNP support (requiresreqwest)aws-nitro- Enable AWS Nitro supportnvidia-gpu- Enable NVIDIA GPU support (requiresreqwest)intel-tiber- Enable Intel Tiber Trust Authority hosted attestation (impliesintel-tdx)all-tees- Enable all vendors (default)
Usage
Add to Cargo.toml:
[]
= { = "../tenzro-tee", = ["all-tees"] }
Or select specific vendors:
[]
= { = "../tenzro-tee", = ["intel-tdx", "nvidia-gpu"] }
Basic Usage
use ;
use TeeVendor;
// Detect available TEE hardware
let tee_type = detect_tee?;
println!;
// Create a TEE registry
let mut registry = new;
// Register a provider
let provider_id = ;
registry.register_provider?;
// Generate an attestation
let tee_provider = registry.get_provider?;
let attestation = tee_provider.generate_attestation?;
// Verify the attestation
let verifier = new;
let is_valid = verifier.verify?;
Enclave Encryption
use ;
use Uuid;
// Vendor tag binds the derived AES key to a specific TEE family.
// Use the vendor's `enclave_vendor_tag()` helper to obtain this (e.g. `b"intel-tdx"`).
let key_id = new_v4;
let vendor_tag: & = b"intel-tdx";
let plaintext = b"sensitive data";
// Encrypt: nonce(12) || ciphertext || tag(16)
let ciphertext = enclave_encrypt_aes256gcm?;
// Decrypt with the same key_id + vendor_tag
let decrypted = enclave_decrypt_aes256gcm?;
assert_eq!;
Dependencies
tenzro-types- Shared typestenzro-crypto- Cryptographic primitivesx509-cert- X.509 certificate parsingp256,p384,rsa- Public key cryptographyder,spki,signature,ecdsa- Certificate chain verificationaes-gcm- AES-256-GCM encryption (enclave crypto)sha2- HKDF key derivationreqwest- HTTP client for remote attestation services (Intel PCS, AMD KDS, NVIDIA NRAS)libc- System calls for/dev/tdx-guest,/dev/sev-guest,/dev/nsmaccessbase64- Base64 encoding for attestation documentschrono- Certificate validity period checksuuid- Key identifiersdashmap,parking_lot- Concurrent registry management
Test Coverage
80 unit tests + 1 doc test covering:
- Intel TDX attestation generation and verification
- AMD SEV-SNP attestation and certificate chain validation
- AWS Nitro attestation document parsing and signature verification
- NVIDIA GPU attestation and NRAS integration
- X.509 certificate chain verification with pinned root CAs
- Enclave encryption and decryption (all vendors)
- TEE detection and simulation fallback
- Registry management and provider lookup
License
Licensed under either of:
- Apache License, Version 2.0 (LICENSE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT License (http://opensource.org/licenses/MIT)
at your option.