Core Concepts
This guide explains the fundamental concepts behind TERE and confidential computing. Understanding these concepts will help you build secure applications effectively.
Trusted Execution Environments (TEEs)
A Trusted Execution Environment (TEE) is a secure area within a processor that guarantees code and data loaded inside to be protected with respect to confidentiality and integrity.
Key Properties of TEEs
TEEs provide hardware-level isolation from the rest of the system, including the operating system, hypervisor, and other applications.
Data and code inside the TEE are protected from unauthorized access, even by privileged software like the OS or hypervisor.
The system can detect if the code or data has been tampered with, ensuring that the TEE is running the expected code.
TEEs can provide cryptographic proof of their identity and the code running inside them to remote parties.
TEE Technologies
TERE supports multiple TEE technologies:
AMD SEV & SEV-SNP
AMD Secure Encrypted Virtualization provides memory encryption for VMs with unique keys. SEV-SNP adds integrity protection to prevent memory replay attacks.
Intel TDX
Intel Trust Domain Extensions provide hardware-isolated virtual machines with memory encryption and integrity protection similar to AMD SEV-SNP.
Attestation
Attestation is the process of cryptographically verifying that a TEE is genuine and running the expected code. It's a crucial component of the trust model in confidential computing.
How Attestation Works
Measurement Generation
During startup, the TEE computes cryptographic measurements (hashes) of its initial state, including the code being loaded, configuration, and security parameters.
Attestation Report Creation
When attestation is requested, the TEE creates a signed report containing these measurements, along with other security-relevant information, such as the TEE type and security version.
Verification
A verifier (typically the client) checks the signature on the report and validates that the measurements match the expected values for the authorized code.
Trust Establishment
If verification is successful, the verifier can be confident that the TEE is genuine and running the expected code in a secure environment.
For more detailed information about attestation, see the Attestation Guide.
TERE Architecture
TERE provides a complete framework for confidential computing with several key components:
Runtime Engine
A secure WebAssembly (WASM) runtime that executes your code within a hardware-protected TEE. The runtime provides:
- Memory isolation and protection
- Secure function execution
- Resource management and limitations
- Error handling and recovery
Attestation System
Generates and verifies attestation reports to provide cryptographic proof of the runtime's authenticity and integrity. This system handles:
- Remote attestation protocols
- Integration with hardware TEE attestation mechanisms
- Verification of security properties
- Freshness guarantees (via nonces)
State Management
Provides secure storage for maintaining state between executions with:
- Encrypted persistent storage
- Access control mechanisms
- Key management
- Transaction support
Service Layer
Provides the APIs and services for interacting with TERE, including:
- SDK for application development
- CLI for deployment and management
- Management APIs for operations
- Integration with cloud providers
Security Model
TERE's security model is based on the following principles:
Hardware Root of Trust
TERE relies on hardware-based security mechanisms provided by modern CPUs to establish a root of trust that cannot be compromised by software attacks.
Defense in Depth
TERE implements multiple layers of security to protect your code and data, including memory encryption, integrity verification, and access controls.
Cryptographic Verification
All security guarantees are backed by cryptographic proofs that can be verified by clients to establish trust in the execution environment.
Minimal Trusted Computing Base (TCB)
TERE minimizes the amount of code that needs to be trusted by keeping the TCB small and focused on security-critical functions.
Threat Model
TERE's threat model considers the following potential attackers:
Malicious Infrastructure Provider
The cloud provider or infrastructure owner might attempt to access sensitive data or tamper with the execution. TERE protects against this through hardware-backed isolation and encryption.
Compromised Operating System or Hypervisor
Even if the OS or hypervisor is compromised, TERE's use of hardware TEEs ensures that the confidentiality and integrity of your application remains protected.
Network Attackers
Attackers might attempt to intercept or modify communications between clients and the TEE. TERE uses secure channels and cryptographic verification to mitigate these risks.
Side-Channel Attacks
Sophisticated attackers might use side-channel attacks to extract information. TERE implements various mitigations based on the specific TEE technology being used.
It's important to note that while TERE provides strong security guarantees, it does not protect against vulnerabilities in your application code itself. Always follow secure coding practices.
Key TERE Components
TERE SDK
The TERE SDK provides the libraries and tools for developing applications that run in TEEs. It includes APIs for:
- Cryptographic operations (encryption, hashing, signing)
- State management (secure storage)
- Remote attestation verification
- Deployment and management of TEE instances
For detailed API documentation, see the API Reference.
TERE Runtime
The TERE Runtime is the environment where your application executes in the TEE. It provides:
- A WebAssembly (WASM) execution environment for your code
- Secure access to the TERE APIs
- Memory management and protection
- Resource isolation and limiting
For more information about the runtime, see the Runtime Guide.
TERE CLI
The TERE CLI provides command-line tools for managing TERE applications. It allows you to:
- Initialize, build, and package TERE applications
- Deploy applications to local or cloud TEEs
- Execute functions in deployed applications
- Manage deployed applications and TEE instances