Trusted Execution Environments
A secure enclave is a protected system where data and code are isolated from other processes usually at a hardware level. Also known as Trusted Execution Environments (TEEs), they ensure confidentiality of data and integrity of computation running in them. This property is especially useful in decentralized networks where data and computation might be leaked or manipulated by untrusted hosts in whose machines the data is stored and processed.
In short, a TEE provides the following properties:
- It prevents code from being tampered with during execution by other processes in the system, including the host running the enclave
- It protects data from other processes in the system, including the host running the enclave
- It allows users to "measure" and verify the code that it was provisioned with
Property 1 ensures that the code provided by the user runs as-is which guarantees two very important things - outputs of the execution are correct and that exfiltration of any data from the enclave by modifying the code is impossible. Property 2 ensures nobody can exfiltrate data by simply observing it in memory. This is especially important to establish secure channels to the enclave for communicating with it. Lastly, property 3 allows the user to verify an enclave's "identity" by measuring the code that's being executed, allowing the user to verify that the enclave is not malicious or running unexpected code.
These properties make enclaves viable for verifiably outsourcing computation by guaranteeing integrity of the compute, confidentiality of the data and allowing third parties to verify the above guarantees.
Examples include AWS Nitro Enclaves, Azure Confidential Compute, Intel SGX, AMD SEV, etc.
Related concepts
Apart from enclaves, below are some enclave related concepts used throughout the docs.
Enclave image file (EIF)
A file with .eif extension that contains everything needed to provision an enclave. This includes a Linux operating system, libraries and applications that need to be run inside an enclave.
Platform control registers (PCRs)
PCRs are measurements of an enclave including the code it was provisioned with. These values are unique to a specific EIF.
Remote attestation
The process by which users measure and verify an enclave (see property 3 above). The enclave generates an attestation document that is signed (maybe indirectly, through a root of trust) by the enclave platform and includes PCRs. The user can retrieve this document and verify that the PCRs of the enclave match the PCRs from the EIF. It usually also includes a public key or other key material to help set up secure channels to applications in the enclave.