TEE Integration
ZeroQuant supports hardware-based security through Trusted Execution Environments (TEEs). TEE attestation enables agents to receive elevated permissions with higher spending limits.
Overview
TEE integration provides:
- Hardware Attestation: Verify agent code runs in a secure enclave
- Elevated Limits: 3x higher spending limits for TEE-verified agents
- Trusted Measurements: On-chain registry of approved code hashes
- Session Upgrades: Seamlessly upgrade sessions with TEE verification
- Multi-Platform Support: AMD SEV-SNP and Intel TDX
Supported Platforms
| Platform | Status | Description |
|---|---|---|
| AMD SEV-SNP | Supported | Secure Encrypted Virtualization - Secure Nested Paging |
| Intel TDX | Supported | Trust Domain Extensions |
Future Platform Support
ARM TrustZone support is planned for a future release.
Quick Start
TypeScript
import {
createAMDSEVClient,
createIntelTDXClient,
TEEPlatform
} from '@zeroquant/sdk';
// AMD SEV-SNP
const sevClient = createAMDSEVClient({
provider,
signer: wallet,
verifierAddress: '0xYourAMDSEVVerifier',
permissionManagerAddress: '0xYourTEEPermissionManager',
});
// Intel TDX
const tdxClient = createIntelTDXClient({
provider,
signer: wallet,
verifierAddress: '0xYourIntelTDXVerifier',
permissionManagerAddress: '0xYourTEEPermissionManager',
});
const agentAddress = await wallet.getAddress();
// Check attestation status
const hasAttestation = await sevClient.hasValidAttestation(agentAddress);
if (!hasAttestation) {
// Create report data that binds attestation to agent address
const reportData = sevClient.createReportData(agentAddress);
// Obtain attestation report from TEE hardware
// This is done inside the enclave using AMD's guest driver:
// - Read from /dev/sev-guest with SNP_GET_REPORT ioctl
// - Or use AMD's sev-tool: `sev-tool --export_report`
// The report is returned as raw bytes (typically 1184 bytes)
const attestationReport = await getAttestationFromEnclave(reportData);
// Submit to on-chain verifier
const result = await sevClient.submitAttestation(attestationReport, reportData);
console.log('Attestation ID:', result.attestationId);
}
// Upgrade session for elevated limits
await sevClient.upgradeSessionWithTEE(agentAddress);
// Check new limits
const limits = await sevClient.getEffectiveLimits(agentAddress);
console.log('Daily Limit:', limits.dailyLimit); // 3x normal
console.log('Using TEE:', limits.usingTEELimits);
Python
import asyncio
from web3 import AsyncWeb3, AsyncHTTPProvider
from zeroquant import AMDSEVClient, IntelTDXClient, TEEPlatform
async def main():
# Initialize async Web3
w3 = AsyncWeb3(AsyncHTTPProvider('https://your-rpc-url'))
# AMD SEV-SNP Client
sev_client = AMDSEVClient(
w3=w3,
verifier_address='0xYourAMDSEVVerifier',
permission_manager_address='0xYourTEEPermissionManager',
account='0xYourAgentAddress',
)
# Intel TDX Client
tdx_client = IntelTDXClient(
w3=w3,
verifier_address='0xYourIntelTDXVerifier',
permission_manager_address='0xYourTEEPermissionManager',
account='0xYourAgentAddress',
)
agent_address = '0xYourAgentAddress'
# Check attestation
has_attestation = await sev_client.has_valid_attestation(agent_address)
if not has_attestation:
# Create report data binding
report_data = sev_client.create_report_data(agent_address)
# Obtain attestation from TEE hardware (inside enclave)
# Use AMD's guest driver: /dev/sev-guest with SNP_GET_REPORT
attestation_report = await get_attestation_from_enclave(report_data)
# Submit attestation
result = await sev_client.submit_attestation(attestation_report, report_data)
print(f"Attestation ID: {result.attestation_id}")
# Get elevated limits
limits = await sev_client.get_effective_limits(agent_address)
print(f"Daily Limit: {limits.daily_limit}")
print(f"Using TEE: {limits.using_tee_limits}")
# Run the async function
asyncio.run(main())
AMD SEV-SNP
AMD SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging) provides:
- Memory Encryption: VM memory is encrypted with unique keys
- Integrity Protection: Hardware prevents tampering with encrypted pages
- Attestation: Cryptographic proof of VM state and code integrity
- Isolation: Protection from hypervisor and other VMs
Attestation Report Structure
interface AMDSEVReport {
version: number;
guestSvn: number;
policy: bigint;
familyId: Uint8Array; // 16 bytes
imageId: Uint8Array; // 16 bytes
vmpl: number;
signatureAlgo: number;
currentTcb: TCBVersion;
platformInfo: bigint;
authorKeyEn: number;
measurement: Uint8Array; // 48 bytes - code hash
hostData: Uint8Array; // 32 bytes
idKeyDigest: Uint8Array; // 48 bytes
authorKeyDigest: Uint8Array; // 48 bytes
reportId: Uint8Array; // 32 bytes
reportIdMa: Uint8Array; // 32 bytes
reportedTcb: TCBVersion;
chipId: Uint8Array; // 64 bytes
committedTcb: TCBVersion;
currentBuild: number;
committedBuild: number;
launchTcb: TCBVersion;
signature: Uint8Array; // 512 bytes
}
Intel TDX
Intel TDX (Trust Domain Extensions) provides:
- Trust Domains: Hardware-isolated VMs with encrypted memory
- TD Quotes: Cryptographic proofs of TD state signed by Intel's QE
- Remote Attestation: Third-party verification via Intel's attestation service
- Flexible Measurements: Multiple RTMRs for runtime configuration
Quote Structure (v4)
interface TDXQuote {
version: number; // Quote version (4 for TDX)
attestationKeyType: number; // Type of attestation key
teeType: number; // 0x81 for TDX
qeSvn: number; // QE security version
pceSvn: number; // PCE security version
qeVendorId: Uint8Array; // 16 bytes
userData: Uint8Array; // 20 bytes
tdReport: TDReport; // TD Report structure
signature: Uint8Array; // ECDSA signature
}
interface TDReport {
reportMacStruct: Uint8Array; // 256 bytes
teeTcbInfo: TDXTCBInfo; // TEE TCB information
reportData: Uint8Array; // 64 bytes - user data
tdInfo: TDInfo; // TD configuration
}
interface TDInfo {
attributes: Uint8Array; // 8 bytes
xfam: Uint8Array; // 8 bytes
mrtd: Uint8Array; // 48 bytes - TD measurement
mrconfigid: Uint8Array; // 48 bytes
mrowner: Uint8Array; // 48 bytes
mrownerconfig: Uint8Array; // 48 bytes
rtmr0: Uint8Array; // 48 bytes - runtime measurement 0
rtmr1: Uint8Array; // 48 bytes - runtime measurement 1
rtmr2: Uint8Array; // 48 bytes - runtime measurement 2
rtmr3: Uint8Array; // 48 bytes - runtime measurement 3
}
Using Intel TDX
import { createIntelTDXClient, TEEPlatform } from '@zeroquant/sdk';
const tdxClient = createIntelTDXClient({
provider,
signer: wallet,
verifierAddress: '0xYourIntelTDXVerifier',
permissionManagerAddress: '0xYourTEEPermissionManager',
});
// Check if quote is valid TDX format
const isTDX = tdxClient.isTDXQuote(quoteHex);
console.log('Is TDX Quote:', isTDX);
// Parse quote structure
const quote = tdxClient.parseQuote(quoteHex);
console.log('Version:', quote.version);
console.log('TEE Type:', quote.teeType);
console.log('MRTD:', quote.tdReport.tdInfo.mrtd);
// Extract MRTD measurement directly
const mrtd = tdxClient.extractMRTD(quoteHex);
console.log('MRTD:', mrtd);
// Submit quote for verification
const reportData = tdxClient.createReportData(agentAddress);
const result = await tdxClient.submitQuote(quoteHex, reportData);
console.log('Attestation ID:', result.attestationId);
// Check attestation
const hasValid = await tdxClient.hasValidAttestation(agentAddress);
Python Intel TDX
import asyncio
from web3 import AsyncWeb3, AsyncHTTPProvider
from zeroquant import IntelTDXClient, TEEPlatform
async def main():
w3 = AsyncWeb3(AsyncHTTPProvider('https://your-rpc-url'))
tdx_client = IntelTDXClient(
w3=w3,
verifier_address='0xYourIntelTDXVerifier',
permission_manager_address='0xYourTEEPermissionManager',
)
# Obtain TDX quote from Intel's Quote Generation Service
# Inside the TD: use /dev/tdx_guest with TDX_CMD_GET_QUOTE
quote_hex = await get_tdx_quote_from_enclave()
# Check quote validity
is_tdx = tdx_client.is_tdx_quote(quote_hex)
print(f"Is TDX Quote: {is_tdx}")
# Parse quote
quote = tdx_client.parse_quote(quote_hex)
print(f"Version: {quote.version}")
print(f"MRTD: {quote.td_report.td_info.mrtd.hex()}")
# Extract measurement
mrtd = tdx_client.extract_mrtd(quote_hex)
print(f"MRTD: {mrtd}")
# Submit for verification
agent_address = '0xYourAgentAddress'
report_data = tdx_client.create_report_data(agent_address)
result = await tdx_client.submit_quote(quote_hex, report_data)
print(f"Attestation ID: {result.attestation_id}")
asyncio.run(main())
Attestation Flow
┌─────────────────────────────────────────────────────────────┐
│ Agent in TEE Enclave │
├─────────────────────────────────────────────────────────────┤
│ 1. Generate report data binding (hash of agent address) │
│ 2. Request attestation from hardware (SEV-SNP or TDX) │
│ 3. Hardware signs measurement + report data │
└──────────────────────────┬──────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────┐
│ On-chain Verifier │
├─────────────────────────────────────────────────────────────┤
│ 4. Submit attestation report/quote on-chain │
│ 5. Verify signature using platform root of trust │
│ - AMD: AMD root key │
│ - Intel: Intel QE signature │
│ 6. Check measurement against trusted registry │
│ 7. Store verified attestation │
└──────────────────────────┬──────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────┐
│ Permission Manager │
├─────────────────────────────────────────────────────────────┤
│ 8. Upgrade agent session with elevated limits │
│ 9. Apply 3x multiplier to daily/per-tx limits │
│ 10. Extend session validity │
└─────────────────────────────────────────────────────────────┘
Key Binding
Attestations are cryptographically bound to a specific agent address to prevent replay attacks and ensure the attestation applies only to the intended agent.
How Key Binding Works
- Create Report Data: The agent's Ethereum address is hashed into
reportData(64 bytes) - Include in Attestation: The TEE hardware includes this
reportDatain the signed attestation - Verify Binding: The on-chain verifier confirms the
reportDatamatches the expected agent address
This binding ensures:
- No Replay: An attestation for Agent A cannot be used by Agent B
- Identity Verification: The attestation proves the specific agent is running in TEE
- Tamper Detection: Any modification invalidates the hardware signature
Implementation
// 1. Derive report data from agent address
const reportData = sevClient.createReportData(agentAddress);
// Internally: keccak256(abi.encodePacked("ZEROQUANT_TEE_V1", agentAddress))
// 2. Request attestation from TEE hardware with this reportData
const attestationReport = await requestTEEAttestation(reportData);
// The hardware embeds reportData into the signed report
// 3. Submit and verify - the verifier checks:
// - Signature is valid (from AMD/Intel root of trust)
// - reportData in attestation matches expected hash
// - Measurement is in trusted registry
const result = await sevClient.submitAttestation(attestationReport, reportData);
async def bind_attestation_to_agent(sev_client, agent_address):
# 1. Create binding
report_data = sev_client.create_report_data(agent_address)
# 2. Get attestation with embedded binding
attestation = await request_tee_attestation(report_data)
# 3. Verify binding matches expected agent
result = await sev_client.submit_attestation(attestation, report_data)
# Attestation is now bound to agent_address
# Cannot be reused by any other agent
return result.attestation_id
Creating Report Data
The report data cryptographically binds the attestation to the agent address:
TypeScript
// AMD SEV-SNP
const reportData = sevClient.createReportData(agentAddress);
console.log('Report Data:', ethers.hexlify(reportData));
// Intel TDX
const reportData = tdxClient.createReportData(agentAddress);
console.log('Report Data:', ethers.hexlify(reportData));
Python
# AMD SEV-SNP
report_data = sev_client.create_report_data(agent_address)
print(f"Report Data: {report_data.hex()}")
# Intel TDX
report_data = tdx_client.create_report_data(agent_address)
print(f"Report Data: {report_data.hex()}")
Checking Attestation Status
// Quick check
const hasValid = await sevClient.hasValidAttestation(agentAddress);
// Full details
const attestation = await sevClient.getAttestation(agentAddress);
console.log('Attestation Details:');
console.log(' Platform:', TEEPlatform[attestation.platform]);
console.log(' Status:', AttestationStatus[attestation.status]);
console.log(' Measurement:', attestation.measurement);
console.log(' Verified At:', new Date(attestation.verifiedAt * 1000));
console.log(' Expires At:', new Date(attestation.expiresAt * 1000));
console.log(' Trusted:', attestation.measurementTrusted);
Managing Trusted Measurements
Trusted measurements are code hashes that are approved for elevated permissions:
Add Trusted Measurement
const codeHash = ethers.keccak256(ethers.toUtf8Bytes('agent-code-v1.0.0'));
const result = await sevClient.addTrustedMeasurement(
codeHash,
'Production Agent v1.0.0'
);
Check If Trusted
const isTrusted = await sevClient.isTrustedMeasurement(codeHash);
List All Trusted
const measurements = await sevClient.getTrustedMeasurements();
for (const m of measurements) {
console.log(`${m.name}: ${m.measurement}`);
}
Remove Trusted Measurement
await sevClient.removeTrustedMeasurement(codeHash);
Revoking Attestation
Attestations can be revoked if compromised:
const result = await sevClient.revokeAttestation(
agentAddress,
'Security vulnerability detected'
);
// Agent falls back to standard limits
const hasValid = await sevClient.hasValidAttestation(agentAddress);
console.log('Has Valid:', hasValid); // false
Elevated Limits
TEE-verified agents receive enhanced limits:
| Limit Type | Standard | TEE (3x) |
|---|---|---|
| Daily Limit | $10,000 | $30,000 |
| Per-TX Limit | $1,000 | $3,000 |
| Session Duration | 24 hours | 72 hours |
const limits = await sevClient.getEffectiveLimits(agentAddress);
console.log('Current Limits:');
console.log(' Daily:', (limits.dailyLimit / 1e6).toLocaleString(), 'USD');
console.log(' Per-TX:', (limits.perTxLimit / 1e6).toLocaleString(), 'USD');
console.log(' Spent Today:', (limits.dailySpent / 1e6).toLocaleString(), 'USD');
console.log(' Using TEE:', limits.usingTEELimits);
console.log(' TEE Expires:', limits.teeExpiresAt
? new Date(limits.teeExpiresAt * 1000).toISOString()
: 'N/A');
Platform Comparison
| Feature | AMD SEV-SNP | Intel TDX |
|---|---|---|
| Memory Encryption | Yes | Yes |
| Attestation Size | ~1184 bytes | ~700+ bytes |
| Measurement Field | 48 bytes | MRTD (48 bytes) |
| Report Data | 64 bytes | 64 bytes |
| Quote Version | N/A | v4 |
| Root of Trust | AMD Key | Intel QE |
| Runtime Measurements | Single | 4 RTMRs |
Smart Contracts
TEEVerifier (Platform-Agnostic)
interface ITEEVerifier {
function verifyAttestation(
bytes calldata report,
bytes32 expectedReportData
) external returns (bool valid, bytes32 measurement);
function submitVerifiedAttestation(
address agent,
TEEPlatform platform,
bytes32 measurement,
bytes32 reportData,
uint256 validityPeriod
) external returns (bytes32 attestationId);
}
TEEPermissionManager
interface ITEEPermissionManager {
function upgradeSessionWithTEE(address agent) external;
function getEffectiveLimits(address agent) external view returns (
uint256 dailyLimit,
uint256 perTxLimit,
bool usingTEELimits
);
function addTrustedMeasurement(
bytes32 measurement,
string calldata name
) external;
}
Best Practices
- Platform Selection: Choose based on your cloud provider
- AWS Nitro: AMD SEV-SNP
- Azure Confidential: Intel TDX or AMD SEV-SNP
- GCP Confidential: AMD SEV-SNP
- Attestation Renewal: Renew attestations before expiration to maintain elevated limits
- TCB Updates: Monitor security advisories and update TCB requirements
- Measurement Registry: Only add thoroughly audited code to trusted measurements
- Revocation Plan: Have a process for quickly revoking compromised attestations
- Fallback Handling: Design agents to function at standard limits if TEE unavailable
Next Steps
- Order Management - Place and manage orders
- Position Tracking - Monitor positions and PnL
- Exchange Routing - Route orders to DEXs
- Permission Manager - Contract reference