Core Concepts

Trusted Execution Environments (TEEs)

A Trusted Execution Environment (TEE) is a secure area within a main processor. It guarantees that code and data loaded inside are protected with respect1 to confidentiality and integrity. Vorta primarily utilizes Intel SGX as its TEE technology.

• Isolation: TEEs provide isolation from the Rich Execution Environment (REE), which includes the operating system, hypervisor, and other privileged software.

• Attestation: TEEs offer mechanisms (like remote attestation) to prove to a remote party that a specific piece of software is running within a genuine TEE on a specific hardware platform.

Intel SGX (Software Guard Extensions)

Intel SGX is a specific hardware-based TEE implementation. Key SGX concepts relevant to Vorta:

• Enclave: A protected region of memory where code and data are isolated. Access to enclave memory from outside the enclave is hardware-restricted.

• Enclave Page Cache (EPC): A limited region of Processor Reserved Memory (PRM) used to store enclave pages. EPC size is a critical resource.

• MRENCLAVE (Measurement Register Enclave): A cryptographic hash of the code and initial data loaded into an enclave. It serves as the enclave's identity.

• MRSIGNER (Measurement Register Signer): A cryptographic hash of the public key used to sign the enclave. This allows verification of the enclave's author or provider.

• Quote: A cryptographically signed data structure generated by the SGX hardware, containing MRENCLAVE, MRSIGNER, and other platform-specific information. It's the basis for remote attestation.

Gramine LibOS

Gramine is a Library OS (LibOS) that enables running unmodified Linux applications inside Intel SGX enclaves.

• System Call Interception: Gramine intercepts system calls made by the application and handles them within the enclave or securely forwards them to the host OS when necessary.

• Manifest Files: Applications are configured to run with Gramine using manifest files, which specify security policies, trusted files, environment variables, and SGX-specific settings (e.g., enclave size). Vorta uses gramine-manifests/worker.manifest.template for its secure worker containers.

• gramine-sgx: The command-line tool used to launch an application within an SGX enclave using Gramine.

Zero-Knowledge Proofs (ZKPs)

ZKPs allow one party (the prover) to prove to another party (the verifier) that a statement is true, without revealing2 any information beyond the validity of the statement itself. Vorta leverages SGX enclaves to:

• Secure ZKP Verification: Protect the ZKP verifier logic and the proof/inputs during verification.

• Protect Execution Traces: When ZKPs are generated or verified, intermediate data (execution traces) can be highly sensitive. Vorta ensures these traces, if handled by the worker, are protected within enclaves.

Remote Attestation

Remote attestation is the process by which a remote challenger can verify the integrity and identity of an application running within an SGX enclave on a remote platform.

1. Challenge: The challenger (e.g., Vorta Manager, end-user) sends a nonce.

2. Quote Generation: The SGX enclave on the worker node requests the Quoting Enclave (QE) – a special enclave provided by Intel – to generate a quote. This quote includes MRENCLAVE, MRSIGNER, user-provided data (e.g., the nonce, a public key for secure communication), and is signed by the platform's attestation key.

3. Quote Verification: The challenger receives the quote and verifies its signature using Intel's attestation infrastructure (e.g., Intel Attestation Service or a cached Platform Attestation Certificate).

4. Trust Decision: If the quote is valid and the MRENCLAVE/MRSIGNER match expected values, the challenger can trust the enclave. Vorta utilizes the Phala DStack SDK for aspects of its remote attestation workflow, likely for interfacing with attestation services and managing quote verification chains.