OutLayer Documentation

TEE Attestation

What is TEE Attestation?#

TEE (Trusted Execution Environment) Attestation is cryptographic proof that your code was executed inside a secure, isolated hardware environment - specifically Intel TDX (Trust Domain Extensions).

Think of it like a tamper-proof black box: code goes in, computation happens in complete isolation from the operating system and other applications, and results come out with a cryptographic signature proving the execution environment wasn't compromised.

Why This Matters:

  • Verifiable Computation: Prove your code ran in a secure environment
  • Tamper-Proof: No one (not even the cloud provider) can modify execution
  • Transparent: Anyone can verify the attestation without trusting the operator
  • Cryptographically Signed: Intel's private key signs every attestation

On OutLayer, every code execution is attested using Intel TDX hardware, giving you cryptographic proof that your WASM binary was executed exactly as compiled, with the correct inputs, in a secure isolated environment.

Worker Registration#

Before a TEE worker can execute any code on OutLayer, it must register on the NEAR blockchainwith proof of its TEE environment. This is a one-time process per worker.

Register Contract:

Registration is handled by a dedicated smart contract deployed at:

Testnet: worker.outlayer.testnet

Mainnet: worker.outlayer.near

View on NEAR Explorer

Registration Process:

  1. 1

    Worker Generates TDX Quote

    The worker running in Intel TDX hardware requests a cryptographic quote from the Intel TEE. This quote contains a measurement (RTMR3) - a SHA384 hash of the worker's environment.

  2. 2

    Submit to Register Contract

    The worker calls register_worker on the NEAR register-contract, submitting the TDX quote along with Intel's collateral (signing certificates and revocation data).

  3. 3

    On-Chain Verification

    The contract uses Intel DCAP QVL library to verify the quote's cryptographic signature. This proves the quote came from genuine Intel TDX hardware (not simulated).

  4. 4

    Extract & Whitelist RTMR3

    Once verified, the contract extracts the RTMR3 measurement from the quote and adds it to the whitelist. This RTMR3 becomes the worker's cryptographic identity.

  5. 5

    Register Public Key for Execution

    During registration, the worker also submits its public key. This key is added to the main OutLayer contract and is the only key authorized to call resolve_execution to finalize execution results. This prevents unauthorized workers from submitting fake results.

  6. 6

    Registration Complete

    The worker is now authorized to execute code on OutLayer. All future executions from this worker will be verified against this RTMR3, and only this worker can submit results using its registered public key.

What is RTMR3?

RTMR3 (Runtime Measurement Register 3) is a 48-byte (384-bit) SHA384 hash that uniquely identifies the TEE worker's environment. It's calculated by Intel TDX hardware based on the code, configuration, and initial state of the worker. Any change to the worker software produces a completely different RTMR3.

Execution Attestation#

Every time a TEE worker executes WASM code on OutLayer, it generates a fresh attestationthat cryptographically proves what was executed, with what inputs, and in what environment.

What Gets Attested:

📋 Source Code

GitHub repository URL and exact commit hash that was compiled.

🗜️ WASM Hash

SHA256 of the compiled WebAssembly binary that was executed.

📥 Input Hash

SHA256 of the input data sent to the WASM program.

📤 Output Hash

SHA256 of the output returned by the WASM execution.

🔐 Worker Measurement

RTMR3 hash proving which registered worker performed the execution.

🔏 TDX Quote

Full Intel TDX attestation quote signed by Intel's private key.

All this data is stored in the Coordinator database and can be retrieved via the API. The attestation links the entire execution chain: from source code → compiled WASM → input data → TEE execution → output result.

Verification Process#

Anyone can verify an attestation without trusting OutLayer or the worker operator. The verification is based on cryptography and public Intel infrastructure.

How to Verify an Attestation:

Step 1: Verify TDX Quote & Task Hash

Extract the RTMR3 measurement from the TDX quote (located at byte offset 256, 48 bytes long). Compare it to the worker_measurement stored in the attestation. Also extract the Task Hash from REPORTDATA (offset 568, 32 bytes) and compare it to the calculated hash of all execution parameters. If both match, the quote is authentic and bound to this specific execution.

The Dashboard does this automatically when you click "Verify Quote" in the attestation modal. See the Task Hash section below for detailed explanation of how this prevents attestation forgery.

Step 2: Verify Input/Output Hashes

Fetch the NEAR transaction from the blockchain (using the transaction_hash). Extract the input data from the execution_requested event, and the output from the final receipt's SuccessValue. Calculate SHA256 hashes and compare to the attestation.

The Dashboard does this when you click "Load & Verify from Blockchain".

Step 3: Verify Source Code

Click the source code link to view the exact GitHub commit that was compiled. You can audit the code yourself to see what logic was executed.

Step 4: Verify WASM Hash (Optional)

Download the WASM binary from the Coordinator API and calculate its SHA256 hash. Compare to the wasm_hash in the attestation. This proves the compiled binary matches the source code.

Cryptographic Chain of Trust:

The attestation creates an unbreakable cryptographic chain: Source Code → compiled to →WASM Binary → executed with → Input Data → inside →TEE Worker (RTMR3) → producing → Output Data. Every link is cryptographically hashed and signed by Intel TDX hardware.

Task Hash (REPORTDATA) - Preventing Attestation Forgery#

The Task Hash is a critical security feature that prevents attestation forgery. It ensures that a valid TDX quote from one execution cannot be swapped or reused for a different execution.

The Problem:

Without Task Hash, a malicious worker could execute code honestly (generating a valid TDX quote), but then claim that same quote applies to a different execution with different input/output/WASM hashes. This would allow them to forge results while still presenting a cryptographically valid Intel signature.

The Solution:

Every TDX quote contains a 64-byte REPORTDATA field where custom data can be embeddedbefore Intel signs the quote. OutLayer uses the first 32 bytes of this field to store the Task Hash - a SHA256 cryptographic commitment to ALL execution parameters.

Because the Task Hash is embedded in the quote before signing, Intel's signature covers it. This creates an unbreakable cryptographic link between the TDX quote and the specific execution parameters.

Task Hash Algorithm:

The Task Hash is calculated using binary concatenation + SHA256:

task_hash = SHA256(

task_type (UTF-8 string) +

task_id (i64, little-endian) +

repo_url (UTF-8 string, optional) +

commit_hash (UTF-8 string, optional) +

build_target (UTF-8 string, optional) +

wasm_hash (hex string, optional) +

input_hash (hex string, optional) +

output_hash (hex string, always present) +

block_height (u64, little-endian, optional)

)

Important Details:

  • Hashes (wasm_hash, input_hash, output_hash) are included as hex strings (e.g., "abc123..."), not decoded bytes
  • Strings are UTF-8 encoded bytes
  • Integers (task_id, block_height) are little-endian binary encoding
  • Fields are concatenated in exact order - changing order produces different hash
  • Optional fields are skipped if not present (no null bytes or placeholders)

Step 1: Worker Calculates Task Hash

Before requesting a TDX quote from Intel hardware, the worker calculates the Task Hash by concatenating all execution parameters (task type, repo, commit, wasm hash, input hash, output hash, etc.) and computing SHA256. This produces a 32-byte hash.

Step 2: Embed in REPORTDATA

The worker creates a 64-byte REPORTDATA buffer. The first 32 bytes are the Task Hash, and the remaining 32 bytes are zeros. This REPORTDATA is passed to Intel TDX hardware when requesting a quote.

Step 3: Intel Signs the Quote

Intel TDX hardware generates the quote with the REPORTDATA embedded inside (at offset 568 in the quote structure). Intel then signs the entire quote with its private key. This signature covers the REPORTDATA, so the Task Hash is now cryptographically bound to Intel's signature.

Step 4: Verification

Anyone can extract bytes [568:600] from the TDX quote (the first 32 bytes of REPORTDATA at offset 568) to get the embedded Task Hash. They can also independently calculate the expected Task Hash from the attestation parameters. If the hashes match, the attestation is genuine and cannot have been forged or swapped.

Interactive Verification in Dashboard:

When you click "Verify Quote" in the attestation modal, the Dashboard performs full Task Hash verification:

  1. Extracts RTMR3 from TDX quote (offset 256, 48 bytes) - verifies worker identity
  2. Extracts Task Hash from REPORTDATA (offset 568, first 32 bytes) - extracts commitment
  3. Calculates expected Task Hash from attestation parameters - computes what it should be
  4. Compares extracted vs. expected hashes - validates cryptographic binding
  5. Shows ✓ green checkmark if both match, ✗ red error if mismatch

You can also click "📊 Show Task Hash Calculation Steps" to see the exact step-by-step breakdown of how the Task Hash is computed from the attestation data.

Why This Matters:

Without Task Hash verification, a malicious worker could execute code once honestly (getting a valid TDX quote), then reuse that same quote for multiple executions with different inputs/outputs, claiming all of them were executed in TEE. The Task Hash makes this impossible because each execution has a unique Task Hash embedded in its quote. A quote from execution A cannot be used to validate execution B because their Task Hashes will differ.

Example: Preventing Quote Swapping

❌ Attack (without Task Hash):

Worker honestly executes Task A (input="1", output="10") → gets valid TDX Quote A. Then worker claims Quote A also proves execution of Task B (input="2", output="999") - forging result "999" while presenting a cryptographically valid Intel signature.

✓ Defense (with Task Hash):

Quote A contains Task Hash A = SHA256("execute" + "1" + ... + hash("10")). Quote B would need Task Hash B = SHA256("execute" + "2" + ... + hash("999")). Since SHA256(A) ≠ SHA256(B), Quote A cannot be used for Task B. The verification fails immediately.

Security Guarantees#

TEE attestation provides strong security guarantees that go beyond traditional cloud computing:

Hardware Isolation

Code runs in Intel TDX isolated memory. The OS, hypervisor, and other applications cannot access or modify the execution environment.

🔐

Intel Signature

Every TDX quote is signed with Intel's private key. This proves the attestation came from genuine Intel hardware, not a simulation or fake environment.

🛡️

Tamper-Proof

Any modification to the TDX quote invalidates Intel's signature. The cryptography ensures the attestation cannot be forged or altered.

🔍

Verifiable by Anyone

You don't need to trust OutLayer. Anyone can independently verify the attestation using the TDX quote and public NEAR blockchain data.

📜

Code Transparency

The attestation includes the exact GitHub commit, so you can audit the source code and verify it matches what was executed.

🔗

Blockchain Anchoring

Input and output data are stored on NEAR blockchain, providing an immutable record that can be cross-verified with the attestation hashes.

What TEE Does NOT Guarantee:

  • TEE does not verify the correctness of your code logic
  • TEE does not prevent bugs or vulnerabilities in your WASM program
  • TEE does not protect against side-channel attacks (though Intel TDX has mitigations)
  • TEE does not guarantee the code will produce the "right" answer - only that it ran in isolation

Dashboard Verification#

The OutLayer Dashboard provides an easy-to-use interface for viewing and verifying attestations without writing any code.

Using the Dashboard:

  1. 1

    Navigate to Executions Page

    Go to /executions to see the history of all code executions on OutLayer.

  2. 2

    Click "View Attestation"

    For any execution with a TEE attestation, click the "View Attestation" button to open the attestation modal.

  3. 3

    View Attestation Details

    The modal shows: Worker Measurement (RTMR3), Source Code link, WASM Hash, Input Hash, Output Hash, TDX Quote, and NEAR Transaction link.

  4. 4

    Verify TDX Quote

    Click "Verify Quote" in the purple section. The Dashboard will extract RTMR3 from the TDX quote and compare it to the worker measurement. You'll see a live validation with green checkmark if it matches.

  5. 5

    Verify Input/Output Hashes

    Click "Load & Verify from Blockchain" in the blue section. The Dashboard will fetch the NEAR transaction, extract input/output data, calculate SHA256 hashes, and show you live validation results. You can edit the data to see how hashes change in real-time.

  6. 6

    Audit Source Code

    Click the source code link to view the exact GitHub commit on GitHub. Review the code to understand what was executed.

Interactive Verification:

The Dashboard provides live interactive validation. When you verify Input/Output hashes or TDX quotes, you can edit the data in the form fields and watch the hashes recalculate and validation status update in real-time. This helps you understand exactly how the cryptographic verification works.

Need Help?

Click the "❓ Help" button in the attestation modal for detailed explanations of each field, what can be verified, and what security guarantees TEE provides. The help section explains everything in plain English without requiring cryptography knowledge.