Skip to content

TEE integration #69

New issue
New issue
Open
0 of 1 issue completed
Open
TEE integration#69
0 of 1 issue completed
Assignees
MCarlomagno
Labels
milestone #2
Milestone
Multisig and PSM - Milestone 2
@MCarlomagno

Description

@MCarlomagno
MCarlomagno
opened on Dec 2, 2025

In order to enforce confidentiality, we want to run the PSM server in a Trusted Execution Environment (TEE). The scope of this task is:

  • to decouple the TLS layer from the API and the Storage layer from the rest of the app
  • so upon receiving a request the flow is:

Host (TLS redirection) -> Enclave (TLS termination + API + business logic) -> Host (storage)

  • We will initially use AWS nitro enclaves for this first integration
  • We will manage TLS keys inside the enclave, so the host cannot read any inbound or outbound traffic.
  • We will also keep an encryption key in the enclave, and encrypt/decrypt payloads from storage, so the host cannot read the payloads to be persisted.

Sub-issues

Metadata

Metadata

Assignees

Labels

milestone #2

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions