Requirement for the Blockchain layer - tearust/tee-on-mac GitHub Wiki

We use blockchain as a trusted state machine. All the most important data will be stored in the state, modified by smart contracts, protected by the consensus.

Data stored in the state

HSM manufacturers root certificates

Each HSM manufacturer has its own pair of pubic/private key pair as the top-level certificate. For every single TPM they released to the public, they will sign this TPM's public key using this top-level certificate. Anyone who can access to the blockchain can verify if any particular TPM is made by this manufacturer. If verification failed, no one should trust this TPM or HSM.

TPM public key and manufacturer cert

Every TPM should have one entry in this table. Anyone can verify the TPM is made by the manufacturer it claimed.

Because each HSM has one and only one TPM chip on the board. So we can use the public key of the TPM as the ID of HSM.

TPM public key and credit balance

Every HSM/TPM has an entry in this table. The credit changes when

  • participate in any activities (Remote attestation, execution etc.). Gain due to income or loss due to penalty.
  • Global inflation adjustment. We keep the total credit to a relatively stable value, so-called "the cap". After a few blocks, we will adjust credit values for all accounts to keep the relative value stays the same but total credit back to "the cap".

approved system wasm or firmware

When we update firmware or system wasm file. We will post the hash of those binary in the blockchain so that verifier can compare against this value to determine a remote node is trusted or not.

Smart contracts

New HSM ask for joining

Remote Attestation result

When the verifier completed the remote attestation task, it will sign the result call this function. Inside this function:

  • Check verifier's signature
  • Verify the verifier's VRF proof
  • get all verifier's results and calculate the weighted final result. (or BFT if necessary)
  • issue credit to testee node.
  • deduct the cost of RA
  • issue credit and gas bonus or penalty
  • submit new states

Inflation normalization adjustment

This function will be called after a few blocks if the total credit exceed 110% of "the cap".

Execution bonus

RA bonus