Skip to main content

Trusted Execution Environments (Secure Enclaves)

Silhouette's core matching engine runs in an AWS Nitro Enclave on the Marlin network. Expansion to include Intel TDX, under the appropriate conditions, is in the pipeline.

AWS Nitro Enclaves

Nitro Enclaves are secure, isolated environments that enable confidential computation. Neither AWS, nor anyone else, has access to these environments. Deployments are multi-region with active-passive failover.

Verifiable execution

Code deployed to the Nitro Enclave

Deploying code to a Nitro Enclave involves building an enclave image file (.eif) that contains the application and its runtime dependencies. When this file is created, one is provided with the Platform Configuration Register 0 (PCR0) value. This is the SHA-384 hash of the .eif.

Verifying the code running in the Nitro Enclave

Nitro Enclaves are managed by the Nitro Hypervisor, which provides attestations (CBOR-encoded and COSE-signed documents) for each enclave that includes PCR0, definitively identifying the exact code running inside the enclave.

The hypervisor signatures can be verified via the certificate chain that leads to the AWS root certificate.

Reproducible builds

Silhouette will, at the appropriate time, open source the code used to create the .eif file. This will include the build system which uses Nix.

By using Nix, Silhouette is able to achieve a deterministic and reproducible build. This enables anyone in the community to rebuild the .eif running in the Nitro Enclave from source and reproduce PCR0.

Signed attestation documents will be made available (via an endpoint) to allow community members to verify that the PCR0 they produce themselves matches the AWS hypervisor-signed PCR0 from the running enclave.

TEE Flow DiagramTEE Flow Diagram