Project T-TEE reading list

Here I am starting to collect a list of (mostly) papers that are relevant to Project Open TEE, which is an effort to arrive at a TEEs with acceptable security models for “web3”.

Good for understanding TEEs in general:

  • SoK: Hardware-supported Trusted Execution Environments
    • the main thing I got out of this paper is a nice taxonomy of adversarial models and subproblems in TEE design
    • they also provide a framework to think about different kinds of techniques employed to solve key subproblems.
  • Keystone
    • really clean explanation of how a TEE works at a high level.
  • SGX explained
    • really long and detailed. Better to go looking for something specific than read front to end

TDX stuff:

  • TDX Demystified
    • Mostly useful to coming to understand how TEEs actually work.
    • found the attestation section useful
    • still had some questions on the hardware
  • Google’s TDX security review
    • lists a bunch of vulnerabilities found in an audit.
    • provides more colour on where keys are stored in hardware

Understanding specifics:

(Physical) Side Channel Analysis (SCA):

Tamper Resistance

Trojan Detection

Irreproducible Keys (Secrecy of Hardware Secrets)