TEE Attestations

Understanding and verifying Trusted Execution Environment attestations.

TEE (Trusted Execution Environment) attestations provide cryptographic proof that AI responses were generated in secure hardware, protecting both your privacy and Metalos intellectual property.

What Are TEE Attestations?

When the Metalos Research Agent processes your query in an Oasis ROFL enclave, it generates an attestation—a cryptographic signature that proves:

✅ Which code executed (measurement hash verifies exact code version)
✅ Code ran in real TEE (Intel TDX or AMD SEV hardware)
✅ When it executed (timestamp)
✅ Where it executed (TEE identifier)
✅ Output wasn't tampered with (signature over response)

Think of it as: A tamper-proof seal proving the official Metalos agent code ran (not a backdoored version), and the output is authentic.

Why TEE Attestations Matter

For Code Integrity

Verifiable Official Code:

Attestations prove the exact Metalos code version that ran
Measurement hash matches published builds
Can't be backdoored or modified version
Community-auditable which agent generated responses

Example: When governance proposals are AI-generated, attestations prove they came from the official approved agent code, not a manipulated copy.

For Runtime Privacy

Protected During Execution:

Code and data encrypted in TEE CPU memory while processing
Cloud providers can't read running TEE processes (even with root access)
Proprietary Metalos prompts can't be extracted
Secure environment for sensitive computations

Example: While the agent processes your query, even the cloud infrastructure operator can't peek into the TEE memory to see prompts, data, or intermediate results.

How to View Attestations

In the Chat Interface

Look for the Shield Icon

AI responses from the TEE show a shield icon (🛡️) next to the message.

Shield present = TEE-protected response
No shield = Standard execution (faster but not TEE-protected)

Click the Shield Icon

Opens the TEE Attestation Modal showing:

Status Badge:

🟢 "Hardware TEE Verified" = Real Oasis ROFL execution
🟡 "Development Mode" = Local testing (mock attestation)

Attestation Data:

Signature: Cryptographic signature from enclave
Timestamp: When response was generated
TEE Identifier: Which enclave instance processed it
App ID: Metalos application identifier
Measurement Hash: Hash of code that executed

Copy Attestation (Optional)

Click copy buttons to save attestation data:

Share with others for independent verification
Archive for governance transparency
Report issues if attestation seems invalid

Verify on BaseScan (Advanced)

Some attestations are anchored on-chain:

Copy the signature hash
Search on BaseScan or Oasis Explorer
Verify on-chain record matches modal data

This provides additional assurance beyond the UI.

What You'll See

Production TEE Response (Oasis ROFL):

Status: ✅ Hardware TEE Verified
Signature: 0xTEE_a8f3c2d1b9e7f6a4c8d2b1e9f7...
Timestamp: 2025-10-03 14:32:18 UTC
TEE Identifier: oasis-rofl-prod-01
App ID: metalos-research-agent-v1.2.0
Measurement: 0xf4a3c8d2b1e9f7a6c4b8d2e1f9a7...

Verification Process

Automatic Verification

When you receive a TEE attestation, Metalos automatically verified:

Signature Validation

Attestation signature validated against Oasis public keys
Ensures signature came from real TEE hardware
Rejects invalid or forged signatures

Measurement Verification

Measurement hash compared to approved builds
Ensures correct code version executed
Detects unauthorized modifications

Freshness Check

Timestamp verified to be recent
Prevents replay attacks
Ensures current enclave state

Output Binding

Signature cryptographically bound to response
Ensures response wasn't altered
Tamper detection

All these checks pass before you see the shield icon. The icon means verification succeeded.

Manual Verification (Advanced)

For maximum assurance, verify independently:

# Install Oasis CLI
npm install -g @oasisprotocol/cli

# Verify attestation
oasis verify-attestation \
  --signature "0xTEE_..." \
  --measurement "0xf4a3..." \
  --timestamp 1696348338

Visit Metalos transparency page (coming soon)
Find official measurement hashes for each version
Compare with attestation measurement hash
Verify they match

Some attestations are anchored on-chain
Search BaseScan for attestation signature
Verify on-chain record exists
Confirm timestamp and data match

Common Questions

Do all responses have attestations?

All responses from Metalos in production use TEE

Can I choose which queries use TEE?

Currently no. TEE is configured at the deployment level (all or nothing).

When TEE is enabled: ALL Research Agent queries use it
When TEE is disabled: NO queries use it

There's no per-query selection or automatic sensitivity routing.

What if attestation verification fails?

The response won't be shown. If attestation verification fails:

System rejects the response
Error message displayed
Query can be retried
Indicates potential security issue

This protects you from tampered or fraudulent responses.

How do I know the measurement hash is correct?

Check published hashes: Metalos publishes official measurement hashes for each Research Agent version:

Governance announcements
Documentation updates
On-chain records (planned)

Compare the hash in your attestation with published hashes.

Does TEE make AI responses more accurate?

No. TEE proves which code ran and where, but doesn't make the AI smarter.

TEE provides:

✅ Privacy
✅ Integrity verification
✅ IP protection

TEE does NOT provide:

❌ Better AI accuracy
❌ Faster responses
❌ More up-to-date data

Additional Resources

TEE attestations are a powerful security feature unique to Metalos. They enable privacy-preserving AI research that other DeFi platforms can't offer.

TEE Attestations

TEE Attestations

What Are TEE Attestations?

Why TEE Attestations Matter

For Code Integrity

For Runtime Privacy

How to View Attestations

In the Chat Interface

Look for the Shield Icon

Click the Shield Icon

Copy Attestation (Optional)

Verify on BaseScan (Advanced)

What You'll See

Verification Process

Automatic Verification

Signature Validation

Measurement Verification

Freshness Check

Output Binding

Manual Verification (Advanced)

Common Questions

Learn More

Oasis ROFL

Research Chat

AI Agents

Oasis Documentation

Additional Resources