TEE OverviewTEE VerifiersIntel SGX/TDX DCAPAutomata Onchain PCCS

Automata Enclave Identity DAO

Summary

The EnclaveIdentityDao contract manages onchain storage and retrieval of Intel SGX Enclave Identity data (Identity.json). It handles identity information for QE (Quoting Enclave), QVE (Quote Verification Enclave), and TD_QE (Trust Domain Quoting Enclave), providing methods to upsert and query enclave identity collateral with signature verification against Intel's TCB Signing Certificate.

Methods

TCB_EVALUATION_NUMBER

function TCB_EVALUATION_NUMBER() external view returns (uint32)

Returns:

  • TCB_EVALUATION_NUMBER (uint32) - The TCB Evaluation Data Number that the specific contract is assigned for retrieval.

getEnclaveIdentity

function getEnclaveIdentity(uint256 id, uint256 version)
    external
    view
    returns (EnclaveIdentityJsonObj memory enclaveIdObj)

Gets the enclave identity for a specified enclave type and version.

Parameters:

  • id (uint256): The enclave ID - 0: QE; 1: QVE; 2: TD_QE
  • version (uint256): The input version parameter (v3 or v4)

Returns:

  • enclaveIdObj (EnclaveIdentityJsonObj): Consisting of the Identity JSON string and the signature

upsertEnclaveIdentity

function upsertEnclaveIdentity(uint256 id, uint256 version, EnclaveIdentityJsonObj calldata enclaveIdentityObj)
    external
    returns (bytes32 attestationId)

Upserts (inserts or updates) enclave identity data on-chain with signature verification and rollback protection.

Parameters:

  • id (uint256): The enclave ID - 0: QE; 1: QVE; 2: TD_QE
  • version (uint256): The input version parameter (v3 or v4)
  • enclaveIdentityObj (EnclaveIdentityJsonObj): Consisting of the Identity JSON string and the signature

Returns:

  • attestationId (bytes32): The attestation ID returned by the resolver

getEnclaveIdentityIssuerChain

function getEnclaveIdentityIssuerChain() external view returns (bytes memory signingCert, bytes memory rootCert)

Fetches the certificate chain used to sign enclave identity data.

Returns:

  • signingCert (bytes): DER encoded Intel TCB Signing Certificate
  • rootCert (bytes): DER encoded Intel SGX Root CA

Reverts

ErrorSelectorNotes
Enclave_Id_Mismatch()289fa0cbThe provided id does not match with actual ID
Incorrect_Enclave_Id_Version()4e0f5696Invalid version for TD_QE (must be v4 or v5)
Missing_TCB_Cert()841a0280Intel TCB Signing Certificate not found
TCB_Cert_Expired()ea8cd522Intel TCB Signing Certificate has expired
TCB_Cert_Revoked(uint256 serialNum)7fb57a7aIntel TCB Signing Certificate has been revoked
Invalid_TCB_Cert_Signature()8de7233fIdentity signature verification failed
Enclave_Id_Expired()9ac04499Enclave identity has expired
Enclave_Id_Out_Of_Date()7a204327Attempting to upsert older enclave identity data

Contract Addresses

Contracts shown here are compatible with both v1.0 and v1.1 deployments.

Unversioned

Used exclusively for DCAP v1.0

On this page

SummaryMethodsTCB_EVALUATION_NUMBERgetEnclaveIdentityupsertEnclaveIdentitygetEnclaveIdentityIssuerChainReverts