Unified Remote Attestation for TEE Interoperability: A Practical Overview

The TEE interoperability research is part of the Beijing FinTech Industry Alliance's privacy‑computing interoperability program, led by ICBC and Ant Group, involving dozens of participants and focusing on issues specific to Trusted Execution Environments.

TEE (Trusted Execution Environment) provides a hardware‑isolated runtime for protecting code and data. Isolation can be architecture‑based (e.g., ARM TrustZone), application‑based (e.g., Intel SGX1/SGX2), or virtualization‑based (e.g., Intel TDX, HaiGuang CSV), offering plaintext computation with strong performance and generality.

Remote attestation is essential for proving the integrity of the TEE platform and the trusted application running inside it. The process follows the IETF RATS model, involving an Attester, a Verifier, and a Relying Party, but implementations differ across TEEs, creating interoperability challenges.

To address these challenges, a Unified Attestation framework is proposed, consisting of a Unified Attestation Library (providing unified APIs for generating and verifying attestation reports), a Unified Attestation Service (acting as a neutral proxy to hide platform differences), and a Unified Attestation Workflow (offering higher‑level abstractions for application‑level interactions).

The current implementation supports SGX1, SGX2, HyperEnclave, Kunpeng TrustZone, and CSV, and has been validated by multiple organizations. The solution is open‑source at https://github.com/jinzhao-dev/jinzhao-attest .

The overall strategy is divided into two stages: first, resolve heterogeneous TEE compatibility through unified remote attestation; second, achieve application‑level zero‑awareness by standardizing data transmission protocols, integrating with other privacy‑computing systems, and enabling seamless cross‑TEE and cross‑system communication.