A Trusted Execution Environment (TEE) is a region of a processor that runs code in isolation from everything else on the machine — the operating system, the hypervisor, even someone with physical access to the box — so that a program’s code and data stay confidential and unmodified while it runs. ARM TrustZone, Intel SGX, and AMD SEV are the three major implementations; see History for how each one arrived.
Every other site in this network — Pedersen Commitments, Garbled Circuits, VDF, zkSNARK — protects a secret because some mathematical problem is believed to be hard to solve, and that hardness can be demonstrated by running real code in your browser. A TEE protects a secret differently: through physical isolation built into a chip, and your trust that the chip’s manufacturer built and manufactured it honestly. That’s a real, load-bearing difference, not a simplification — see what a TEE is for why it matters.
What this site’s demo can honestly show: the cryptographic half of remote attestation — proving to someone else, over the network, exactly what code is running inside an enclave — computed for real, in your browser. What it can’t show: the actual memory isolation itself, because that requires real silicon and physically cannot be computed in JavaScript. See how it works for that distinction stated in full, before the demo, not after it.
Here’s the attestation half, computed live below — publish an expected measurement, generate a signed quote, and verify it:
Ready — Ed25519 via @noble/curves, SHA-256 via @noble/hashes. A fresh manufacturer key is generated in your browser below (in reality: burned into silicon at the factory).
Expected measurement (what the verifier already knows, from reviewing this code in advance)
Quote (published by the enclave)
This measurement is hashed from whatever is in the code box right now — edit the code above before clicking step 2 again to see what changes.
Or jump straight to the two ways tampering gets caught:
More on Interactive, including both ways tampering gets caught, and an illustration (not a computation) of what real hardware does for the isolation half this demo can’t show.
What this site covers
- What is a TEE — the hardware-vs-math framing that makes this site different from the rest of this network.
- How it works — what can and can’t be computed in a browser, and the exact attestation scheme this site’s demo runs.
- History, Applications, Glossary, and Further reading — including a full account of real attacks against TEEs, not a footnote.