Skip to main content

Verifiable system integrity

BuilderNet uses Trusted Execution Environments (TEEs) to allow many parties to operate block builders while preserving the privacy and integrity of the network. TEEs provide privacy by ensuring at a hardware level that data encrypted to the enclave is not leaked to the operator of the machine. They also guarantee integrity with remote attestations, that orderflow providers can verify to confirm that the TEE operators are running the correct software. With new TEEs like Intel TDX, these benefits can also be achieved for complex payloads without compromising on speed.

All block builder instances in BuilderNet are currently run in TDX.

Verifiable chain of trust

BuilderNet nodes use a verifiable boot chain and an integrity-protected runtime environment that provides guarantees about the overall environment in a reproducible way. The content of VM images can be premissionlessly verified with reproducible builds. For any running instance, the whole boot chain and runtime environment can be verified with TEE attestation mechanisms.

TEE Measurements

“TEE attestation measurements” are cryptographic hashes that specify the exact version and configuration of runtime components, such as the OS kernel, bootloader, and services.

These measurements can be independently verified, since the whole system supports reproducible builds. The measurements of a given node can be verified using the TEE attestation process.

Allowed Measurements

The list of allowed TEE measurements for BuilderNet is published at https://measurements.builder.flashbots.net

The Constellation documentation is a great resource to learn more about attestations: https://docs.edgeless.systems/constellation/architecture/attestation

This is an example set of measurements in JSON format:

{
    "measurement_id": "measurement-test-1",
    "attestation_type": "azure-tdx",
    "measurements": {
        "4": {
            "expected": "98ba2c602b62e67b8e0bd6c6676f12ade320a763e5e4564f62fd875a502dd651"
        },
        "9": {
            "expected": "e77938394412d83a8d4de52cdaf97df82a4d4059e1e7c4fc3c73581816cea496"
        },
        "11": {
            "expected": "0000000000000000000000000000000000000000000000000000000000000000"
        }
    }
}
note

You can find more details about the individual measurement hashes in https://docs.edgeless.systems/constellation/architecture/attestation#runtime-measurements

Anyone can reproduce TDX VM images that match these measurements by executing the reproducible build process.

More about TEEs

You can find more information about TEEs here: