# DCAP TEE Attestation

## 现状

* **MockDcapVerifier**: chain 391 上的 mock，接受任何 quote（PoC）
* 真 DCAP swap: 3-4 周 roadmap (P3 #2，未启动)

## DCAP 流程

1. Enclave (SGX/TDX) 启动，measurement = hash(code + data)
2. Enclave 生成 ephemeral signing key
3. Intel PCS / Trustee 服务签发 quote (含 measurement + ephemeral pub key)
4. on-chain verifier 验签 quote → 信任 enclave 的输出

## 真 verifier 实现路径

* Option A: 集成 Intel PCS / Trustee 服务直接调
* Option B: on-chain 验签 (gas 成本高, \~5M gas/quote)
* Option C: 把 quote 通过 ZK 证明 valid (省 gas)

## 主网前必备

1. 选 implementation path
2. 集成 Intel certificate chain
3. Side-channel attack 评估
4. 回退到 ZK 备选方案

## TeeProfileRegistry

`TeeProfileRegistry.sol` — 注册 enclave measurement，让 consumer 选择信任哪些 measurement。详见 [TEE Profile Registry](/registries-que-quan/tee-profile-registry.md)。


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://yellowpaper.axblade.io/algorithms/dcap-tee-attestation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.