> For the complete documentation index, see [llms.txt](https://docs.turbine.exchange/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.turbine.exchange/resources/security/trusted-execution-environment.md). # Trusted Execution Environment The Turbine backend runs inside a Trusted Execution Environment (TEE). Nobody, including PropellerHeads or anyone with physical access to the node, can read Turbine's data or alter the program. PropellerHeads can update the application. Each update is visible on-chain for full transparency. Turbine runs in a secure Intel TDX enclave, powered by the open-source TEE framework [DStack](https://phala.com/dstack), provided by [Phala](https://phala.com/). ## Track Turbine updates Each update of Turbine backend must be allowed by an onchain transaction. Allowing an update means calling `addComposeHash` function on Turbine [DstackApp smart contract](https://etherscan.io/address/0x48da3ef94f5c5409c2c6df70f95474f41eb763a5). PropellerHeads cannot update Turbine without making a public transaction. ## Verify Turbine ### Verify with Trust Center The Trust Center lets you verify all components forming the chain of trust: {% embed url="" %} The App Source Code block contains the docker-compose file the TEE runs, which references the Turbine Docker image. Confirm that an image with the same sha256 digest was built on GitHub. {% stepper %} {% step %} #### **Find the** [**App Source Code**](https://trust.phala.com/app/48da3ef94f5c5409c2c6df70f95474f41eb763a5?selected=app-code) **block**

{% endstep %} {% step %} **Click on compose\_file**

{% endstep %} {% step %} #### **Find docker\_compose\_file key**

{% endstep %} {% step %} #### **Find Docker image**

{% endstep %} {% step %} #### **Locate the image on** [**GitHub**](https://github.com/propeller-heads/turbine/actions/workflows/prod-deployment.yaml) {% hint style="info" %} Turbine will be open sourced after Beta stage. {% endhint %}

{% endstep %} {% endstepper %} ### Verify manually This guide describes how to verify that the Turbine API you are interacting with runs genuine Turbine code inside a Trusted Execution Environment. {% stepper %} {% step %} #### Get a quote Go to `https://api.turbine.exchange/api/attestation/`, substituting `` with a string (up to 64 characters), for example `https://api.turbine.exchange/api/attestation/MyReportData`. The generated quote is in the `quote` field of the response. {% endstep %} {% step %} #### Confirm that the quote was produced in a TEE Validate the quote by pasting it (the value of the `quote` field, without quotation marks) at [TEE Attestation Explorer by Phala](https://proof.t16z.com/). You can also use other Intel TDX attestation verification tools, but the one linked above is specialised for DStack and takes more data into account. {% endstep %} {% step %} #### Confirm that the TEE is running genuine Turbine Quote validation extracts several values from the quote, including RTMR3. This value reflects the docker-compose file used to run containers inside the TEE. Obtain the expected docker-compose file and TEE event log from the Turbine API. Both values are available at the `https://api.turbine.exchange/api/info` endpoint. To avoid formatting errors, use the following commands to save them as text files: ```bash curl https://api.turbine.exchange/api/info | jq .tcb_info.app_compose -j > app_compose.json curl https://api.turbine.exchange/api/info | jq .tcb_info.event_log -j > event_log.json ``` In `app_compose.json`, you can find the Docker image hash of the container running Turbine. Now calculate the expected RTMR3 value. The easiest way is to use [https://rtmr3-calculator.vercel.app](https://rtmr3-calculator.vercel.app/) (source code [here](https://github.com/propeller-heads/rtmr3-calculator)). Paste the contents of `app_compose.json` and `event_log.json` into the calculator. It verifies that the compose file matches the event log and calculates the expected RTMR3 value. {% hint style="info" %} Calculation of RTMR3 value is explained in [Phala documentation](https://phala.network/posts/truth-of-AI-Agent). {% endhint %} Compare the RTMR3 value you calculated with the RTMR3 value extracted from the quote during verification. They must match exactly. **This proves that the quote was generated by a DStack deployment running Turbine in a confidential virtual machine.** {% endstep %} {% endstepper %} ## Read more {% embed url="" %} {% embed url="" %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.turbine.exchange/resources/security/trusted-execution-environment.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.