Safeheron Open-Source TEE Native Development Framework: Building A Trusted Digital Asset Infrastructure

Safeheron has officially open-sourced the independently developed world’s first C++-based Intel SGX native development framework — Safeheron SGX (SSGX) (https://github.com/Safeheron/ssgx). This framework is built on Intel’s native SGX SDK, addresses real business needs, and creates a modern, modular C++ development system with high security, cross-platform adaptability, and excellent scalability, significantly lowering the threshold for SGX native development.

By integrating a modular build system, filling foundational functionality gaps, enhancing development and testing capabilities, and incorporating built-in cryptography and network communication support, SSGX provides a solid trusted execution foundation for key Web3 scenarios such as privacy computing, MPC signatures, AI Agents, DID, and off-chain computation.

What is TEE — The Core Foundation of Cloud Security

In the context of rapid integration between cloud computing and Web3, establishing a robust trust system in open, dynamic, and untrusted operating environments has become a central challenge for digital asset security. Traditional software-layer protection struggles to defend against threats from high-privilege components like operating systems and virtualization platforms, which often pose enormous risks to high-value on-chain applications and user assets.

Trusted Execution Environment (TEE), a system-level security technology proposed years ago, is accelerating its expansion into practical application driven by the development of cloud-native and blockchain infrastructure, becoming a key cornerstone for building trusted computing environments.

Through hardware-level isolation mechanisms, it creates protected computing areas at the processor or system level, ensuring that critical code and data can execute securely and avoid leakage even if the operating system or virtualization platform is compromised. Combined with remote attestation mechanisms, TEE can provide external verification of computational process trustworthiness, fundamentally enhancing system security boundaries and trusted foundations.

Current mainstream TEE technologies include Intel SGX, Intel TDX, ARM TrustZone, AMD SEV, RISC-V Keystone, and AWS Nitro, each with distinct advantages suited for different security models and deployment scenarios. As Web3 security architecture evolves, TEE technology is gradually employed in core applications such as privacy computing, MPC signature, trusted AI Agents, and decentralized identity systems, becoming an important supporting force for building on-chain trust.

Why Choose Intel SGX?

Compared to other TEE technologies, Intel SGX offers unique advantages that make it an ideal choice for specific scenarios:

1. Minimized Trusted Computing Base (Minimal TCB): SGX’s core advantage lies in its streamlined TCB. It precisely limits the trust boundary to the application code and necessary SGX runtime libraries inside the enclave, excluding large and complex components such as the operating system, hypervisor, and even BIOS from the root of trust. This greatly reduces potential attack surfaces, making security audits more focused and feasible.
2. Native and Standardized Remote Attestation: SGX provides a powerful hardware-based remote attestation mechanism (e.g., DCAP). This allows remote verifiers to give trustworthy confirmation that specific, unmodified code is indeed running inside a genuine SGX enclave on the target platform. This is crucial for verifying the correctness of off-chain computation results and establishing trust roots in on-chain or multi-party systems without needing to trust third parties.
3. Application-Level Hardware Isolation for Server-Side: Compared to the virtual machine-level isolation provided by AMD SEV or the system-level partitioning of ARM TrustZone, SGX offers fine-grained, intra-process hardware isolation capabilities for server-side applications. This is particularly suitable for deploying sensitive application modules requiring the highest level of protection, such as MPC computation engines, TEE wallet services, key management systems (KMS), and sensitive data processing API proxies.
4. Optimized for Cryptography and Secure Multi-Party Computation (MPC): SGX enclave provides a high-performance, low-latency, and hardware-protected secure execution environment. This makes it highly suitable for executing compute-intensive and latency-sensitive cryptographic operations (like digital signature generation, key derivation, encryption/decryption) and complex multi-party computation protocols, while ensuring the confidentiality and integrity of the computation process remains inviolable without trusting the underlying operating system.
5. Mature Ecosystem and Widespread Commercial Deployment: Intel provides a relatively comprehensive software development kit (SDK), drivers, and detailed development documentation. More importantly, due to its early market entry, SGX is one of the TEE (Trusted Execution Environment) technologies in the industry that has undergone the most security attack research. Furthermore, SGX technology has been widely deployed and supported by mainstream public cloud providers (such as Microsoft Azure Confidential Computing, Alibaba Cloud SGX Encrypted Computing, Google Cloud Confidential Computing, etc.), accumulating rich engineering practical experience and good infrastructure availability.
6. Cross-Platform and Cloud-Neutral Potential: Although SGX is an Intel technology, its application deployment is not limited to specific cloud providers. SGX-supporting servers can be deployed in on-premises data centers, private clouds, and multiple public cloud environments. Compared to some cloud vendor-specific TEE solutions (such as AWS Nitro), this provides stronger deployment flexibility and portability, helping to avoid vendor lock-in.

Why Choose SGX Native Development?

When adopting SGX technology, developers typically have two choices: one is to use Intel SGX SDK for native development, and the other is to adopt LibOS solutions (general-purpose LibOS like Graphene, Occlum, or language-level LibOS like Fortanix, Ego, etc.) to simplify the migration of existing applications. Safeheron firmly chose the native development based on the following core considerations:

1. Ultimate Minimization of the Trusted Computing Base (TCB): To provide POSIX compatibility and facilitate the porting of existing applications, LibOS inevitably introduces additional runtime systems (RTS), system call simulation layers, and various dependency libraries, significantly increasing the volume and complexity of the TCB inside the enclave. Native development allows us to compress the trust boundary to the extreme, including only the necessary code for business logic and minimized runtime dependencies, achieving theoretically maximum security.
2. Fine-Grained Control over Enclave Behavior: The native SDK gives developers complete control over the internal workings of the enclave, including memory layout planning, thread management, execution flow design, precise definition of system call (OCall/ECall) interfaces (EDL), selection of key sealing strategies, customization of remote attestation processes, etc. This fine-grained control is crucial for avoiding potential black box behaviors in LibOS and ensuring transparency, controllability, and auditability of high-risk core business logic such as secure custody and MPC.
3. Maximizing Performance Potential and Optimization Space: To simulate a complete operating system environment, LibOS typically introduces additional context switching overhead, shim layer conversions, and even simulated file systems, which can lead to performance degradation, sometimes quite significantly. For performance-sensitive applications such as cryptographic computation and real-time MPC protocol interactions, native development provides the possibility of direct access to hardware features and low-level optimizations (such as memory management optimization, asynchronous communication model design, instruction-level optimization), thereby tapping into the maximum performance potential of the SGX environment.
4. Simplified Deployment Model and Lower Dependency Risk: LibOS frameworks often require specific host environment configurations, customized operating system images, or complex runtime dependency management. Applications developed natively are built directly on the official SDK and are typically easier to adapt to different deployment environments (physical servers, standard virtual machines, container environments, and native TEE services provided by cloud vendors). The deployment process is relatively lighter, more flexible, and introduces lower additional third-party dependency risks.
5. Most Comprehensive and Timely Support for SGX Features: As the official implementation, Intel SGX SDK typically provides the fastest and most complete support for all the latest SGX hardware features (such as the SGX2 instruction set, EDMM memory management enhancements, flexible key derivation policies, etc.). Choosing native development means being able to leverage these new features to improve application security or performance as soon as they become available, and more easily obtain official technical support from Intel and the active community.
6. Building Core Infrastructure That Can Evolve Long-Term: Safeheron’s goal is to build stable, reliable, composable, and scalable basic security components as the core engine of trusted digital asset infrastructure, rather than merely quickly fitting an existing application into SGX. The low-level control capabilities and flexibility provided by the native SDK are better suited for creating core security infrastructure that can be maintained, continuously iterated, and evolved over the long term.

Safeheron SGX Native Development Framework (SSGX): Enabling Efficient Trusted Development

To address the complexity challenges of SGX native development, improve engineering efficiency and security, Safeheron designed and open-sourced the SSGX framework. Through a series of carefully designed functional modules and tools, it significantly improves the development experience, helping developers build secure, high-performance, engineered trusted computing applications, laying a solid foundation for blockchain, privacy computing, and other core scenarios. Core features of the SSGX framework include:

Native Compatibility, Fully Inheriting Intel SGX SDK Capabilities

The Safeheron SGX native development framework (SSGX) is highly compatible with Intel SGX SDK, built on its native interfaces, and completely inherits all functions and features provided by the SDK.

Developers can seamlessly call all functions in the official Intel SGX SDK, including core APIs for enclave lifecycle management, remote attestation, local authentication, encrypted storage, thread support, exception handling, and more. The framework further optimizes encapsulation on this foundation, retaining flexibility of control over the underlying system while reducing the complexity of native development, providing stronger support for the engineering implementation of trusted applications.

Modular Build System Integrated with CMake

Considering the complex build process and high component coupling of SGX projects, the framework introduces a highly compatible CMake modular build system that supports flexible extension and cross-module collaboration.

• Supports decoupled development of enclave and non-enclave (App) code.
• Provides a compilation system deeply compatible with CMake, simplifying dependency management and cross-module integration.
• Greatly reduces the build configuration complexity of SGX projects, improving modular development efficiency.

Critical Basic Functionality Enhancements

To compensate for the practical and user-friendliness shortcomings of SGX’s native standard library, SSGX additionally provides:

• High-precision time support: Provides millisecond, microsecond, and even nanosecond-level timing capabilities, as well as basic time security verification mechanisms.
• Secure untrusted memory management: Optimizes data interaction between Enclave and App, providing secure buffer allocation and access mechanisms.
• Basic file system access interface: Encapsulates standard file operation interfaces, simplifying file operations within the Enclave.

Practical Tools and Library Extensions

Addresses the pain point of missing general-purpose function libraries in the SGX environment, providing built-in secure and usable support for common components.

• TOML/JSON parsing: Integrates lightweight, secure TOML and JSON parsing libraries, convenient for configuration management and data exchange.
• High-precision numerical computation: Provides high-precision numerical computation modules suitable for financial scenarios.
• SGX logging module: Provides a flexible logging framework, convenient for debugging, monitoring, and auditing. – HTTP(S) support: Supports HTTP/HTTPS clients, allowing Enclaves to actively initiate secure network requests and interact with external services; also provides basic HTTP server support, facilitating reception of external requests in a trusted environment.
• UUID support: Supports generating UUID v4 (based on random numbers) compliant with RFC 4122 standard, used for uniquely identifying objects, requests, sessions, and other key entities, facilitating secure and non-repetitive identifier allocation within the enclave.

SGX TEE Testing Framework

Solves the validation difficulties caused by internal/external isolation, debugging limitations, and insufficient test coverage in the SGX environment.

• Unit testing and integration testing within the enclave: Supports running test cases in simulated or real enclave environments.
• Secure test execution mechanism: Performs functional verification while ensuring enclave isolation.
• Compatible with CI/CD processes: Easy to integrate into automated testing processes, ensuring code quality and maintainability.

Enhanced Secure File Reading and Writing

The SSGX framework provides object-oriented unified abstraction interfaces for file streams, maintaining compatibility with the native Protected File System interface while offering more powerful file stream processing capabilities for a wider range of scenarios.

• MRSIGNER-based encrypted file storage: This functionality is fully compatible with the native Protected FS interface.
• MRENCLAVE-based encrypted file storage: Ensures data can only be accessed by specific versions of Enclave code.
• Flexible key derivation and encryption options: Provides composable file encryption modes, such as combining MRSIGNER and MRENCLAVE encryption, providing higher security requirements and applicability for file storage.

Object-Oriented SGX API Encapsulation

Provides concise, object-oriented modern C++ APIs, reducing the complexity of using the core interfaces of the native SGX SDK.

• Sealing (secure encapsulation): Provides advanced interfaces to simplify key management and data operations for local encrypted storage.
• Remote Attestation: Encapsulates the native complex attestation process (such as DCAP), making the generation and verification of Quotes more concise and intuitive.

Integration of Modern Cryptography Libraries

• Integrates core cryptographic algorithm libraries commonly used in the blockchain domain, including big integer computation libraries, elliptic curve computation libraries, key sharing (Shamir) algorithms, Paillier homomorphic encryption, hash functions (SHA-2, SHA-3, SHAKE, etc.), ECIES public key encryption algorithms, etc.
• Provides foundational cryptographic building blocks for multi-party secure computation (MPC) and zero-knowledge proof (ZKP) protocols, supporting secure, high-performance cryptographic computations within the SGX environment.

Application Prospects of TEE Native Development Framework

This framework addresses core security and scalability challenges in the blockchain and Web3 ecosystem, with broad prospects for implementation across multiple key scenarios. By building off-chain trusted execution environments and supporting general computation capabilities with remote attestation, SSGX can become an ideal infrastructure for Layer 2 scaling, privacy computing, and complex contract logic processing, significantly reducing main chain load, enhancing system throughput and verifiability, helping off-chain computation become a trusted “second execution layer”.

In the digital asset security domain, SSGX establishes a trusted execution boundary connecting MPC signatures, decentralized wallets, and privacy-enhanced applications, effectively preventing private key leakage, isolating sensitive operations, and providing trusted computing capability support for next-generation asset custody solutions and compliant privacy financial services. Meanwhile, it also provides a secure, trusted runtime environment for confidential contracts, anonymous identity systems, data privacy applications, and more, promoting stronger privacy protection mechanisms in on-chain practice.

Looking forward, SSGX will also become a key supporting component for trusted interactive systems and on-chain intelligent agents. By combining trusted time and remote attestation mechanisms, the framework can build quotation systems, oracle channels, and bidding platforms with verifiable, fairness-guaranteed properties, preventing backdoor operations and information asymmetry. Furthermore, TEE-based secure inference capabilities also open possibilities for decentralized AI Agents, enabling them to make privacy-friendly, trustworthy, and auditable intelligent decisions representing users in high-value interactions such as DAO governance, DeFi strategies, identity agency, and data negotiation.

Future Outlook

As an important component of Safeheron’s trusted digital asset infrastructure, the SSGX framework will continue to evolve, constantly advancing toward higher security, stronger versatility, and better development experience. In the future, we will continue to provide more basic modules, encapsulate the underlying capabilities provided by the SGX SDK to refine a more modern, object-oriented API interface system, and reduce the complexity of native development. Furthermore, as next-generation trusted computing hardware develops, we will explore integration paths between SGX and architectures such as TDX, and explore a general abstraction model for trust transfer across heterogeneous TEEs to achieve cross-platform migration and ecosystem synergy of trusted programs.

At the foundational capability level, we will introduce more mature, verifiable trusted time mechanisms, enrich cryptographic component support, including high-performance elliptic curves, curve pairing algorithms, etc., supporting more complex MPC, ZKP, and other cutting-edge protocols to run efficiently in TEE. In terms of engineering capabilities, we will continue to optimize the testing toolchain, build multi-platform adaptation mechanisms, and strengthen compatibility with non-Linux systems, promoting the true integration of trusted computing into the full-stack system of blockchain and Web3 applications.

Conclusion

We firmly believe that the prosperity of the trusted computing ecosystem depends on community co-building and collaboration. Safeheron will adhere to open-source principles, cooperating with the community to build an open, transparent, and verifiable trusted computing infrastructure platform, providing solid support for the leap in global digital asset security and privacy computing capabilities.