Skip to content
SECURITY SPEC

Attestation & Security

Remote Attestation is the cornerstone of Morpheus's trust model. It lets external observers validate that the response metadata came from the expected Morpheus enclave deployment (AWS Nitro CVM) and that the quote is bound to the reported output hash and on-chain attestation_hash.

Scope of trust: the built-in verifier confirms that the result is enclave-key-signed and that the hash binding + declared metadata are consistent, and that a quote and event log are present. It does not validate the Nitro/TDX quote against an AWS/Intel root of trust, so a passing result is measurement_chain_verified: false. Treat full_attestation_ok as presence-based, not a verified measurement chain.

The Evidence Layer

Every task executed by a Morpheus worker can be bundled with an Attestation Quote. The verifier focuses on the application-level fields that are available in the live result envelope:

  • app_id / compose_hashStable identifiers that let you confirm the response came from the expected Morpheus enclave deployment and compose bundle.
  • instance_idIdentifies the concrete worker instance that produced the quote, useful for operational forensics and replay analysis.
  • attestation_hash / report_dataMorpheus currently sets attestation_hash == output_hash. The verifier compares the first 32 bytes of TDX report_data against that hash.

Off-Chain Verification Flow

While on-chain contracts verify the worker signature, high-security applications should also perform off-chain verification:

  1. Fetch the callback envelope or worker response, then read output_hash, attestation_hash, and tee_attestation.report_data.
  2. Verify that attestation_hash == output_hash.
  3. Verify that the first 32 bytes of report_data match that same hash.
  4. Check app_id and compose_hash against the published Morpheus deployment metadata.
  5. The built-in verifier stops here: it confirms the enclave-key signature and hash binding and that a quote is present, but it does not check the Nitro/TDX quote against a hardware root of trust. For full measurement-chain validation, perform an additional platform-specific verification pass (AWS Nitro / Intel TDX) outside the built-in web verifier.

Published CVM Explorers

Morpheus now runs with role-specialized enclaves (Nitro CVMs). The Oracle request/response runtime and the DataFeed runtime have separate published explorer pages, and those pages are the canonical public attestation anchors for both mainnet and testnet traffic.

  • Oracle request CVM: ddff154546fe22d15b65667156dd4b7c611e6093
  • DataFeed CVM: ac5b6886a2832df36e479294206611652400178f
VERIFIER TOOL

Morpheus provides a built-in Attestation Verifier in the Explorer. You can paste any worker response to validate its hardware proof instantly.

OPEN VERIFIER

Trust Boundaries

By combining hardware isolation with cryptographic proof, Morpheus shifts the security boundary from "Trust the Operator" to "Trust the Code".

Auditability

The entire Morpheus worker runtime is open-source. Security auditors can independently verify the code paths that produce the reported output hash, transport encryption metadata, and callback envelope format.

CURRENT DESIGNUPDATED FOR DUAL-CVM ARCHITECTURE