feat: add TDX verifier and TDX-aware TEE prover registry

deploy-config/local.json

@@ -67,13 +67,16 @@
   "useRevenueShare": false,
   "chainFeesRecipient": "0x9965507D1a55bcC2695C58ba16FB37d819B0A4dc",
   "teeImageHash": "0x0000000000000000000000000000000000000000000000000000000000000001",
+  "teeNitroImageHash": "0x0000000000000000000000000000000000000000000000000000000000000001",
+  "teeTdxImageHash": "0x0000000000000000000000000000000000000000000000000000000000000001",
   "multiproofConfigHash": "0x0000000000000000000000000000000000000000000000000000000000000000",
   "multiproofGameType": 621,
   "teeProposer": "0x9965507D1a55bcC2695C58ba16FB37d819B0A4dc",
   "teeChallenger": "0x976EA74026E726554dB657fA54763abd0C3a0aa9",
   "zkRangeHash": "0x0000000000000000000000000000000000000000000000000000000000000000",
   "zkAggregationHash": "0x0000000000000000000000000000000000000000000000000000000000000000",
   "nitroEnclaveVerifier": "0x0000000000000000000000000000000000000000",
+  "tdxVerifier": "0x0000000000000000000000000000000000000001",
   "multiproofGenesisOutputRoot": "0x0000000000000000000000000000000000000000000000000000000000000001",
   "multiproofGenesisBlockNumber": 0,
   "multiproofBlockInterval": 100,

deploy-config/sepolia.json

@@ -1,5 +1,5 @@
 {
-  "finalSystemOwner": "0x6e427c3212C0b63BE0C382F97715D49b011bFF33",
+  "finalSystemOwner": "0x8C1a617BdB47342F9C17Ac8750E0b070c372C721",
   "superchainConfigGuardian": "0xfd1D2e729aE8eEe2E146c033bf4400fE75284301",
   "l1StartingBlockTag": "0x48f520cf4ddaf34c8336e6e490632ea3cf1e5e93b0b2bc6e917557e31845371b",
   "l1ChainID": 11155111,
@@ -58,19 +58,21 @@
   "useFaultProofs": true,
   "useRevenueShare": true,
   "chainFeesRecipient": "0xfd1D2e729aE8eEe2E146c033bf4400fE75284301",
-  "teeImageHash": "0xd04c8147410930fade36986c9357fd9a7591231e38e6e87e51183bd5909f509c",
+  "teeNitroImageHash": "0x11fb64617dfa2875d31b0cfb656666fd8cee65eb134fefeca171b9b6b4444a64",
+  "teeTdxImageHash": "0x4cb35ee476a8098c4e567098714c65f5afe25236fc460b38487a356e14e7db66",
   "multiproofConfigHash": "0x12e9c45f19f9817c6d4385fad29e7a70c355502cf0883e76a9a7e478a85d1360",
   "multiproofGameType": 621,
   "teeProposer": "0xdb84125f2f4229c81c579f41bc129c71b174eb58",
   "teeChallenger": "0xadc09b63a3ac57a2ce86d946617a18df9db029a1",
   "zkRangeHash": "0x51708a6b4a3b800a14607e902c1aad47719905c12698a3e01ca8b3321761bc52",
   "zkAggregationHash": "0x005aa369dd9445e172018a9eaa4a0f9767b2c2079ece90ca120422b3c4c65f11",
   "nitroEnclaveVerifier": "0x77461a6434fFE3435206B19658F33274f3104e07",
+  "tdxVerifier": "0x5431a6Fd5365e9629BD2B0969e54c4f09d6781bA",
   "multiproofGenesisOutputRoot": "0xbc273d5876d1858ecd5aaf4ce4eaf16c73f0187ca4271b774ed5da7d2254ba79",
   "multiproofGenesisBlockNumber": 37223829,
   "multiproofBlockInterval": 600,
   "multiproofIntermediateBlockInterval": 30,
-  "risc0VerifierRouter": "0xb121b667dd2cf27f95f9f5107137696f56f188f6",
+  "risc0VerifierRouter": "0x925d8331ddc0a1F0d96E68CF073DFE1d92b69187",
   "risc0SetBuilderImageId": "0x70909b25db0db00f1d4b4016aeb876f53568a3e5a8e6397cb562d79947a02cc9",
   "sp1Verifier": "0x397A5f7f3dBd538f23DE225B51f532c34448dA9B"
 }

deploy-config/zeronet-tdx.json

@@ -0,0 +1,78 @@
+{
+  "finalSystemOwner": "0x8C1a617BdB47342F9C17Ac8750E0b070c372C721",
+  "superchainConfigGuardian": "0xfd1D2e729aE8eEe2E146c033bf4400fE75284301",
+  "l1StartingBlockTag": "0x48f520cf4ddaf34c8336e6e490632ea3cf1e5e93b0b2bc6e917557e31845371b",
+  "l1ChainID": 11155111,
+  "l2ChainID": 11155420,
+  "l2BlockTime": 2,
+  "l1BlockTime": 12,
+  "maxSequencerDrift": 600,
+  "sequencerWindowSize": 3600,
+  "channelTimeout": 300,
+  "p2pSequencerAddress": "0x57CACBB0d30b01eb2462e5dC940c161aff3230D3",
+  "batchInboxAddress": "0xff00000000000000000000000000000011155420",
+  "batchSenderAddress": "0x8F23BB38F531600e5d8FDDaAEC41F13FaB46E98c",
+  "l2OutputOracleSubmissionInterval": 120,
+  "l2OutputOracleStartingBlockNumber": 0,
+  "l2OutputOracleStartingTimestamp": 1690493568,
+  "l2OutputOracleProposer": "0x49277EE36A024120Ee218127354c4a3591dc90A9",
+  "l2OutputOracleChallenger": "0xfd1D2e729aE8eEe2E146c033bf4400fE75284301",
+  "finalizationPeriodSeconds": 12,
+  "proxyAdminOwner": "0xfd1D2e729aE8eEe2E146c033bf4400fE75284301",
+  "baseFeeVaultRecipient": "0xfd1D2e729aE8eEe2E146c033bf4400fE75284301",
+  "l1FeeVaultRecipient": "0xfd1D2e729aE8eEe2E146c033bf4400fE75284301",
+  "sequencerFeeVaultRecipient": "0xfd1D2e729aE8eEe2E146c033bf4400fE75284301",
+  "operatorFeeVaultRecipient": "0xfd1D2e729aE8eEe2E146c033bf4400fE75284301",
+  "baseFeeVaultMinimumWithdrawalAmount": "0x8ac7230489e80000",
+  "l1FeeVaultMinimumWithdrawalAmount": "0x8ac7230489e80000",
+  "sequencerFeeVaultMinimumWithdrawalAmount": "0x8ac7230489e80000",
+  "operatorFeeVaultMinimumWithdrawalAmount": "0x8ac7230489e80000",
+  "baseFeeVaultWithdrawalNetwork": 0,
+  "l1FeeVaultWithdrawalNetwork": 0,
+  "sequencerFeeVaultWithdrawalNetwork": 0,
+  "operatorFeeVaultWithdrawalNetwork": 0,
+  "enableGovernance": true,
+  "governanceTokenSymbol": "OP",
+  "governanceTokenName": "Optimism",
+  "governanceTokenOwner": "0xfd1D2e729aE8eEe2E146c033bf4400fE75284301",
+  "l2GenesisBlockGasLimit": "0x1c9c380",
+  "l2GenesisBlockBaseFeePerGas": "0x3b9aca00",
+  "eip1559Denominator": 50,
+  "eip1559Elasticity": 6,
+  "l2GenesisRegolithTimeOffset": "0x0",
+  "systemConfigStartBlock": 4071248,
+  "fundDevAccounts": false,
+  "faultGameAbsolutePrestate": "0x03b7eaa4e3cbce90381921a4b48008f4769871d64f93d113fcadca08ecee503b",
+  "faultGameMaxDepth": 73,
+  "faultGameClockExtension": 10800,
+  "faultGameMaxClockDuration": 302400,
+  "faultGameGenesisBlock": 9496192,
+  "faultGameGenesisOutputRoot": "0x63b1cda487c072b020a57c1203f7c2921754005cadbd54bed7f558111b8278d8",
+  "faultGameSplitDepth": 30,
+  "faultGameWithdrawalDelay": 604800,
+  "preimageOracleMinProposalSize": 126000,
+  "preimageOracleChallengePeriod": 86400,
+  "proofMaturityDelaySeconds": 604800,
+  "disputeGameFinalityDelaySeconds": 302400,
+  "respectedGameType": 0,
+  "useFaultProofs": true,
+  "useRevenueShare": true,
+  "chainFeesRecipient": "0xfd1D2e729aE8eEe2E146c033bf4400fE75284301",
+  "teeNitroImageHash": "0x213ad2e8f1594e1c386ef88ed9d2ec0df5a968f5228a5b17f4b0040599726515",
+  "teeTdxImageHash": "0x4cb35ee476a8098c4e567098714c65f5afe25236fc460b38487a356e14e7db66",
+  "multiproofConfigHash": "0x12e9c45f19f9817c6d4385fad29e7a70c355502cf0883e76a9a7e478a85d1360",
+  "multiproofGameType": 621,
+  "teeProposer": "0xdb84125f2f4229c81c579f41bc129c71b174eb58",
+  "teeChallenger": "0xadc09b63a3ac57a2ce86d946617a18df9db029a1",
+  "zkRangeHash": "0x51708a6b4a3b800a14607e902c1aad47719905c12698a3e01ca8b3321761bc52",
+  "zkAggregationHash": "0x005aa369dd9445e172018a9eaa4a0f9767b2c2079ece90ca120422b3c4c65f11",
+  "nitroEnclaveVerifier": "0x2DC52760D13a3C2dF33fcc42913C4dddd8d976B9",
+  "tdxVerifier": "0xB5F7f92dA7aBfDBDEB8e84EE78765fd0D3D3E092",
+  "multiproofGenesisOutputRoot": "0xbc273d5876d1858ecd5aaf4ce4eaf16c73f0187ca4271b774ed5da7d2254ba79",
+  "multiproofGenesisBlockNumber": 37223829,
+  "multiproofBlockInterval": 600,
+  "multiproofIntermediateBlockInterval": 30,
+  "risc0VerifierRouter": "0x925d8331ddc0a1F0d96E68CF073DFE1d92b69187",
+  "risc0SetBuilderImageId": "0x70909b25db0db00f1d4b4016aeb876f53568a3e5a8e6397cb562d79947a02cc9",
+  "sp1Verifier": "0x397A5f7f3dBd538f23DE225B51f532c34448dA9B"
+}

deployments/11155111-dev-with-tdx.json

@@ -0,0 +1,13 @@
+{
+  "ASRStartingBlockNumber": 41281684,
+  "ASRStartingOutputRoot": "0xc9f0f3a76f7c15306635a9990a8d4a3c1e281ca9e1519824679a73ca781f3404",
+  "AggregateVerifier": "0xA1Fd6E923d8Efa8deebde9D2AE98Df08B9A31C7d",
+  "AnchorStateRegistry": "0xe3E9ec1a72D8AD322187B4a4B757B2e906f4edF8",
+  "DelayedWETH": "0x2CCe62a3496aC7bD1A706cf7E1a765fd24e59666",
+  "DisputeGameFactory": "0x4aae21Fc11669463d37d2B875B52c7D63F794a08",
+  "NitroEnclaveVerifier": "0x2DC52760D13a3C2dF33fcc42913C4dddd8d976B9",
+  "TDXRegistrationManager": "0x44E999A5859c2D12378a349882fAe5805DCE71b9",
+  "TDXVerifier": "0xB5F7f92dA7aBfDBDEB8e84EE78765fd0D3D3E092",
+  "TEEProverRegistry": "0x45111D4FDF5EC6bD2bDBF9Aed4a5f01140B892D9",
+  "TEEVerifier": "0x3065B3175F0265212e041Ea119D0001cf751E5a7"
+}

deployments/11155111-tdx-verifier.json

@@ -0,0 +1,7 @@
+{
+  "IntelRootCaHash": "0xa1acc73eb45794fa1734f14d882e91925b6006f79d3bb2460df9d01b333d7009",
+  "MaxTimeDiff": 3600,
+  "RiscZeroVerifierRouter": "0x925d8331ddc0a1F0d96E68CF073DFE1d92b69187",
+  "TDXVerifier": "0x9c38b756B31529Cad02D54A4ba810F3ff1e00054",
+  "TDXVerifierId": "0xb9681d1f76f5dbf70da84ad06b5b20befa392638060e947965269b6f63ebbf3b"
+}

deployments/11155111-tee-verifiers.json

@@ -0,0 +1,17 @@
+{
+  "IntelRootCaHash": "0xa1acc73eb45794fa1734f14d882e91925b6006f79d3bb2460df9d01b333d7009",
+  "NitroEnclaveVerifier": "0x2DC52760D13a3C2dF33fcc42913C4dddd8d976B9",
+  "NitroMaxTimeDiff": 3600,
+  "NitroRiscZeroVerifierRouter": "0xB121B667dd2cf27F95f9F5107137696F56f188f6",
+  "NitroRootCert": "0x641a0321a3e244efe456463195d606317ed7cdcc3c1756e09893f3c68f79bb5b",
+  "NitroVerifierId": "0x15051db631d6ed382d957c795a558a0abdd00d0d22a1670455721bc2712d3d6e",
+  "NitroVerifierProofId": "0x0000000000000000000000000000000000000000000000000000000000000000",
+  "RiscZeroSetBuilderImageId": "0x70909b25db0db00f1d4b4016aeb876f53568a3e5a8e6397cb562d79947a02cc9",
+  "RiscZeroSetVerifier": "0xef981185595Ed2a49dEC9B2D5073B88Ef9e00Fd4",
+  "RiscZeroSetVerifierSelector": "0x242f9d5b00000000000000000000000000000000000000000000000000000000",
+  "RiscZeroVerifierRouter": "0x925d8331ddc0a1F0d96E68CF073DFE1d92b69187",
+  "TDXMaxTimeDiff": 3600,
+  "TDXRiscZeroVerifierRouter": "0x925d8331ddc0a1F0d96E68CF073DFE1d92b69187",
+  "TDXVerifier": "0xB5F7f92dA7aBfDBDEB8e84EE78765fd0D3D3E092",
+  "TDXVerifierId": "0xb9681d1f76f5dbf70da84ad06b5b20befa392638060e947965269b6f63ebbf3b"
+}

interfaces/L1/proofs/tee/ITDXVerifier.sol

@@ -0,0 +1,92 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import { ZkCoProcessorType, ZkCoProcessorConfig } from "interfaces/L1/proofs/tee/INitroEnclaveVerifier.sol";
+
+/// @notice Statuses that a TDX quote/collateral verifier may emit.
+/// @dev Unknown is index 0 so uninitialized values fail closed.
+enum TDXVerificationResult {
+    Unknown,
+    Success,
+    InvalidQuote,
+    QuoteSignatureInvalid,
+    RootCaNotTrusted,
+    PckCertChainInvalid,
+    TcbInfoInvalid,
+    QeIdentityInvalid,
+    TcbStatusNotAllowed,
+    CollateralExpired,
+    InvalidTimestamp,
+    ReportDataMismatch
+}
+
+/// @notice Intel TDX TCB status reduced to the statuses this contract's policy needs.
+/// @dev Unknown is index 0 so uninitialized values fail closed.
+enum TDXTcbStatus {
+    Unknown,
+    UpToDate,
+    SwHardeningNeeded,
+    ConfigurationNeeded,
+    ConfigurationAndSwHardeningNeeded,
+    OutOfDate,
+    OutOfDateConfigurationNeeded,
+    Revoked
+}
+
+/// @notice Public journal emitted by the off-chain/ZK TDX DCAP verifier.
+/// @param result Overall verification result after quote and collateral validation in the guest.
+/// @param tcbStatus Intel TDX TCB status for the platform.
+/// @param timestamp Quote timestamp in milliseconds since Unix epoch.
+/// @param collateralExpiration Earliest expiration timestamp in seconds across accepted collateral.
+/// @param rootCaHash Hash of the Intel root CA used to validate the PCK/collateral signing chains.
+/// @param pckCertHash Hash of the PCK leaf certificate that signed the quote attestation key chain.
+/// @param tcbInfoHash Hash of the TCB info collateral consumed by the guest.
+/// @param qeIdentityHash Hash of the QE identity collateral consumed by the guest.
+/// @param publicKey Uncompressed secp256k1 public key: 0x04 || x || y.
+/// @param signer Ethereum address derived from publicKey.
+/// @param imageHash Multiproof-compatible image hash derived from MRTD and RTMR0-3.
+/// @param mrTdHash keccak256 hash of the 48-byte MRTD measurement.
+/// @param reportDataPrefix First 32 bytes of TDREPORT.REPORTDATA.
+/// @param reportDataSuffix Last 32 bytes of TDREPORT.REPORTDATA, available for app-specific binding.
+struct TDXVerifierJournal {
+    TDXVerificationResult result;
+    TDXTcbStatus tcbStatus;
+    uint64 timestamp;
+    uint64 collateralExpiration;
+    bytes32 rootCaHash;
+    bytes32 pckCertHash;
+    bytes32 tcbInfoHash;
+    bytes32 qeIdentityHash;
+    bytes publicKey;
+    address signer;
+    bytes32 imageHash;
+    bytes32 mrTdHash;
+    bytes32 reportDataPrefix;
+    bytes32 reportDataSuffix;
+}
+
+/// @title ITDXVerifier
+/// @notice Interface for Intel TDX quote verification used by TDX-aware TEE prover registries.
+interface ITDXVerifier {
+    /// @notice Verifies a ZK proof of Intel TDX DCAP quote verification and returns attested signer metadata.
+    /// @param output ABI-encoded TDXVerifierJournal public values from the ZK verifier guest.
+    /// @param zkCoprocessor ZK proving system used to generate the proof.
+    /// @param proofBytes ZK proof bytes.
+    /// @return journal Verified TDX attestation metadata.
+    function verify(
+        bytes calldata output,
+        ZkCoProcessorType zkCoprocessor,
+        bytes calldata proofBytes
+    )
+        external
+        returns (TDXVerifierJournal memory journal);
+
+    /// @notice Retrieves the configuration for a specific coprocessor.
+    function getZkConfig(ZkCoProcessorType zkCoprocessor) external view returns (ZkCoProcessorConfig memory);
+
+    /// @notice Returns whether a TCB status is accepted by verifier policy.
+    function allowedTcbStatuses(TDXTcbStatus status) external view returns (bool);
+
+    /// @notice Updates the address authorized to submit verified proofs.
+    function setProofSubmitter(address newProofSubmitter) external;
+}

scripts/deploy/Deploy.s.sol

@@ -235,10 +235,12 @@ contract Deploy is Deployer {
                 faultGameV2SplitDepth: cfg.faultGameV2SplitDepth(),
                 faultGameV2ClockExtension: cfg.faultGameV2ClockExtension(),
                 faultGameV2MaxClockDuration: cfg.faultGameV2MaxClockDuration(),
-                teeImageHash: cfg.teeImageHash(),
+                teeNitroImageHash: cfg.teeNitroImageHash(),
+                teeTdxImageHash: cfg.teeTdxImageHash(),
                 multiproofConfigHash: cfg.multiproofConfigHash(),
                 multiproofGameType: cfg.multiproofGameType(),
                 nitroEnclaveVerifier: cfg.nitroEnclaveVerifier(),
+                tdxVerifier: cfg.tdxVerifier(),
                 l2ChainID: cfg.l2ChainID(),
                 multiproofBlockInterval: cfg.multiproofBlockInterval(),
                 multiproofIntermediateBlockInterval: cfg.multiproofIntermediateBlockInterval(),

scripts/deploy/DeployConfig.s.sol

@@ -85,13 +85,16 @@ contract DeployConfig is Script {
 
     // Multiproof Configuration
     bytes32 public teeImageHash;
+    bytes32 public teeNitroImageHash;
+    bytes32 public teeTdxImageHash;
     bytes32 public multiproofConfigHash;
     uint256 public multiproofGameType;
     address public teeProposer;
     address public teeChallenger;
     bytes32 public zkRangeHash;
     bytes32 public zkAggregationHash;
     address public nitroEnclaveVerifier;
+    address public tdxVerifier;
     bytes32 public multiproofGenesisOutputRoot;
     uint256 public multiproofGenesisBlockNumber;
     uint256 public multiproofBlockInterval;
@@ -198,13 +201,16 @@ contract DeployConfig is Script {
         faultGameV2ClockExtension = _readOr(_json, "$.faultGameV2ClockExtension", 10800);
         faultGameV2MaxClockDuration = _readOr(_json, "$.faultGameV2MaxClockDuration", 302400);
         teeImageHash = bytes32(_readOr(_json, "$.teeImageHash", 0));
+        teeNitroImageHash = bytes32(_readOr(_json, "$.teeNitroImageHash", uint256(teeImageHash)));
+        teeTdxImageHash = bytes32(_readOr(_json, "$.teeTdxImageHash", uint256(teeImageHash)));
         multiproofConfigHash = bytes32(_readOr(_json, "$.multiproofConfigHash", 0));
         multiproofGameType = _readOr(_json, "$.multiproofGameType", 621);
         teeProposer = stdJson.readAddress(_json, "$.teeProposer");
         teeChallenger = stdJson.readAddress(_json, "$.teeChallenger");
         zkRangeHash = stdJson.readBytes32(_json, "$.zkRangeHash");
         zkAggregationHash = stdJson.readBytes32(_json, "$.zkAggregationHash");
         nitroEnclaveVerifier = _readOr(_json, "$.nitroEnclaveVerifier", address(0));
+        tdxVerifier = _readOr(_json, "$.tdxVerifier", address(0));
         multiproofGenesisOutputRoot = bytes32(_readOr(_json, "$.multiproofGenesisOutputRoot", uint256(1)));
         multiproofGenesisBlockNumber = _readOr(_json, "$.multiproofGenesisBlockNumber", 0);
         multiproofBlockInterval = _readOr(_json, "$.multiproofBlockInterval", 100);

scripts/deploy/DeployImplementations.s.sol

@@ -45,6 +45,7 @@ import { TEEVerifier } from "src/L1/proofs/tee/TEEVerifier.sol";
 import { AggregateVerifier } from "src/L1/proofs/AggregateVerifier.sol";
 import { GameType } from "src/libraries/bridge/Types.sol";
 import { ZKVerifier } from "src/L1/proofs/zk/ZKVerifier.sol";
+import { ITDXVerifier } from "interfaces/L1/proofs/tee/ITDXVerifier.sol";
 
 contract DeployImplementations is Script {
     struct Input {
@@ -61,10 +62,12 @@ contract DeployImplementations is Script {
         uint256 faultGameV2ClockExtension;
         uint256 faultGameV2MaxClockDuration;
         // Multiproof parameters
-        bytes32 teeImageHash;
+        bytes32 teeNitroImageHash;
+        bytes32 teeTdxImageHash;
         bytes32 multiproofConfigHash;
         uint256 multiproofGameType;
         address nitroEnclaveVerifier;
+        address tdxVerifier;
         uint256 l2ChainID;
         uint256 multiproofBlockInterval;
         uint256 multiproofIntermediateBlockInterval;
@@ -615,7 +618,9 @@ contract DeployImplementations is Script {
         address teeVerifierImpl;
         {
             TEEProverRegistry scgImpl = new TEEProverRegistry(
-                INitroEnclaveVerifier(_input.nitroEnclaveVerifier), IDisputeGameFactory(address(1))
+                INitroEnclaveVerifier(_input.nitroEnclaveVerifier),
+                ITDXVerifier(_input.tdxVerifier),
+                IDisputeGameFactory(address(1))
             );
             vm.label(address(scgImpl), "TEEProverRegistryImpl");
             _output.teeProverRegistryImpl = scgImpl;
@@ -630,7 +635,7 @@ contract DeployImplementations is Script {
                     _output.delayedWETHImpl,
                     IVerifier(teeVerifierImpl),
                     IVerifier(zkVerifier),
-                    _input.teeImageHash,
+                    AggregateVerifier.TeeHashes(_input.teeNitroImageHash, _input.teeTdxImageHash),
                     AggregateVerifier.ZkHashes(bytes32(0), bytes32(0)),
                     _input.multiproofConfigHash,
                     _input.l2ChainID,
@@ -680,6 +685,7 @@ contract DeployImplementations is Script {
             "DeployImplementations: disputeGameFinalityDelaySeconds not set"
         );
         require(_input.mipsVersion != 0, "DeployImplementations: mipsVersion not set");
+        require(_input.tdxVerifier != address(0), "DeployImplementations: tdxVerifier not set");
         require(
             address(_input.superchainConfigProxy) != address(0), "DeployImplementations: superchainConfigProxy not set"
         );