When considering cloud TEEs, it's easy to underappreciate the essential infra they require to minimise trust dependencies.

Of course, TEEs inherently require trust in operators and manufacturers. Yet even if a team accepts this trust assumption, there is still a lot to do: secure the build processes for in-enclave software, and properly set up multi-party key generation for in-enclave secrets.

I've spent hours trying out the @turnkeyhq stack which solves these infra challenges. I wrote about it here:

In short, this stack is comprised of QuorumOS, an execution layer for in-enclave applications, and StageX, a bootstrapped, reproducible, and auditable build toolchain.

I found QuorumOS and StageX extremely well-engineered but relatively unknown. Hopefully these tools get more adoption as their approach to security is top-notch. Also, they enable use cases where TEEs can *add* security and reduce trust assumptions rather than impose tradeoffs.

Read the post here: /end