Quorum

The Turnkey Whitepaper is now available

Posted on 2/3/25 by Arnaud, Founding Engineer at Turnkey (follow on X)

The Turnkey Whitepaper is now available for all to read. It is the most comprehensive overview of Turnkey to date, and completes the knowledge we started to share on this blog.

We previously talked about how remote attestations are useless without reproducible builds and introduced StageX as a solution to this problem. The Verifiable Foundations section of the whitepaper covers this (and more!) in details:

  • We briefly explain what Trusted Execution Environments (“TEEs”) are and how they prove the software they run. We dive into remote attestations, which are signed measurements from the underlying platform provider (“Platform Configuration Registers”, or “PCRs”).
  • We introduce QuorumOS (“QOS”), a new minimal, open-source operating system engineered for verifiability. QuorumOS is the operating system run by TEEs, proves that a TEE is running a specific application. And it is open-source!
  • We introduce the concept of Boot Proofs and App Proofs and explain how remote attestations, QuorumOS, and StageX combined together yield full verifiability of the software running inside TEEs. The entire operating system (QuorumOS itself) as well as applications within it are verifiable all the way down to the exact source code.

Aside from a deep dive into our Verifiable Foundations, the Turnkey Whitepaper explains the our architecture and how we’ve build a rock-solid key management product using these foundations. In Turnkey’s Architecture you’ll find:

  • Our ambitious threat model: verifiable components are trusted, everything else isn’t. Fiendishly simple and an industry first. We’ve built Turnkey to be a provably secure key management system, where anything touching user private key material is implemented within secure enclaves, in trusted space, hence verifiable.
  • The different types of enclaves we run as well as their interface: The Policy Engine, The Notarizer, The Signer, The Parser, and the TLS Fetcher. This last enclave should be familiar to readers of this blog: we talked about it previously, in TLS sessions within TEEs.
  • What’s needed around these applications to run them at scale and expose them to the outside world securely.

My sincere hope is that our whitepaper provides you with a deep understanding of Turnkey and how key management is built in practice, from bottom to top. I also hope this will highlight why verifiability is so vital to Turnkey’s design, and why Turnkey is such a big step forward for the industry.

The Turnkey Whitepaper is available online at whitepaper.turnkey.com. Happy reading!