> For the complete documentation index, see [llms.txt](https://docs.nearby.finance/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.nearby.finance/protocol-layers/proof-of-location-location-layer/trusted-execution-environment.md). # Trusted Execution Environment ### Introduction The Trusted Execution Environment (TEE) is a critical security component of the Proof of Location Layer. It provides an isolated execution environment where sensitive geolocation computations can be performed securely, separate from the device's main operating system. By executing critical operations inside a protected hardware boundary, the protocol reduces the risk of tampering, manipulation and unauthorized access. The TEE helps establish confidence that location-related computations are performed exactly as intended. ### Why Trusted Execution Environments Matter Modern devices run thousands of processes and applications simultaneously. Even secure operating systems can be exposed to: * Malware * Unauthorized software modifications * Privilege escalation attacks * Data extraction attempts * Runtime manipulation A Trusted Execution Environment creates a secure enclave that remains isolated from the rest of the device. This allows critical computations to remain protected even if other parts of the system become compromised. ### Responsibilities Within zkGeolocation The TEE is responsible for protecting sensitive operations involved in proof generation. These operations may include: * Processing location signals * Verifying signal consistency * Managing cryptographic keys * Executing location validation logic * Signing proof-related data By isolating these processes, the protocol reduces trust assumptions and strengthens proof integrity. ### Secure Key Management Cryptographic keys used by the Proof of Location Layer are protected within the TEE. Private keys never leave the secure environment and cannot be directly accessed by applications or operating system processes. This significantly reduces the risk of key theft or unauthorized proof generation. ### Isolation and Integrity The TEE provides: * Secure computation * Memory isolation * Protected storage * Hardware-backed integrity guarantees These protections help ensure that proof generation remains trustworthy even in adversarial environments. ### Relationship to Device Attestation Device Attestation establishes trust in the device. The Trusted Execution Environment establishes trust in the computations performed by the device. Together, they create a secure foundation for privacy-preserving geolocation verification. ### Building Trust Through Hardware The Proof of Location Layer relies on cryptography to verify location claims and secure hardware to protect proof generation. The Trusted Execution Environment serves as the bridge between these two layers, ensuring that sensitive computations remain protected throughout the verification process. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.nearby.finance/protocol-layers/proof-of-location-location-layer/trusted-execution-environment.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.