# Secure Enclaves Secure enclaves, also known as trusted execution environments (TEEs), are hardware-based security features that provide a secure and isolated execution environment for sensitive computations and data. These enclaves are typically implemented as part of the CPU or as separate hardware components and offer protection against both physical and software-based attacks. At the core of secure enclaves is the concept of isolation, which ensures that the code and data running inside the enclave are protected from unauthorized access or tampering, even by privileged system software or administrators. This isolation is achieved through hardware-enforced memory protection mechanisms that prevent external entities from accessing the enclave's memory space. One of the primary use cases for secure enclaves is the protection of cryptographic keys and other sensitive data. In Passport Protocol, enclaves are utilized to safeguard key shares stored on individual nodes from potential compromise by node operators. By keeping the key shares encrypted and accessible only within the secure enclave, Passport ensures that even if a node is compromised, the keys remain protected from unauthorized access. Secure enclaves also offer tamper-resistant features, making it extremely difficult for attackers to extract or manipulate the data and code running inside the enclave. These features include secure boot processes, memory encryption, and runtime integrity checks, which collectively enhance the overall security of the enclave and the data it processes. By leveraging secure enclaves, Passport augments its distributed protections by adding an additional layer of security to its key management processes. Enclaves provide a trusted execution environment where sensitive operations can be performed with confidence, ensuring the confidentiality and integrity of cryptographic keys and other critical data. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.0xpass.io/how-passport-works/background/secure-enclaves.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.