> ## Documentation Index
> Fetch the complete documentation index at: https://docs.phala.com/llms.txt
> Use this file to discover all available pages before exploring further.

> Security features and remote attestation capabilities of Phala Cloud TEE.

# Security Architecture

Phala Cloud's security relies on a decentralized root of trust, TEE-controlled TLS certificates, and a hardware-backed key management service. Each component is documented in detail below.

<Columns cols={1}>
  <Card img="https://mintcdn.com/phalanetwork-1606097b/qg5qPVMhhp3UKpah/images/phala-network-architecture.png?fit=max&auto=format&n=qg5qPVMhhp3UKpah&q=85&s=cec4ac5180ffd8b3ccc8d0c115867499" href="/dstack/design-documents/whitepaper" width="1184" height="1000" data-path="images/phala-network-architecture.png">
    Decentralized Root-of-Trust
  </Card>

  <Card img="https://mintcdn.com/phalanetwork-1606097b/qg5qPVMhhp3UKpah/images/tee-controlled-domain-certificates.png?fit=max&auto=format&n=qg5qPVMhhp3UKpah&q=85&s=1f69f90482cdc3c2cc91a8ba72ac46dc" href="/dstack/design-documents/decentralized-root-of-trust" width="1278" height="688" data-path="images/tee-controlled-domain-certificates.png">
    Zero Trust HTTPS (TLS)
  </Card>

  <Card img="https://mintcdn.com/phalanetwork-1606097b/qg5qPVMhhp3UKpah/images/tee-controlled-domain-certificates.png?fit=max&auto=format&n=qg5qPVMhhp3UKpah&q=85&s=1f69f90482cdc3c2cc91a8ba72ac46dc" href="/dstack/design-documents/key-management-protocol" width="1278" height="688" data-path="images/tee-controlled-domain-certificates.png">
    Key Management Service (KMS)
  </Card>
</Columns>