Summary

• PCRs are keyed by TEE type: approvedPCRs changed from mapping(bytes32 => ApprovedPCR) to mapping(uint8 => mapping(bytes32 => ApprovedPCR)). The same PCR hash can be approved independently per TEE type.
• Separated approve and revoke: approvePCR(pcrs, version, teeType) only approves; revokePCR(pcrHash, teeType, gracePeriod) only revokes (immediate or with grace period). The old previousPcrHash rotation pattern is removed.
• Lazy PCR enforcement: revokePCR flips a flag or sets an expiry — no gas bomb from iterating all active TEEs. Revoked PCRs are caught at activateTEE() and heartbeat() checkpoints via _requirePCRValidForTEE.
• Active TEE lists are per-type: _activeTEEList and _activeTEEIndex are now mapping(uint8 => ...), so queries like getActivatedTEEs(teeType) only return TEEs of that type.
• New getLiveTEEs(teeType) query: returns TEEs that are activated, have a valid PCR, and a fresh heartbeat — fully verified on-chain.
• New removeTEE(teeId): permanently deletes a TEE from all storage (indexes + mapping), for cleaning up decommissioned TEEs.
• onlyTEEOwnerOrAdmin modifier: extracted shared access control for deactivateTEE, activateTEE, and removeTEE.
• Re-approval support: revoked or expired PCRs can be re-approved; PCRAlreadyExists error added to prevent silent overwrites of active PCRs.
• Removed convenience getters: getPublicKey, getTLSCertificate, isActive, getPaymentAddress removed — callers use getTEE() instead.
• Removed computeMessageHash: unused utility removed from contract.

Design Decisions

Why lazy enforcement over automatic deactivation?

• revokePCR must always be callable, even with thousands of active TEEs
• A revoked TEE stays in _activeTEEList until its next heartbeat fails, but this is a stale index entry — not a security hole
• Every meaningful checkpoint (registration, reactivation, heartbeat) validates both PCR status and type match via _requirePCRValidForTEE

Revocation modes:

• revokePCR(hash, teeType, 0) — immediate: PCR is instantly invalid, TEEs fail on next heartbeat
• revokePCR(hash, teeType, N) — grace period: TEEs keep running for N seconds, then caught lazily

Per-type active lists:

• Queries no longer need to filter by type client-side
• getActivatedTEEs(teeType) is O(1) storage read instead of O(n) filter

Files Changed

Test Plan

• Unit tests pass (cd tests/solidity/suites/tee && truffle test)
• Integration tests pass with live enclave
• Verify PCRTypeMismatch reverts when registering TEE with wrong type
• Verify grace period expiry is enforced at heartbeat
• Verify re-approval of revoked PCR works
• Verify removeTEE cleans up all indexes