Method and apparatus for trusted computing

The invention claimed is: 1. A method comprising, at a trusted execution environment (TEE)-enabling processor, creating a signing TEE; performing a first measurement of the signing TEE, wherein the first measurement comprises at least one measurement of the code of the signing TEE, an identity of the signing TEE and a log of activities performing during the creation of the signing TEE; generating a first signature of the result of the first measurement; sending the result of the first measurement and the first signature to a public register such that a verification of the signing TEE can be made by means of the public register; wherein the signing TEE is configured to verify whether a first TEE is recorded on a public ledger. 2. The method of claim 1 , further comprising: receiving the code of the first TEE and at least one signature associated with the code of the first TEE; determining, by the signing TEE, whether the code of the first TEE is recorded on the public ledger based on the at least one signature; signing, by the signing TEE, the first TEE when the code of the first TEE is recorded on the public ledger; creating the first TEE; performing a second measurement of the first TEE, wherein the second measurement comprises at least one measurement of the code of the first TEE, an identity of the first TEE and logs of activities performing during the creation of the first TEE; generating a second signature of the result of the second measurement; and sending the result of the second measurement and the second signature to the public register such that a verification of the first TEE can be made by means of the public register. 3. The method of claim 1 , wherein creating the signing TEE comprises: receiving, from a provider of the signing TEE, the code of the signing TEE and a signature of the code of the signing TEE; verifying the signature of the code of the signing TEE; and creating the signing TEE when the verification of the signature of the code of the signing TEE is positive. 4. The method of claim 3 , wherein sending the result of the second measurement and the second signature to the public register comprises: sending the result of the first measurement and the first signature to the provider of the signing TEE such that the provider of the signing TEE can verify the first signature with a manufacturer certification service of the TEE-enabling processor and forward the result of the first measurement and the first signature to the public register. 5. An apparatus comprising: at least one processor; and at least one memory including computer program code for one or more programs, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following: create a signing TEE; perform a first measurement of the signing TEE, wherein the first measurement comprises at least one measurement of the code of the signing TEE, an identity of the signing TEE and a log of activities performing during the creation of the signing TEE; generate a first signature of the result of the first measurement; send the result of the first measurement and the first signature to a public register such that a verification of the signing TEE can be made by means of the public register; wherein the signing TEE is configured to verify whether a first TEE is recorded on a public ledger. 6. The apparatus of claim 5 , wherein the memory and computer program code are further configured to, with the processor, cause the apparatus to: receive the code of the first TEE and at least one signature associated with the code of the first TEE; wherein the signing TEE is further configured to determine whether the code of the first TEE is recorded on the public ledger based on the at least one signature and to sign the first TEE when the code of the first TEE is recorded on the public ledger; create the first TEE; perform a second measurement of the first TEE, wherein the second measurement comprises at least one measurement of the code of the first TEE, an identity of the first TEE and logs of activities performing during the creation of the first TEE; generate a second signature of the result of the second measurement; and send the result of the second measurement and the second signature to the public register such that a verification of the first TEE can be made by means of the public register. 7. The apparatus of claim 5 , wherein the memory and computer program code are further configured to, with the processor, cause the apparatus to: receive, from a provider of the signing TEE, the code of the signing TEE and a signature of the code of the signing TEE; verify the signature of the code of the signing TEE; and create the signing TEE when the verification of the signature of the signing TEE is positive. 8. The apparatus of claim 7 , wherein the memory and computer program code are further configured to, with the processor, cause the apparatus to: send the result of the first measurement and the first signature to the provider of the signing TEE such that the provider of the signing TEE can verify the first signature with a manufacturer certification service of the TEE-enabling processor and forward the result of the first measurement and the first signature to the public register. 9. The apparatus of claim 7 , wherein the service provider registers with the manufacturer certification service of the TEE-enabling processor and is identified with the service provider's public key. 10. The apparatus of claim 5 , wherein the memory and computer program code are further configured to, with the processor, cause the apparatus to: produce a private-public key pair, the public key is used to identify the TEE-enabling processor and the TEE-enabling processor is certified by a manufacturer certification service of the TEE-enabling processor. 11. The apparatus of claim 5 , wherein the result of the first measurement and/or the result of the second measurement is stored and communicated as a hash. 12. The apparatus of claim 5 , wherein the verification of the signing TEE comprises checking at least one of the code of the signing TEE, the result of the first measurement of the signing TEE, the validity of the first signature and the provenance of the first signature, wherein the verification of the first TEE comprises checking at least one of the code of the first TEE, the result of the second measurement of the first TEE, the validity of the second signature and the provenance of the second signature. 13. The apparatus of claim 5 , wherein the memory and computer program code are further configured to, with the processor, cause the apparatus to: to receive data from a data owner, wherein the data is encrypted with a public key of the first TEE. 14. The apparatus of claim 5 , wherein the public register is a website with https authentication or a distributed ledger controlled by a blockchain smart contract. 15. The apparatus of claim 14 , wherein the distributed ledger contains lists of the TEE-enabling processor, approved TEE codes, and auditors, and the smart contract contains at least one rule to modify the lists. 16. The apparatus of claim 5 , wherein the data used by the first TEE is stored and encrypted with a secret key related to the signing TEE or the first TEE. 17. The apparatus of claim 16 , wherein the data used by the first TEE is encrypted with a secret key related to the signing TEE and a second TEE is signed by the signing TEE, wherein the memory and computer program