diff --git a/.dockerignore b/.dockerignore
index e77752005c..9184948340 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -3,7 +3,7 @@
 .github
 .idea
 ci/
-docker/
+docker/*yml
 docs/
 local-setup/
 scripts/
diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml
index b1a2021700..17f3b141f0 100644
--- a/.github/workflows/build_and_test.yml
+++ b/.github/workflows/build_and_test.yml
@@ -37,7 +37,7 @@ jobs:
             mode: offchain-worker
             host: ubuntu-latest
             sgx_mode: SW
-
+            additional_features: dcap
 
     steps:
       - uses: actions/checkout@v3
@@ -48,7 +48,7 @@ jobs:
           echo "FINGERPRINT=$fingerprint" >> $GITHUB_ENV
           if [[ ${{ matrix.sgx_mode }} == 'HW' ]]; then
              echo "DOCKER_DEVICES=--device=/dev/sgx/enclave --device=/dev/sgx/provision" >> $GITHUB_ENV
-             echo "DOCKER_VOLUMES=--volume /var/run/aesmd:/var/run/aesmd" >> $GITHUB_ENV
+             echo "DOCKER_VOLUMES=--volume /var/run/aesmd:/var/run/aesmd --volume /etc/sgx_default_qcnl.conf:/etc/sgx_default_qcnl.conf" >> $GITHUB_ENV
           else
              echo "DOCKER_DEVICES=" >> $GITHUB_ENV
              echo "DOCKER_VOLUMES=" >> $GITHUB_ENV
@@ -182,12 +182,13 @@ jobs:
           echo "PROJECT=${{ matrix.flavor_id }}-${{ matrix.demo_name }}" >> $GITHUB_ENV
           echo "VERSION=dev.$version" >> $GITHUB_ENV
           echo "WORKER_IMAGE_TAG=integritee-worker:dev.$version" >> $GITHUB_ENV
-          echo "INTEGRITEE_NODE=integritee-node-dev:1.0.36.$version" >> $GITHUB_ENV
+          echo "INTEGRITEE_NODE=integritee-node-dev-ias:1.1.0.$version" >> $GITHUB_ENV
           echo "CLIENT_IMAGE_TAG=integritee-cli:dev.$version" >> $GITHUB_ENV
           if [[ ${{ matrix.sgx_mode }} == 'HW' ]]; then
              echo "SGX_PROVISION=/dev/sgx/provision" >> $GITHUB_ENV
              echo "SGX_ENCLAVE=/dev/sgx/enclave" >> $GITHUB_ENV
              echo "AESMD=/var/run/aesmd" >> $GITHUB_ENV
+             echo "SGX_QCNL=/etc/sgx_default_qcnl.conf" >> $GITHUB_ENV
           fi
 
           echo "LOG_DIR=./logs-$version" >> $GITHUB_ENV
@@ -226,8 +227,8 @@ jobs:
           fi
           docker tag integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} ${{ env.WORKER_IMAGE_TAG }}
           docker tag integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }} ${{ env.CLIENT_IMAGE_TAG }}
-          docker pull integritee/integritee-node-dev:1.0.36
-          docker tag integritee/integritee-node-dev:1.0.36 ${{ env.INTEGRITEE_NODE }}
+          docker pull integritee/integritee-node-dev-ias:1.1.0
+          docker tag integritee/integritee-node-dev-ias:1.1.0 ${{ env.INTEGRITEE_NODE }}
           docker images --all
 
       ##
@@ -302,6 +303,7 @@ jobs:
           - flavor_id: teeracle
             mode: teeracle
             sgx_mode: HW
+            additional_features: dcap
 
     steps:
       - uses: actions/checkout@v3
@@ -318,7 +320,7 @@ jobs:
           echo "FINGERPRINT=$fingerprint" >> $GITHUB_ENV
           if [[ ${{ matrix.sgx_mode }} == 'HW' ]]; then
               echo "DOCKER_DEVICES=--device=/dev/sgx/enclave --device=/dev/sgx/provision" >> $GITHUB_ENV
-              echo "DOCKER_VOLUMES=--volume /var/run/aesmd:/var/run/aesmd" >> $GITHUB_ENV
+              echo "DOCKER_VOLUMES=--volume /var/run/aesmd:/var/run/aesmd --volume /etc/sgx_default_qcnl.conf:/etc/sgx_default_qcnl.conf" >> $GITHUB_ENV
           else
               echo "DOCKER_DEVICES=" >> $GITHUB_ENV
               echo "DOCKER_VOLUMES=" >> $GITHUB_ENV
diff --git a/Cargo.lock b/Cargo.lock
index 931014f609..6e1468210d 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -384,7 +384,7 @@ dependencies = [
 [[package]]
 name = "binary-merkle-tree"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git#1612e39131e3fe57ba4c78447fb1cbf7c4f8830e"
+source = "git+https://github.com/paritytech/substrate.git#28b1f79abedbad2ec97b49277b36e1f797ca9e5d"
 dependencies = [
  "hash-db 0.16.0",
 ]
@@ -734,7 +734,7 @@ dependencies = [
 [[package]]
 name = "claims-primitives"
 version = "0.1.0"
-source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#be26e6b85f14896860ef919488e6bb4cf4b7aa29"
+source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#5c52182eb3a5156e8d9f69c10ca1441214ee6662"
 dependencies = [
  "parity-scale-codec",
  "rustc-hex",
@@ -839,8 +839,13 @@ dependencies = [
 [[package]]
 name = "common-primitives"
 version = "0.1.0"
-source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#be26e6b85f14896860ef919488e6bb4cf4b7aa29"
+source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#5c52182eb3a5156e8d9f69c10ca1441214ee6662"
 dependencies = [
+ "derive_more",
+ "parity-scale-codec",
+ "scale-info",
+ "sp-core",
+ "sp-runtime",
  "sp-std",
 ]
 
@@ -1331,6 +1336,22 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "enclave-bridge-primitives"
+version = "0.1.0"
+source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#5c52182eb3a5156e8d9f69c10ca1441214ee6662"
+dependencies = [
+ "common-primitives",
+ "log 0.4.19",
+ "parity-scale-codec",
+ "scale-info",
+ "serde 1.0.164",
+ "sp-core",
+ "sp-io 7.0.0 (git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42)",
+ "sp-runtime",
+ "sp-std",
+]
+
 [[package]]
 name = "encoding_rs"
 version = "0.8.32"
@@ -1726,7 +1747,7 @@ checksum = "6c2141d6d6c8512188a7891b4b01590a45f6dac67afb4f255c4124dbb86d4eaa"
 [[package]]
 name = "frame-benchmarking"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-support",
  "frame-support-procedural",
@@ -1779,7 +1800,7 @@ dependencies = [
 [[package]]
 name = "frame-executive"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-support",
  "frame-system",
@@ -1818,7 +1839,7 @@ dependencies = [
 [[package]]
 name = "frame-support"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "bitflags",
  "environmental 1.1.4",
@@ -1851,7 +1872,7 @@ dependencies = [
 [[package]]
 name = "frame-support-procedural"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "Inflector",
  "cfg-expr",
@@ -1867,7 +1888,7 @@ dependencies = [
 [[package]]
 name = "frame-support-procedural-tools"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-support-procedural-tools-derive",
  "proc-macro-crate",
@@ -1879,7 +1900,7 @@ dependencies = [
 [[package]]
 name = "frame-support-procedural-tools-derive"
 version = "3.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1889,7 +1910,7 @@ dependencies = [
 [[package]]
 name = "frame-system"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-support",
  "log 0.4.19",
@@ -1922,7 +1943,7 @@ dependencies = [
 [[package]]
 name = "frame-system-rpc-runtime-api"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "parity-scale-codec",
  "sp-api",
@@ -2741,6 +2762,7 @@ dependencies = [
  "blake2-rfc",
  "chrono 0.4.26",
  "clap 3.2.25",
+ "enclave-bridge-primitives",
  "env_logger 0.9.3",
  "frame-system",
  "hdrhistogram",
@@ -2757,6 +2779,7 @@ dependencies = [
  "itp-utils",
  "log 0.4.19",
  "pallet-balances",
+ "pallet-enclave-bridge",
  "pallet-evm",
  "pallet-teerex",
  "parity-scale-codec",
@@ -2775,15 +2798,14 @@ dependencies = [
  "sp-runtime",
  "substrate-api-client",
  "substrate-client-keystore",
- "teerex-primitives",
  "thiserror 1.0.40",
  "ws",
 ]
 
 [[package]]
 name = "integritee-node-runtime"
-version = "1.0.33"
-source = "git+https://github.com/integritee-network/integritee-node.git?branch=polkadot-v0.9.42#2c13d1fd5708825b7832b6b1bc33448ca3111514"
+version = "1.1.34"
+source = "git+https://github.com/integritee-network/integritee-node.git?branch=polkadot-v0.9.42#31b72e13596c36c4963ed6caf631377b68d34754"
 dependencies = [
  "frame-executive",
  "frame-support",
@@ -2792,6 +2814,7 @@ dependencies = [
  "pallet-aura",
  "pallet-balances",
  "pallet-claims",
+ "pallet-enclave-bridge",
  "pallet-grandpa",
  "pallet-insecure-randomness-collective-flip",
  "pallet-multisig",
@@ -2834,6 +2857,7 @@ dependencies = [
  "base58",
  "clap 2.34.0",
  "dirs",
+ "enclave-bridge-primitives",
  "env_logger 0.9.3",
  "frame-support",
  "frame-system",
@@ -3447,6 +3471,16 @@ dependencies = [
  "sgx_types",
 ]
 
+[[package]]
+name = "itp-enclave-bridge-storage"
+version = "0.9.0"
+dependencies = [
+ "itp-storage",
+ "itp-types",
+ "parity-scale-codec",
+ "sp-std",
+]
+
 [[package]]
 name = "itp-enclave-metrics"
 version = "0.9.0"
@@ -3764,6 +3798,7 @@ name = "itp-teerex-storage"
 version = "0.9.0"
 dependencies = [
  "itp-storage",
+ "itp-types",
  "sp-std",
 ]
 
@@ -3773,13 +3808,13 @@ version = "0.9.0"
 dependencies = [
  "derive_more",
  "ita-stf",
+ "itp-enclave-bridge-storage",
  "itp-ocall-api",
  "itp-sgx-crypto",
  "itp-sgx-externalities",
  "itp-stf-interface",
  "itp-stf-state-handler",
  "itp-storage",
- "itp-teerex-storage",
  "itp-time-utils",
  "itp-types",
  "jsonrpc-core 18.0.0 (git+https://github.com/scs/jsonrpc?branch=no_std_v18)",
@@ -3862,6 +3897,7 @@ name = "itp-types"
 version = "0.9.0"
 dependencies = [
  "chrono 0.4.26",
+ "enclave-bridge-primitives",
  "frame-system",
  "integritee-node-runtime",
  "itp-sgx-runtime-primitives",
@@ -3873,6 +3909,7 @@ dependencies = [
  "sp-core",
  "sp-runtime",
  "sp-std",
+ "teerex-primitives",
 ]
 
 [[package]]
@@ -4055,6 +4092,7 @@ dependencies = [
 name = "its-primitives"
 version = "0.1.0"
 dependencies = [
+ "itp-types",
  "parity-scale-codec",
  "scale-info",
  "serde 1.0.164",
@@ -4156,11 +4194,14 @@ dependencies = [
  "derive_more",
  "frame-support",
  "itc-parentchain-test",
+ "itp-enclave-bridge-storage",
  "itp-ocall-api",
  "itp-storage",
  "itp-teerex-storage",
  "itp-test",
  "itp-types",
+ "its-primitives",
+ "log 0.4.19",
  "parity-scale-codec",
  "sp-core",
  "sp-runtime",
@@ -5313,7 +5354,7 @@ dependencies = [
 [[package]]
 name = "pallet-aura"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-support",
  "frame-system",
@@ -5329,7 +5370,7 @@ dependencies = [
 [[package]]
 name = "pallet-authorship"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-support",
  "frame-system",
@@ -5343,7 +5384,7 @@ dependencies = [
 [[package]]
 name = "pallet-balances"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-benchmarking",
  "frame-support",
@@ -5358,7 +5399,7 @@ dependencies = [
 [[package]]
 name = "pallet-claims"
 version = "0.9.12"
-source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#be26e6b85f14896860ef919488e6bb4cf4b7aa29"
+source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#5c52182eb3a5156e8d9f69c10ca1441214ee6662"
 dependencies = [
  "claims-primitives",
  "frame-support",
@@ -5425,6 +5466,27 @@ dependencies = [
  "syn 2.0.18",
 ]
 
+[[package]]
+name = "pallet-enclave-bridge"
+version = "0.10.0"
+source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#5c52182eb3a5156e8d9f69c10ca1441214ee6662"
+dependencies = [
+ "enclave-bridge-primitives",
+ "frame-support",
+ "frame-system",
+ "log 0.4.19",
+ "pallet-teerex",
+ "pallet-timestamp",
+ "parity-scale-codec",
+ "scale-info",
+ "serde 1.0.164",
+ "sp-core",
+ "sp-io 7.0.0 (git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42)",
+ "sp-runtime",
+ "sp-std",
+ "teerex-primitives",
+]
+
 [[package]]
 name = "pallet-evm"
 version = "6.0.0-dev"
@@ -5452,7 +5514,7 @@ dependencies = [
 [[package]]
 name = "pallet-grandpa"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-benchmarking",
  "frame-support",
@@ -5475,7 +5537,7 @@ dependencies = [
 [[package]]
 name = "pallet-insecure-randomness-collective-flip"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-support",
  "frame-system",
@@ -5489,7 +5551,7 @@ dependencies = [
 [[package]]
 name = "pallet-multisig"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-benchmarking",
  "frame-support",
@@ -5505,7 +5567,7 @@ dependencies = [
 [[package]]
 name = "pallet-parentchain"
 version = "0.9.0"
-source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#be26e6b85f14896860ef919488e6bb4cf4b7aa29"
+source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#5c52182eb3a5156e8d9f69c10ca1441214ee6662"
 dependencies = [
  "frame-support",
  "frame-system",
@@ -5522,7 +5584,7 @@ dependencies = [
 [[package]]
 name = "pallet-preimage"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-support",
  "frame-system",
@@ -5537,7 +5599,7 @@ dependencies = [
 [[package]]
 name = "pallet-proxy"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-benchmarking",
  "frame-support",
@@ -5552,7 +5614,7 @@ dependencies = [
 [[package]]
 name = "pallet-scheduler"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-benchmarking",
  "frame-support",
@@ -5569,7 +5631,7 @@ dependencies = [
 [[package]]
 name = "pallet-session"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-support",
  "frame-system",
@@ -5589,12 +5651,14 @@ dependencies = [
 
 [[package]]
 name = "pallet-sidechain"
-version = "0.9.0"
-source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#be26e6b85f14896860ef919488e6bb4cf4b7aa29"
+version = "0.10.0"
+source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#5c52182eb3a5156e8d9f69c10ca1441214ee6662"
 dependencies = [
+ "enclave-bridge-primitives",
  "frame-support",
  "frame-system",
  "log 0.4.19",
+ "pallet-enclave-bridge",
  "pallet-teerex",
  "pallet-timestamp",
  "parity-scale-codec",
@@ -5633,7 +5697,7 @@ dependencies = [
 [[package]]
 name = "pallet-sudo"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-support",
  "frame-system",
@@ -5647,7 +5711,7 @@ dependencies = [
 [[package]]
 name = "pallet-teeracle"
 version = "0.1.0"
-source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#be26e6b85f14896860ef919488e6bb4cf4b7aa29"
+source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#5c52182eb3a5156e8d9f69c10ca1441214ee6662"
 dependencies = [
  "frame-support",
  "frame-system",
@@ -5661,12 +5725,13 @@ dependencies = [
  "sp-std",
  "substrate-fixed",
  "teeracle-primitives",
+ "teerex-primitives",
 ]
 
 [[package]]
 name = "pallet-teerex"
-version = "0.9.0"
-source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#be26e6b85f14896860ef919488e6bb4cf4b7aa29"
+version = "0.10.0"
+source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#5c52182eb3a5156e8d9f69c10ca1441214ee6662"
 dependencies = [
  "frame-support",
  "frame-system",
@@ -5686,7 +5751,7 @@ dependencies = [
 [[package]]
 name = "pallet-timestamp"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-benchmarking",
  "frame-support",
@@ -5704,7 +5769,7 @@ dependencies = [
 [[package]]
 name = "pallet-transaction-payment"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-support",
  "frame-system",
@@ -5720,7 +5785,7 @@ dependencies = [
 [[package]]
 name = "pallet-transaction-payment-rpc-runtime-api"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "pallet-transaction-payment",
  "parity-scale-codec",
@@ -5732,7 +5797,7 @@ dependencies = [
 [[package]]
 name = "pallet-treasury"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-benchmarking",
  "frame-support",
@@ -5749,7 +5814,7 @@ dependencies = [
 [[package]]
 name = "pallet-utility"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-benchmarking",
  "frame-support",
@@ -5765,7 +5830,7 @@ dependencies = [
 [[package]]
 name = "pallet-vesting"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-benchmarking",
  "frame-support",
@@ -7151,7 +7216,7 @@ dependencies = [
 [[package]]
 name = "sgx-verify"
 version = "0.1.4"
-source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#be26e6b85f14896860ef919488e6bb4cf4b7aa29"
+source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#5c52182eb3a5156e8d9f69c10ca1441214ee6662"
 dependencies = [
  "base64 0.13.1",
  "chrono 0.4.26",
@@ -7159,6 +7224,7 @@ dependencies = [
  "frame-support",
  "hex",
  "hex-literal",
+ "log 0.4.19",
  "parity-scale-codec",
  "ring 0.16.20 (git+https://github.com/Niederb/ring-xous.git?branch=0.16.20-cleanup)",
  "scale-info",
@@ -7437,7 +7503,7 @@ checksum = "43b2853a4d09f215c24cc5489c992ce46052d359b5109343cbafbf26bc62f8a3"
 [[package]]
 name = "sidechain-primitives"
 version = "0.1.0"
-source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#be26e6b85f14896860ef919488e6bb4cf4b7aa29"
+source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#5c52182eb3a5156e8d9f69c10ca1441214ee6662"
 dependencies = [
  "parity-scale-codec",
  "scale-info",
@@ -7556,7 +7622,7 @@ dependencies = [
 [[package]]
 name = "sp-api"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "hash-db 0.16.0",
  "log 0.4.19",
@@ -7576,7 +7642,7 @@ dependencies = [
 [[package]]
 name = "sp-api-proc-macro"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "Inflector",
  "blake2",
@@ -7590,7 +7656,7 @@ dependencies = [
 [[package]]
 name = "sp-application-crypto"
 version = "7.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "parity-scale-codec",
  "scale-info",
@@ -7603,7 +7669,7 @@ dependencies = [
 [[package]]
 name = "sp-arithmetic"
 version = "6.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "integer-sqrt",
  "num-traits 0.2.15",
@@ -7617,7 +7683,7 @@ dependencies = [
 [[package]]
 name = "sp-block-builder"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "parity-scale-codec",
  "sp-api",
@@ -7629,7 +7695,7 @@ dependencies = [
 [[package]]
 name = "sp-consensus"
 version = "0.10.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "async-trait",
  "futures 0.3.28",
@@ -7644,7 +7710,7 @@ dependencies = [
 [[package]]
 name = "sp-consensus-aura"
 version = "0.10.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "async-trait",
  "parity-scale-codec",
@@ -7662,7 +7728,7 @@ dependencies = [
 [[package]]
 name = "sp-consensus-grandpa"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "finality-grandpa",
  "log 0.4.19",
@@ -7680,7 +7746,7 @@ dependencies = [
 [[package]]
 name = "sp-consensus-slots"
 version = "0.10.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "parity-scale-codec",
  "scale-info",
@@ -7692,7 +7758,7 @@ dependencies = [
 [[package]]
 name = "sp-core"
 version = "7.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "array-bytes 4.2.0",
  "bitflags",
@@ -7736,7 +7802,7 @@ dependencies = [
 [[package]]
 name = "sp-core-hashing"
 version = "5.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "blake2b_simd",
  "byteorder 1.4.3",
@@ -7750,7 +7816,7 @@ dependencies = [
 [[package]]
 name = "sp-core-hashing-proc-macro"
 version = "5.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -7761,7 +7827,7 @@ dependencies = [
 [[package]]
 name = "sp-debug-derive"
 version = "5.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -7771,7 +7837,7 @@ dependencies = [
 [[package]]
 name = "sp-externalities"
 version = "0.13.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "environmental 1.1.4",
  "parity-scale-codec",
@@ -7782,7 +7848,7 @@ dependencies = [
 [[package]]
 name = "sp-inherents"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "async-trait",
  "impl-trait-for-tuples",
@@ -7820,7 +7886,7 @@ dependencies = [
 [[package]]
 name = "sp-io"
 version = "7.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "bytes 1.4.0",
  "ed25519",
@@ -7857,7 +7923,7 @@ dependencies = [
 [[package]]
 name = "sp-keystore"
 version = "0.13.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "futures 0.3.28",
  "parity-scale-codec",
@@ -7871,7 +7937,7 @@ dependencies = [
 [[package]]
 name = "sp-maybe-compressed-blob"
 version = "4.1.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "thiserror 1.0.40",
  "zstd",
@@ -7880,7 +7946,7 @@ dependencies = [
 [[package]]
 name = "sp-metadata-ir"
 version = "0.1.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-metadata 15.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "parity-scale-codec",
@@ -7905,7 +7971,7 @@ dependencies = [
 [[package]]
 name = "sp-offchain"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "sp-api",
  "sp-core",
@@ -7915,7 +7981,7 @@ dependencies = [
 [[package]]
 name = "sp-panic-handler"
 version = "5.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "backtrace",
  "lazy_static",
@@ -7925,7 +7991,7 @@ dependencies = [
 [[package]]
 name = "sp-runtime"
 version = "7.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "either",
  "hash256-std-hasher",
@@ -7947,7 +8013,7 @@ dependencies = [
 [[package]]
 name = "sp-runtime-interface"
 version = "7.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "bytes 1.4.0",
  "impl-trait-for-tuples",
@@ -7965,7 +8031,7 @@ dependencies = [
 [[package]]
 name = "sp-runtime-interface-proc-macro"
 version = "6.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "Inflector",
  "proc-macro-crate",
@@ -7977,7 +8043,7 @@ dependencies = [
 [[package]]
 name = "sp-session"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "parity-scale-codec",
  "scale-info",
@@ -7991,7 +8057,7 @@ dependencies = [
 [[package]]
 name = "sp-staking"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "parity-scale-codec",
  "scale-info",
@@ -8004,7 +8070,7 @@ dependencies = [
 [[package]]
 name = "sp-state-machine"
 version = "0.13.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "hash-db 0.16.0",
  "log 0.4.19",
@@ -8024,12 +8090,12 @@ dependencies = [
 [[package]]
 name = "sp-std"
 version = "5.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 
 [[package]]
 name = "sp-storage"
 version = "7.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "impl-serde",
  "parity-scale-codec",
@@ -8042,7 +8108,7 @@ dependencies = [
 [[package]]
 name = "sp-timestamp"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "async-trait",
  "futures-timer",
@@ -8057,7 +8123,7 @@ dependencies = [
 [[package]]
 name = "sp-tracing"
 version = "6.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "parity-scale-codec",
  "sp-std",
@@ -8069,7 +8135,7 @@ dependencies = [
 [[package]]
 name = "sp-transaction-pool"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "sp-api",
  "sp-runtime",
@@ -8078,7 +8144,7 @@ dependencies = [
 [[package]]
 name = "sp-trie"
 version = "7.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "ahash 0.8.3",
  "hash-db 0.16.0",
@@ -8101,7 +8167,7 @@ dependencies = [
 [[package]]
 name = "sp-version"
 version = "5.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "impl-serde",
  "parity-scale-codec",
@@ -8118,7 +8184,7 @@ dependencies = [
 [[package]]
 name = "sp-version-proc-macro"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "parity-scale-codec",
  "proc-macro2",
@@ -8129,7 +8195,7 @@ dependencies = [
 [[package]]
 name = "sp-wasm-interface"
 version = "7.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "anyhow",
  "impl-trait-for-tuples",
@@ -8143,7 +8209,7 @@ dependencies = [
 [[package]]
 name = "sp-weights"
 version = "4.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "parity-scale-codec",
  "scale-info",
@@ -8314,7 +8380,7 @@ dependencies = [
 [[package]]
 name = "substrate-wasm-builder"
 version = "5.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "ansi_term",
  "build-helper",
@@ -8383,7 +8449,7 @@ checksum = "fd1ba337640d60c3e96bc6f0638a939b9c9a7f2c316a1598c279828b3d1dc8c5"
 [[package]]
 name = "teeracle-primitives"
 version = "0.1.0"
-source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#be26e6b85f14896860ef919488e6bb4cf4b7aa29"
+source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#5c52182eb3a5156e8d9f69c10ca1441214ee6662"
 dependencies = [
  "common-primitives",
  "sp-std",
@@ -8393,14 +8459,16 @@ dependencies = [
 [[package]]
 name = "teerex-primitives"
 version = "0.1.0"
-source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#be26e6b85f14896860ef919488e6bb4cf4b7aa29"
+source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#5c52182eb3a5156e8d9f69c10ca1441214ee6662"
 dependencies = [
  "common-primitives",
+ "derive_more",
+ "log 0.4.19",
  "parity-scale-codec",
  "scale-info",
  "serde 1.0.164",
  "sp-core",
- "sp-io 7.0.0 (git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42)",
+ "sp-runtime",
  "sp-std",
 ]
 
@@ -8890,7 +8958,7 @@ version = "1.6.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "97fee6b57c6a41524a810daee9286c02d7752c4253064d0b05472833a438f675"
 dependencies = [
- "cfg-if 1.0.0",
+ "cfg-if 0.1.10",
  "digest 0.10.7",
  "rand 0.8.5",
  "static_assertions",
diff --git a/Cargo.toml b/Cargo.toml
index b0c1ac722a..efa7c1c0b6 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -88,20 +88,25 @@ sgx_urts = { version = "1.1.6", git = "https://github.com/apache/incubator-teacl
 #sgx-externalities = { path = "../sgx-runtime/substrate-sgx/externalities"}
 
 #[patch."https://github.com/integritee-network/integritee-node"]
-#my-node-runtime = { package = "integritee-node-runtime", path = "../integritee-node/runtime"}
+#my-node-runtime = { package = "integritee-node-runtime", git = "https://github.com/integritee-network//integritee-node", branch = "ab/integrate-pallet-teerex-refactoring" }
 
 #[patch."https://github.com/scs/substrate-api-client"]
 #substrate-api-client = { path = "../../scs/substrate-api-client" }
 #substrate-client-keystore = { path = "../../scs/substrate-api-client/client-keystore" }
 
 #[patch."https://github.com/integritee-network/pallets.git"]
-#pallet-claims = { path = "../pallets/claims" }
-#pallet-teerex = { path = "../pallets/teerex" }
-#pallet-teeracle = { path = "../pallets/teeracle" }
-#teerex-primitives = {path = "../pallets/primitives/teerex"}
-#pallet-parentchain = { path = "../pallets/parentchain" }
-#itp-types = {  path = "../pallets/primitives/types"}
-#itp-utils = {  path = "../pallets/primitives/utils"}
+#pallet-claims = { git = "https://github.com/integritee-network//pallets", branch = "ab/shard-config-upgradability-2" }
+#pallet-enclave-bridge = { git = "https://github.com/integritee-network//pallets", branch = "ab/shard-config-upgradability-2" }
+#pallet-teerex = { git = "https://github.com/integritee-network//pallets", branch = "ab/shard-config-upgradability-2" }
+#pallet-sidechain = { git = "https://github.com/integritee-network//pallets", branch = "ab/shard-config-upgradability-2" }
+#sgx-verify = { git = "https://github.com/integritee-network//pallets", branch = "ab/shard-config-upgradability-2" }
+#pallet-teeracle = { git = "https://github.com/integritee-network//pallets", branch = "ab/shard-config-upgradability-2" }
+#test-utils = { git = "https://github.com/integritee-network//pallets", branch = "ab/shard-config-upgradability-2" }
+#claims-primitives = { git = "https://github.com/integritee-network//pallets", branch = "ab/shard-config-upgradability-2" }
+#enclave-bridge-primitives = { git = "https://github.com/integritee-network//pallets", branch = "ab/shard-config-upgradability-2" }
+#teerex-primitives = { git = "https://github.com/integritee-network//pallets", branch = "ab/shard-config-upgradability-2" }
+#teeracle-primitives = { git = "https://github.com/integritee-network//pallets", branch = "ab/shard-config-upgradability-2" }
+#common-primitives = { git = "https://github.com/integritee-network//pallets", branch = "ab/shard-config-upgradability-2" }
 
 #[patch."https://github.com/integritee-network/http_req"]
 #http_req = {path = '..//http_req' }
diff --git a/app-libs/stf/src/trusted_call.rs b/app-libs/stf/src/trusted_call.rs
index 6bcaa74fc4..a644dfabe3 100644
--- a/app-libs/stf/src/trusted_call.rs
+++ b/app-libs/stf/src/trusted_call.rs
@@ -28,7 +28,7 @@ use frame_support::{ensure, traits::UnfilteredDispatchable};
 pub use ita_sgx_runtime::{Balance, Index};
 use ita_sgx_runtime::{Runtime, System};
 use itp_node_api::metadata::{provider::AccessNodeMetadata, NodeMetadataTrait};
-use itp_node_api_metadata::pallet_teerex::TeerexCallIndexes;
+use itp_node_api_metadata::pallet_enclave_bridge::EnclaveBridgeCallIndexes;
 use itp_stf_interface::ExecuteCall;
 use itp_stf_primitives::types::{AccountId, KeyPair, OrdersString, ShardIdentifier, Signature};
 use itp_types::OpaqueCall;
@@ -255,9 +255,9 @@ where
 				unshield_funds(account_incognito, value)?;
 				calls.push(OpaqueCall::from_tuple(&(
 					node_metadata_repo.get_from_metadata(|m| m.unshield_funds_call_indexes())??,
+					shard,
 					beneficiary,
 					value,
-					shard,
 					call_hash,
 				)));
 				Ok(())
diff --git a/build.Dockerfile b/build.Dockerfile
index e08a21baea..b24044ffed 100644
--- a/build.Dockerfile
+++ b/build.Dockerfile
@@ -36,8 +36,6 @@ ENV SGX_MODE=$SGX_MODE
 ARG SGX_PRODUCTION=0
 ENV SGX_PRODUCTION=$SGX_PRODUCTION
 
-ARG WORKER_FEATURES_ARG
-ENV WORKER_FEATURES=$WORKER_FEATURES_ARG
 
 ENV WORKHOME=/home/ubuntu/work
 ENV HOME=/home/ubuntu
@@ -70,6 +68,19 @@ RUN --mount=type=cache,id=cargo-registry-cache,target=/opt/rust/registry/cache \
 FROM oasisprotocol/aesmd:master AS runner
 ENV SGX_SDK /opt/sgxsdk
 ENV LD_LIBRARY_PATH "${SGX_SDK}/sdk_libs"
+RUN apt-get install -y \
+	libsgx-aesm-ecdsa-plugin \
+	libsgx-ae-qve \
+	libsgx-aesm-quote-ex-plugin \
+	libsgx-dcap-default-qpl \
+	libsgx-dcap-ql \
+	libsgx-dcap-quote-verify \ 
+	libsgx-epid \ 
+	libsgx-headers \ 
+	libsgx-quote-ex \ 
+	libsgx-ra-network \ 
+	libsgx-ra-uefi \ 
+	libsgx-uae-service
 
 ### Deployed CLI client
 ##################################################
@@ -106,14 +117,19 @@ COPY --from=builder /home/ubuntu/work/worker/bin/* ./
 COPY --from=builder /lib/x86_64-linux-gnu/libsgx* /lib/x86_64-linux-gnu/
 COPY --from=builder /lib/x86_64-linux-gnu/libdcap* /lib/x86_64-linux-gnu/
 
-RUN touch spid.txt key.txt
 RUN chmod +x /usr/local/bin/integritee-service
 RUN ls -al /usr/local/bin
 
 # checks
 ENV SGX_SDK /opt/sgxsdk
-ENV LD_LIBRARY_PATH $LD_LIBRARY_PATH:$SGX_SDK/sdk_libs
+ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/intel/sgx-aesm-service/aesm:$SGX_SDK/sdk_libs
+ENV AESM_PATH=/opt/intel/sgx-aesm-service/aesm
+
+COPY ./docker/entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+
 RUN ldd /usr/local/bin/integritee-service && \
 	/usr/local/bin/integritee-service --version
 
-ENTRYPOINT ["/usr/local/bin/integritee-service"]
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/cli/Cargo.toml b/cli/Cargo.toml
index 4bae68e6e1..2f002ef295 100644
--- a/cli/Cargo.toml
+++ b/cli/Cargo.toml
@@ -26,12 +26,13 @@ ws = { version = "0.9.1", features = ["ssl"] }
 
 # scs / integritee
 my-node-runtime = { package = "integritee-node-runtime", git = "https://github.com/integritee-network/integritee-node.git", branch = "polkadot-v0.9.42" }
+pallet-enclave-bridge = { git = "https://github.com/integritee-network/pallets.git", branch = "polkadot-v0.9.42" }
 pallet-evm = { optional = true, git = "https://github.com/integritee-network/frontier.git", branch = "bar/polkadot-v0.9.42" }
 pallet-teerex = { git = "https://github.com/integritee-network/pallets.git", branch = "polkadot-v0.9.42" }
 # `default-features = false` to remove the jsonrpsee dependency.
+enclave-bridge-primitives = { git = "https://github.com/integritee-network/pallets.git", branch = "polkadot-v0.9.42" }
 substrate-api-client = { default-features = false, features = ["std", "ws-client"], git = "https://github.com/scs/substrate-api-client.git", branch = "polkadot-v0.9.42-tag-v0.10.0" }
 substrate-client-keystore = { git = "https://github.com/scs/substrate-api-client.git", branch = "polkadot-v0.9.42-tag-v0.10.0" }
-teerex-primitives = { git = "https://github.com/integritee-network/pallets.git", branch = "polkadot-v0.9.42" }
 
 # substrate dependencies
 frame-system = { git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
@@ -65,3 +66,5 @@ teeracle = []
 sidechain = []
 offchain-worker = []
 production = []
+# dcap feature flag is not used in this crate, but for easier build purposes only it present here as well
+dcap = []
diff --git a/cli/demo_teeracle_whitelist.sh b/cli/demo_teeracle_whitelist.sh
index 5da2637fb5..d56b01728e 100755
--- a/cli/demo_teeracle_whitelist.sh
+++ b/cli/demo_teeracle_whitelist.sh
@@ -70,12 +70,12 @@ echo "Using client binary ${CLIENT_BIN}"
 echo "Using node uri ${NODEURL}:${NPORT}"
 echo "Using trusted-worker uri ${WORKER1URL}:${WORKER1PORT}"
 echo "Using worker market data update interval ${INTERVAL}"
-echo "Count the update events for ${DURATION}"
+echo "Count the update events for ${DURATION} blocks"
 echo ""
 
 COIN_GECKO="https://api.coingecko.com/"
 COIN_MARKET_CAP="https://pro-api.coinmarketcap.com/"
-let "MIN_EXPECTED_NUM_OF_EVENTS=$DURATION/$INTERVAL-3"
+let "MIN_EXPECTED_NUM_OF_EVENTS=$DURATION*6/$INTERVAL-3"
 echo "Minimum expected number of events with a single oracle source: ${MIN_EXPECTED_NUM_OF_EVENTS}"
 
 let "MIN_EXPECTED_NUM_OF_EVENTS_2 = 2*$MIN_EXPECTED_NUM_OF_EVENTS"
@@ -94,7 +94,7 @@ echo "Reading MRENCLAVE from worker list: ${MRENCLAVE}"
 [[ -z $MRENCLAVE ]] && { echo "MRENCLAVE is empty. cannot continue" ; exit 1; }
 echo ""
 
-echo "Listen to ExchangeRateUpdated events for ${DURATION} seconds. There should be no trusted oracle source!"
+echo "Listen to ExchangeRateUpdated events for ${DURATION} blocks. There should be no trusted oracle source!"
 #${CLIENT} ${LISTEN_TO_EXCHANGE_RATE_EVENTS_CMD} ${DURATION}
 #echo ""
 
@@ -107,12 +107,12 @@ ${CLIENT} ${ADD_TO_WHITELIST_CMD} //Alice ${COIN_GECKO} ${MRENCLAVE}
 echo "MRENCLAVE in whitelist for ${COIN_GECKO}"
 echo ""
 
-echo "Listen to ExchangeRateUpdated events for ${DURATION} seconds, after a trusted oracle source has been added to the whitelist."
+echo "Listen to ExchangeRateUpdated events for ${DURATION} blocks, after a trusted oracle source has been added to the whitelist."
 #${CLIENT} ${LISTEN_TO_EXCHANGE_RATE_EVENTS_CMD} ${DURATION}
 #echo ""
 
 read EVENTS_COUNT <<< $($CLIENT ${LISTEN_TO_EXCHANGE_RATE_EVENTS_CMD} ${DURATION} | awk '/  EVENTS_COUNT: / { print $2; exit }')
-echo "Got ${EVENTS_COUNT} exchange rate updates from the trusted oracle source in ${DURATION} second(s)"
+echo "Got ${EVENTS_COUNT} exchange rate updates from the trusted oracle source in ${DURATION} blocks(s)"
 echo ""
 
 echo "Add ${COIN_MARKET_CAP} for ${MRENCLAVE} as trusted oracle source"
@@ -120,12 +120,12 @@ ${CLIENT} ${ADD_TO_WHITELIST_CMD} //Alice ${COIN_MARKET_CAP} ${MRENCLAVE}
 echo "MRENCLAVE in whitelist for ${COIN_MARKET_CAP}"
 echo ""
 
-echo "Listen to ExchangeRateUpdated events for ${DURATION} seconds, after a second trusted oracle source has been added to the whitelist."
+echo "Listen to ExchangeRateUpdated events for ${DURATION} blocks, after a second trusted oracle source has been added to the whitelist."
 #${CLIENT} ${LISTEN_TO_EXCHANGE_RATE_EVENTS_CMD} ${DURATION}
 #echo ""
 
 read EVENTS_COUNT_2 <<< $($CLIENT ${LISTEN_TO_EXCHANGE_RATE_EVENTS_CMD} ${DURATION} | awk '/  EVENTS_COUNT: / { print $2; exit }')
-echo "Got ${EVENTS_COUNT_2} exchange rate updates from 2 trusted oracle sources in ${DURATION} second(s)"
+echo "Got ${EVENTS_COUNT_2} exchange rate updates from 2 trusted oracle sources in ${DURATION} blocks(s)"
 echo ""
 
 echo "Results :"
diff --git a/cli/src/base_cli/commands/listen.rs b/cli/src/base_cli/commands/listen.rs
index 03d43ecf31..64d9e675e5 100644
--- a/cli/src/base_cli/commands/listen.rs
+++ b/cli/src/base_cli/commands/listen.rs
@@ -74,10 +74,10 @@ impl ListenCommand {
 								}
 							},
 							RuntimeEvent::Teerex(ee) => {
-								println!(">>>>>>>>>> integritee event: {:?}", ee);
+								println!(">>>>>>>>>> integritee teerex event: {:?}", ee);
 								count += 1;
 								match &ee {
-									my_node_runtime::pallet_teerex::Event::AddedEnclave{
+									my_node_runtime::pallet_teerex::Event::AddedSgxEnclave{
 										registered_by,
 										worker_url, ..
 									}
@@ -85,55 +85,69 @@ impl ListenCommand {
 										println!(
 											"AddedEnclave: {:?} at url {}",
 											registered_by,
-											String::from_utf8(worker_url.to_vec())
+											String::from_utf8(worker_url.clone().unwrap_or("none".into()).to_vec())
 												.unwrap_or_else(|_| "error".to_string())
 										);
 									},
-									my_node_runtime::pallet_teerex::Event::RemovedEnclave(
+									my_node_runtime::pallet_teerex::Event::RemovedSovereignEnclave(
 										accountid,
 									) => {
 										println!("RemovedEnclave: {:?}", accountid);
 									},
-									my_node_runtime::pallet_teerex::Event::Forwarded(shard) => {
+									my_node_runtime::pallet_teerex::Event::RemovedProxiedEnclave(
+										eia,
+									) => {
+										println!("RemovedEnclave: {:?}", eia);
+									},
+									_ => debug!("ignoring unsupported teerex event: {:?}", ee),
+								}
+							},
+							RuntimeEvent::EnclaveBridge(ee) => {
+								println!(">>>>>>>>>> integritee enclave bridge event: {:?}", ee);
+								count += 1;
+								match &ee {
+									my_node_runtime::pallet_enclave_bridge::Event::IndirectInvocationRegistered(shard) => {
 										println!(
 											"Forwarded request for shard {}",
 											shard.encode().to_base58()
 										);
 									},
-									my_node_runtime::pallet_teerex::Event::ProcessedParentchainBlock(
-										accountid,
+									my_node_runtime::pallet_enclave_bridge::Event::ProcessedParentchainBlock {
+										shard,
 										block_hash,
-										merkle_root,
+										trusted_calls_merkle_root,
 										block_number,
-									) => {
+									} => {
 										println!(
 											"ProcessedParentchainBlock from {} with hash {:?}, number {} and merkle root {:?}",
-											accountid, block_hash, merkle_root, block_number
+											shard, block_hash, trusted_calls_merkle_root, block_number
 										);
 									},
-									my_node_runtime::pallet_teerex::Event::ShieldFunds(
-										incognito_account,
-									) => {
-										println!("ShieldFunds for {:?}", incognito_account);
+									my_node_runtime::pallet_enclave_bridge::Event::ShieldFunds {
+										shard, encrypted_beneficiary, amount
+									} => {
+										println!("ShieldFunds on shard {:?} for {:?}. amount: {:?}", shard, encrypted_beneficiary, amount);
 									},
-									my_node_runtime::pallet_teerex::Event::UnshieldedFunds(
-										public_account,
-									) => {
-										println!("UnshieldFunds for {:?}", public_account);
+									my_node_runtime::pallet_enclave_bridge::Event::UnshieldedFunds {
+										shard, beneficiary, amount
+									} => {
+										println!("UnshieldFunds on shard {:?} for {:?}. amount: {:?}", shard, beneficiary, amount);
 									},
-									_ => debug!("ignoring unsupported teerex event: {:?}", ee),
+									_ => debug!("ignoring unsupported enclave_bridge event: {:?}", ee),
 								}
 							},
 							RuntimeEvent::Sidechain(ee) => {
+								println!(">>>>>>>>>> integritee sidechain event: {:?}", ee);
 								count += 1;
 								match &ee {
-									my_node_runtime::pallet_sidechain::Event::ProposedSidechainBlock(
-										accountid,
-										block_hash,
-									) => {
+									my_node_runtime::pallet_sidechain::Event::FinalizedSidechainBlock {
+										shard,
+										block_header_hash,
+										validateer,
+									} => {
 										println!(
-											"ProposedSidechainBlock from {} with hash {:?}",
-											accountid, block_hash
+											"ProposedSidechainBlock on shard {} from {} with hash {:?}",
+											shard, validateer, block_header_hash
 										);
 									},
 									_ => debug!("ignoring unsupported sidechain event: {:?}", ee),
diff --git a/cli/src/base_cli/commands/shield_funds.rs b/cli/src/base_cli/commands/shield_funds.rs
index dbad28d071..0c1c538056 100644
--- a/cli/src/base_cli/commands/shield_funds.rs
+++ b/cli/src/base_cli/commands/shield_funds.rs
@@ -17,17 +17,17 @@
 
 use crate::{
 	command_utils::{get_accountid_from_str, get_chain_api, *},
-	Cli, CliResult, CliResultOk,
+	Cli, CliError, CliResult, CliResultOk,
 };
 use base58::FromBase58;
 use codec::{Decode, Encode};
-use itp_node_api::api_client::{ParentchainExtrinsicSigner, TEEREX};
+use itp_node_api::api_client::{ParentchainExtrinsicSigner, ENCLAVE_BRIDGE};
 use itp_sgx_crypto::ShieldingCryptoEncrypt;
 use itp_stf_primitives::types::ShardIdentifier;
 use log::*;
 use my_node_runtime::Balance;
 use sp_core::sr25519 as sr25519_core;
-use substrate_api_client::{compose_extrinsic, SubmitAndWatch, XtStatus};
+use substrate_api_client::{compose_extrinsic, SubmitAndWatchUntilSuccess};
 
 #[derive(Parser)]
 pub struct ShieldFundsCommand {
@@ -68,16 +68,25 @@ impl ShieldFundsCommand {
 		// Compose the extrinsic.
 		let xt = compose_extrinsic!(
 			chain_api,
-			TEEREX,
+			ENCLAVE_BRIDGE,
 			"shield_funds",
+			shard,
 			encrypted_recevier,
-			self.amount,
-			shard
+			self.amount
 		);
 
-		let tx_hash = chain_api.submit_and_watch_extrinsic_until(xt, XtStatus::Finalized).unwrap();
-		println!("[+] TrustedOperation got finalized. Hash: {:?}\n", tx_hash);
-
-		Ok(CliResultOk::None)
+		match chain_api.submit_and_watch_extrinsic_until_success(xt, true) {
+			Ok(xt_report) => {
+				println!(
+					"[+] shield funds success. extrinsic hash: {:?} / status: {:?} / block hash: {:?}",
+					xt_report.extrinsic_hash, xt_report.status, xt_report.block_hash.unwrap()
+				);
+				Ok(CliResultOk::H256 { hash: xt_report.block_hash.unwrap() })
+			},
+			Err(e) => {
+				error!("shield_funds extrinsic failed {:?}", e);
+				Err(CliError::Extrinsic { msg: format!("{:?}", e) })
+			},
+		}
 	}
 }
diff --git a/cli/src/base_cli/commands/transfer.rs b/cli/src/base_cli/commands/transfer.rs
index 3ea285cb40..d5894f80c1 100644
--- a/cli/src/base_cli/commands/transfer.rs
+++ b/cli/src/base_cli/commands/transfer.rs
@@ -24,7 +24,7 @@ use log::*;
 use my_node_runtime::Balance;
 use sp_core::{crypto::Ss58Codec, sr25519 as sr25519_core, Pair};
 use substrate_api_client::{
-	extrinsic::BalancesExtrinsics, GetAccountInformation, SubmitAndWatch, XtStatus,
+	extrinsic::BalancesExtrinsics, GetAccountInformation, SubmitAndWatchUntilSuccess,
 };
 
 #[derive(Parser)]
@@ -48,11 +48,11 @@ impl TransferCommand {
 		let mut api = get_chain_api(cli);
 		api.set_signer(ParentchainExtrinsicSigner::new(sr25519_core::Pair::from(from_account)));
 		let xt = api.balance_transfer_allow_death(Address::Id(to_account.clone()), self.amount);
-		let tx_hash = api
-			.submit_and_watch_extrinsic_until(xt, XtStatus::InBlock)
-			.unwrap()
-			.extrinsic_hash;
-		println!("[+] TrustedOperation got finalized. Hash: {:?}\n", tx_hash);
+		let tx_report = api.submit_and_watch_extrinsic_until_success(xt, false).unwrap();
+		println!(
+			"[+] L1 extrinsic success. extrinsic hash: {:?} / status: {:?}",
+			tx_report.extrinsic_hash, tx_report.status
+		);
 		let result = api.get_account_data(&to_account).unwrap().unwrap();
 		let balance = result.free;
 		println!("balance for {} is now {}", to_account, balance);
diff --git a/cli/src/base_cli/mod.rs b/cli/src/base_cli/mod.rs
index 117d1e317f..50dd7d0a33 100644
--- a/cli/src/base_cli/mod.rs
+++ b/cli/src/base_cli/mod.rs
@@ -24,16 +24,13 @@ use crate::{
 	Cli, CliResult, CliResultOk, ED25519_KEY_TYPE, SR25519_KEY_TYPE,
 };
 use base58::ToBase58;
-use chrono::{DateTime, Utc};
 use clap::Subcommand;
+use codec::Encode;
 use itc_rpc_client::direct_client::DirectApi;
 use itp_node_api::api_client::PalletTeerexApi;
 use sp_core::crypto::Ss58Codec;
 use sp_keystore::Keystore;
-use std::{
-	path::PathBuf,
-	time::{Duration, UNIX_EPOCH},
-};
+use std::path::PathBuf;
 use substrate_api_client::Metadata;
 use substrate_client_keystore::LocalKeystore;
 
@@ -141,29 +138,22 @@ fn print_sgx_metadata(cli: &Cli) -> CliResult {
 
 fn list_workers(cli: &Cli) -> CliResult {
 	let api = get_chain_api(cli);
-	let wcount = api.enclave_count(None).unwrap();
-	println!("number of workers registered: {}", wcount);
-
-	let mut mr_enclaves = Vec::with_capacity(wcount as usize);
-
-	for w in 1..=wcount {
-		let enclave = api.enclave(w, None).unwrap();
-		if enclave.is_none() {
-			println!("error reading enclave data");
-			continue
-		};
-		let enclave = enclave.unwrap();
-		let timestamp =
-			DateTime::<Utc>::from(UNIX_EPOCH + Duration::from_millis(enclave.timestamp));
-		let mr_enclave = enclave.mr_enclave.to_base58();
-		println!("Enclave {}", w);
-		println!("   AccountId: {}", enclave.pubkey.to_ss58check());
-		println!("   MRENCLAVE: {}", mr_enclave);
-		println!("   RA timestamp: {}", timestamp);
-		println!("   URL: {}", enclave.url);
-
-		mr_enclaves.push(mr_enclave);
-	}
-
-	Ok(CliResultOk::MrEnclaveBase58 { mr_enclaves })
+	let enclaves = api.all_enclaves(None).unwrap();
+	println!("number of enclaves registered: {}", enclaves.len());
+	let fingerprints = enclaves
+		.iter()
+		.map(|enclave| {
+			println!("Enclave");
+			println!("   signer: {:?}", enclave.instance_signer());
+			println!("   MRENCLAVE: {}", enclave.fingerprint().0.to_base58());
+			println!("   RA timestamp: {}", enclave.attestation_timestamp());
+			println!(
+				"   URL: {}",
+				String::from_utf8(enclave.instance_url().unwrap_or_else(|| "none".encode()))
+					.unwrap()
+			);
+			enclave.fingerprint().0.to_base58()
+		})
+		.collect();
+	Ok(CliResultOk::MrEnclaveBase58 { mr_enclaves: fingerprints })
 }
diff --git a/cli/src/lib.rs b/cli/src/lib.rs
index 7f51946c13..3cde133166 100644
--- a/cli/src/lib.rs
+++ b/cli/src/lib.rs
@@ -110,6 +110,8 @@ pub enum CliResultOk {
 
 #[derive(Debug, Error)]
 pub enum CliError {
+	#[error("extrinsic error: {:?}", msg)]
+	Extrinsic { msg: String },
 	#[error("trusted operation error: {:?}", msg)]
 	TrustedOp { msg: String },
 	#[error("EvmReadCommands error: {:?}", msg)]
diff --git a/cli/src/oracle/commands/listen_to_exchange.rs b/cli/src/oracle/commands/listen_to_exchange.rs
index 8c27e0e0ca..95bab3ab38 100644
--- a/cli/src/oracle/commands/listen_to_exchange.rs
+++ b/cli/src/oracle/commands/listen_to_exchange.rs
@@ -56,16 +56,16 @@ pub fn count_exchange_rate_update_events(api: &ParentchainApi, duration: Duratio
 				info!("received event {:?}", event_record.event);
 				if let RuntimeEvent::Teeracle(event) = &event_record.event {
 					match &event {
-						my_node_runtime::pallet_teeracle::Event::ExchangeRateUpdated(
-							src,
+						my_node_runtime::pallet_teeracle::Event::ExchangeRateUpdated {
+							data_source,
 							trading_pair,
 							exchange_rate,
-						) => {
+						} => {
 							count += 1;
 							debug!("Received ExchangeRateUpdated event");
 							println!(
 								"ExchangeRateUpdated: TRADING_PAIR : {}, SRC : {}, VALUE :{:?}",
-								trading_pair, src, exchange_rate
+								trading_pair, data_source, exchange_rate
 							);
 						},
 						_ => trace!("ignoring teeracle event: {:?}", event),
diff --git a/cli/src/oracle/commands/listen_to_oracle.rs b/cli/src/oracle/commands/listen_to_oracle.rs
index 916e8706ad..d367bc020c 100644
--- a/cli/src/oracle/commands/listen_to_oracle.rs
+++ b/cli/src/oracle/commands/listen_to_oracle.rs
@@ -71,10 +71,16 @@ fn report_event_count(event_records: Vec<Event>) -> EventCount {
 		info!("received event {:?}", event_record.event);
 		if let RuntimeEvent::Teeracle(event) = &event_record.event {
 			match &event {
-				my_node_runtime::pallet_teeracle::Event::OracleUpdated(oracle_name, src) => {
+				my_node_runtime::pallet_teeracle::Event::OracleUpdated {
+					oracle_data_name,
+					data_source,
+				} => {
 					count += 1;
 					debug!("Received OracleUpdated event");
-					println!("OracleUpdated: ORACLE_NAME : {}, SRC : {}", oracle_name, src);
+					println!(
+						"OracleUpdated: ORACLE_NAME : {}, SRC : {}",
+						oracle_data_name, data_source
+					);
 				},
 				// Can just remove this and ignore handling this case
 				_ => debug!("ignoring teeracle event: {:?}", event),
diff --git a/cli/src/trusted_operation.rs b/cli/src/trusted_operation.rs
index 8cb8474683..d8e5dc9a87 100644
--- a/cli/src/trusted_operation.rs
+++ b/cli/src/trusted_operation.rs
@@ -21,11 +21,12 @@ use crate::{
 	trusted_cli::TrustedCli,
 	Cli,
 };
-use base58::FromBase58;
+use base58::{FromBase58, ToBase58};
 use codec::{Decode, Encode};
+use enclave_bridge_primitives::Request;
 use ita_stf::{Getter, TrustedOperation};
 use itc_rpc_client::direct_client::{DirectApi, DirectClient};
-use itp_node_api::api_client::{ParentchainApi, ParentchainExtrinsicSigner, TEEREX};
+use itp_node_api::api_client::{ParentchainApi, ParentchainExtrinsicSigner, ENCLAVE_BRIDGE};
 use itp_rpc::{RpcRequest, RpcResponse, RpcReturnValue};
 use itp_sgx_crypto::ShieldingCryptoEncrypt;
 use itp_stf_primitives::types::ShardIdentifier;
@@ -33,7 +34,7 @@ use itp_types::{BlockNumber, DirectRequestStatus, TrustedOperationStatus};
 use itp_utils::{FromHexPrefixed, ToHexPrefixed};
 use log::*;
 use my_node_runtime::{Hash, RuntimeEvent};
-use pallet_teerex::Event as TeerexEvent;
+use pallet_enclave_bridge::Event as EnclaveBridgeEvent;
 use sp_core::{sr25519 as sr25519_core, H256};
 use std::{
 	result::Result as StdResult,
@@ -41,13 +42,14 @@ use std::{
 	time::Instant,
 };
 use substrate_api_client::{
-	compose_extrinsic, GetHeader, SubmitAndWatch, SubscribeEvents, XtStatus,
+	compose_extrinsic, GetHeader, SubmitAndWatchUntilSuccess, SubscribeEvents,
 };
-use teerex_primitives::Request;
 use thiserror::Error;
 
 #[derive(Debug, Error)]
 pub(crate) enum TrustedOperationError {
+	#[error("extrinsic L1 error: {msg:?}")]
+	Extrinsic { msg: String },
 	#[error("default error: {msg:?}")]
 	Default { msg: String },
 }
@@ -60,7 +62,7 @@ pub(crate) fn perform_trusted_operation(
 	top: &TrustedOperation,
 ) -> TrustedOpResult {
 	match top {
-		TrustedOperation::indirect_call(_) => send_request(cli, trusted_args, top),
+		TrustedOperation::indirect_call(_) => send_indirect_request(cli, trusted_args, top),
 		TrustedOperation::direct_call(_) => send_direct_request(cli, trusted_args, top),
 		TrustedOperation::get(getter) => execute_getter_from_cli_args(cli, trusted_args, getter),
 	}
@@ -116,7 +118,7 @@ pub(crate) fn get_state(
 	Ok(maybe_state)
 }
 
-fn send_request(
+fn send_indirect_request(
 	cli: &Cli,
 	trusted_args: &TrustedCli,
 	trusted_operation: &TrustedOperation,
@@ -126,39 +128,52 @@ fn send_request(
 	let call_encrypted = encryption_key.encrypt(&trusted_operation.encode()).unwrap();
 
 	let shard = read_shard(trusted_args).unwrap();
-
+	debug!(
+		"invoke indirect send_request: trusted operation: {:?},  shard: {}",
+		trusted_operation,
+		shard.encode().to_base58()
+	);
 	let arg_signer = &trusted_args.xt_signer;
 	let signer = get_pair_from_str(arg_signer);
 	chain_api.set_signer(ParentchainExtrinsicSigner::new(sr25519_core::Pair::from(signer)));
 
 	let request = Request { shard, cyphertext: call_encrypted };
-	let xt = compose_extrinsic!(&chain_api, TEEREX, "call_worker", request);
-
-	// send and watch extrinsic until block is executed
-	let block_hash = chain_api
-		.submit_and_watch_extrinsic_until(xt, XtStatus::InBlock)
-		.unwrap()
-		.block_hash
-		.unwrap();
+	let xt = compose_extrinsic!(&chain_api, ENCLAVE_BRIDGE, "invoke", request);
+
+	let block_hash = match chain_api.submit_and_watch_extrinsic_until_success(xt, false) {
+		Ok(xt_report) => {
+			println!(
+				"[+] invoke TrustedOperation extrinsic success. extrinsic hash: {:?} / status: {:?} / block hash: {:?}",
+				xt_report.extrinsic_hash, xt_report.status, xt_report.block_hash.unwrap()
+			);
+			xt_report.block_hash.unwrap()
+		},
+		Err(e) => {
+			error!("invoke TrustedOperation extrinsic failed {:?}", e);
+			return Err(TrustedOperationError::Extrinsic { msg: format!("{:?}", e) })
+		},
+	};
 
 	info!(
-		"Trusted call extrinsic sent and successfully included in parentchain block with hash {:?}.",
-		block_hash
+		"Trusted call extrinsic sent for shard {} and successfully included in parentchain block with hash {:?}.",
+		shard.encode().to_base58(), block_hash
 	);
 	info!("Waiting for execution confirmation from enclave...");
 	let mut subscription = chain_api.subscribe_events().unwrap();
 	loop {
 		let event_records = subscription.next_event::<RuntimeEvent, Hash>().unwrap().unwrap();
 		for event_record in event_records {
-			if let RuntimeEvent::Teerex(TeerexEvent::ProcessedParentchainBlock(
-				_signer,
-				confirmed_block_hash,
-				_merkle_root,
-				confirmed_block_number,
-			)) = event_record.event
+			if let RuntimeEvent::EnclaveBridge(EnclaveBridgeEvent::ProcessedParentchainBlock {
+				shard,
+				block_hash: confirmed_block_hash,
+				trusted_calls_merkle_root,
+				block_number: confirmed_block_number,
+			}) = event_record.event
 			{
 				info!("Confirmation of ProcessedParentchainBlock received");
-				debug!("Expected block Hash: {:?}", block_hash);
+				debug!("shard: {:?}", shard);
+				debug!("confirmed parentchain block Hash: {:?}", block_hash);
+				debug!("trusted calls merkle root: {:?}", trusted_calls_merkle_root);
 				debug!("Confirmed stf block Hash: {:?}", confirmed_block_hash);
 				if let Err(e) = check_if_received_event_exceeds_expected(
 					&chain_api,
@@ -223,8 +238,11 @@ fn send_direct_request(
 	let encryption_key = get_shielding_key(cli).unwrap();
 	let shard = read_shard(trusted_args).unwrap();
 	let jsonrpc_call: String = get_json_request(shard, operation_call, encryption_key);
-
-	debug!("get direct api");
+	debug!(
+		"send_direct_request: trusted operation: {:?},  shard: {}",
+		operation_call,
+		shard.encode().to_base58()
+	);
 	let direct_api = get_worker_api_direct(cli);
 
 	debug!("setup sender and receiver");
diff --git a/core-primitives/attestation-handler/Cargo.toml b/core-primitives/attestation-handler/Cargo.toml
index e03ae41c00..19690b16d7 100644
--- a/core-primitives/attestation-handler/Cargo.toml
+++ b/core-primitives/attestation-handler/Cargo.toml
@@ -37,7 +37,7 @@ sgx_rand = { branch = "master", git = "https://github.com/apache/teaclave-sgx-sd
 sgx_tcrypto = { branch = "master", git = "https://github.com/apache/teaclave-sgx-sdk.git", optional = true }
 sgx_tse = { branch = "master", git = "https://github.com/apache/teaclave-sgx-sdk.git", optional = true }
 sgx_tstd = { branch = "master", git = "https://github.com/apache/teaclave-sgx-sdk.git", features = ["untrusted_fs", "net", "backtrace"], optional = true }
-sgx_types = { branch = "master", git = "https://github.com/apache/teaclave-sgx-sdk.git" }
+sgx_types = { branch = "master", git = "https://github.com/apache/teaclave-sgx-sdk.git", features = ["extra_traits"] }
 
 # local deps
 itp-ocall-api = { path = "../ocall-api", default-features = false }
diff --git a/core-primitives/attestation-handler/src/attestation_handler.rs b/core-primitives/attestation-handler/src/attestation_handler.rs
index 8b8401951d..91bfc77f3a 100644
--- a/core-primitives/attestation-handler/src/attestation_handler.rs
+++ b/core-primitives/attestation-handler/src/attestation_handler.rs
@@ -82,15 +82,15 @@ pub trait AttestationHandler {
 	/// but instead generate a mock certificate.
 	fn generate_ias_ra_cert(&self, skip_ra: bool) -> EnclaveResult<Vec<u8>>;
 
-	/// Returns the DER encoded certificate and the raw DCAP quote.
+	/// Returns the DER encoded private_key, DER encoded certificate and the raw DCAP quote.
 	/// If skip_ra is set, it will not perform a remote attestation via IAS
 	/// but instead generate a mock certificate.
 	fn generate_dcap_ra_cert(
 		&self,
-		quoting_enclave_target_info: &sgx_target_info_t,
-		quote_size: u32,
+		quoting_enclave_target_info: Option<&sgx_target_info_t>,
+		quote_size: Option<&u32>,
 		skip_ra: bool,
-	) -> EnclaveResult<(Vec<u8>, Vec<u8>)>;
+	) -> EnclaveResult<(Vec<u8>, Vec<u8>, Vec<u8>)>;
 
 	/// Get the measurement register value of the enclave
 	fn get_mrenclave(&self) -> EnclaveResult<[u8; MR_ENCLAVE_SIZE]>;
@@ -107,7 +107,7 @@ pub trait AttestationHandler {
 
 	/// Create the remote attestation report and encapsulate it in a DER certificate
 	/// Returns a pair consisting of (private key DER, certificate DER)
-	fn create_ra_report_and_signature(
+	fn create_epid_ra_report_and_signature(
 		&self,
 		sign_type: sgx_quote_sign_type_t,
 		skip_ra: bool,
@@ -119,6 +119,35 @@ pub struct IntelAttestationHandler<OCallApi, SigningKeyRepo> {
 	pub(crate) signing_key_repo: Arc<SigningKeyRepo>,
 }
 
+impl<OCallApi, AccessSigningKey> IntelAttestationHandler<OCallApi, AccessSigningKey>
+where
+	OCallApi: EnclaveAttestationOCallApi,
+	AccessSigningKey: AccessKey<KeyType = ed25519::Pair>,
+{
+	fn create_payload_epid(
+		&self,
+		pub_k: &[u8; 32],
+		sign_type: sgx_quote_sign_type_t,
+	) -> EnclaveResult<String> {
+		info!("    [Enclave] Create attestation report");
+		let (attn_report, sig, cert) = match self.create_epid_attestation_report(&pub_k, sign_type)
+		{
+			Ok(r) => r,
+			Err(e) => {
+				error!("    [Enclave] Error in create_attestation_report: {:?}", e);
+				return Err(e.into())
+			},
+		};
+		println!("    [Enclave] Create attestation report successful");
+		debug!("              attn_report = {:?}", attn_report);
+		debug!("              sig         = {:?}", sig);
+		debug!("              cert        = {:?}", cert);
+
+		// concat the information
+		Ok(attn_report + "|" + &sig + "|" + &cert)
+	}
+}
+
 impl<OCallApi, AccessSigningKey> AttestationHandler
 	for IntelAttestationHandler<OCallApi, AccessSigningKey>
 where
@@ -132,7 +161,7 @@ where
 		// FIXME: should call `create_ra_report_and_signature` in skip_ra mode as well:
 		// https://github.com/integritee-network/worker/issues/321.
 		let cert_der = if !skip_ra {
-			match self.create_ra_report_and_signature(sign_type, skip_ra) {
+			match self.create_epid_ra_report_and_signature(sign_type, skip_ra) {
 				Ok((_key_der, cert_der)) => cert_der,
 				Err(e) => return Err(e),
 			}
@@ -154,7 +183,8 @@ where
 		// our certificate is unlinkable
 		let sign_type = sgx_quote_sign_type_t::SGX_UNLINKABLE_SIGNATURE;
 
-		let (_key_der, cert_der) = match self.create_ra_report_and_signature(sign_type, false) {
+		let (_key_der, cert_der) = match self.create_epid_ra_report_and_signature(sign_type, false)
+		{
 			Ok(r) => r,
 			Err(e) => return Err(e),
 		};
@@ -175,11 +205,14 @@ where
 		quoting_enclave_target_info: &sgx_target_info_t,
 		quote_size: u32,
 	) -> EnclaveResult<()> {
-		let (_cert_der, dcap_quote) =
-			match self.generate_dcap_ra_cert(quoting_enclave_target_info, quote_size, false) {
-				Ok(r) => r,
-				Err(e) => return Err(e),
-			};
+		let (_priv_key_der, _cert_der, dcap_quote) = match self.generate_dcap_ra_cert(
+			Some(quoting_enclave_target_info),
+			Some(&quote_size),
+			false,
+		) {
+			Ok(r) => r,
+			Err(e) => return Err(e),
+		};
 
 		if let Err(err) = io::write(&dcap_quote, RA_DUMP_CERT_DER_FILE) {
 			error!(
@@ -192,7 +225,7 @@ where
 		Ok(())
 	}
 
-	fn create_ra_report_and_signature(
+	fn create_epid_ra_report_and_signature(
 		&self,
 		sign_type: sgx_quote_sign_type_t,
 		skip_ra: bool,
@@ -209,36 +242,20 @@ where
 		debug!("     pubkey Y is {:02x}", pub_k.gy.iter().format(""));
 
 		let payload = if !skip_ra {
-			info!("    [Enclave] Create attestation report");
-			let (attn_report, sig, cert) =
-				match self.create_attestation_report(&chain_signer.public().0, sign_type) {
-					Ok(r) => r,
-					Err(e) => {
-						error!("    [Enclave] Error in create_attestation_report: {:?}", e);
-						return Err(e.into())
-					},
-				};
-			println!("    [Enclave] Create attestation report successful");
-			debug!("              attn_report = {:?}", attn_report);
-			debug!("              sig         = {:?}", sig);
-			debug!("              cert        = {:?}", cert);
-
-			// concat the information
-			attn_report + "|" + &sig + "|" + &cert
+			self.create_payload_epid(&chain_signer.public().0, sign_type)?
 		} else {
 			Default::default()
 		};
 
 		// generate an ECC certificate
 		info!("    [Enclave] Generate ECC Certificate");
-		let (key_der, cert_der) =
-			match cert::gen_ecc_cert(&payload.into_bytes(), &prv_k, &pub_k, &ecc_handle) {
-				Ok(r) => r,
-				Err(e) => {
-					error!("    [Enclave] gen_ecc_cert failed: {:?}", e);
-					return Err(e.into())
-				},
-			};
+		let (key_der, cert_der) = match cert::gen_ecc_cert(&payload, &prv_k, &pub_k, &ecc_handle) {
+			Ok(r) => r,
+			Err(e) => {
+				error!("    [Enclave] gen_ecc_cert failed: {:?}", e);
+				return Err(e.into())
+			},
+		};
 
 		let _ = ecc_handle.close();
 		info!("    [Enclave] Generate ECC Certificate successful");
@@ -247,10 +264,14 @@ where
 
 	fn generate_dcap_ra_cert(
 		&self,
-		quoting_enclave_target_info: &sgx_target_info_t,
-		quote_size: u32,
+		quoting_enclave_target_info: Option<&sgx_target_info_t>,
+		quote_size: Option<&u32>,
 		skip_ra: bool,
-	) -> EnclaveResult<(Vec<u8>, Vec<u8>)> {
+	) -> EnclaveResult<(Vec<u8>, Vec<u8>, Vec<u8>)> {
+		if !skip_ra && quoting_enclave_target_info.is_none() && quote_size.is_none() {
+			error!("Enclave Attestation] remote attestation not skipped, but Quoting Enclave (QE) data is not available");
+			return Err(EnclaveError::Sgx(sgx_status_t::SGX_ERROR_UNEXPECTED))
+		}
 		let chain_signer = self.signing_key_repo.retrieve_key()?;
 		info!("[Enclave Attestation] Ed25519 signer pub key: {:?}", chain_signer.public().0);
 
@@ -262,8 +283,8 @@ where
 		let qe_quote = if !skip_ra {
 			let qe_quote = match self.retrieve_qe_dcap_quote(
 				&chain_signer.public().0,
-				quoting_enclave_target_info,
-				quote_size,
+				quoting_enclave_target_info.unwrap(),
+				*quote_size.unwrap(),
 			) {
 				Ok(quote) => quote,
 				Err(e) => {
@@ -276,20 +297,25 @@ where
 			Default::default()
 		};
 
+		let qe_quote_base_64 = base64::encode(&qe_quote[..]);
 		// generate an ECC certificate
 		debug!("[Enclave] Generate ECC Certificate");
-		let (_key_der, cert_der) = match cert::gen_ecc_cert(&qe_quote, &prv_k, &pub_k, &ecc_handle)
-		{
-			Ok(r) => r,
-			Err(e) => {
-				error!("[Enclave] gen_ecc_cert failed: {:?}", e);
-				return Err(e.into())
-			},
-		};
+		let (key_der, cert_der) =
+			match cert::gen_ecc_cert(&qe_quote_base_64, &prv_k, &pub_k, &ecc_handle) {
+				Ok(r) => r,
+				Err(e) => {
+					error!("[Enclave] gen_ecc_cert failed: {:?}", e);
+					return Err(e.into())
+				},
+			};
 
 		let _ = ecc_handle.close();
 
-		Ok((cert_der, qe_quote))
+		debug!("[Enclave] Generated ECC cert info:");
+		trace!("[Enclave] Generated ECC cert info: key_der={:#?}", &key_der);
+		trace!("[Enclave] Generated ECC cert info: cert_der={:#?}", &cert_der);
+		trace!("[Enclave] Generated ECC cert info: qe_quote={:#?}", &qe_quote);
+		Ok((key_der, cert_der, qe_quote))
 	}
 }
 
@@ -511,7 +537,7 @@ where
 			+ (u32::from(array[3]) << 24)
 	}
 
-	fn create_attestation_report(
+	fn create_epid_attestation_report(
 		&self,
 		pub_k: &[u8; 32],
 		sign_type: sgx_quote_sign_type_t,
@@ -652,7 +678,7 @@ where
 			.map_err(|e| EnclaveError::Other(e.into()))
 	}
 
-	/// Returns Ok if the verification of the quote by the quote verification enclave (QVE) was successful  
+	/// Returns Ok if the verification of the quote by the quote verification enclave (QVE) was successful
 	pub fn ecdsa_quote_verification(&self, quote: Vec<u8>) -> SgxResult<()> {
 		let mut app_enclave_target_info: sgx_target_info_t = unsafe { std::mem::zeroed() };
 		let quote_collateral: sgx_ql_qve_collateral_t = unsafe { std::mem::zeroed() };
diff --git a/core-primitives/attestation-handler/src/cert.rs b/core-primitives/attestation-handler/src/cert.rs
index e331d9e23a..99c0d8529b 100644
--- a/core-primitives/attestation-handler/src/cert.rs
+++ b/core-primitives/attestation-handler/src/cert.rs
@@ -70,8 +70,9 @@ pub mod sgx {
 	const ISSUER: &str = "Integritee";
 	const SUBJECT: &str = "Integritee ephemeral";
 
+	/// `payload` must be a valid a string, not just arbitrary data.
 	pub fn gen_ecc_cert(
-		payload: &[u8],
+		payload: &str,
 		prv_k: &sgx_ec256_private_t,
 		pub_k: &sgx_ec256_public_t,
 		ecc_handle: &SgxEccHandle,
@@ -158,7 +159,7 @@ pub mod sgx {
 								writer.next().write_oid(&ObjectIdentifier::from_slice(&[
 									2, 16, 840, 1, 113_730, 1, 13,
 								]));
-								writer.next().write_bytes(payload);
+								writer.next().write_bytes(payload.as_bytes());
 							});
 						});
 					});
@@ -234,7 +235,12 @@ pub fn percent_decode(orig: String) -> EnclaveResult<String> {
 }
 
 // FIXME: This code is redundant with the host call of the integritee-node
-pub fn verify_mra_cert<A>(cert_der: &[u8], attestation_ocall: &A) -> SgxResult<()>
+pub fn verify_mra_cert<A>(
+	cert_der: &[u8],
+	is_payload_base64_encoded: bool,
+	is_dcap: bool,
+	attestation_ocall: &A,
+) -> SgxResult<()>
 where
 	A: EnclaveAttestationOCallApi,
 {
@@ -276,62 +282,72 @@ where
 
 	// Obtain Netscape Comment
 	offset += 1;
-	let payload = cert_der[offset..offset + len].to_vec();
-
-	// Extract each field
-	let mut iter = payload.split(|x| *x == 0x7C);
-	let attn_report_raw = iter.next().ok_or(sgx_status_t::SGX_ERROR_UNEXPECTED)?;
-	let sig_raw = iter.next().ok_or(sgx_status_t::SGX_ERROR_UNEXPECTED)?;
-	let sig = base64::decode(sig_raw).map_err(|e| EnclaveError::Other(e.into()))?;
-
-	let sig_cert_raw = iter.next().ok_or(sgx_status_t::SGX_ERROR_UNEXPECTED)?;
-	let sig_cert_dec = base64::decode_config(sig_cert_raw, base64::STANDARD)
-		.map_err(|e| EnclaveError::Other(e.into()))?;
-	let sig_cert = webpki::EndEntityCert::from(&sig_cert_dec).expect("Bad DER");
-
-	// Verify if the signing cert is issued by Intel CA
-	let mut ias_ca_stripped = IAS_REPORT_CA.to_vec();
-	ias_ca_stripped.retain(|&x| x != 0x0d && x != 0x0a);
-	let head_len = "-----BEGIN CERTIFICATE-----".len();
-	let tail_len = "-----END CERTIFICATE-----".len();
-	let full_len = ias_ca_stripped.len();
-	let ias_ca_core: &[u8] = &ias_ca_stripped[head_len..full_len - tail_len];
-	let ias_cert_dec = base64::decode_config(ias_ca_core, base64::STANDARD)
-		.map_err(|e| EnclaveError::Other(e.into()))?;
-
-	let mut ca_reader = BufReader::new(IAS_REPORT_CA);
-
-	let mut root_store = rustls::RootCertStore::empty();
-	root_store.add_pem_file(&mut ca_reader).expect("Failed to add CA");
-
-	let trust_anchors: Vec<webpki::TrustAnchor> =
-		root_store.roots.iter().map(|cert| cert.to_trust_anchor()).collect();
-
-	let now_func = webpki::Time::try_from(SystemTime::now());
-
-	match sig_cert.verify_is_valid_tls_server_cert(
-		SUPPORTED_SIG_ALGS,
-		&webpki::TLSServerTrustAnchors(&trust_anchors),
-		&[ias_cert_dec.as_slice()],
-		now_func.map_err(|_e| EnclaveError::Time)?,
-	) {
-		Ok(_) => info!("Cert is good"),
-		Err(e) => {
-			error!("Cert verification error {:?}", e);
-			return Err(sgx_status_t::SGX_ERROR_UNEXPECTED)
-		},
+	let mut payload = cert_der[offset..offset + len].to_vec();
+	trace!("payload in mra cert verifier is: {:?}", &payload);
+	if is_payload_base64_encoded {
+		payload = base64::decode(&payload[..]).or(Err(sgx_status_t::SGX_ERROR_UNEXPECTED))?;
 	}
+	trace!("payload in mra cert verifier is: {:?}", &payload);
+	if !is_dcap {
+		// Extract each field
+		let mut iter = payload.split(|x| *x == b'|');
+		let attn_report_raw = iter.next().ok_or(sgx_status_t::SGX_ERROR_UNEXPECTED)?;
+		let sig_raw = iter.next().ok_or(sgx_status_t::SGX_ERROR_UNEXPECTED)?;
+		let sig = base64::decode(sig_raw).map_err(|e| EnclaveError::Other(e.into()))?;
+
+		let sig_cert_raw = iter.next().ok_or(sgx_status_t::SGX_ERROR_UNEXPECTED)?;
+		let sig_cert_dec = base64::decode_config(sig_cert_raw, base64::STANDARD)
+			.map_err(|e| EnclaveError::Other(e.into()))?;
+		let sig_cert = webpki::EndEntityCert::from(&sig_cert_dec).expect("Bad DER");
+
+		// Verify if the signing cert is issued by Intel CA
+		let mut ias_ca_stripped = IAS_REPORT_CA.to_vec();
+		ias_ca_stripped.retain(|&x| x != b'\r' && x != b'\n');
+		let head_len = "-----BEGIN CERTIFICATE-----".len();
+		let tail_len = "-----END CERTIFICATE-----".len();
+		let full_len = ias_ca_stripped.len();
+		let ias_ca_core: &[u8] = &ias_ca_stripped[head_len..full_len - tail_len];
+		let ias_cert_dec = base64::decode_config(ias_ca_core, base64::STANDARD)
+			.map_err(|e| EnclaveError::Other(e.into()))?;
+
+		let mut ca_reader = BufReader::new(IAS_REPORT_CA);
+
+		let mut root_store = rustls::RootCertStore::empty();
+		root_store.add_pem_file(&mut ca_reader).expect("Failed to add CA");
+
+		let trust_anchors: Vec<webpki::TrustAnchor> =
+			root_store.roots.iter().map(|cert| cert.to_trust_anchor()).collect();
+
+		let now_func = webpki::Time::try_from(SystemTime::now());
+
+		match sig_cert.verify_is_valid_tls_server_cert(
+			SUPPORTED_SIG_ALGS,
+			&webpki::TLSServerTrustAnchors(&trust_anchors),
+			&[ias_cert_dec.as_slice()],
+			now_func.map_err(|_e| EnclaveError::Time)?,
+		) {
+			Ok(_) => info!("Cert is good"),
+			Err(e) => {
+				error!("Cert verification error {:?}", e);
+				return Err(sgx_status_t::SGX_ERROR_UNEXPECTED)
+			},
+		}
 
-	// Verify the signature against the signing cert
-	match sig_cert.verify_signature(&webpki::RSA_PKCS1_2048_8192_SHA256, attn_report_raw, &sig) {
-		Ok(_) => info!("Signature good"),
-		Err(e) => {
-			error!("Signature verification error {:?}", e);
-			return Err(sgx_status_t::SGX_ERROR_UNEXPECTED)
-		},
-	}
+		// Verify the signature against the signing cert
+		match sig_cert.verify_signature(&webpki::RSA_PKCS1_2048_8192_SHA256, attn_report_raw, &sig)
+		{
+			Ok(_) => info!("Signature good"),
+			Err(e) => {
+				error!("Signature verification error {:?}", e);
+				return Err(sgx_status_t::SGX_ERROR_UNEXPECTED)
+			},
+		}
 
-	verify_attn_report(attn_report_raw, pub_k, attestation_ocall)
+		verify_attn_report(attn_report_raw, pub_k, attestation_ocall)
+	} else {
+		// TODO Refactor state provisioning to not use MURA #1385
+		Ok(())
+	}
 }
 
 pub fn verify_attn_report<A>(
diff --git a/core-primitives/attestation-handler/src/lib.rs b/core-primitives/attestation-handler/src/lib.rs
index 651aeca924..c6763b3d9a 100644
--- a/core-primitives/attestation-handler/src/lib.rs
+++ b/core-primitives/attestation-handler/src/lib.rs
@@ -50,3 +50,9 @@ pub use attestation_handler::{AttestationHandler, IntelAttestationHandler, DEV_H
 pub use collateral::SgxQlQveCollateral;
 
 pub use error::{Error, Result};
+
+#[derive(Clone, Eq, PartialEq, Debug)]
+pub enum RemoteAttestationType {
+	Epid,
+	Dcap,
+}
diff --git a/core-primitives/enclave-api/ffi/src/lib.rs b/core-primitives/enclave-api/ffi/src/lib.rs
index fa00b22143..9bb8920b4a 100644
--- a/core-primitives/enclave-api/ffi/src/lib.rs
+++ b/core-primitives/enclave-api/ffi/src/lib.rs
@@ -128,8 +128,8 @@ extern "C" {
 		unchecked_extrinsic: *mut u8,
 		unchecked_extrinsic_size: u32,
 		skip_ra: c_int,
-		quoting_enclave_target_info: &sgx_target_info_t,
-		quote_size: u32,
+		quoting_enclave_target_info: Option<&sgx_target_info_t>,
+		quote_size: Option<&u32>,
 	) -> sgx_status_t;
 
 	pub fn generate_dcap_ra_quote(
@@ -214,6 +214,8 @@ extern "C" {
 		retval: *mut sgx_status_t,
 		socket_fd: c_int,
 		sign_type: sgx_quote_sign_type_t,
+		quoting_enclave_target_info: Option<&sgx_target_info_t>,
+		quote_size: Option<&u32>,
 		skip_ra: c_int,
 	) -> sgx_status_t;
 
@@ -222,6 +224,8 @@ extern "C" {
 		retval: *mut sgx_status_t,
 		socket_fd: c_int,
 		sign_type: sgx_quote_sign_type_t,
+		quoting_enclave_target_info: Option<&sgx_target_info_t>,
+		quote_size: Option<&u32>,
 		shard: *const u8,
 		shard_size: u32,
 		skip_ra: c_int,
diff --git a/core-primitives/enclave-api/src/enclave_base.rs b/core-primitives/enclave-api/src/enclave_base.rs
index d6b67480bf..86ffceaeb9 100644
--- a/core-primitives/enclave-api/src/enclave_base.rs
+++ b/core-primitives/enclave-api/src/enclave_base.rs
@@ -29,6 +29,7 @@ use log::*;
 use sgx_crypto_helper::rsa3072::Rsa3072PubKey;
 use sgx_types::*;
 use sp_core::ed25519;
+use teerex_primitives::EnclaveFingerprint;
 
 /// Trait for base/common Enclave API functions
 pub trait EnclaveBase: Send + Sync + 'static {
@@ -67,7 +68,7 @@ pub trait EnclaveBase: Send + Sync + 'static {
 
 	fn get_ecc_signing_pubkey(&self) -> EnclaveResult<ed25519::Public>;
 
-	fn get_mrenclave(&self) -> EnclaveResult<[u8; MR_ENCLAVE_SIZE]>;
+	fn get_fingerprint(&self) -> EnclaveResult<EnclaveFingerprint>;
 }
 
 /// EnclaveApi implementation for Enclave struct
@@ -236,7 +237,7 @@ impl EnclaveBase for Enclave {
 		Ok(ed25519::Public::from_raw(pubkey))
 	}
 
-	fn get_mrenclave(&self) -> EnclaveResult<[u8; MR_ENCLAVE_SIZE]> {
+	fn get_fingerprint(&self) -> EnclaveResult<EnclaveFingerprint> {
 		let mut retval = sgx_status_t::SGX_SUCCESS;
 		let mut mr_enclave = [0u8; MR_ENCLAVE_SIZE];
 
@@ -252,7 +253,7 @@ impl EnclaveBase for Enclave {
 		ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result));
 		ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval));
 
-		Ok(mr_enclave)
+		Ok(mr_enclave.into())
 	}
 }
 
diff --git a/core-primitives/enclave-api/src/remote_attestation.rs b/core-primitives/enclave-api/src/remote_attestation.rs
index 8c6eda0c41..e4f3fca190 100644
--- a/core-primitives/enclave-api/src/remote_attestation.rs
+++ b/core-primitives/enclave-api/src/remote_attestation.rs
@@ -66,6 +66,8 @@ pub trait RemoteAttestation {
 
 	fn set_ql_qe_enclave_paths(&self) -> EnclaveResult<()>;
 
+	fn set_sgx_qpl_logging(&self) -> EnclaveResult<()>;
+
 	fn qe_get_target_info(&self) -> EnclaveResult<sgx_target_info_t>;
 
 	fn qe_get_quote_size(&self) -> EnclaveResult<u32>;
@@ -113,6 +115,8 @@ pub trait TlsRemoteAttestation {
 		&self,
 		socket_fd: c_int,
 		sign_type: sgx_quote_sign_type_t,
+		quoting_enclave_target_info: Option<&sgx_target_info_t>,
+		quote_size: Option<&u32>,
 		skip_ra: bool,
 	) -> EnclaveResult<()>;
 
@@ -120,6 +124,8 @@ pub trait TlsRemoteAttestation {
 		&self,
 		socket_fd: c_int,
 		sign_type: sgx_quote_sign_type_t,
+		quoting_enclave_target_info: Option<&sgx_target_info_t>,
+		quote_size: Option<&u32>,
 		shard: &ShardIdentifier,
 		skip_ra: bool,
 	) -> EnclaveResult<()>;
@@ -215,8 +221,22 @@ impl RemoteAttestation for Enclave {
 		let mut retval = sgx_status_t::SGX_SUCCESS;
 
 		self.set_ql_qe_enclave_paths()?;
-		let quoting_enclave_target_info = self.qe_get_target_info()?;
-		let quote_size = self.qe_get_quote_size()?;
+		let quoting_enclave_target_info = if !skip_ra {
+			match self.qe_get_target_info() {
+				Ok(target_info) => Some(target_info),
+				Err(e) => return Err(e),
+			}
+		} else {
+			None
+		};
+		let quote_size = if !skip_ra {
+			match self.qe_get_quote_size() {
+				Ok(quote_size) => Some(quote_size),
+				Err(e) => return Err(e),
+			}
+		} else {
+			None
+		};
 		info!("Retrieved quote size of {:?}", quote_size);
 
 		trace!("Generating dcap_ra_extrinsic with URL: {}", w_url);
@@ -234,8 +254,8 @@ impl RemoteAttestation for Enclave {
 				unchecked_extrinsic.as_mut_ptr(),
 				unchecked_extrinsic.len() as u32,
 				skip_ra.into(),
-				&quoting_enclave_target_info,
-				quote_size,
+				quoting_enclave_target_info.as_ref(),
+				quote_size.as_ref(),
 			)
 		};
 
@@ -341,6 +361,17 @@ impl RemoteAttestation for Enclave {
 		Ok(())
 	}
 
+	fn set_sgx_qpl_logging(&self) -> EnclaveResult<()> {
+		let log_level = sgx_ql_log_level_t::SGX_QL_LOG_INFO;
+		let res = unsafe { sgx_ql_set_logging_callback(forward_qpl_log, log_level) };
+		if res == sgx_quote3_error_t::SGX_QL_SUCCESS {
+			Ok(())
+		} else {
+			error!("Setting logging function failed with: {:#?}", res);
+			Err(Error::SgxQuote(res))
+		}
+	}
+
 	fn qe_get_target_info(&self) -> EnclaveResult<sgx_target_info_t> {
 		let mut quoting_enclave_target_info: sgx_target_info_t = sgx_target_info_t::default();
 		let qe3_ret = unsafe { sgx_qe_get_target_info(&mut quoting_enclave_target_info as *mut _) };
@@ -656,6 +687,8 @@ impl TlsRemoteAttestation for Enclave {
 		&self,
 		socket_fd: c_int,
 		sign_type: sgx_quote_sign_type_t,
+		quoting_enclave_target_info: Option<&sgx_target_info_t>,
+		quote_size: Option<&u32>,
 		skip_ra: bool,
 	) -> EnclaveResult<()> {
 		let mut retval = sgx_status_t::SGX_SUCCESS;
@@ -666,6 +699,8 @@ impl TlsRemoteAttestation for Enclave {
 				&mut retval,
 				socket_fd,
 				sign_type,
+				quoting_enclave_target_info,
+				quote_size,
 				skip_ra.into(),
 			)
 		};
@@ -680,6 +715,8 @@ impl TlsRemoteAttestation for Enclave {
 		&self,
 		socket_fd: c_int,
 		sign_type: sgx_quote_sign_type_t,
+		quoting_enclave_target_info: Option<&sgx_target_info_t>,
+		quote_size: Option<&u32>,
 		shard: &ShardIdentifier,
 		skip_ra: bool,
 	) -> EnclaveResult<()> {
@@ -693,6 +730,8 @@ impl TlsRemoteAttestation for Enclave {
 				&mut retval,
 				socket_fd,
 				sign_type,
+				quoting_enclave_target_info,
+				quote_size,
 				encoded_shard.as_ptr(),
 				encoded_shard.len() as u32,
 				skip_ra.into(),
@@ -752,3 +791,19 @@ fn set_qv_path(path_type: sgx_qv_path_type_t, path: &str) -> EnclaveResult<()> {
 	}
 	Ok(())
 }
+
+#[allow(clippy::not_unsafe_ptr_arg_deref)]
+/// Make sure that the `log_slice_ptr` points to a null terminated string.
+// This function must not be marked as `unsafe`, because `sgx_ql_set_logging_callback` expects a safe (i.e. not `unsafe`) function.
+pub extern "C" fn forward_qpl_log(log_level: sgx_ql_log_level_t, log_slice_ptr: *const c_char) {
+	if log_slice_ptr.is_null() {
+		error!("[QPL - ERROR], slice to print was NULL");
+		return
+	}
+	// This is safe, as the previous block checks for `NULL` pointer.
+	let slice = unsafe { core::ffi::CStr::from_ptr(log_slice_ptr) };
+	match log_level {
+		sgx_ql_log_level_t::SGX_QL_LOG_INFO => info!("[QPL - INFO], {:#?}", slice),
+		sgx_ql_log_level_t::SGX_QL_LOG_ERROR => error!("[QPL - ERROR], {:#?}", slice),
+	}
+}
diff --git a/core-primitives/enclave-bridge-storage/Cargo.toml b/core-primitives/enclave-bridge-storage/Cargo.toml
new file mode 100644
index 0000000000..595fb10189
--- /dev/null
+++ b/core-primitives/enclave-bridge-storage/Cargo.toml
@@ -0,0 +1,21 @@
+[package]
+name = "itp-enclave-bridge-storage"
+version = "0.9.0"
+authors = ["Integritee AG <hello@integritee.network>"]
+edition = "2021"
+
+[dependencies]
+codec = { package = "parity-scale-codec", version = "3.0.0", default-features = false, features = ["derive"] }
+sp-std = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
+
+#local deps
+itp-storage = { path = "../storage", default-features = false }
+itp-types = { path = "../types", default-features = false }
+
+[features]
+default = ["std"]
+std = [
+    "sp-std/std",
+    "itp-storage/std",
+    "itp-types/std",
+]
diff --git a/core-primitives/enclave-bridge-storage/src/lib.rs b/core-primitives/enclave-bridge-storage/src/lib.rs
new file mode 100644
index 0000000000..9077d756b6
--- /dev/null
+++ b/core-primitives/enclave-bridge-storage/src/lib.rs
@@ -0,0 +1,31 @@
+#![cfg_attr(not(feature = "std"), no_std)]
+
+use codec::Encode;
+use itp_storage::{storage_map_key, StorageHasher};
+use sp_std::prelude::Vec;
+
+pub struct EnclaveBridgeStorage;
+
+// Separate the prefix from the rest because in our case we changed the storage prefix due to
+// the rebranding. With the below implementation of the `TeerexStorageKeys`, we could simply
+// define another struct `OtherStorage`, implement `StoragePrefix` for it, and get the
+// `TeerexStorageKeys` implementation for free.
+pub trait StoragePrefix {
+	fn prefix() -> &'static str;
+}
+
+impl StoragePrefix for EnclaveBridgeStorage {
+	fn prefix() -> &'static str {
+		"EnclaveBridge"
+	}
+}
+
+pub trait EnclaveBridgeStorageKeys {
+	fn shard_status<T: Encode>(shard: T) -> Vec<u8>;
+}
+
+impl<S: StoragePrefix> EnclaveBridgeStorageKeys for S {
+	fn shard_status<T: Encode>(shard: T) -> Vec<u8> {
+		storage_map_key(Self::prefix(), "ShardStatus", &shard, &StorageHasher::Blake2_128Concat)
+	}
+}
diff --git a/core-primitives/node-api/api-client-extensions/src/lib.rs b/core-primitives/node-api/api-client-extensions/src/lib.rs
index 4265e33393..e123c41908 100644
--- a/core-primitives/node-api/api-client-extensions/src/lib.rs
+++ b/core-primitives/node-api/api-client-extensions/src/lib.rs
@@ -23,7 +23,6 @@ pub mod account;
 pub mod chain;
 pub mod pallet_teeracle;
 pub mod pallet_teerex;
-pub mod pallet_teerex_api_mock;
 
 pub use account::*;
 pub use chain::*;
diff --git a/core-primitives/node-api/api-client-extensions/src/pallet_teerex.rs b/core-primitives/node-api/api-client-extensions/src/pallet_teerex.rs
index 5f75f16fde..5b6556c11e 100644
--- a/core-primitives/node-api/api-client-extensions/src/pallet_teerex.rs
+++ b/core-primitives/node-api/api-client-extensions/src/pallet_teerex.rs
@@ -16,22 +16,30 @@
 */
 
 use crate::ApiResult;
-use itp_types::{parentchain::Hash, Enclave, IpfsHash, ShardIdentifier};
-use substrate_api_client::{rpc::Request, Api, ExtrinsicParams, FrameSystemConfig, GetStorage};
+use itp_types::{
+	parentchain::Hash, AccountId, IpfsHash, MultiEnclave, ShardIdentifier, ShardStatus,
+};
+use substrate_api_client::{
+	log::error, rpc::Request, Api, ExtrinsicParams, FrameSystemConfig, GetStorage,
+};
 
 pub const TEEREX: &str = "Teerex";
-pub const SIDECHAIN: &str = "Sidechain";
+pub const ENCLAVE_BRIDGE: &str = "EnclaveBridge";
 
 /// ApiClient extension that enables communication with the `teerex` pallet.
 pub trait PalletTeerexApi {
-	fn enclave(&self, index: u64, at_block: Option<Hash>) -> ApiResult<Option<Enclave>>;
+	fn enclave(
+		&self,
+		account: &AccountId,
+		at_block: Option<Hash>,
+	) -> ApiResult<Option<MultiEnclave<Vec<u8>>>>;
 	fn enclave_count(&self, at_block: Option<Hash>) -> ApiResult<u64>;
-	fn all_enclaves(&self, at_block: Option<Hash>) -> ApiResult<Vec<Enclave>>;
-	fn worker_for_shard(
+	fn all_enclaves(&self, at_block: Option<Hash>) -> ApiResult<Vec<MultiEnclave<Vec<u8>>>>;
+	fn primary_worker_for_shard(
 		&self,
 		shard: &ShardIdentifier,
 		at_block: Option<Hash>,
-	) -> ApiResult<Option<Enclave>>;
+	) -> ApiResult<Option<MultiEnclave<Vec<u8>>>>;
 	fn latest_ipfs_hash(
 		&self,
 		shard: &ShardIdentifier,
@@ -45,30 +53,50 @@ where
 	Runtime: FrameSystemConfig<Hash = Hash>,
 	Params: ExtrinsicParams<Runtime::Index, Runtime::Hash>,
 {
-	fn enclave(&self, index: u64, at_block: Option<Hash>) -> ApiResult<Option<Enclave>> {
-		self.get_storage_map(TEEREX, "EnclaveRegistry", index, at_block)
+	fn enclave(
+		&self,
+		account: &AccountId,
+		at_block: Option<Hash>,
+	) -> ApiResult<Option<MultiEnclave<Vec<u8>>>> {
+		self.get_storage_map(TEEREX, "SovereignEnclaves", account, at_block)
 	}
 
 	fn enclave_count(&self, at_block: Option<Hash>) -> ApiResult<u64> {
-		Ok(self.get_storage_value(TEEREX, "EnclaveCount", at_block)?.unwrap_or(0u64))
+		Ok(self.all_enclaves(at_block)?.len() as u64)
 	}
 
-	fn all_enclaves(&self, at_block: Option<Hash>) -> ApiResult<Vec<Enclave>> {
-		let count = self.enclave_count(at_block)?;
-		let mut enclaves = Vec::with_capacity(count as usize);
-		for n in 1..=count {
-			enclaves.push(self.enclave(n, at_block)?.expect("None enclave"))
+	fn all_enclaves(&self, at_block: Option<Hash>) -> ApiResult<Vec<MultiEnclave<Vec<u8>>>> {
+		let key_prefix = self.get_storage_map_key_prefix("Teerex", "SovereignEnclaves")?;
+		//fixme: solve this properly with infinite elements
+		let max_keys = 1000;
+		let storage_keys =
+			self.get_storage_keys_paged(Some(key_prefix), max_keys, None, at_block)?;
+
+		if storage_keys.len() == max_keys as usize {
+			error!("results can be wrong because max keys reached for query")
 		}
+		let enclaves = storage_keys
+			.iter()
+			.filter_map(|key| self.get_storage_by_key_hash(key.clone(), at_block).ok()?)
+			.collect();
 		Ok(enclaves)
 	}
 
-	fn worker_for_shard(
+	fn primary_worker_for_shard(
 		&self,
 		shard: &ShardIdentifier,
 		at_block: Option<Hash>,
-	) -> ApiResult<Option<Enclave>> {
-		self.get_storage_map(SIDECHAIN, "WorkerForShard", shard, at_block)?
-			.map_or_else(|| Ok(None), |w_index| self.enclave(w_index, at_block))
+	) -> ApiResult<Option<MultiEnclave<Vec<u8>>>> {
+		self.get_storage_map(ENCLAVE_BRIDGE, "ShardStatus", shard, at_block)?
+			.map_or_else(
+				|| Ok(None),
+				|statuses: ShardStatus| {
+					statuses.get(0).map_or_else(
+						|| Ok(None),
+						|signerstatus| self.enclave(&signerstatus.signer, at_block),
+					)
+				},
+			)
 	}
 
 	fn latest_ipfs_hash(
diff --git a/core-primitives/node-api/api-client-extensions/src/pallet_teerex_api_mock.rs b/core-primitives/node-api/api-client-extensions/src/pallet_teerex_api_mock.rs
index 06da958b9d..cb63892da4 100644
--- a/core-primitives/node-api/api-client-extensions/src/pallet_teerex_api_mock.rs
+++ b/core-primitives/node-api/api-client-extensions/src/pallet_teerex_api_mock.rs
@@ -16,22 +16,27 @@
 */
 
 use crate::{pallet_teerex::PalletTeerexApi, ApiResult};
-use itp_types::{parentchain::Hash, Enclave, IpfsHash, ShardIdentifier};
+use itp_types::{parentchain::Hash, AccountId, IpfsHash, MultiEnclave, ShardIdentifier};
+use std::collections::HashMap;
 
 #[derive(Default)]
 pub struct PalletTeerexApiMock {
-	registered_enclaves: Vec<Enclave>,
+	registered_enclaves: HashMap<AccountId, MultiEnclave<Vec<u8>>>,
 }
 
 impl PalletTeerexApiMock {
-	pub fn with_enclaves(mut self, enclaves: Vec<Enclave>) -> Self {
-		self.registered_enclaves.extend(enclaves);
+	pub fn with_enclaves(mut self, enclaves: Vec<MultiEnclave<Vec<u8>>>) -> Self {
+		enclaves.iter().map(|enclave| self.registered_enclaves.insert(enclave));
 		self
 	}
 }
 
 impl PalletTeerexApi for PalletTeerexApiMock {
-	fn enclave(&self, index: u64, _at_block: Option<Hash>) -> ApiResult<Option<Enclave>> {
+	fn enclave(
+		&self,
+		account: AccountId,
+		_at_block: Option<Hash>,
+	) -> ApiResult<Option<MultiEnclave<Vec<u8>>>> {
 		Ok(self.registered_enclaves.get(index as usize).cloned())
 	}
 
@@ -39,15 +44,15 @@ impl PalletTeerexApi for PalletTeerexApiMock {
 		Ok(self.registered_enclaves.len() as u64)
 	}
 
-	fn all_enclaves(&self, _at_block: Option<Hash>) -> ApiResult<Vec<Enclave>> {
+	fn all_enclaves(&self, _at_block: Option<Hash>) -> ApiResult<Vec<MultiEnclave<Vec<u8>>>> {
 		Ok(self.registered_enclaves.clone())
 	}
 
-	fn worker_for_shard(
+	fn primary_worker_for_shard(
 		&self,
 		_shard: &ShardIdentifier,
 		_at_block: Option<Hash>,
-	) -> ApiResult<Option<Enclave>> {
+	) -> ApiResult<Option<MultiEnclave<Vec<u8>>>> {
 		todo!()
 	}
 
diff --git a/core-primitives/node-api/metadata/src/lib.rs b/core-primitives/node-api/metadata/src/lib.rs
index 43c68a2964..9bb09a21fb 100644
--- a/core-primitives/node-api/metadata/src/lib.rs
+++ b/core-primitives/node-api/metadata/src/lib.rs
@@ -20,7 +20,8 @@
 #![cfg_attr(not(feature = "std"), no_std)]
 
 use crate::{
-	error::Result, pallet_sidechain::SidechainCallIndexes, pallet_teerex::TeerexCallIndexes,
+	error::Result, pallet_enclave_bridge::EnclaveBridgeCallIndexes,
+	pallet_sidechain::SidechainCallIndexes, pallet_teerex::TeerexCallIndexes,
 };
 use codec::{Decode, Encode};
 use sp_core::storage::StorageKey;
@@ -29,6 +30,7 @@ pub use crate::error::Error;
 pub use itp_api_client_types::{Metadata, MetadataError};
 
 pub mod error;
+pub mod pallet_enclave_bridge;
 pub mod pallet_sidechain;
 pub mod pallet_teeracle;
 pub mod pallet_teerex;
@@ -36,8 +38,14 @@ pub mod pallet_teerex;
 #[cfg(feature = "mocks")]
 pub mod metadata_mocks;
 
-pub trait NodeMetadataTrait: TeerexCallIndexes + SidechainCallIndexes {}
-impl<T: TeerexCallIndexes + SidechainCallIndexes> NodeMetadataTrait for T {}
+pub trait NodeMetadataTrait:
+	TeerexCallIndexes + EnclaveBridgeCallIndexes + SidechainCallIndexes
+{
+}
+impl<T: TeerexCallIndexes + EnclaveBridgeCallIndexes + SidechainCallIndexes> NodeMetadataTrait
+	for T
+{
+}
 
 impl TryFrom<NodeMetadata> for Metadata {
 	type Error = crate::error::Error;
diff --git a/core-primitives/node-api/metadata/src/metadata_mocks.rs b/core-primitives/node-api/metadata/src/metadata_mocks.rs
index a3e288dad8..57cf0fe327 100644
--- a/core-primitives/node-api/metadata/src/metadata_mocks.rs
+++ b/core-primitives/node-api/metadata/src/metadata_mocks.rs
@@ -20,6 +20,7 @@ use crate::{
 };
 use codec::{Decode, Encode};
 
+use crate::pallet_enclave_bridge::EnclaveBridgeCallIndexes;
 use itp_api_client_types::Metadata;
 
 impl TryFrom<NodeMetadataMock> for Metadata {
@@ -33,16 +34,18 @@ impl TryFrom<NodeMetadataMock> for Metadata {
 #[derive(Default, Encode, Decode, Debug, Clone)]
 pub struct NodeMetadataMock {
 	teerex_module: u8,
-	register_ias_enclave: u8,
-	register_dcap_enclave: u8,
-	unregister_enclave: u8,
+	register_sgx_enclave: u8,
+	unregister_sovereign_enclave: u8,
+	unregister_proxied_enclave: u8,
 	register_quoting_enclave: u8,
 	register_tcb_info: u8,
-	call_worker: u8,
-	processed_parentchain_block: u8,
+	enclave_bridge_module: u8,
+	invoke: u8,
+	confirm_processed_parentchain_block: u8,
 	shield_funds: u8,
 	unshield_funds: u8,
 	publish_hash: u8,
+	update_shard_config: u8,
 	sidechain_module: u8,
 	imported_sidechain_block: u8,
 	runtime_spec_version: u32,
@@ -53,16 +56,18 @@ impl NodeMetadataMock {
 	pub fn new() -> Self {
 		NodeMetadataMock {
 			teerex_module: 50u8,
-			register_ias_enclave: 0u8,
-			register_dcap_enclave: 6,
-			unregister_enclave: 1u8,
-			register_quoting_enclave: 7,
-			register_tcb_info: 8,
-			call_worker: 2u8,
-			processed_parentchain_block: 3u8,
-			shield_funds: 4u8,
-			unshield_funds: 5u8,
-			publish_hash: 9u8,
+			register_sgx_enclave: 0u8,
+			unregister_sovereign_enclave: 1u8,
+			unregister_proxied_enclave: 2u8,
+			register_quoting_enclave: 3,
+			register_tcb_info: 4,
+			enclave_bridge_module: 54u8,
+			invoke: 0u8,
+			confirm_processed_parentchain_block: 1u8,
+			shield_funds: 2u8,
+			unshield_funds: 3u8,
+			publish_hash: 4u8,
+			update_shard_config: 5u8,
 			sidechain_module: 53u8,
 			imported_sidechain_block: 0u8,
 			runtime_spec_version: 25,
@@ -72,16 +77,16 @@ impl NodeMetadataMock {
 }
 
 impl TeerexCallIndexes for NodeMetadataMock {
-	fn register_ias_enclave_call_indexes(&self) -> Result<[u8; 2]> {
-		Ok([self.teerex_module, self.register_ias_enclave])
+	fn register_sgx_enclave_call_indexes(&self) -> Result<[u8; 2]> {
+		Ok([self.teerex_module, self.register_sgx_enclave])
 	}
 
-	fn register_dcap_enclave_call_indexes(&self) -> Result<[u8; 2]> {
-		Ok([self.teerex_module, self.register_dcap_enclave])
+	fn unregister_sovereign_enclave_call_indexes(&self) -> Result<[u8; 2]> {
+		Ok([self.teerex_module, self.unregister_sovereign_enclave])
 	}
 
-	fn unregister_enclave_call_indexes(&self) -> Result<[u8; 2]> {
-		Ok([self.teerex_module, self.unregister_enclave])
+	fn unregister_proxied_enclave_call_indexes(&self) -> Result<[u8; 2]> {
+		Ok([self.teerex_module, self.unregister_proxied_enclave])
 	}
 
 	fn register_quoting_enclave_call_indexes(&self) -> Result<[u8; 2]> {
@@ -91,25 +96,31 @@ impl TeerexCallIndexes for NodeMetadataMock {
 	fn register_tcb_info_call_indexes(&self) -> Result<[u8; 2]> {
 		Ok([self.teerex_module, self.register_tcb_info])
 	}
+}
 
-	fn call_worker_call_indexes(&self) -> Result<[u8; 2]> {
-		Ok([self.teerex_module, self.call_worker])
+impl EnclaveBridgeCallIndexes for NodeMetadataMock {
+	fn invoke_call_indexes(&self) -> Result<[u8; 2]> {
+		Ok([self.enclave_bridge_module, self.invoke])
 	}
 
 	fn confirm_processed_parentchain_block_call_indexes(&self) -> Result<[u8; 2]> {
-		Ok([self.teerex_module, self.processed_parentchain_block])
+		Ok([self.enclave_bridge_module, self.confirm_processed_parentchain_block])
 	}
 
 	fn shield_funds_call_indexes(&self) -> Result<[u8; 2]> {
-		Ok([self.teerex_module, self.shield_funds])
+		Ok([self.enclave_bridge_module, self.shield_funds])
 	}
 
 	fn unshield_funds_call_indexes(&self) -> Result<[u8; 2]> {
-		Ok([self.teerex_module, self.unshield_funds])
+		Ok([self.enclave_bridge_module, self.unshield_funds])
 	}
 
 	fn publish_hash_call_indexes(&self) -> Result<[u8; 2]> {
-		Ok([self.teerex_module, self.unshield_funds])
+		Ok([self.enclave_bridge_module, self.publish_hash])
+	}
+
+	fn update_shard_config_call_indexes(&self) -> Result<[u8; 2]> {
+		Ok([self.enclave_bridge_module, self.update_shard_config])
 	}
 }
 
diff --git a/core-primitives/node-api/metadata/src/pallet_enclave_bridge.rs b/core-primitives/node-api/metadata/src/pallet_enclave_bridge.rs
new file mode 100644
index 0000000000..4813d2ec54
--- /dev/null
+++ b/core-primitives/node-api/metadata/src/pallet_enclave_bridge.rs
@@ -0,0 +1,75 @@
+/*
+	Copyright 2021 Integritee AG and Supercomputing Systems AG
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+
+*/
+use crate::{error::Result, NodeMetadata};
+use sp_core::storage::StorageKey;
+
+/// Pallet' name:
+const ENCLAVE_BRIDGE: &str = "EnclaveBridge";
+
+pub trait EnclaveBridgeCallIndexes {
+	fn invoke_call_indexes(&self) -> Result<[u8; 2]>;
+
+	fn confirm_processed_parentchain_block_call_indexes(&self) -> Result<[u8; 2]>;
+
+	fn shield_funds_call_indexes(&self) -> Result<[u8; 2]>;
+
+	fn unshield_funds_call_indexes(&self) -> Result<[u8; 2]>;
+
+	fn publish_hash_call_indexes(&self) -> Result<[u8; 2]>;
+
+	fn update_shard_config_call_indexes(&self) -> Result<[u8; 2]>;
+}
+
+pub trait EnclaveBridgeStorageKey {
+	fn shard_status_storage_map_key(&self, index: u64) -> Result<StorageKey>;
+	fn shard_config_registry_storage_map_key(&self, index: u64) -> Result<StorageKey>;
+}
+
+impl EnclaveBridgeCallIndexes for NodeMetadata {
+	fn invoke_call_indexes(&self) -> Result<[u8; 2]> {
+		self.call_indexes(ENCLAVE_BRIDGE, "invoke")
+	}
+
+	fn confirm_processed_parentchain_block_call_indexes(&self) -> Result<[u8; 2]> {
+		self.call_indexes(ENCLAVE_BRIDGE, "confirm_processed_parentchain_block")
+	}
+
+	fn shield_funds_call_indexes(&self) -> Result<[u8; 2]> {
+		self.call_indexes(ENCLAVE_BRIDGE, "shield_funds")
+	}
+
+	fn unshield_funds_call_indexes(&self) -> Result<[u8; 2]> {
+		self.call_indexes(ENCLAVE_BRIDGE, "unshield_funds")
+	}
+
+	fn publish_hash_call_indexes(&self) -> Result<[u8; 2]> {
+		self.call_indexes(ENCLAVE_BRIDGE, "publish_hash")
+	}
+
+	fn update_shard_config_call_indexes(&self) -> Result<[u8; 2]> {
+		self.call_indexes(ENCLAVE_BRIDGE, "update_shard_config")
+	}
+}
+
+impl EnclaveBridgeStorageKey for NodeMetadata {
+	fn shard_status_storage_map_key(&self, index: u64) -> Result<StorageKey> {
+		self.storage_map_key(ENCLAVE_BRIDGE, "ShardStatus", index)
+	}
+	fn shard_config_registry_storage_map_key(&self, index: u64) -> Result<StorageKey> {
+		self.storage_map_key(ENCLAVE_BRIDGE, "ShardConfigRegistry", index)
+	}
+}
diff --git a/core-primitives/node-api/metadata/src/pallet_teerex.rs b/core-primitives/node-api/metadata/src/pallet_teerex.rs
index c50b991d0a..73f1e2a043 100644
--- a/core-primitives/node-api/metadata/src/pallet_teerex.rs
+++ b/core-primitives/node-api/metadata/src/pallet_teerex.rs
@@ -21,40 +21,34 @@ use sp_core::storage::StorageKey;
 const TEEREX: &str = "Teerex";
 
 pub trait TeerexCallIndexes {
-	fn register_ias_enclave_call_indexes(&self) -> Result<[u8; 2]>;
+	fn register_sgx_enclave_call_indexes(&self) -> Result<[u8; 2]>;
 
-	fn register_dcap_enclave_call_indexes(&self) -> Result<[u8; 2]>;
+	fn unregister_sovereign_enclave_call_indexes(&self) -> Result<[u8; 2]>;
 
-	fn unregister_enclave_call_indexes(&self) -> Result<[u8; 2]>;
+	fn unregister_proxied_enclave_call_indexes(&self) -> Result<[u8; 2]>;
 
 	fn register_quoting_enclave_call_indexes(&self) -> Result<[u8; 2]>;
 
 	fn register_tcb_info_call_indexes(&self) -> Result<[u8; 2]>;
-
-	fn call_worker_call_indexes(&self) -> Result<[u8; 2]>;
-
-	fn confirm_processed_parentchain_block_call_indexes(&self) -> Result<[u8; 2]>;
-
-	fn shield_funds_call_indexes(&self) -> Result<[u8; 2]>;
-
-	fn unshield_funds_call_indexes(&self) -> Result<[u8; 2]>;
-
-	fn publish_hash_call_indexes(&self) -> Result<[u8; 2]>;
 }
 
 pub trait TeerexStorageKey {
-	fn enclave_count_storage_key(&self) -> Result<StorageKey>;
+	fn sovereign_enclaves_storage_map_key(&self, index: u64) -> Result<StorageKey>;
 
-	fn enclave_registry_storage_map_key(&self, index: u64) -> Result<StorageKey>;
+	fn proxied_enclaves_storage_map_key(&self, index: u64) -> Result<StorageKey>;
 }
 
 impl TeerexCallIndexes for NodeMetadata {
-	fn register_ias_enclave_call_indexes(&self) -> Result<[u8; 2]> {
-		self.call_indexes(TEEREX, "register_ias_enclave")
+	fn register_sgx_enclave_call_indexes(&self) -> Result<[u8; 2]> {
+		self.call_indexes(TEEREX, "register_sgx_enclave")
 	}
 
-	fn register_dcap_enclave_call_indexes(&self) -> Result<[u8; 2]> {
-		self.call_indexes(TEEREX, "register_dcap_enclave")
+	fn unregister_sovereign_enclave_call_indexes(&self) -> Result<[u8; 2]> {
+		self.call_indexes(TEEREX, "unregister_sovereign_enclave")
+	}
+
+	fn unregister_proxied_enclave_call_indexes(&self) -> Result<[u8; 2]> {
+		self.call_indexes(TEEREX, "unregister_proxied_enclave")
 	}
 
 	fn register_quoting_enclave_call_indexes(&self) -> Result<[u8; 2]> {
@@ -64,38 +58,13 @@ impl TeerexCallIndexes for NodeMetadata {
 	fn register_tcb_info_call_indexes(&self) -> Result<[u8; 2]> {
 		self.call_indexes(TEEREX, "register_tcb_info")
 	}
-
-	fn unregister_enclave_call_indexes(&self) -> Result<[u8; 2]> {
-		self.call_indexes(TEEREX, "unregister_enclave")
-	}
-
-	fn call_worker_call_indexes(&self) -> Result<[u8; 2]> {
-		self.call_indexes(TEEREX, "call_worker")
-	}
-
-	fn confirm_processed_parentchain_block_call_indexes(&self) -> Result<[u8; 2]> {
-		self.call_indexes(TEEREX, "confirm_processed_parentchain_block")
-	}
-
-	fn shield_funds_call_indexes(&self) -> Result<[u8; 2]> {
-		self.call_indexes(TEEREX, "shield_funds")
-	}
-
-	fn unshield_funds_call_indexes(&self) -> Result<[u8; 2]> {
-		self.call_indexes(TEEREX, "unshield_funds")
-	}
-
-	fn publish_hash_call_indexes(&self) -> Result<[u8; 2]> {
-		self.call_indexes(TEEREX, "publish_hash")
-	}
 }
 
 impl TeerexStorageKey for NodeMetadata {
-	fn enclave_count_storage_key(&self) -> Result<StorageKey> {
-		self.storage_value_key(TEEREX, "EnclaveCount")
+	fn sovereign_enclaves_storage_map_key(&self, index: u64) -> Result<StorageKey> {
+		self.storage_map_key(TEEREX, "SovereignEnclaves", index)
 	}
-
-	fn enclave_registry_storage_map_key(&self, index: u64) -> Result<StorageKey> {
-		self.storage_map_key(TEEREX, "EnclaveRegistry", index)
+	fn proxied_enclaves_storage_map_key(&self, index: u64) -> Result<StorageKey> {
+		self.storage_map_key(TEEREX, "ProxiedEnclaves", index)
 	}
 }
diff --git a/core-primitives/teerex-storage/Cargo.toml b/core-primitives/teerex-storage/Cargo.toml
index f2cc061859..15333c49b6 100644
--- a/core-primitives/teerex-storage/Cargo.toml
+++ b/core-primitives/teerex-storage/Cargo.toml
@@ -9,10 +9,12 @@ sp-std = { default-features = false, git = "https://github.com/paritytech/substr
 
 #local deps
 itp-storage = { path = "../storage", default-features = false }
+itp-types = { path = "../types", default-features = false }
 
 [features]
 default = ["std"]
 std = [
     "sp-std/std",
     "itp-storage/std",
+    "itp-types/std",
 ]
diff --git a/core-primitives/teerex-storage/src/lib.rs b/core-primitives/teerex-storage/src/lib.rs
index 706d92fcb1..61bfe1f37d 100644
--- a/core-primitives/teerex-storage/src/lib.rs
+++ b/core-primitives/teerex-storage/src/lib.rs
@@ -1,6 +1,7 @@
 #![cfg_attr(not(feature = "std"), no_std)]
 
-use itp_storage::{storage_map_key, storage_value_key, StorageHasher};
+use itp_storage::{storage_map_key, StorageHasher};
+use itp_types::AccountId;
 use sp_std::prelude::Vec;
 
 pub struct TeeRexStorage;
@@ -20,16 +21,16 @@ impl StoragePrefix for TeeRexStorage {
 }
 
 pub trait TeerexStorageKeys {
-	fn enclave_count() -> Vec<u8>;
-	fn enclave(index: u64) -> Vec<u8>;
+	fn sovereign_enclaves(account: AccountId) -> Vec<u8>;
 }
 
 impl<S: StoragePrefix> TeerexStorageKeys for S {
-	fn enclave_count() -> Vec<u8> {
-		storage_value_key(Self::prefix(), "EnclaveCount")
-	}
-
-	fn enclave(index: u64) -> Vec<u8> {
-		storage_map_key(Self::prefix(), "EnclaveRegistry", &index, &StorageHasher::Blake2_128Concat)
+	fn sovereign_enclaves(account: AccountId) -> Vec<u8> {
+		storage_map_key(
+			Self::prefix(),
+			"SovereignEnclaves",
+			&account,
+			&StorageHasher::Blake2_128Concat,
+		)
 	}
 }
diff --git a/core-primitives/test/Cargo.toml b/core-primitives/test/Cargo.toml
index 422b6881ce..366a157577 100644
--- a/core-primitives/test/Cargo.toml
+++ b/core-primitives/test/Cargo.toml
@@ -20,13 +20,13 @@ sp-std = { default-features = false, git = "https://github.com/paritytech/substr
 
 # local deps
 ita-stf = { path = "../../app-libs/stf", default-features = false }
+itp-enclave-bridge-storage = { path = "../enclave-bridge-storage", default-features = false }
 itp-ocall-api = { path = "../ocall-api", default-features = false }
 itp-sgx-crypto = { path = "../sgx/crypto", default-features = false }
 itp-sgx-externalities = { default-features = false, path = "../substrate-sgx/externalities" }
 itp-stf-interface = { path = "../stf-interface", default-features = false }
 itp-stf-state-handler = { path = "../stf-state-handler", default-features = false }
 itp-storage = { path = "../storage", default-features = false }
-itp-teerex-storage = { path = "../teerex-storage", default-features = false }
 itp-time-utils = { path = "../time-utils", default-features = false }
 itp-types = { path = "../types", default-features = false, features = ["test"] }
 
@@ -40,7 +40,7 @@ std = [
     "itp-stf-interface/std",
     "itp-stf-state-handler/std",
     "itp-storage/std",
-    "itp-teerex-storage/std",
+    "itp-enclave-bridge-storage/std",
     "itp-time-utils/std",
     "itp-types/std",
     "itp-ocall-api/std",
diff --git a/core-primitives/test/src/builders/enclave_gen_builder.rs b/core-primitives/test/src/builders/enclave_gen_builder.rs
index 1268e5d1b4..85e807c628 100644
--- a/core-primitives/test/src/builders/enclave_gen_builder.rs
+++ b/core-primitives/test/src/builders/enclave_gen_builder.rs
@@ -17,7 +17,7 @@
 */
 
 use itp_time_utils::now_as_millis;
-use itp_types::{EnclaveGen, PalletString};
+use itp_types::{Enclave, PalletString};
 
 /// Builder for a generic enclave (`EnclaveGen`) struct.
 pub struct EnclaveGenBuilder<AccountId> {
diff --git a/core-primitives/test/src/lib.rs b/core-primitives/test/src/lib.rs
index 7ce2315298..a835b0d3a2 100644
--- a/core-primitives/test/src/lib.rs
+++ b/core-primitives/test/src/lib.rs
@@ -32,5 +32,4 @@ pub mod sgx_reexport_prelude {
 	pub use jsonrpc_core_sgx as jsonrpc_core;
 }
 
-pub mod builders;
 pub mod mock;
diff --git a/core-primitives/test/src/mock/onchain_mock.rs b/core-primitives/test/src/mock/onchain_mock.rs
index fec1865806..8a96dde164 100644
--- a/core-primitives/test/src/mock/onchain_mock.rs
+++ b/core-primitives/test/src/mock/onchain_mock.rs
@@ -18,15 +18,15 @@
 
 use codec::{Decode, Encode};
 use core::fmt::Debug;
+use itp_enclave_bridge_storage::{EnclaveBridgeStorage, EnclaveBridgeStorageKeys};
 use itp_ocall_api::{
 	EnclaveAttestationOCallApi, EnclaveMetricsOCallApi, EnclaveOnChainOCallApi,
 	EnclaveSidechainOCallApi,
 };
 use itp_storage::Error::StorageValueUnavailable;
-use itp_teerex_storage::{TeeRexStorage, TeerexStorageKeys};
 use itp_types::{
-	storage::StorageEntryVerified, BlockHash, Enclave, ShardIdentifier, WorkerRequest,
-	WorkerResponse,
+	storage::StorageEntryVerified, AccountId, BlockHash, EnclaveFingerprint, ShardIdentifier,
+	ShardSignerStatus, WorkerRequest, WorkerResponse,
 };
 use sgx_types::*;
 use sp_core::H256;
@@ -55,11 +55,20 @@ impl OnchainMock {
 	pub fn add_validateer_set<Header: HeaderTrait<Hash = H256>>(
 		mut self,
 		header: &Header,
-		set: Option<Vec<Enclave>>,
+		shard: ShardIdentifier,
+		set: Option<Vec<AccountId>>,
 	) -> Self {
-		let set = set.unwrap_or_else(validateer_set);
-		self.insert_at_header(header, TeeRexStorage::enclave_count(), (set.len() as u64).encode());
-		self.with_storage_entries_at_header(header, into_key_value_storage(set))
+		let set: Vec<ShardSignerStatus> = set
+			.unwrap_or_else(validateer_set)
+			.iter()
+			.map(|account| ShardSignerStatus {
+				signer: account.clone(),
+				fingerprint: EnclaveFingerprint::default(),
+				last_activity: 0,
+			})
+			.collect();
+		self.insert_at_header(header, EnclaveBridgeStorage::shard_status(shard), set.encode());
+		self
 	}
 
 	pub fn with_mr_enclave(mut self, mr_enclave: [u8; SGX_HASH_SIZE]) -> Self {
@@ -208,20 +217,11 @@ impl EnclaveOnChainOCallApi for OnchainMock {
 	}
 }
 
-pub fn validateer_set() -> Vec<Enclave> {
-	let default_enclave = Enclave::new(
+pub fn validateer_set() -> Vec<AccountId> {
+	vec![
 		AccountId32::from([0; 32]),
-		Default::default(),
-		Default::default(),
-		Default::default(),
-	);
-	vec![default_enclave.clone(), default_enclave.clone(), default_enclave.clone(), default_enclave]
-}
-
-fn into_key_value_storage(validateers: Vec<Enclave>) -> Vec<(Vec<u8>, Enclave)> {
-	validateers
-		.into_iter()
-		.enumerate()
-		.map(|(i, e)| (TeeRexStorage::enclave(i as u64 + 1), e))
-		.collect()
+		AccountId32::from([1; 32]),
+		AccountId32::from([2; 32]),
+		AccountId32::from([3; 32]),
+	]
 }
diff --git a/core-primitives/top-pool-author/src/author.rs b/core-primitives/top-pool-author/src/author.rs
index 362e9aa016..66e1865d05 100644
--- a/core-primitives/top-pool-author/src/author.rs
+++ b/core-primitives/top-pool-author/src/author.rs
@@ -322,6 +322,10 @@ where
 		self.top_pool.shards()
 	}
 
+	fn list_handled_shards(&self) -> Vec<ShardIdentifier> {
+		self.state_facade.list_shards().unwrap_or_default()
+	}
+
 	fn remove_calls_from_pool(
 		&self,
 		shard: ShardIdentifier,
diff --git a/core-primitives/top-pool-author/src/mocks.rs b/core-primitives/top-pool-author/src/mocks.rs
index 154502245b..693c27f8a4 100644
--- a/core-primitives/top-pool-author/src/mocks.rs
+++ b/core-primitives/top-pool-author/src/mocks.rs
@@ -168,6 +168,11 @@ impl AuthorApi<H256, H256> for AuthorApiMock<H256, H256> {
 		self.tops.read().unwrap().keys().cloned().collect()
 	}
 
+	fn list_handled_shards(&self) -> Vec<ShardIdentifier> {
+		//dummy
+		self.tops.read().unwrap().keys().cloned().collect()
+	}
+
 	fn remove_calls_from_pool(
 		&self,
 		shard: ShardIdentifier,
diff --git a/core-primitives/top-pool-author/src/traits.rs b/core-primitives/top-pool-author/src/traits.rs
index 692431c910..b2e490423f 100644
--- a/core-primitives/top-pool-author/src/traits.rs
+++ b/core-primitives/top-pool-author/src/traits.rs
@@ -53,8 +53,12 @@ pub trait AuthorApi<Hash, BlockHash> {
 		account: &AccountId,
 	) -> Vec<TrustedOperation>;
 
+	/// returns all shards which are currently present in the tops in the pool
 	fn get_shards(&self) -> Vec<ShardIdentifier>;
 
+	/// returns all shards which are handled by our worker
+	fn list_handled_shards(&self) -> Vec<ShardIdentifier>;
+
 	/// Remove a collection of trusted operations from the pool.
 	/// Return operations that were not successfully removed.
 	fn remove_calls_from_pool(
diff --git a/core-primitives/types/Cargo.toml b/core-primitives/types/Cargo.toml
index 701fe14c93..49747cdc99 100644
--- a/core-primitives/types/Cargo.toml
+++ b/core-primitives/types/Cargo.toml
@@ -3,7 +3,7 @@ name = "itp-types"
 version = "0.9.0"
 authors = ["Integritee AG <hello@integritee.network>"]
 homepage = "https://integritee.network/"
-repository = "https://github.com/integritee-network/pallets/"
+repository = "https://github.com/integritee-network/worker/"
 license = "Apache-2.0"
 edition = "2021"
 
@@ -25,7 +25,10 @@ sp-runtime = { default-features = false, git = "https://github.com/paritytech/su
 sp-std = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
 
 # integritee-node
+enclave-bridge-primitives = { git = "https://github.com/integritee-network/pallets.git", default-features = false, branch = "polkadot-v0.9.42" }
 my-node-runtime = { package = "integritee-node-runtime", optional = true, git = "https://github.com/integritee-network/integritee-node.git", branch = "polkadot-v0.9.42" }
+teerex-primitives = { git = "https://github.com/integritee-network/pallets.git", default-features = false, branch = "polkadot-v0.9.42" }
+
 
 [features]
 default = ["std"]
@@ -37,6 +40,8 @@ std = [
     "serde_json/std",
     "primitive-types/std",
     "itp-sgx-runtime-primitives/std",
+    "teerex-primitives/std",
+    "enclave-bridge-primitives/std",
     # substrate
     "frame-system/std",
     "pallet-balances/std",
diff --git a/core-primitives/types/src/lib.rs b/core-primitives/types/src/lib.rs
index fa1d22f5a7..879d958e84 100644
--- a/core-primitives/types/src/lib.rs
+++ b/core-primitives/types/src/lib.rs
@@ -44,10 +44,17 @@ pub type IpfsHash = [u8; 46];
 pub type MrEnclave = [u8; 32];
 
 pub type ConfirmCallFn = ([u8; 2], ShardIdentifier, H256, Vec<u8>);
-pub type ShieldFundsFn = ([u8; 2], Vec<u8>, Balance, ShardIdentifier);
+pub type ShieldFundsFn = ([u8; 2], ShardIdentifier, Vec<u8>, Balance);
 pub type CallWorkerFn = ([u8; 2], Request);
 
-pub type Enclave = EnclaveGen<AccountId>;
+use enclave_bridge_primitives::ShardSignerStatus as ShardSignerStatusGen;
+pub type ShardSignerStatus = ShardSignerStatusGen<AccountId, BlockNumber>;
+pub type ShardStatus = Vec<ShardSignerStatus>;
+pub use enclave_bridge_primitives::Request;
+pub use teerex_primitives::{
+	EnclaveFingerprint, MultiEnclave, SgxBuildMode, SgxEnclave, SgxReportData, SgxStatus,
+};
+pub type Enclave = MultiEnclave<Vec<u8>>;
 
 /// Simple blob to hold an encoded call
 #[derive(Debug, PartialEq, Eq, Clone, Default)]
@@ -66,30 +73,6 @@ impl Encode for OpaqueCall {
 	}
 }
 
-// Note in the pallet teerex this is a struct. But for the codec this does not matter.
-#[derive(Encode, Decode, Default, Clone, PartialEq, Eq, Debug)]
-pub struct Request {
-	pub shard: ShardIdentifier,
-	pub cyphertext: Vec<u8>,
-}
-
-// Todo: move this improved enclave definition into a primitives crate in the pallet_teerex repo.
-#[derive(Encode, Decode, Clone, PartialEq, sp_core::RuntimeDebug)]
-pub struct EnclaveGen<AccountId> {
-	pub pubkey: AccountId,
-	// FIXME: this is redundant information
-	pub mr_enclave: [u8; 32],
-	pub timestamp: u64,
-	// unix epoch in milliseconds
-	pub url: PalletString, // utf8 encoded url
-}
-
-impl<AccountId> EnclaveGen<AccountId> {
-	pub fn new(pubkey: AccountId, mr_enclave: [u8; 32], timestamp: u64, url: PalletString) -> Self {
-		Self { pubkey, mr_enclave, timestamp, url }
-	}
-}
-
 #[derive(Debug, Clone, PartialEq, Encode, Decode)]
 pub enum DirectRequestStatus {
 	/// Direct request was successfully executed
diff --git a/core-primitives/utils/Cargo.toml b/core-primitives/utils/Cargo.toml
index f2736695af..bc634cfadb 100644
--- a/core-primitives/utils/Cargo.toml
+++ b/core-primitives/utils/Cargo.toml
@@ -3,7 +3,7 @@ name = "itp-utils"
 version = "0.9.0"
 authors = ["Integritee AG <hello@integritee.network>"]
 homepage = "https://integritee.network/"
-repository = "https://github.com/integritee-network/pallets/"
+repository = "https://github.com/integritee-network/worker/"
 license = "Apache-2.0"
 edition = "2021"
 
diff --git a/core/parentchain/indirect-calls-executor/src/executor.rs b/core/parentchain/indirect-calls-executor/src/executor.rs
index d426468f00..2730b525fd 100644
--- a/core/parentchain/indirect-calls-executor/src/executor.rs
+++ b/core/parentchain/indirect-calls-executor/src/executor.rs
@@ -30,7 +30,8 @@ use codec::Encode;
 use core::marker::PhantomData;
 use ita_stf::{TrustedCall, TrustedCallSigned};
 use itp_node_api::metadata::{
-	pallet_teerex::TeerexCallIndexes, provider::AccessNodeMetadata, NodeMetadataTrait,
+	pallet_enclave_bridge::EnclaveBridgeCallIndexes, provider::AccessNodeMetadata,
+	NodeMetadataTrait,
 };
 use itp_sgx_crypto::{key_repository::AccessKey, ShieldingCryptoDecrypt, ShieldingCryptoEncrypt};
 use itp_stf_executor::traits::StfEnclaveSigning;
@@ -127,7 +128,7 @@ impl<
 		let block_number = *block.header().number();
 		let block_hash = block.hash();
 
-		debug!("Scanning block {:?} for relevant xt", block_number);
+		trace!("Scanning block {:?} for relevant xt", block_number);
 		let mut executed_calls = Vec::<H256>::new();
 
 		let events = self
@@ -138,7 +139,7 @@ impl<
 			.ok_or_else(|| Error::Other("Could not create events from metadata".into()))?;
 
 		let xt_statuses = events.get_extrinsic_statuses()?;
-		debug!("xt_statuses:: {:?}", xt_statuses);
+		trace!("xt_statuses:: {:?}", xt_statuses);
 
 		// This would be catastrophic but should never happen
 		if xt_statuses.len() != block.extrinsics().len() {
@@ -168,7 +169,7 @@ impl<
 				executed_calls.push(hash_of(&call));
 			}
 		}
-
+		debug!("successfully processed {} indirect invocations", executed_calls.len());
 		// Include a processed parentchain block confirmation for each block.
 		self.create_processed_parentchain_block_call::<ParentchainBlock>(
 			block_hash,
@@ -189,9 +190,14 @@ impl<
 		let call = self.node_meta_data_provider.get_from_metadata(|meta_data| {
 			meta_data.confirm_processed_parentchain_block_call_indexes()
 		})??;
-
 		let root: H256 = merkle_root::<Keccak256, _>(extrinsics);
-		Ok(OpaqueCall::from_tuple(&(call, block_hash, block_number, root)))
+
+		let fallback = ShardIdentifier::default();
+		let handled_shards = self.top_pool_author.list_handled_shards();
+		trace!("got handled shards: {:?}", handled_shards);
+		let shard = handled_shards.get(0).unwrap_or(&fallback);
+		trace!("prepared confirm_processed_parentchain_block() call for block {:?} with index {:?} and merkle root {}", block_number, call, root);
+		Ok(OpaqueCall::from_tuple(&(call, shard, block_hash, block_number, root)))
 	}
 }
 
@@ -256,7 +262,7 @@ pub(crate) fn hash_of<T: Encode>(xt: &T) -> H256 {
 mod test {
 	use super::*;
 	use crate::{
-		filter_metadata::{ShieldFundsAndCallWorkerFilter, TestEventCreator},
+		filter_metadata::{ShieldFundsAndInvokeFilter, TestEventCreator},
 		parentchain_parser::ParentchainExtrinsicParser,
 	};
 	use codec::{Decode, Encode};
@@ -290,7 +296,7 @@ mod test {
 		TestStfEnclaveSigner,
 		TestTopPoolAuthor,
 		TestNodeMetadataRepository,
-		ShieldFundsAndCallWorkerFilter<ParentchainExtrinsicParser>,
+		ShieldFundsAndInvokeFilter<ParentchainExtrinsicParser>,
 		TestEventCreator,
 	>;
 
@@ -305,8 +311,7 @@ mod test {
 			test_fixtures([0u8; 32], NodeMetadataMock::new());
 
 		let opaque_extrinsic =
-			OpaqueExtrinsic::from_bytes(call_worker_unchecked_extrinsic().encode().as_slice())
-				.unwrap();
+			OpaqueExtrinsic::from_bytes(invoke_unchecked_extrinsic().encode().as_slice()).unwrap();
 
 		let parentchain_block = ParentchainBlockBuilder::default()
 			.with_extrinsics(vec![opaque_extrinsic])
@@ -362,8 +367,14 @@ mod test {
 		let extrinsics = Vec::new();
 		let confirm_processed_parentchain_block_indexes =
 			dummy_metadata.confirm_processed_parentchain_block_call_indexes().unwrap();
-		let expected_call =
-			(confirm_processed_parentchain_block_indexes, block_hash, 1, H256::default()).encode();
+		let expected_call = (
+			confirm_processed_parentchain_block_indexes,
+			ShardIdentifier::default(),
+			block_hash,
+			1,
+			H256::default(),
+		)
+			.encode();
 
 		// when
 		let call = indirect_calls_executor
@@ -405,17 +416,17 @@ mod test {
 
 		let shield_funds_indexes = dummy_metadata.shield_funds_call_indexes().unwrap();
 		ParentchainUncheckedExtrinsic::<ShieldFundsFn>::new_signed(
-			(shield_funds_indexes, target_account, 1000u128, shard_id()),
+			(shield_funds_indexes, shard_id(), target_account, 1000u128),
 			Address::Address32([1u8; 32]),
 			MultiSignature::Ed25519(default_signature()),
 			default_extrinsic_params().signed_extra(),
 		)
 	}
 
-	fn call_worker_unchecked_extrinsic() -> ParentchainUncheckedExtrinsic<CallWorkerFn> {
+	fn invoke_unchecked_extrinsic() -> ParentchainUncheckedExtrinsic<CallWorkerFn> {
 		let request = Request { shard: shard_id(), cyphertext: vec![1u8, 2u8] };
 		let dummy_metadata = NodeMetadataMock::new();
-		let call_worker_indexes = dummy_metadata.call_worker_call_indexes().unwrap();
+		let call_worker_indexes = dummy_metadata.invoke_call_indexes().unwrap();
 
 		ParentchainUncheckedExtrinsic::<CallWorkerFn>::new_signed(
 			(call_worker_indexes, request),
diff --git a/core/parentchain/indirect-calls-executor/src/filter_metadata.rs b/core/parentchain/indirect-calls-executor/src/filter_metadata.rs
index 23d87bde8f..0a919f5390 100644
--- a/core/parentchain/indirect-calls-executor/src/filter_metadata.rs
+++ b/core/parentchain/indirect-calls-executor/src/filter_metadata.rs
@@ -18,7 +18,7 @@
 use crate::{
 	error::Result,
 	event_filter::{FilterEvents, MockEvents},
-	indirect_calls::{CallWorkerArgs, ShiedFundsArgs},
+	indirect_calls::{InvokeArgs, ShieldFundsArgs},
 	parentchain_parser::ParseExtrinsic,
 	IndirectDispatch, IndirectExecutor,
 };
@@ -96,12 +96,12 @@ impl FilterIntoDataFrom<NodeMetadata> for DenyAll {
 }
 
 /// Default filter we use for the Integritee-Parachain.
-pub struct ShieldFundsAndCallWorkerFilter<ExtrinsicParser> {
+pub struct ShieldFundsAndInvokeFilter<ExtrinsicParser> {
 	_phantom: PhantomData<ExtrinsicParser>,
 }
 
 impl<ExtrinsicParser, NodeMetadata: NodeMetadataTrait> FilterIntoDataFrom<NodeMetadata>
-	for ShieldFundsAndCallWorkerFilter<ExtrinsicParser>
+	for ShieldFundsAndInvokeFilter<ExtrinsicParser>
 where
 	ExtrinsicParser: ParseExtrinsic,
 {
@@ -123,16 +123,17 @@ where
 				return None
 			},
 		};
-
 		let index = xt.call_index;
 		let call_args = &mut &xt.call_args[..];
-
+		log::trace!("attempting to execute indirect call with index {:?}", index);
 		if index == metadata.shield_funds_call_indexes().ok()? {
-			let args = decode_and_log_error::<ShiedFundsArgs>(call_args)?;
+			log::trace!("executing shield funds call");
+			let args = decode_and_log_error::<ShieldFundsArgs>(call_args)?;
 			Some(IndirectCall::ShieldFunds(args))
-		} else if index == metadata.call_worker_call_indexes().ok()? {
-			let args = decode_and_log_error::<CallWorkerArgs>(call_args)?;
-			Some(IndirectCall::CallWorker(args))
+		} else if index == metadata.invoke_call_indexes().ok()? {
+			log::trace!("executing invoke call");
+			let args = decode_and_log_error::<InvokeArgs>(call_args)?;
+			Some(IndirectCall::Invoke(args))
 		} else {
 			None
 		}
@@ -145,15 +146,15 @@ where
 /// can implemeent their own indirect call there.
 #[derive(Debug, Clone, Encode, Decode, Eq, PartialEq)]
 pub enum IndirectCall {
-	ShieldFunds(ShiedFundsArgs),
-	CallWorker(CallWorkerArgs),
+	ShieldFunds(ShieldFundsArgs),
+	Invoke(InvokeArgs),
 }
 
 impl<Executor: IndirectExecutor> IndirectDispatch<Executor> for IndirectCall {
 	fn dispatch(&self, executor: &Executor) -> Result<()> {
 		match self {
-			IndirectCall::ShieldFunds(shieldfunds) => shieldfunds.dispatch(executor),
-			IndirectCall::CallWorker(call_worker) => call_worker.dispatch(executor),
+			IndirectCall::ShieldFunds(shieldfunds_args) => shieldfunds_args.dispatch(executor),
+			IndirectCall::Invoke(invoke_args) => invoke_args.dispatch(executor),
 		}
 	}
 }
diff --git a/core/parentchain/indirect-calls-executor/src/indirect_calls/call_worker.rs b/core/parentchain/indirect-calls-executor/src/indirect_calls/invoke.rs
similarity index 96%
rename from core/parentchain/indirect-calls-executor/src/indirect_calls/call_worker.rs
rename to core/parentchain/indirect-calls-executor/src/indirect_calls/invoke.rs
index 383f8eed4a..076e06e87c 100644
--- a/core/parentchain/indirect-calls-executor/src/indirect_calls/call_worker.rs
+++ b/core/parentchain/indirect-calls-executor/src/indirect_calls/invoke.rs
@@ -20,11 +20,11 @@ use codec::{Decode, Encode};
 use itp_types::Request;
 
 #[derive(Debug, Clone, Encode, Decode, Eq, PartialEq)]
-pub struct CallWorkerArgs {
+pub struct InvokeArgs {
 	request: Request,
 }
 
-impl<Executor: IndirectExecutor> IndirectDispatch<Executor> for CallWorkerArgs {
+impl<Executor: IndirectExecutor> IndirectDispatch<Executor> for InvokeArgs {
 	fn dispatch(&self, executor: &Executor) -> Result<()> {
 		log::debug!("Found trusted call extrinsic, submitting it to the top pool");
 		executor.submit_trusted_call(self.request.shard, self.request.cyphertext.clone());
diff --git a/core/parentchain/indirect-calls-executor/src/indirect_calls/mod.rs b/core/parentchain/indirect-calls-executor/src/indirect_calls/mod.rs
index 503ed9bbbb..c25aa51717 100644
--- a/core/parentchain/indirect-calls-executor/src/indirect_calls/mod.rs
+++ b/core/parentchain/indirect-calls-executor/src/indirect_calls/mod.rs
@@ -15,8 +15,8 @@
 
 */
 
-mod call_worker;
+mod invoke;
 mod shield_funds;
 
-pub use call_worker::CallWorkerArgs;
-pub use shield_funds::ShiedFundsArgs;
+pub use invoke::InvokeArgs;
+pub use shield_funds::ShieldFundsArgs;
diff --git a/core/parentchain/indirect-calls-executor/src/indirect_calls/shield_funds.rs b/core/parentchain/indirect-calls-executor/src/indirect_calls/shield_funds.rs
index ddf510b696..ed76922705 100644
--- a/core/parentchain/indirect-calls-executor/src/indirect_calls/shield_funds.rs
+++ b/core/parentchain/indirect-calls-executor/src/indirect_calls/shield_funds.rs
@@ -25,13 +25,13 @@ use std::vec::Vec;
 
 /// Arguments of the Integritee-Parachain's shield fund dispatchable.
 #[derive(Debug, Clone, Encode, Decode, Eq, PartialEq)]
-pub struct ShiedFundsArgs {
+pub struct ShieldFundsArgs {
+	shard: ShardIdentifier,
 	account_encrypted: Vec<u8>,
 	amount: Balance,
-	shard: ShardIdentifier,
 }
 
-impl<Executor: IndirectExecutor> IndirectDispatch<Executor> for ShiedFundsArgs {
+impl<Executor: IndirectExecutor> IndirectDispatch<Executor> for ShieldFundsArgs {
 	fn dispatch(&self, executor: &Executor) -> Result<()> {
 		info!("Found ShieldFunds extrinsic in block: \nAccount Encrypted {:?} \nAmount: {} \nShard: {}",
         	self.account_encrypted, self.amount, bs58::encode(self.shard.encode()).into_string());
diff --git a/core/parentchain/light-client/src/concurrent_access.rs b/core/parentchain/light-client/src/concurrent_access.rs
index e5596a7d55..f6482c9233 100644
--- a/core/parentchain/light-client/src/concurrent_access.rs
+++ b/core/parentchain/light-client/src/concurrent_access.rs
@@ -31,7 +31,7 @@ use crate::{
 };
 use finality_grandpa::BlockNumberOps;
 use sp_runtime::traits::{Block as ParentchainBlockTrait, NumberFor};
-use std::marker::PhantomData;
+use std::{marker::PhantomData, sync::Arc};
 
 /// Retrieve an exclusive lock on a validator for either read or write access.
 ///
@@ -62,7 +62,7 @@ where
 /// Implementation of a validator access based on a global lock and corresponding file.
 #[derive(Debug)]
 pub struct ValidatorAccessor<Validator, ParentchainBlock, LightClientSeal> {
-	seal: LightClientSeal,
+	seal: Arc<LightClientSeal>,
 	light_validation: RwLock<Validator>,
 	_phantom: PhantomData<(LightClientSeal, Validator, ParentchainBlock)>,
 }
@@ -70,7 +70,7 @@ pub struct ValidatorAccessor<Validator, ParentchainBlock, LightClientSeal> {
 impl<Validator, ParentchainBlock, LightClientSeal>
 	ValidatorAccessor<Validator, ParentchainBlock, LightClientSeal>
 {
-	pub fn new(validator: Validator, seal: LightClientSeal) -> Self {
+	pub fn new(validator: Validator, seal: Arc<LightClientSeal>) -> Self {
 		ValidatorAccessor {
 			light_validation: RwLock::new(validator),
 			seal,
@@ -85,7 +85,7 @@ where
 	Validator: ValidatorTrait<ParentchainBlock>
 		+ LightClientState<ParentchainBlock>
 		+ ExtrinsicSenderTrait,
-	Seal: LightClientSealing<LightValidationState<ParentchainBlock>>,
+	Seal: LightClientSealing<LightClientState = LightValidationState<ParentchainBlock>>,
 	ParentchainBlock: ParentchainBlockTrait,
 	NumberFor<ParentchainBlock>: BlockNumberOps,
 {
@@ -126,7 +126,7 @@ mod tests {
 	fn execute_with_and_without_mut_in_single_thread_works() {
 		let validator_mock = ValidatorMock::default();
 		let seal = LightValidationStateSealMock::new();
-		let accessor = TestAccessor::new(validator_mock, seal);
+		let accessor = TestAccessor::new(validator_mock, seal.into());
 
 		let _read_result = accessor.execute_on_validator(|_v| Ok(())).unwrap();
 		let _write_result = accessor.execute_mut_on_validator(|_v| Ok(())).unwrap();
diff --git a/core/parentchain/light-client/src/io.rs b/core/parentchain/light-client/src/io.rs
index 645615b142..9937729c15 100644
--- a/core/parentchain/light-client/src/io.rs
+++ b/core/parentchain/light-client/src/io.rs
@@ -16,7 +16,7 @@
 */
 
 use crate::{
-	error::Result,
+	error::{Error, Result},
 	finality::{Finality, GrandpaFinality, ParachainFinality},
 	light_client_init_params::{GrandpaParams, SimpleParams},
 	light_validation::{check_validator_set_proof, LightValidation},
@@ -37,6 +37,12 @@ use std::{
 	sync::Arc,
 };
 
+#[cfg(feature = "sgx")]
+use std::sync::SgxRwLock as RwLock;
+
+#[cfg(feature = "std")]
+use std::sync::RwLock;
+
 pub const DB_FILE: &str = "db.bin";
 pub const BACKUP_FILE: &str = "db.bin.backup";
 
@@ -81,9 +87,11 @@ impl<B, L> LightClientStateSeal<B, L> {
 	}
 }
 
-impl<B: Block, LightClientState: Decode + Encode + Debug> LightClientSealing<LightClientState>
+impl<B: Block, LightClientState: Decode + Encode + Debug> LightClientSealing
 	for LightClientStateSeal<B, LightClientState>
 {
+	type LightClientState = LightClientState;
+
 	fn seal(&self, unsealed: &LightClientState) -> Result<()> {
 		trace!("Backup light client state");
 
@@ -108,6 +116,44 @@ impl<B: Block, LightClientState: Decode + Encode + Debug> LightClientSealing<Lig
 	}
 }
 
+/// Same as [LightClientStateSeal], but it ensures that no concurrent write operations are done
+/// accross different threads.
+#[derive(Debug)]
+pub struct LightClientStateSealSync<B, LightClientState> {
+	seal: LightClientStateSeal<B, LightClientState>,
+	_rw_lock: RwLock<()>,
+}
+
+impl<B, LightClientState> LightClientStateSealSync<B, LightClientState> {
+	pub fn new(base_path: PathBuf) -> Result<Self> {
+		Ok(Self { seal: LightClientStateSeal::new(base_path)?, _rw_lock: RwLock::new(()) })
+	}
+}
+
+impl<B: Block, LightClientState: Decode + Encode + Debug> LightClientSealing
+	for LightClientStateSealSync<B, LightClientState>
+{
+	type LightClientState = LightClientState;
+
+	fn seal(&self, unsealed: &LightClientState) -> Result<()> {
+		let _lock = self._rw_lock.write().map_err(|_| Error::PoisonedLock)?;
+		self.seal.seal(unsealed)
+	}
+
+	fn unseal(&self) -> Result<LightClientState> {
+		let _lock = self._rw_lock.read().map_err(|_| Error::PoisonedLock)?;
+		self.seal.unseal()
+	}
+
+	fn exists(&self) -> bool {
+		self.seal.exists()
+	}
+
+	fn path(&self) -> &Path {
+		self.seal.path()
+	}
+}
+
 // FIXME: This is a lot of duplicate code for the initialization of two
 // different but sameish light clients. Should be tackled with #1081
 pub fn read_or_init_grandpa_validator<B, OCallApi, LightClientSeal>(
@@ -119,7 +165,7 @@ where
 	B: Block,
 	NumberFor<B>: finality_grandpa::BlockNumberOps,
 	OCallApi: EnclaveOnChainOCallApi,
-	LightClientSeal: LightClientSealing<LightValidationState<B>>,
+	LightClientSeal: LightClientSealing<LightClientState = LightValidationState<B>>,
 {
 	check_validator_set_proof::<B>(
 		params.genesis_header.state_root(),
@@ -168,7 +214,7 @@ where
 	B: Block,
 	NumberFor<B>: finality_grandpa::BlockNumberOps,
 	OCallApi: EnclaveOnChainOCallApi,
-	LightClientSeal: LightClientSealing<LightValidationState<B>>,
+	LightClientSeal: LightClientSealing<LightClientState = LightValidationState<B>>,
 {
 	if !seal.exists() {
 		info!("[Enclave] ChainRelay DB not found, creating new! {}", seal.path().display());
diff --git a/core/parentchain/light-client/src/lib.rs b/core/parentchain/light-client/src/lib.rs
index 753d3fc862..100efa41ef 100644
--- a/core/parentchain/light-client/src/lib.rs
+++ b/core/parentchain/light-client/src/lib.rs
@@ -95,9 +95,11 @@ pub trait LightClientState<Block: ParentchainBlockTrait> {
 	fn penultimate_finalized_block_header(&self) -> Result<Block::Header, Error>;
 }
 
-pub trait LightClientSealing<LightClientState> {
-	fn seal(&self, state: &LightClientState) -> Result<(), Error>;
-	fn unseal(&self) -> Result<LightClientState, Error>;
+pub trait LightClientSealing {
+	type LightClientState;
+
+	fn seal(&self, state: &Self::LightClientState) -> Result<(), Error>;
+	fn unseal(&self) -> Result<Self::LightClientState, Error>;
 	fn exists(&self) -> bool;
 	fn path(&self) -> &Path;
 }
diff --git a/core/parentchain/light-client/src/light_validation.rs b/core/parentchain/light-client/src/light_validation.rs
index e4e74633b2..ea8bd53ad9 100644
--- a/core/parentchain/light-client/src/light_validation.rs
+++ b/core/parentchain/light-client/src/light_validation.rs
@@ -105,8 +105,8 @@ impl<Block: ParentchainBlockTrait, OcallApi: EnclaveOnChainOCallApi>
 		}
 
 		// A valid grandpa proof proves finalization of all previous unjustified blocks.
-		relay.header_hashes.append(&mut relay.unjustified_headers);
-		relay.header_hashes.push(header.hash());
+		relay.justify_headers();
+		relay.push_header_hash(header.hash());
 
 		relay.set_last_finalized_block_header(header);
 
diff --git a/core/parentchain/light-client/src/light_validation_state.rs b/core/parentchain/light-client/src/light_validation_state.rs
index f8b34dbf78..b280d05817 100644
--- a/core/parentchain/light-client/src/light_validation_state.rs
+++ b/core/parentchain/light-client/src/light_validation_state.rs
@@ -58,9 +58,7 @@ where
 	}
 
 	fn genesis_hash(&self) -> Result<HashFor<Block>, Error> {
-		let relay = self.get_relay();
-		let hash = relay.header_hashes.get(0).ok_or(Error::NoGenesis)?;
-		Ok(*hash)
+		Ok(self.get_relay().genesis_hash)
 	}
 
 	fn latest_finalized_header(&self) -> Result<Block::Header, Error> {
diff --git a/core/parentchain/light-client/src/mocks/validator_mock_seal.rs b/core/parentchain/light-client/src/mocks/validator_mock_seal.rs
index 6a5f895bd3..4c7e4f25d3 100644
--- a/core/parentchain/light-client/src/mocks/validator_mock_seal.rs
+++ b/core/parentchain/light-client/src/mocks/validator_mock_seal.rs
@@ -40,7 +40,9 @@ impl Default for LightValidationStateSealMock {
 	}
 }
 
-impl LightClientSealing<LightValidationState<Block>> for LightValidationStateSealMock {
+impl LightClientSealing for LightValidationStateSealMock {
+	type LightClientState = LightValidationState<Block>;
+
 	fn unseal(&self) -> Result<LightValidationState<Block>, Error> {
 		Ok(LightValidationState::new(RelayState::new(
 			ParentchainHeaderBuilder::default().build(),
diff --git a/core/parentchain/light-client/src/state.rs b/core/parentchain/light-client/src/state.rs
index d6ba0ede78..1fef61780c 100644
--- a/core/parentchain/light-client/src/state.rs
+++ b/core/parentchain/light-client/src/state.rs
@@ -21,20 +21,47 @@ use sp_runtime::{
 	traits::{Block as BlockT, Header as HeaderT},
 	OpaqueExtrinsic,
 };
-use std::{fmt, vec::Vec};
+use std::{collections::VecDeque, fmt, vec::Vec};
+
+/// Defines the amount of parentchain headers to keep.
+pub const PARENTCHAIN_HEADER_PRUNING: u64 = 1000;
 
 #[derive(Encode, Decode, Clone, Eq, PartialEq)]
 pub struct RelayState<Block: BlockT> {
+	pub genesis_hash: Block::Hash,
 	pub last_finalized_block_header: Block::Header,
 	pub penultimate_finalized_block_header: Block::Header,
 	pub current_validator_set: AuthorityList,
 	pub current_validator_set_id: SetId,
-	pub header_hashes: Vec<Block::Hash>,
+	header_hashes: VecDeque<Block::Hash>,
 	pub unjustified_headers: Vec<Block::Hash>, // Finalized headers without grandpa proof
 	pub verify_tx_inclusion: Vec<OpaqueExtrinsic>, // Transactions sent by the relay
 	pub scheduled_change: Option<ScheduledChangeAtBlock<Block::Header>>, // Scheduled Authorities change as indicated in the header's digest.
 }
 
+impl<Block: BlockT> RelayState<Block> {
+	pub fn push_header_hash(&mut self, header: Block::Hash) {
+		self.header_hashes.push_back(header);
+
+		if self.header_hashes.len() > PARENTCHAIN_HEADER_PRUNING as usize {
+			self.header_hashes.pop_front().expect("Tested above that is not empty; qed");
+		}
+	}
+
+	pub fn justify_headers(&mut self) {
+		self.header_hashes.extend(&mut self.unjustified_headers.iter());
+		self.unjustified_headers.clear();
+
+		while self.header_hashes.len() > PARENTCHAIN_HEADER_PRUNING as usize {
+			self.header_hashes.pop_front().expect("Tested above that is not empty; qed");
+		}
+	}
+
+	pub fn header_hashes(&self) -> &VecDeque<Block::Hash> {
+		&self.header_hashes
+	}
+}
+
 #[derive(Encode, Decode, Clone, Eq, PartialEq)]
 pub struct ScheduledChangeAtBlock<Header: HeaderT> {
 	pub at_block: Header::Number,
@@ -42,12 +69,13 @@ pub struct ScheduledChangeAtBlock<Header: HeaderT> {
 }
 
 impl<Block: BlockT> RelayState<Block> {
-	pub fn new(block_header: Block::Header, validator_set: AuthorityList) -> Self {
+	pub fn new(genesis: Block::Header, validator_set: AuthorityList) -> Self {
 		RelayState {
-			header_hashes: vec![block_header.hash()],
-			last_finalized_block_header: block_header.clone(),
+			genesis_hash: genesis.hash(),
+			header_hashes: vec![genesis.hash()].into(),
+			last_finalized_block_header: genesis.clone(),
 			// is it bad to initialize with the same? Header trait does no implement default...
-			penultimate_finalized_block_header: block_header,
+			penultimate_finalized_block_header: genesis,
 			current_validator_set: validator_set,
 			current_validator_set_id: 0,
 			unjustified_headers: Vec::new(),
diff --git a/core/parentchain/test/Cargo.toml b/core/parentchain/test/Cargo.toml
index 54d9b690a0..a54025ea30 100644
--- a/core/parentchain/test/Cargo.toml
+++ b/core/parentchain/test/Cargo.toml
@@ -3,7 +3,7 @@ name = "itc-parentchain-test"
 version = "0.9.0"
 authors = ["Integritee AG <hello@integritee.network>"]
 homepage = "https://integritee.network/"
-repository = "https://github.com/integritee-network/pallets/"
+repository = "https://github.com/integritee-network/worker/"
 license = "Apache-2.0"
 edition = "2021"
 
diff --git a/docker/demo-direct-call.yml b/docker/demo-direct-call.yml
index abf5e59552..1ea6325ad3 100644
--- a/docker/demo-direct-call.yml
+++ b/docker/demo-direct-call.yml
@@ -6,6 +6,7 @@ services:
       - "${SGX_ENCLAVE:-/dev/null}:/dev/sgx/enclave"
     volumes:
       - "${AESMD:-/dev/null}:/var/run/aesmd"
+      - "${SGX_QCNL:-/dev/null}:/etc/sgx_default_qcnl.conf"
     build:
       context: ${PWD}/..
       dockerfile: build.Dockerfile
diff --git a/docker/demo-indirect-invocation.yml b/docker/demo-indirect-invocation.yml
index e7eb1a0c20..bba1748838 100644
--- a/docker/demo-indirect-invocation.yml
+++ b/docker/demo-indirect-invocation.yml
@@ -6,6 +6,7 @@ services:
       - "${SGX_ENCLAVE:-/dev/null}:/dev/sgx/enclave"
     volumes:
       - "${AESMD:-/dev/null}:/var/run/aesmd"
+      - "${SGX_QCNL:-/dev/null}:/etc/sgx_default_qcnl.conf"
     build:
       context: ${PWD}/..
       dockerfile: build.Dockerfile
diff --git a/docker/demo-sidechain.yml b/docker/demo-sidechain.yml
index ad7779d9bf..bff44248f7 100644
--- a/docker/demo-sidechain.yml
+++ b/docker/demo-sidechain.yml
@@ -6,6 +6,7 @@ services:
       - "${SGX_ENCLAVE:-/dev/null}:/dev/sgx/enclave"
     volumes:
       - "${AESMD:-/dev/null}:/var/run/aesmd"
+      - "${SGX_QCNL:-/dev/null}:/etc/sgx_default_qcnl.conf"
 
     build:
       context: ${PWD}/..
@@ -18,6 +19,8 @@ services:
         condition: service_healthy
       integritee-worker-2-${VERSION}:
         condition: service_healthy
+    environment:
+      - RUST_LOG=warn,ws=warn,sp_io=warn,substrate_api_client=warn,jsonrpsee_ws_client=warn,jsonrpsee_ws_server=warn,enclave_runtime=warn,integritee_service=info,integritee_service::sidechain=debug,ita_stf=warn
     networks:
       - integritee-test-network
     entrypoint:
@@ -26,4 +29,4 @@ services:
     restart: "no"
 networks:
   integritee-test-network:
-    driver: bridge
\ No newline at end of file
+    driver: bridge
diff --git a/docker/demo-smart-contract.yml b/docker/demo-smart-contract.yml
index 7f1500bd71..f16211cda5 100644
--- a/docker/demo-smart-contract.yml
+++ b/docker/demo-smart-contract.yml
@@ -6,6 +6,7 @@ services:
       - "${SGX_ENCLAVE:-/dev/null}:/dev/sgx/enclave"
     volumes:
       - "${AESMD:-/dev/null}:/var/run/aesmd"
+      - "${SGX_QCNL:-/dev/null}:/etc/sgx_default_qcnl.conf"
     build:
       context: ${PWD}/..
       dockerfile: build.Dockerfile
diff --git a/docker/demo-teeracle-generic.yml b/docker/demo-teeracle-generic.yml
index 58b3b88492..1f14489bff 100644
--- a/docker/demo-teeracle-generic.yml
+++ b/docker/demo-teeracle-generic.yml
@@ -13,6 +13,7 @@ services:
       - "${SGX_ENCLAVE:-/dev/null}:/dev/sgx/enclave"
     volumes:
       - "${AESMD:-/dev/null}:/var/run/aesmd"
+      - "${SGX_QCNL:-/dev/null}:/etc/sgx_default_qcnl.conf"
     build:
       context: ${PWD}/..
       dockerfile: build.Dockerfile
@@ -22,8 +23,6 @@ services:
         condition: service_healthy
     environment:
       - RUST_LOG=warn,ws=warn,sp_io=warn,substrate_api_client=warn,jsonrpsee_ws_client=warn,jsonrpsee_ws_server=warn,enclave_runtime=warn,integritee_service=info,integritee_service::teeracle=debug,ita_stf=warn,ita_oracle=debug
-      - IAS_EPID_SPID
-      - IAS_EPID_KEY
     networks:
       - integritee-test-network
     healthcheck:
@@ -31,8 +30,8 @@ services:
       interval: 10s
       timeout: 10s
       retries: 25
-    entrypoint:
-        "/usr/local/bin/integritee-service --clean-reset --ws-external -M integritee-teeracle-worker -T wss://integritee-teeracle-worker
+    command:
+        "--clean-reset --ws-external -M integritee-teeracle-worker -T wss://integritee-teeracle-worker
         -u ws://integritee-node -U ws://integritee-teeracle-worker -P 2011 -w 2101 -p 9912 -h 4645
         run --dev ${ADDITIONAL_RUNTIME_FLAGS} --teeracle-interval ${TEERACLE_INTERVAL_SECONDS}s"
     restart: always
@@ -43,6 +42,7 @@ services:
       - "${SGX_ENCLAVE:-/dev/null}:/dev/sgx/enclave"
     volumes:
       - "${AESMD:-/dev/null}:/var/run/aesmd"
+      - "${SGX_QCNL:-/dev/null}:/etc/sgx_default_qcnl.conf"
     build:
       context: ${PWD}/..
       dockerfile: build.Dockerfile
diff --git a/docker/demo-teeracle.yml b/docker/demo-teeracle.yml
index be003c61a0..e0bbd2a20f 100644
--- a/docker/demo-teeracle.yml
+++ b/docker/demo-teeracle.yml
@@ -15,6 +15,7 @@ services:
       - "${SGX_ENCLAVE:-/dev/null}:/dev/sgx/enclave"
     volumes:
       - "${AESMD:-/dev/null}:/var/run/aesmd"
+      - "${SGX_QCNL:-/dev/null}:/etc/sgx_default_qcnl.conf"
     build:
       context: ${PWD}/..
       dockerfile: build.Dockerfile
@@ -25,8 +26,6 @@ services:
     environment:
       - RUST_LOG=warn,ws=warn,sp_io=warn,substrate_api_client=warn,jsonrpsee_ws_client=warn,jsonrpsee_ws_server=warn,enclave_runtime=warn,integritee_service=info,integritee_service::teeracle=debug,ita_stf=warn,ita_exchange_oracle=debug
       - COINMARKETCAP_KEY
-      - IAS_EPID_SPID
-      - IAS_EPID_KEY
     networks:
       - integritee-test-network
     healthcheck:
@@ -34,8 +33,8 @@ services:
       interval: 10s
       timeout: 10s
       retries: 25
-    entrypoint:
-        "/usr/local/bin/integritee-service --clean-reset --ws-external -M integritee-teeracle-worker -T wss://integritee-teeracle-worker
+    command:
+        "--clean-reset --ws-external -M integritee-teeracle-worker -T wss://integritee-teeracle-worker
         -u ws://integritee-node -U ws://integritee-teeracle-worker -P 2011 -w 2101 -p 9912 -h 4645
         run --dev ${ADDITIONAL_RUNTIME_FLAGS} --teeracle-interval ${TEERACLE_INTERVAL_SECONDS}s"
     restart: always
@@ -46,6 +45,7 @@ services:
       - "${SGX_ENCLAVE:-/dev/null}:/dev/sgx/enclave"
     volumes:
       - "${AESMD:-/dev/null}:/var/run/aesmd"
+      - "${SGX_QCNL:-/dev/null}:/etc/sgx_default_qcnl.conf"
     build:
       context: ${PWD}/..
       dockerfile: build.Dockerfile
@@ -63,7 +63,7 @@ services:
       "/usr/local/worker-cli/demo_teeracle_whitelist.sh
       -u ws://integritee-node -p 9912
       -V wss://integritee-teeracle-worker -P 2011
-      -d 21 -i ${TEERACLE_INTERVAL_SECONDS}
+      -d 7 -i ${TEERACLE_INTERVAL_SECONDS}
       -C /usr/local/bin/integritee-cli 2>&1"
     restart: "no"
 networks:
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index 99165dc41a..28e0780445 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -1,13 +1,14 @@
 services:
   "integritee-node-${VERSION}":
     # OLI: stripped `-ias` from node name.
-    image: "${INTEGRITEE_NODE:-integritee/integritee-node-dev:1.0.36}"
+    image: "${INTEGRITEE_NODE:-integritee/integritee-node-dev-ias:1.0.36}"
     hostname: integritee-node
     devices:
       - "${SGX_PROVISION:-/dev/null}:/dev/sgx/provision"
       - "${SGX_ENCLAVE:-/dev/null}:/dev/sgx/enclave"
     volumes:
       - "${AESMD:-/dev/null}:/var/run/aesmd"
+      - "${SGX_QCNL:-/dev/null}:/etc/sgx_default_qcnl.conf"
     networks:
       - integritee-test-network
     healthcheck:
@@ -33,10 +34,9 @@ services:
       - "${SGX_ENCLAVE:-/dev/null}:/dev/sgx/enclave"
     volumes:
       - "${AESMD:-/dev/null}:/var/run/aesmd"
+      - "${SGX_QCNL:-/dev/null}:/etc/sgx_default_qcnl.conf"
     environment:
-      - RUST_LOG=warn,ws=warn,sp_io=warn,substrate_api_client=warn,jsonrpsee_ws_client=warn,jsonrpsee_ws_server=warn,enclave_runtime=warn,integritee_service=warn,ita_stf=warn
-      - IAS_EPID_SPID
-      - IAS_EPID_KEY
+      - RUST_LOG=warn,ws=warn,sp_io=warn,substrate_api_client=warn,jsonrpsee_ws_client=warn,jsonrpsee_ws_server=warn,enclave_runtime=warn,integritee_service=warn,ita_stf=warn,its_consensus_common=debug
     networks:
       - integritee-test-network
     healthcheck:
@@ -64,10 +64,9 @@ services:
       - "${SGX_ENCLAVE:-/dev/null}:/dev/sgx/enclave"
     volumes:
       - "${AESMD:-/dev/null}:/var/run/aesmd"
+      - "${SGX_QCNL:-/dev/null}:/etc/sgx_default_qcnl.conf"
     environment:
-      - RUST_LOG=warn,ws=warn,sp_io=warn,substrate_api_client=warn,jsonrpsee_ws_client=warn,jsonrpsee_ws_server=warn,enclave_runtime=warn,integritee_service=warn,ita_stf=warn
-      - IAS_EPID_SPID
-      - IAS_EPID_KEY
+      - RUST_LOG=warn,ws=warn,sp_io=warn,substrate_api_client=warn,jsonrpsee_ws_client=warn,jsonrpsee_ws_server=warn,enclave_runtime=warn,integritee_service=warn,ita_stf=warn,its_consensus_common=debug
     networks:
       - integritee-test-network
     healthcheck:
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
new file mode 100755
index 0000000000..c7e9e2c96e
--- /dev/null
+++ b/docker/entrypoint.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+set -e
+
+# run aesmd in the background
+/opt/intel/sgx-aesm-service/aesm/aesm_service
+
+# for debugging: will be in the CI logs:
+cat /etc/sgx_default_qcnl.conf
+
+echo '{
+  
+  "pccs_url": "https://ajuna-02.cluster.securitee.tech:8081/sgx/certification/v4/",
+
+  "use_secure_cert": false,
+
+  "collateral_service": "https://api.trustedservices.intel.com/sgx/certification/v4/",
+
+
+  "retry_times": 6,
+
+  "retry_delay": 10,
+
+
+  "pck_cache_expire_hours": 168,
+
+  "verify_collateral_cache_expire_hours": 168
+
+}' > /etc/sgx_default_qcnl.conf
+
+cat /etc/sgx_default_qcnl.conf
+
+exec /usr/local/bin/integritee-service "${@}"
diff --git a/docker/fork-inducer.yml b/docker/fork-inducer.yml
index 47d00ac5ba..ca46f37632 100644
--- a/docker/fork-inducer.yml
+++ b/docker/fork-inducer.yml
@@ -6,6 +6,7 @@ services:
       - "${SGX_ENCLAVE:-/dev/null}:/dev/sgx/enclave"
     volumes:
       - "${AESMD:-/dev/null}:/var/run/aesmd"
+      - "${SGX_QCNL:-/dev/null}:/etc/sgx_default_qcnl.conf"
     build:
       context: .
       dockerfile: ping.Dockerfile
@@ -20,6 +21,7 @@ services:
       - "${SGX_ENCLAVE:-/dev/null}:/dev/sgx/enclave"
     volumes:
       - "${AESMD:-/dev/null}:/var/run/aesmd"
+      - "${SGX_QCNL:-/dev/null}:/etc/sgx_default_qcnl.conf"
     build:
       context: .
       dockerfile: fork.Dockerfile
diff --git a/docker/sidechain-benchmark.yml b/docker/sidechain-benchmark.yml
index 7cf5ca8c4c..38f78e1503 100644
--- a/docker/sidechain-benchmark.yml
+++ b/docker/sidechain-benchmark.yml
@@ -6,6 +6,7 @@ services:
       - "${SGX_ENCLAVE:-/dev/null}:/dev/sgx/enclave"
     volumes:
       - "${AESMD:-/dev/null}:/var/run/aesmd"
+      - "${SGX_QCNL:-/dev/null}:/etc/sgx_default_qcnl.conf"
     build:
       context: ${PWD}/..
       dockerfile: build.Dockerfile
diff --git a/enclave-runtime/Cargo.lock b/enclave-runtime/Cargo.lock
index 6665498d6d..51c9e21432 100644
--- a/enclave-runtime/Cargo.lock
+++ b/enclave-runtime/Cargo.lock
@@ -252,7 +252,7 @@ dependencies = [
 [[package]]
 name = "binary-merkle-tree"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git#1612e39131e3fe57ba4c78447fb1cbf7c4f8830e"
+source = "git+https://github.com/paritytech/substrate.git#28b1f79abedbad2ec97b49277b36e1f797ca9e5d"
 dependencies = [
  "hash-db 0.16.0",
 ]
@@ -492,6 +492,19 @@ dependencies = [
  "generic-array 0.14.7",
 ]
 
+[[package]]
+name = "common-primitives"
+version = "0.1.0"
+source = "git+https://github.com/integritee-network/pallets?branch=polkadot-v0.9.42#5c52182eb3a5156e8d9f69c10ca1441214ee6662"
+dependencies = [
+ "derive_more",
+ "parity-scale-codec",
+ "scale-info",
+ "sp-core",
+ "sp-runtime",
+ "sp-std",
+]
+
 [[package]]
 name = "const-oid"
 version = "0.9.2"
@@ -700,6 +713,22 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "enclave-bridge-primitives"
+version = "0.1.0"
+source = "git+https://github.com/integritee-network/pallets?branch=polkadot-v0.9.42#5c52182eb3a5156e8d9f69c10ca1441214ee6662"
+dependencies = [
+ "common-primitives",
+ "log",
+ "parity-scale-codec",
+ "scale-info",
+ "serde 1.0.164",
+ "sp-core",
+ "sp-io",
+ "sp-runtime",
+ "sp-std",
+]
+
 [[package]]
 name = "enclave-runtime"
 version = "0.9.0"
@@ -778,6 +807,7 @@ dependencies = [
  "sp-core",
  "sp-runtime",
  "sp-std",
+ "teerex-primitives",
  "webpki",
 ]
 
@@ -1045,7 +1075,7 @@ dependencies = [
 [[package]]
 name = "frame-support"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "bitflags",
  "environmental 1.1.4",
@@ -1075,7 +1105,7 @@ dependencies = [
 [[package]]
 name = "frame-support-procedural"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "Inflector",
  "cfg-expr",
@@ -1091,7 +1121,7 @@ dependencies = [
 [[package]]
 name = "frame-support-procedural-tools"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-support-procedural-tools-derive",
  "proc-macro-crate",
@@ -1103,7 +1133,7 @@ dependencies = [
 [[package]]
 name = "frame-support-procedural-tools-derive"
 version = "3.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "proc-macro2",
  "quote 1.0.28",
@@ -1113,7 +1143,7 @@ dependencies = [
 [[package]]
 name = "frame-system"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-support",
  "log",
@@ -1923,6 +1953,16 @@ dependencies = [
  "thiserror 1.0.9",
 ]
 
+[[package]]
+name = "itp-enclave-bridge-storage"
+version = "0.9.0"
+dependencies = [
+ "itp-storage",
+ "itp-types",
+ "parity-scale-codec",
+ "sp-std",
+]
+
 [[package]]
 name = "itp-enclave-metrics"
 version = "0.9.0"
@@ -2208,6 +2248,7 @@ name = "itp-teerex-storage"
 version = "0.9.0"
 dependencies = [
  "itp-storage",
+ "itp-types",
  "sp-std",
 ]
 
@@ -2217,13 +2258,13 @@ version = "0.9.0"
 dependencies = [
  "derive_more",
  "ita-stf",
+ "itp-enclave-bridge-storage",
  "itp-ocall-api",
  "itp-sgx-crypto",
  "itp-sgx-externalities",
  "itp-stf-interface",
  "itp-stf-state-handler",
  "itp-storage",
- "itp-teerex-storage",
  "itp-time-utils",
  "itp-types",
  "jsonrpc-core",
@@ -2297,6 +2338,7 @@ name = "itp-types"
 version = "0.9.0"
 dependencies = [
  "chrono 0.4.26",
+ "enclave-bridge-primitives",
  "frame-system",
  "itp-sgx-runtime-primitives",
  "pallet-balances",
@@ -2307,6 +2349,7 @@ dependencies = [
  "sp-core",
  "sp-runtime",
  "sp-std",
+ "teerex-primitives",
 ]
 
 [[package]]
@@ -2444,6 +2487,7 @@ dependencies = [
 name = "its-primitives"
 version = "0.1.0"
 dependencies = [
+ "itp-types",
  "parity-scale-codec",
  "scale-info",
  "serde 1.0.164",
@@ -2510,10 +2554,13 @@ version = "0.9.0"
 dependencies = [
  "derive_more",
  "frame-support",
+ "itp-enclave-bridge-storage",
  "itp-ocall-api",
  "itp-storage",
  "itp-teerex-storage",
  "itp-types",
+ "its-primitives",
+ "log",
  "parity-scale-codec",
  "sp-core",
  "sp-runtime",
@@ -2970,7 +3017,7 @@ dependencies = [
 [[package]]
 name = "pallet-parentchain"
 version = "0.9.0"
-source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.42#be26e6b85f14896860ef919488e6bb4cf4b7aa29"
+source = "git+https://github.com/integritee-network/pallets?branch=polkadot-v0.9.42#5c52182eb3a5156e8d9f69c10ca1441214ee6662"
 dependencies = [
  "frame-support",
  "frame-system",
@@ -4017,7 +4064,7 @@ checksum = "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0"
 [[package]]
 name = "sp-api"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "log",
  "parity-scale-codec",
@@ -4033,7 +4080,7 @@ dependencies = [
 [[package]]
 name = "sp-api-proc-macro"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "Inflector",
  "blake2",
@@ -4047,7 +4094,7 @@ dependencies = [
 [[package]]
 name = "sp-application-crypto"
 version = "7.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "parity-scale-codec",
  "scale-info",
@@ -4059,7 +4106,7 @@ dependencies = [
 [[package]]
 name = "sp-arithmetic"
 version = "6.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "integer-sqrt",
  "num-traits 0.2.15",
@@ -4127,7 +4174,7 @@ dependencies = [
 [[package]]
 name = "sp-core"
 version = "7.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "array-bytes 4.2.0",
  "bitflags",
@@ -4158,7 +4205,7 @@ dependencies = [
 [[package]]
 name = "sp-core-hashing"
 version = "5.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "blake2b_simd 1.0.1",
  "byteorder 1.4.3",
@@ -4172,7 +4219,7 @@ dependencies = [
 [[package]]
 name = "sp-core-hashing-proc-macro"
 version = "5.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "proc-macro2",
  "quote 1.0.28",
@@ -4183,7 +4230,7 @@ dependencies = [
 [[package]]
 name = "sp-debug-derive"
 version = "5.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "proc-macro2",
  "quote 1.0.28",
@@ -4193,7 +4240,7 @@ dependencies = [
 [[package]]
 name = "sp-externalities"
 version = "0.13.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "environmental 1.1.4",
  "parity-scale-codec",
@@ -4204,7 +4251,7 @@ dependencies = [
 [[package]]
 name = "sp-inherents"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "impl-trait-for-tuples",
  "parity-scale-codec",
@@ -4237,7 +4284,7 @@ dependencies = [
 [[package]]
 name = "sp-metadata-ir"
 version = "0.1.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "frame-metadata 15.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "parity-scale-codec",
@@ -4258,7 +4305,7 @@ dependencies = [
 [[package]]
 name = "sp-runtime"
 version = "7.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "either",
  "hash256-std-hasher",
@@ -4278,7 +4325,7 @@ dependencies = [
 [[package]]
 name = "sp-runtime-interface"
 version = "7.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "bytes 1.4.0",
  "impl-trait-for-tuples",
@@ -4296,7 +4343,7 @@ dependencies = [
 [[package]]
 name = "sp-runtime-interface-proc-macro"
 version = "6.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "Inflector",
  "proc-macro-crate",
@@ -4321,7 +4368,7 @@ dependencies = [
 [[package]]
 name = "sp-staking"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "parity-scale-codec",
  "scale-info",
@@ -4333,12 +4380,12 @@ dependencies = [
 [[package]]
 name = "sp-std"
 version = "5.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 
 [[package]]
 name = "sp-storage"
 version = "7.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "parity-scale-codec",
  "ref-cast",
@@ -4360,7 +4407,7 @@ dependencies = [
 [[package]]
 name = "sp-tracing"
 version = "6.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "parity-scale-codec",
  "sp-std",
@@ -4395,7 +4442,7 @@ dependencies = [
 [[package]]
 name = "sp-version"
 version = "5.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "parity-scale-codec",
  "scale-info",
@@ -4408,7 +4455,7 @@ dependencies = [
 [[package]]
 name = "sp-version-proc-macro"
 version = "4.0.0-dev"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "parity-scale-codec",
  "proc-macro2",
@@ -4419,7 +4466,7 @@ dependencies = [
 [[package]]
 name = "sp-wasm-interface"
 version = "7.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "impl-trait-for-tuples",
  "parity-scale-codec",
@@ -4429,7 +4476,7 @@ dependencies = [
 [[package]]
 name = "sp-weights"
 version = "4.0.0"
-source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65"
 dependencies = [
  "parity-scale-codec",
  "scale-info",
@@ -4498,9 +4545,9 @@ dependencies = [
 
 [[package]]
 name = "subtle"
-version = "2.5.0"
+version = "2.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc"
+checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601"
 
 [[package]]
 name = "syn"
@@ -4550,6 +4597,22 @@ version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369"
 
+[[package]]
+name = "teerex-primitives"
+version = "0.1.0"
+source = "git+https://github.com/integritee-network/pallets?branch=polkadot-v0.9.42#5c52182eb3a5156e8d9f69c10ca1441214ee6662"
+dependencies = [
+ "common-primitives",
+ "derive_more",
+ "log",
+ "parity-scale-codec",
+ "scale-info",
+ "serde 1.0.164",
+ "sp-core",
+ "sp-runtime",
+ "sp-std",
+]
+
 [[package]]
 name = "termcolor"
 version = "1.0.5"
@@ -4714,7 +4777,7 @@ version = "1.6.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "97fee6b57c6a41524a810daee9286c02d7752c4253064d0b05472833a438f675"
 dependencies = [
- "cfg-if 1.0.0",
+ "cfg-if 0.1.10",
  "digest 0.10.7",
  "static_assertions",
 ]
diff --git a/enclave-runtime/Cargo.toml b/enclave-runtime/Cargo.toml
index 2d8153a7ed..0447caad54 100644
--- a/enclave-runtime/Cargo.toml
+++ b/enclave-runtime/Cargo.toml
@@ -46,6 +46,7 @@ test = [
     # substrate
     "frame-system",
 ]
+dcap = []
 
 [target.'cfg(not(target_env = "sgx"))'.dependencies]
 sgx-crypto-helper = { branch = "master", git = "https://github.com/apache/teaclave-sgx-sdk.git", package = "sgx_tcrypto_helper" }
@@ -88,6 +89,7 @@ base58 = { rev = "sgx_1.1.3", package = "rust-base58", default-features = false,
 
 cid = { default-features = false, git = "https://github.com/whalelephant/rust-cid", branch = "nstd" }
 multibase = { default-features = false, git = "https://github.com/whalelephant/rust-multibase", branch = "nstd" }
+teerex-primitives = { git = "https://github.com/integritee-network/pallets", branch = "polkadot-v0.9.42", default-features = false }
 
 # local deps
 ita-oracle = { path = "../app-libs/oracle", default-features = false, optional = true, features = ["sgx"] }
diff --git a/enclave-runtime/Enclave.edl b/enclave-runtime/Enclave.edl
index 97737438c3..29ab55e6eb 100644
--- a/enclave-runtime/Enclave.edl
+++ b/enclave-runtime/Enclave.edl
@@ -109,7 +109,7 @@ enclave {
 			[out, size=unchecked_extrinsic_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_size,
 			int skip_ra,
 			[in] const sgx_target_info_t* quoting_enclave_target_info,
-			uint32_t quote_size
+			[in] uint32_t* quote_size
 		);
 
 		public sgx_status_t generate_register_quoting_enclave_extrinsic(
@@ -140,10 +140,18 @@ enclave {
 
 		public sgx_status_t dump_dcap_collateral_to_disk([in] const sgx_ql_qve_collateral_t *p_quote_collateral);
 
-		public sgx_status_t run_state_provisioning_server(int fd, sgx_quote_sign_type_t quote_type, int skip_ra);
+		public sgx_status_t run_state_provisioning_server(
+			int fd,
+			sgx_quote_sign_type_t quote_type,
+			[in] sgx_target_info_t* quoting_enclave_target_info,
+			[in] uint32_t* quote_size,
+			int skip_ra
+		);
 		public sgx_status_t request_state_provisioning(
 			int fd,
 			sgx_quote_sign_type_t quote_type,
+			[in] sgx_target_info_t* quoting_enclave_target_info,
+			[in] uint32_t* quote_size,
 			[in, size=shard_size] uint8_t* shard, uint32_t shard_size,
 			int skip_ra
 		);
diff --git a/enclave-runtime/src/attestation.rs b/enclave-runtime/src/attestation.rs
index cab21dea9f..f45fecbded 100644
--- a/enclave-runtime/src/attestation.rs
+++ b/enclave-runtime/src/attestation.rs
@@ -36,7 +36,7 @@ use crate::{
 	Error as EnclaveError, Result as EnclaveResult,
 };
 use codec::{Decode, Encode};
-use itp_attestation_handler::{AttestationHandler, SgxQlQveCollateral};
+use itp_attestation_handler::{AttestationHandler, RemoteAttestationType, SgxQlQveCollateral};
 use itp_component_container::ComponentGetter;
 use itp_extrinsics_factory::CreateExtrinsics;
 use itp_node_api::metadata::{
@@ -52,6 +52,7 @@ use log::*;
 use sgx_types::*;
 use sp_runtime::OpaqueExtrinsic;
 use std::{prelude::v1::*, slice, vec::Vec};
+use teerex_primitives::SgxAttestationMethod;
 
 #[no_mangle]
 pub unsafe extern "C" fn get_mrenclave(mrenclave: *mut u8, mrenclave_size: usize) -> sgx_status_t {
@@ -80,9 +81,13 @@ pub unsafe extern "C" fn get_mrenclave(mrenclave: *mut u8, mrenclave_size: usize
 	}
 }
 
+// FIXME: add dcap suppoort for call site
 pub fn create_ra_report_and_signature(
-	sign_type: sgx_quote_sign_type_t,
 	skip_ra: bool,
+	remote_attestation_type: RemoteAttestationType,
+	sign_type: sgx_quote_sign_type_t,
+	quoting_enclave_target_info: Option<&sgx_target_info_t>,
+	quote_size: Option<&u32>,
 ) -> EnclaveResult<(Vec<u8>, Vec<u8>)> {
 	let attestation_handler = match GLOBAL_ATTESTATION_HANDLER_COMPONENT.get() {
 		Ok(r) => r,
@@ -92,11 +97,28 @@ pub fn create_ra_report_and_signature(
 		},
 	};
 
-	match attestation_handler.create_ra_report_and_signature(sign_type, skip_ra) {
-		Ok(r) => Ok(r),
-		Err(e) => {
-			error!("create_ra_report_and_signature failure: {:?}", e);
-			Err(e.into())
+	match remote_attestation_type {
+		RemoteAttestationType::Epid => {
+			match attestation_handler.create_epid_ra_report_and_signature(sign_type, skip_ra) {
+				Ok(epid) => Ok(epid),
+				Err(e) => {
+					error!("create_epid_ra_report_and_signature failure: {:?}", e);
+					Err(e.into())
+				},
+			}
+		},
+		RemoteAttestationType::Dcap => {
+			match attestation_handler.generate_dcap_ra_cert(
+				quoting_enclave_target_info,
+				quote_size,
+				skip_ra,
+			) {
+				Ok((key_der, cert_der, _qe_quote)) => Ok((key_der, cert_der)),
+				Err(e) => {
+					error!("generate_dcap_ra_cert failure: {:?}", e);
+					Err(e.into())
+				},
+			}
 		},
 	}
 }
@@ -136,8 +158,8 @@ pub unsafe extern "C" fn generate_dcap_ra_extrinsic(
 	unchecked_extrinsic: *mut u8,
 	unchecked_extrinsic_size: u32,
 	skip_ra: c_int,
-	quoting_enclave_target_info: &sgx_target_info_t,
-	quote_size: u32,
+	quoting_enclave_target_info: Option<&sgx_target_info_t>,
+	quote_size: Option<&u32>,
 ) -> sgx_status_t {
 	if w_url.is_null() || unchecked_extrinsic.is_null() {
 		return sgx_status_t::SGX_ERROR_INVALID_PARAMETER
@@ -166,18 +188,25 @@ pub unsafe extern "C" fn generate_dcap_ra_extrinsic(
 pub fn generate_dcap_ra_extrinsic_internal(
 	url: String,
 	skip_ra: bool,
-	quoting_enclave_target_info: &sgx_target_info_t,
-	quote_size: u32,
+	quoting_enclave_target_info: Option<&sgx_target_info_t>,
+	quote_size: Option<&u32>,
 ) -> EnclaveResult<OpaqueExtrinsic> {
 	let attestation_handler = GLOBAL_ATTESTATION_HANDLER_COMPONENT.get()?;
 
-	let (_cert_der, dcap_quote) = attestation_handler.generate_dcap_ra_cert(
-		quoting_enclave_target_info,
-		quote_size,
-		skip_ra,
-	)?;
-
-	generate_dcap_ra_extrinsic_from_quote_internal(url, &dcap_quote)
+	if !skip_ra {
+		let (_priv_key_der, _cert_der, dcap_quote) = attestation_handler.generate_dcap_ra_cert(
+			quoting_enclave_target_info,
+			quote_size,
+			skip_ra,
+		)?;
+
+		generate_dcap_ra_extrinsic_from_quote_internal(url, &dcap_quote)
+	} else {
+		generate_dcap_skip_ra_extrinsic_from_mr_enclave(
+			url,
+			&attestation_handler.get_mrenclave()?.encode(),
+		)
+	}
 }
 
 #[no_mangle]
@@ -216,9 +245,9 @@ pub fn generate_dcap_ra_quote_internal(
 ) -> EnclaveResult<Vec<u8>> {
 	let attestation_handler = GLOBAL_ATTESTATION_HANDLER_COMPONENT.get()?;
 
-	let (_, dcap_quote) = attestation_handler.generate_dcap_ra_cert(
-		quoting_enclave_target_info,
-		quote_size,
+	let (_priv_key_der, _cert_der, dcap_quote) = attestation_handler.generate_dcap_ra_cert(
+		Some(quoting_enclave_target_info),
+		Some(&quote_size),
 		skip_ra,
 	)?;
 
@@ -264,15 +293,42 @@ pub fn generate_dcap_ra_extrinsic_from_quote_internal(
 	info!("    [Enclave] Compose register enclave getting callIDs:");
 
 	let call_ids = node_metadata_repo
-		.get_from_metadata(|m| m.register_dcap_enclave_call_indexes())?
+		.get_from_metadata(|m| m.register_sgx_enclave_call_indexes())?
 		.map_err(MetadataProviderError::MetadataError)?;
 	info!("    [Enclave] Compose register enclave call DCAP IDs: {:?}", call_ids);
-	let call = OpaqueCall::from_tuple(&(call_ids, quote, url));
+	let call = OpaqueCall::from_tuple(&(
+		call_ids,
+		quote,
+		Some(url),
+		SgxAttestationMethod::Dcap { proxied: false },
+	));
 
 	info!("    [Enclave] Compose register enclave got extrinsic, returning");
 	create_extrinsics(call)
 }
 
+pub fn generate_dcap_skip_ra_extrinsic_from_mr_enclave(
+	url: String,
+	quote: &[u8],
+) -> EnclaveResult<OpaqueExtrinsic> {
+	let node_metadata_repo = get_node_metadata_repository_from_solo_or_parachain()?;
+	info!("    [Enclave] Compose register enclave (skip-ra) getting callIDs:");
+
+	let call_ids = node_metadata_repo
+		.get_from_metadata(|m| m.register_sgx_enclave_call_indexes())?
+		.map_err(MetadataProviderError::MetadataError)?;
+	info!("    [Enclave] Compose register enclave (skip-ra) call DCAP IDs: {:?}", call_ids);
+	let call = OpaqueCall::from_tuple(&(
+		call_ids,
+		quote,
+		Some(url),
+		SgxAttestationMethod::Skip { proxied: false },
+	));
+
+	info!("    [Enclave] Compose register enclave (skip-ra) got extrinsic, returning");
+	create_extrinsics(call)
+}
+
 fn generate_ias_ra_extrinsic_internal(
 	url: String,
 	skip_ra: bool,
@@ -280,7 +336,11 @@ fn generate_ias_ra_extrinsic_internal(
 	let attestation_handler = GLOBAL_ATTESTATION_HANDLER_COMPONENT.get()?;
 	let cert_der = attestation_handler.generate_ias_ra_cert(skip_ra)?;
 
-	generate_ias_ra_extrinsic_from_der_cert_internal(url, &cert_der)
+	if !skip_ra {
+		generate_ias_ra_extrinsic_from_der_cert_internal(url, &cert_der)
+	} else {
+		generate_ias_skip_ra_extrinsic_from_der_cert_internal(url, &cert_der)
+	}
 }
 
 pub fn generate_ias_ra_extrinsic_from_der_cert_internal(
@@ -291,10 +351,31 @@ pub fn generate_ias_ra_extrinsic_from_der_cert_internal(
 
 	info!("    [Enclave] Compose register enclave call");
 	let call_ids = node_metadata_repo
-		.get_from_metadata(|m| m.register_ias_enclave_call_indexes())?
+		.get_from_metadata(|m| m.register_sgx_enclave_call_indexes())?
+		.map_err(MetadataProviderError::MetadataError)?;
+
+	let call = OpaqueCall::from_tuple(&(call_ids, cert_der, Some(url), SgxAttestationMethod::Ias));
+
+	create_extrinsics(call)
+}
+
+pub fn generate_ias_skip_ra_extrinsic_from_der_cert_internal(
+	url: String,
+	cert_der: &[u8],
+) -> EnclaveResult<OpaqueExtrinsic> {
+	let node_metadata_repo = get_node_metadata_repository_from_solo_or_parachain()?;
+
+	info!("    [Enclave] Compose register ias enclave (skip-ra) call");
+	let call_ids = node_metadata_repo
+		.get_from_metadata(|m| m.register_sgx_enclave_call_indexes())?
 		.map_err(MetadataProviderError::MetadataError)?;
 
-	let call = OpaqueCall::from_tuple(&(call_ids, cert_der, url));
+	let call = OpaqueCall::from_tuple(&(
+		call_ids,
+		cert_der,
+		Some(url),
+		SgxAttestationMethod::Skip { proxied: false },
+	));
 
 	create_extrinsics(call)
 }
diff --git a/enclave-runtime/src/error.rs b/enclave-runtime/src/error.rs
index 239e1450e3..3519bad137 100644
--- a/enclave-runtime/src/error.rs
+++ b/enclave-runtime/src/error.rs
@@ -16,7 +16,7 @@
 */
 
 use derive_more::From;
-use sgx_types::sgx_status_t;
+use sgx_types::{sgx_quote3_error_t, sgx_status_t};
 use std::{boxed::Box, result::Result as StdResult, string::String};
 
 pub type Result<T> = StdResult<T, Error>;
@@ -33,6 +33,7 @@ pub enum Error {
 	LightClient(itc_parentchain::light_client::error::Error),
 	NodeMetadataProvider(itp_node_api::metadata::provider::Error),
 	Sgx(sgx_status_t),
+	SgxQuote(sgx_quote3_error_t),
 	Consensus(its_sidechain::consensus_common::Error),
 	Stf(String),
 	StfStateHandler(itp_stf_state_handler::error::Error),
@@ -64,6 +65,19 @@ impl From<Error> for sgx_status_t {
 	}
 }
 
+impl From<Error> for sgx_quote3_error_t {
+	/// return sgx_quote error
+	fn from(error: Error) -> sgx_quote3_error_t {
+		match error {
+			Error::SgxQuote(status) => status,
+			_ => {
+				log::error!("Returning error {:?} as sgx unexpected.", error);
+				sgx_quote3_error_t::SGX_QL_ERROR_UNEXPECTED
+			},
+		}
+	}
+}
+
 impl<T> From<Error> for StdResult<T, Error> {
 	fn from(error: Error) -> StdResult<T, Error> {
 		Err(error)
diff --git a/enclave-runtime/src/initialization/global_components.rs b/enclave-runtime/src/initialization/global_components.rs
index e4197a43ba..d3fd7789fa 100644
--- a/enclave-runtime/src/initialization/global_components.rs
+++ b/enclave-runtime/src/initialization/global_components.rs
@@ -41,12 +41,12 @@ use itc_parentchain::{
 	},
 	block_importer::ParentchainBlockImporter,
 	indirect_calls_executor::{
-		filter_metadata::{EventCreator, ShieldFundsAndCallWorkerFilter},
+		filter_metadata::{EventCreator, ShieldFundsAndInvokeFilter},
 		parentchain_parser::ParentchainExtrinsicParser,
 		IndirectCallsExecutor,
 	},
 	light_client::{
-		concurrent_access::ValidatorAccessor, io::LightClientStateSeal,
+		concurrent_access::ValidatorAccessor, io::LightClientStateSealSync,
 		light_validation::LightValidation, light_validation_state::LightValidationState,
 	},
 };
@@ -132,7 +132,7 @@ pub type EnclaveSidechainApi = SidechainApi<ParentchainBlock>;
 
 // Parentchain types
 pub type EnclaveLightClientSeal =
-	LightClientStateSeal<ParentchainBlock, LightValidationState<ParentchainBlock>>;
+	LightClientStateSealSync<ParentchainBlock, LightValidationState<ParentchainBlock>>;
 pub type EnclaveExtrinsicsFactory =
 	ExtrinsicsFactory<EnclaveParentchainSigner, NonceCache, EnclaveNodeMetadataRepository>;
 pub type EnclaveIndirectCallsExecutor = IndirectCallsExecutor<
@@ -140,7 +140,7 @@ pub type EnclaveIndirectCallsExecutor = IndirectCallsExecutor<
 	EnclaveStfEnclaveSigner,
 	EnclaveTopPoolAuthor,
 	EnclaveNodeMetadataRepository,
-	ShieldFundsAndCallWorkerFilter<ParentchainExtrinsicParser>,
+	ShieldFundsAndInvokeFilter<ParentchainExtrinsicParser>,
 	EventCreator,
 >;
 pub type EnclaveValidatorAccessor = ValidatorAccessor<
@@ -215,8 +215,12 @@ pub type EnclaveSidechainBlockImportQueueWorker = BlockImportQueueWorker<
 	EnclaveSidechainBlockImportQueue,
 	EnclaveSidechainBlockSyncer,
 >;
-pub type EnclaveSealHandler =
-	SealHandler<EnclaveShieldingKeyRepository, EnclaveStateKeyRepository, EnclaveStateHandler>;
+pub type EnclaveSealHandler = SealHandler<
+	EnclaveShieldingKeyRepository,
+	EnclaveStateKeyRepository,
+	EnclaveStateHandler,
+	EnclaveLightClientSeal,
+>;
 pub type EnclaveOffchainWorkerExecutor = itc_offchain_worker_executor::executor::Executor<
 	ParentchainBlock,
 	EnclaveTopPoolAuthor,
@@ -244,6 +248,10 @@ pub static GLOBAL_SIGNING_KEY_REPOSITORY_COMPONENT: ComponentContainer<
 	EnclaveSigningKeyRepository,
 > = ComponentContainer::new("Signing key repository");
 
+/// Light client db seal.
+pub static GLOBAL_LIGHT_CLIENT_SEAL: ComponentContainer<EnclaveLightClientSeal> =
+	ComponentContainer::new("EnclaveLightClientSealSync");
+
 /// O-Call API
 pub static GLOBAL_OCALL_API_COMPONENT: ComponentContainer<EnclaveOCallApi> =
 	ComponentContainer::new("O-call API");
diff --git a/enclave-runtime/src/initialization/mod.rs b/enclave-runtime/src/initialization/mod.rs
index 98fb9bc8f2..d2e113fa7d 100644
--- a/enclave-runtime/src/initialization/mod.rs
+++ b/enclave-runtime/src/initialization/mod.rs
@@ -21,14 +21,14 @@ pub mod parentchain;
 use crate::{
 	error::{Error, Result as EnclaveResult},
 	initialization::global_components::{
-		EnclaveBlockImportConfirmationHandler, EnclaveGetterExecutor, EnclaveOCallApi,
-		EnclaveRpcConnectionRegistry, EnclaveRpcResponder, EnclaveShieldingKeyRepository,
-		EnclaveSidechainApi, EnclaveSidechainBlockImportQueue,
+		EnclaveBlockImportConfirmationHandler, EnclaveGetterExecutor, EnclaveLightClientSeal,
+		EnclaveOCallApi, EnclaveRpcConnectionRegistry, EnclaveRpcResponder,
+		EnclaveShieldingKeyRepository, EnclaveSidechainApi, EnclaveSidechainBlockImportQueue,
 		EnclaveSidechainBlockImportQueueWorker, EnclaveSidechainBlockImporter,
 		EnclaveSidechainBlockSyncer, EnclaveStateFileIo, EnclaveStateHandler,
 		EnclaveStateInitializer, EnclaveStateObserver, EnclaveStateSnapshotRepository,
 		EnclaveStfEnclaveSigner, EnclaveTopPool, EnclaveTopPoolAuthor,
-		GLOBAL_ATTESTATION_HANDLER_COMPONENT, GLOBAL_OCALL_API_COMPONENT,
+		GLOBAL_ATTESTATION_HANDLER_COMPONENT, GLOBAL_LIGHT_CLIENT_SEAL, GLOBAL_OCALL_API_COMPONENT,
 		GLOBAL_RPC_WS_HANDLER_COMPONENT, GLOBAL_SHIELDING_KEY_REPOSITORY_COMPONENT,
 		GLOBAL_SIDECHAIN_BLOCK_COMPOSER_COMPONENT, GLOBAL_SIDECHAIN_BLOCK_SYNCER_COMPONENT,
 		GLOBAL_SIDECHAIN_IMPORT_QUEUE_COMPONENT, GLOBAL_SIDECHAIN_IMPORT_QUEUE_WORKER_COMPONENT,
@@ -59,7 +59,7 @@ use itc_tls_websocket_server::{
 use itp_attestation_handler::IntelAttestationHandler;
 use itp_component_container::{ComponentGetter, ComponentInitializer};
 use itp_primitives_cache::GLOBAL_PRIMITIVES_CACHE;
-use itp_settings::files::STATE_SNAPSHOTS_CACHE_SIZE;
+use itp_settings::files::{LIGHT_CLIENT_DB_PATH, STATE_SNAPSHOTS_CACHE_SIZE};
 use itp_sgx_crypto::{
 	get_aes_repository, get_ed25519_repository, get_rsa3072_repository, key_repository::AccessKey,
 };
@@ -94,6 +94,10 @@ pub(crate) fn init_enclave(
 	let state_key_repository = Arc::new(get_aes_repository(base_dir.clone())?);
 	GLOBAL_STATE_KEY_REPOSITORY_COMPONENT.initialize(state_key_repository.clone());
 
+	let light_client_seal =
+		Arc::new(EnclaveLightClientSeal::new(base_dir.join(LIGHT_CLIENT_DB_PATH))?);
+	GLOBAL_LIGHT_CLIENT_SEAL.initialize(light_client_seal);
+
 	let state_file_io =
 		Arc::new(EnclaveStateFileIo::new(state_key_repository, StateDir::new(base_dir)));
 	let state_initializer =
diff --git a/enclave-runtime/src/initialization/parentchain/parachain.rs b/enclave-runtime/src/initialization/parentchain/parachain.rs
index 2d0b4854eb..7b43450e6b 100644
--- a/enclave-runtime/src/initialization/parentchain/parachain.rs
+++ b/enclave-runtime/src/initialization/parentchain/parachain.rs
@@ -19,10 +19,10 @@ use crate::{
 	error::Result,
 	initialization::{
 		global_components::{
-			EnclaveExtrinsicsFactory, EnclaveLightClientSeal, EnclaveNodeMetadataRepository,
-			EnclaveOCallApi, EnclaveParentchainBlockImportDispatcher, EnclaveStfExecutor,
-			EnclaveValidatorAccessor, GLOBAL_FULL_PARACHAIN_HANDLER_COMPONENT,
-			GLOBAL_OCALL_API_COMPONENT, GLOBAL_STATE_HANDLER_COMPONENT,
+			EnclaveExtrinsicsFactory, EnclaveNodeMetadataRepository, EnclaveOCallApi,
+			EnclaveParentchainBlockImportDispatcher, EnclaveStfExecutor, EnclaveValidatorAccessor,
+			GLOBAL_FULL_PARACHAIN_HANDLER_COMPONENT, GLOBAL_OCALL_API_COMPONENT,
+			GLOBAL_STATE_HANDLER_COMPONENT,
 		},
 		parentchain::common::{
 			create_extrinsics_factory, create_offchain_immediate_import_dispatcher,
@@ -33,12 +33,10 @@ use crate::{
 use codec::Encode;
 use itc_parentchain::light_client::{concurrent_access::ValidatorAccess, LightClientState};
 use itp_component_container::{ComponentGetter, ComponentInitializer};
-use itp_settings::{
-	files::LIGHT_CLIENT_DB_PATH,
-	worker_mode::{ProvideWorkerMode, WorkerMode},
-};
+use itp_settings::worker_mode::{ProvideWorkerMode, WorkerMode};
 use std::{path::PathBuf, sync::Arc, vec::Vec};
 
+use crate::initialization::global_components::GLOBAL_LIGHT_CLIENT_SEAL;
 pub use itc_parentchain::primitives::{ParachainBlock, ParachainHeader, ParachainParams};
 
 #[derive(Clone)]
@@ -54,7 +52,7 @@ pub struct FullParachainHandler {
 
 impl FullParachainHandler {
 	pub fn init<WorkerModeProvider: ProvideWorkerMode>(
-		base_path: PathBuf,
+		_base_path: PathBuf,
 		params: ParachainParams,
 	) -> Result<Vec<u8>> {
 		let ocall_api = GLOBAL_OCALL_API_COMPONENT.get()?;
@@ -63,12 +61,12 @@ impl FullParachainHandler {
 
 		let genesis_header = params.genesis_header.clone();
 
-		let light_client_seal = EnclaveLightClientSeal::new(base_path.join(LIGHT_CLIENT_DB_PATH))?;
+		let light_client_seal = GLOBAL_LIGHT_CLIENT_SEAL.get()?;
 		let validator = itc_parentchain::light_client::io::read_or_init_parachain_validator::<
 			ParachainBlock,
 			EnclaveOCallApi,
 			_,
-		>(params, ocall_api.clone(), &light_client_seal)?;
+		>(params, ocall_api.clone(), &*light_client_seal)?;
 		let latest_header = validator.latest_finalized_header()?;
 		let validator_accessor =
 			Arc::new(EnclaveValidatorAccessor::new(validator, light_client_seal));
diff --git a/enclave-runtime/src/initialization/parentchain/solochain.rs b/enclave-runtime/src/initialization/parentchain/solochain.rs
index d02e5d918f..87efa644a5 100644
--- a/enclave-runtime/src/initialization/parentchain/solochain.rs
+++ b/enclave-runtime/src/initialization/parentchain/solochain.rs
@@ -19,9 +19,9 @@ use crate::{
 	error::Result,
 	initialization::{
 		global_components::{
-			EnclaveExtrinsicsFactory, EnclaveLightClientSeal, EnclaveNodeMetadataRepository,
-			EnclaveOCallApi, EnclaveParentchainBlockImportDispatcher, EnclaveStfExecutor,
-			EnclaveValidatorAccessor, GLOBAL_FULL_SOLOCHAIN_HANDLER_COMPONENT,
+			EnclaveExtrinsicsFactory, EnclaveNodeMetadataRepository, EnclaveOCallApi,
+			EnclaveParentchainBlockImportDispatcher, EnclaveStfExecutor, EnclaveValidatorAccessor,
+			GLOBAL_FULL_SOLOCHAIN_HANDLER_COMPONENT, GLOBAL_LIGHT_CLIENT_SEAL,
 			GLOBAL_OCALL_API_COMPONENT, GLOBAL_STATE_HANDLER_COMPONENT,
 		},
 		parentchain::common::{
@@ -33,10 +33,7 @@ use crate::{
 use codec::Encode;
 use itc_parentchain::light_client::{concurrent_access::ValidatorAccess, LightClientState};
 use itp_component_container::{ComponentGetter, ComponentInitializer};
-use itp_settings::{
-	files::LIGHT_CLIENT_DB_PATH,
-	worker_mode::{ProvideWorkerMode, WorkerMode},
-};
+use itp_settings::worker_mode::{ProvideWorkerMode, WorkerMode};
 use std::{path::PathBuf, sync::Arc, vec::Vec};
 
 pub use itc_parentchain::primitives::{SolochainBlock, SolochainHeader, SolochainParams};
@@ -53,21 +50,21 @@ pub struct FullSolochainHandler {
 
 impl FullSolochainHandler {
 	pub fn init<WorkerModeProvider: ProvideWorkerMode>(
-		base_path: PathBuf,
+		_base_path: PathBuf,
 		params: SolochainParams,
 	) -> Result<Vec<u8>> {
 		let ocall_api = GLOBAL_OCALL_API_COMPONENT.get()?;
 		let state_handler = GLOBAL_STATE_HANDLER_COMPONENT.get()?;
+		let light_client_seal = GLOBAL_LIGHT_CLIENT_SEAL.get()?;
 		let node_metadata_repository = Arc::new(EnclaveNodeMetadataRepository::default());
 
 		let genesis_header = params.genesis_header.clone();
 
-		let light_client_seal = EnclaveLightClientSeal::new(base_path.join(LIGHT_CLIENT_DB_PATH))?;
 		let validator = itc_parentchain::light_client::io::read_or_init_grandpa_validator::<
 			SolochainBlock,
 			EnclaveOCallApi,
 			_,
-		>(params, ocall_api.clone(), &light_client_seal)?;
+		>(params, ocall_api.clone(), &*light_client_seal)?;
 		let latest_header = validator.latest_finalized_header()?;
 		let validator_accessor =
 			Arc::new(EnclaveValidatorAccessor::new(validator, light_client_seal));
diff --git a/enclave-runtime/src/test/cert_tests.rs b/enclave-runtime/src/test/cert_tests.rs
index 502efb093c..c5eaab9f89 100644
--- a/enclave-runtime/src/test/cert_tests.rs
+++ b/enclave-runtime/src/test/cert_tests.rs
@@ -34,7 +34,7 @@ pub fn test_verify_mra_cert_should_work() {
 	let mr_enclave = get_mr_enclave_from_hex_string(TEST4_MRENCLAVE).unwrap();
 	let attestation_ocall =
 		AttestationOCallMock::create_with_mr_enclave(sgx_measurement_t { m: mr_enclave });
-	let result = verify_mra_cert(TEST4_CERT, &attestation_ocall);
+	let result = verify_mra_cert(TEST4_CERT, false, false, &attestation_ocall);
 
 	assert!(result.is_ok());
 }
@@ -43,7 +43,7 @@ pub fn test_verify_wrong_cert_is_err() {
 	let mr_enclave = get_mr_enclave_from_hex_string(TEST4_MRENCLAVE).unwrap();
 	let attestation_ocall =
 		AttestationOCallMock::create_with_mr_enclave(sgx_measurement_t { m: mr_enclave });
-	let result = verify_mra_cert(CERT_WRONG_PLATFORM_BLOB, &attestation_ocall);
+	let result = verify_mra_cert(CERT_WRONG_PLATFORM_BLOB, false, false, &attestation_ocall);
 
 	assert!(result.is_err());
 	assert_eq!(result.unwrap_err(), sgx_status_t::SGX_ERROR_UNEXPECTED);
diff --git a/enclave-runtime/src/test/evm_pallet_tests.rs b/enclave-runtime/src/test/evm_pallet_tests.rs
index e863b13f37..a7b9fd882c 100644
--- a/enclave-runtime/src/test/evm_pallet_tests.rs
+++ b/enclave-runtime/src/test/evm_pallet_tests.rs
@@ -49,7 +49,7 @@ pub fn test_evm_call() {
 	// Ensure the substrate version of the evm account has some money.
 	let sender_evm_substrate_addr =
 		ita_sgx_runtime::HashedAddressMapping::into_account_id(sender_evm_acc);
-	endow(&mut state, vec![(sender_evm_substrate_addr, 51_777_000_000_000, 0)]);
+	endow(&mut state, vec![(sender_evm_substrate_addr, 51_777_000_000_000)]);
 
 	// Create the receiver account.
 	let destination_evm_acc = H160::from_str("1000000000000000000000000000000000000001").unwrap();
@@ -102,7 +102,7 @@ pub fn test_evm_counter() {
 	// Ensure the substrate version of the evm account has some money.
 	let sender_evm_substrate_addr =
 		ita_sgx_runtime::HashedAddressMapping::into_account_id(sender_evm_acc);
-	endow(&mut state, vec![(sender_evm_substrate_addr, 51_777_000_000_000, 0)]);
+	endow(&mut state, vec![(sender_evm_substrate_addr, 51_777_000_000_000)]);
 
 	// Smart Contract from Counter.sol.
 	let smart_contract = "608060405234801561001057600080fd5b50600160008190555033600160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff160217905550610377806100696000396000f3fe6080604052600436106100435760003560e01c80631003e2d21461004d57806333cf508014610076578063371303c0146100a157806358992216146100b857610044565b5b60056000819055005b34801561005957600080fd5b50610074600480360381019061006f9190610209565b6100e3565b005b34801561008257600080fd5b5061008b61013f565b6040516100989190610245565b60405180910390f35b3480156100ad57600080fd5b506100b6610148565b005b3480156100c457600080fd5b506100cd6101a4565b6040516100da91906102a1565b60405180910390f35b806000808282546100f491906102eb565b9250508190555033600160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555050565b60008054905090565b600160008082825461015a91906102eb565b9250508190555033600160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff160217905550565b6000600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16905090565b600080fd5b6000819050919050565b6101e6816101d3565b81146101f157600080fd5b50565b600081359050610203816101dd565b92915050565b60006020828403121561021f5761021e6101ce565b5b600061022d848285016101f4565b91505092915050565b61023f816101d3565b82525050565b600060208201905061025a6000830184610236565b92915050565b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b600061028b82610260565b9050919050565b61029b81610280565b82525050565b60006020820190506102b66000830184610292565b92915050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b60006102f6826101d3565b9150610301836101d3565b9250827fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff03821115610336576103356102bc565b5b82820190509291505056fea2646970667358221220b37e993e133ed19c840809cc8acbbba8116dee3744ba01c81044d75146805c9364736f6c634300080f0033";
@@ -270,7 +270,7 @@ pub fn test_evm_create() {
 	let sender_evm_acc: H160 = sender_evm_acc_slice.into();
 	// Ensure the substrate version of the evm account has some money.
 	let sender_evm_substrate_addr = HashedAddressMapping::into_account_id(sender_evm_acc);
-	endow(&mut state, vec![(sender_evm_substrate_addr.clone(), 51_777_000_000_000, 0)]);
+	endow(&mut state, vec![(sender_evm_substrate_addr.clone(), 51_777_000_000_000)]);
 
 	// Bytecode from Counter.sol
 	let smart_contract = "608060405234801561001057600080fd5b50600160008190555033600160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff160217905550610377806100696000396000f3fe6080604052600436106100435760003560e01c80631003e2d21461004d57806333cf508014610076578063371303c0146100a157806358992216146100b857610044565b5b60056000819055005b34801561005957600080fd5b50610074600480360381019061006f9190610209565b6100e3565b005b34801561008257600080fd5b5061008b61013f565b6040516100989190610245565b60405180910390f35b3480156100ad57600080fd5b506100b6610148565b005b3480156100c457600080fd5b506100cd6101a4565b6040516100da91906102a1565b60405180910390f35b806000808282546100f491906102eb565b9250508190555033600160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555050565b60008054905090565b600160008082825461015a91906102eb565b9250508190555033600160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff160217905550565b6000600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16905090565b600080fd5b6000819050919050565b6101e6816101d3565b81146101f157600080fd5b50565b600081359050610203816101dd565b92915050565b60006020828403121561021f5761021e6101ce565b5b600061022d848285016101f4565b91505092915050565b61023f816101d3565b82525050565b600060208201905061025a6000830184610236565b92915050565b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b600061028b82610260565b9050919050565b61029b81610280565b82525050565b60006020820190506102b66000830184610292565b92915050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b60006102f6826101d3565b9150610301836101d3565b9250827fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff03821115610336576103356102bc565b5b82820190509291505056fea2646970667358221220b37e993e133ed19c840809cc8acbbba8116dee3744ba01c81044d75146805c9364736f6c634300080f0033";
@@ -324,7 +324,7 @@ pub fn test_evm_create2() {
 	let sender_evm_acc: H160 = sender_evm_acc_slice.into();
 	// Ensure the substrate version of the evm account has some money.
 	let sender_evm_substrate_addr = HashedAddressMapping::into_account_id(sender_evm_acc);
-	endow(&mut state, vec![(sender_evm_substrate_addr, 51_777_000_000_000, 0)]);
+	endow(&mut state, vec![(sender_evm_substrate_addr, 51_777_000_000_000)]);
 
 	let salt = H256::from_low_u64_be(20);
 	// Bytecode from Counter.sol
diff --git a/enclave-runtime/src/test/fixtures/components.rs b/enclave-runtime/src/test/fixtures/components.rs
index 10bbabd6ba..d9e617b9f3 100644
--- a/enclave-runtime/src/test/fixtures/components.rs
+++ b/enclave-runtime/src/test/fixtures/components.rs
@@ -24,7 +24,7 @@ use itp_sgx_crypto::ShieldingCryptoEncrypt;
 use itp_stf_primitives::types::KeyPair;
 use itp_top_pool::pool::Options as PoolOptions;
 use itp_top_pool_author::api::SidechainApi;
-use itp_types::{Block as ParentchainBlock, Enclave, ShardIdentifier};
+use itp_types::{Block as ParentchainBlock, ShardIdentifier};
 use sp_core::{ed25519, Pair, H256};
 use sp_runtime::traits::Header as HeaderTrait;
 use std::{boxed::Box, sync::Arc, vec::Vec};
@@ -39,13 +39,11 @@ pub(crate) fn create_ocall_api<Header: HeaderTrait<Hash = H256>>(
 	header: &Header,
 	signer: &TestSigner,
 ) -> Arc<TestOCallApi> {
-	let enclave_validateer = Enclave::new(
-		signer.public().into(),
-		Default::default(),
-		Default::default(),
-		Default::default(),
-	);
-	Arc::new(TestOCallApi::default().add_validateer_set(header, Some(vec![enclave_validateer])))
+	Arc::new(TestOCallApi::default().add_validateer_set(
+		header,
+		ShardIdentifier::default(),
+		Some(vec![signer.public().into()]),
+	))
 }
 
 pub(crate) fn encrypt_trusted_operation<ShieldingKey: ShieldingCryptoEncrypt>(
diff --git a/enclave-runtime/src/test/top_pool_tests.rs b/enclave-runtime/src/test/top_pool_tests.rs
index b4e0ba6447..3a37f23663 100644
--- a/enclave-runtime/src/test/top_pool_tests.rs
+++ b/enclave-runtime/src/test/top_pool_tests.rs
@@ -34,7 +34,7 @@ use ita_stf::{
 	TrustedCall, TrustedOperation,
 };
 use itc_parentchain::indirect_calls_executor::{
-	filter_metadata::{ShieldFundsAndCallWorkerFilter, TestEventCreator},
+	filter_metadata::{ShieldFundsAndInvokeFilter, TestEventCreator},
 	parentchain_parser::ParentchainExtrinsicParser,
 	ExecuteIndirectCalls, IndirectCallsExecutor,
 };
@@ -45,7 +45,7 @@ use itp_node_api::{
 		ParentchainUncheckedExtrinsic,
 	},
 	metadata::{
-		metadata_mocks::NodeMetadataMock, pallet_teerex::TeerexCallIndexes,
+		metadata_mocks::NodeMetadataMock, pallet_enclave_bridge::EnclaveBridgeCallIndexes,
 		provider::NodeMetadataRepository,
 	},
 };
@@ -134,7 +134,7 @@ pub fn submit_shielding_call_to_top_pool() {
 			_,
 			_,
 			_,
-			ShieldFundsAndCallWorkerFilter<ParentchainExtrinsicParser>,
+			ShieldFundsAndInvokeFilter<ParentchainExtrinsicParser>,
 			TestEventCreator,
 		>::new(
 			shielding_key_repo, enclave_signer, top_pool_author.clone(), node_meta_data_repository
@@ -192,7 +192,7 @@ fn create_shielding_call_extrinsic<ShieldingKey: ShieldingCryptoEncrypt>(
 	let shield_funds_indexes = dummy_node_metadata.shield_funds_call_indexes().unwrap();
 	let opaque_extrinsic = OpaqueExtrinsic::from_bytes(
 		ParentchainUncheckedExtrinsic::<ShieldFundsFn>::new_signed(
-			(shield_funds_indexes, target_account, 1000u128, shard),
+			(shield_funds_indexes, shard, target_account, 1000u128),
 			Address::Address32([1u8; 32]),
 			MultiSignature::Ed25519(signature),
 			default_extra_for_test.signed_extra(),
diff --git a/enclave-runtime/src/tls_ra/authentication.rs b/enclave-runtime/src/tls_ra/authentication.rs
index 20ba35735d..d1f9633497 100644
--- a/enclave-runtime/src/tls_ra/authentication.rs
+++ b/enclave-runtime/src/tls_ra/authentication.rs
@@ -62,7 +62,11 @@ where
 			return Err(rustls::TLSError::NoCertificatesPresented)
 		}
 
-		match cert::verify_mra_cert(&certs[0].0, &self.attestation_ocall) {
+		#[cfg(feature = "dcap")]
+		let is_dcap = true;
+		#[cfg(not(feature = "dcap"))]
+		let is_dcap = false;
+		match cert::verify_mra_cert(&certs[0].0, true, is_dcap, &self.attestation_ocall) {
 			Ok(()) => Ok(rustls::ClientCertVerified::assertion()),
 			Err(sgx_status_t::SGX_ERROR_UPDATE_NEEDED) =>
 				if self.outdated_ok {
@@ -110,8 +114,12 @@ where
 			return Err(rustls::TLSError::NoCertificatesPresented)
 		}
 
+		#[cfg(feature = "dcap")]
+		let is_dcap = true;
+		#[cfg(not(feature = "dcap"))]
+		let is_dcap = false;
 		// This call will automatically verify cert is properly signed
-		match cert::verify_mra_cert(&certs[0].0, &self.attestation_ocall) {
+		match cert::verify_mra_cert(&certs[0].0, true, is_dcap, &self.attestation_ocall) {
 			Ok(()) => Ok(rustls::ServerCertVerified::assertion()),
 			Err(sgx_status_t::SGX_ERROR_UPDATE_NEEDED) =>
 				if self.outdated_ok {
diff --git a/enclave-runtime/src/tls_ra/mocks.rs b/enclave-runtime/src/tls_ra/mocks.rs
index 2a918f48e0..e7f6900a0f 100644
--- a/enclave-runtime/src/tls_ra/mocks.rs
+++ b/enclave-runtime/src/tls_ra/mocks.rs
@@ -28,6 +28,7 @@ pub struct SealHandlerMock {
 	pub shielding_key: Arc<RwLock<Vec<u8>>>,
 	pub state_key: Arc<RwLock<Vec<u8>>>,
 	pub state: Arc<RwLock<Vec<u8>>>,
+	pub light_client_state: Arc<RwLock<Vec<u8>>>,
 }
 
 impl SealHandlerMock {
@@ -35,8 +36,9 @@ impl SealHandlerMock {
 		shielding_key: Arc<RwLock<Vec<u8>>>,
 		state_key: Arc<RwLock<Vec<u8>>>,
 		state: Arc<RwLock<Vec<u8>>>,
+		light_client_state: Arc<RwLock<Vec<u8>>>,
 	) -> Self {
-		Self { shielding_key, state_key, state }
+		Self { shielding_key, state_key, state, light_client_state }
 	}
 }
 
@@ -59,6 +61,11 @@ impl SealStateAndKeys for SealHandlerMock {
 	fn seal_new_empty_state(&self, _shard: &ShardIdentifier) -> EnclaveResult<()> {
 		Ok(())
 	}
+
+	fn seal_light_client_state(&self, bytes: &[u8]) -> EnclaveResult<()> {
+		*self.light_client_state.write().unwrap() = bytes.to_vec();
+		Ok(())
+	}
 }
 
 impl UnsealStateAndKeys for SealHandlerMock {
@@ -73,4 +80,8 @@ impl UnsealStateAndKeys for SealHandlerMock {
 	fn unseal_state(&self, _shard: &ShardIdentifier) -> EnclaveResult<Vec<u8>> {
 		Ok(self.state.read().unwrap().clone())
 	}
+
+	fn unseal_light_client_state(&self) -> EnclaveResult<Vec<u8>> {
+		Ok(self.light_client_state.read().unwrap().clone())
+	}
 }
diff --git a/enclave-runtime/src/tls_ra/mod.rs b/enclave-runtime/src/tls_ra/mod.rs
index 8bb672b5f3..90724cdfe5 100644
--- a/enclave-runtime/src/tls_ra/mod.rs
+++ b/enclave-runtime/src/tls_ra/mod.rs
@@ -18,6 +18,8 @@
 //! Contains all logic of the state provisioning mechanism
 //! including the remote attestation and tls / tcp connection part.
 
+use codec::{Decode, Encode, MaxEncodedLen};
+
 mod authentication;
 pub mod seal_handler;
 mod tls_ra_client;
@@ -29,9 +31,9 @@ pub mod tests;
 #[cfg(feature = "test")]
 pub mod mocks;
 
-/// Header of an accompanied payloard. Indicates the
+/// Header of an accompanied payload. Indicates the
 /// length an the type (opcode) of the following payload.
-#[derive(Clone, Debug)]
+#[derive(Clone, Debug, Decode, Encode, MaxEncodedLen)]
 pub struct TcpHeader {
 	pub opcode: Opcode,
 	pub payload_length: u64,
@@ -44,11 +46,12 @@ impl TcpHeader {
 }
 
 /// Indicates the payload content type.
-#[derive(Copy, Clone, Debug, Eq, PartialEq)]
+#[derive(Copy, Clone, Debug, Eq, PartialEq, Decode, Encode, MaxEncodedLen)]
 pub enum Opcode {
-	ShieldingKey = 0,
-	StateKey = 1,
-	State = 2,
+	ShieldingKey,
+	StateKey,
+	State,
+	LightClient,
 }
 
 impl From<u8> for Opcode {
@@ -57,6 +60,7 @@ impl From<u8> for Opcode {
 			0 => Opcode::ShieldingKey,
 			1 => Opcode::StateKey,
 			2 => Opcode::State,
+			3 => Opcode::LightClient,
 			_ => unimplemented!("Unsupported/unknown Opcode for MU-RA exchange"),
 		}
 	}
diff --git a/enclave-runtime/src/tls_ra/seal_handler.rs b/enclave-runtime/src/tls_ra/seal_handler.rs
index 05f83dbd42..bb7828dd57 100644
--- a/enclave-runtime/src/tls_ra/seal_handler.rs
+++ b/enclave-runtime/src/tls_ra/seal_handler.rs
@@ -21,6 +21,7 @@
 use crate::error::{Error as EnclaveError, Result as EnclaveResult};
 use codec::{Decode, Encode};
 use ita_stf::{State as StfState, StateType as StfStateType};
+use itc_parentchain::light_client::LightClientSealing;
 use itp_sgx_crypto::{
 	key_repository::{AccessKey, MutateKey},
 	Aes,
@@ -34,32 +35,23 @@ use std::{sync::Arc, vec::Vec};
 
 /// Handles the sealing and unsealing of the shielding key, state key and the state.
 #[derive(Default)]
-pub struct SealHandler<ShieldingKeyRepository, StateKeyRepository, StateHandler>
-where
-	ShieldingKeyRepository: AccessKey<KeyType = Rsa3072KeyPair> + MutateKey<Rsa3072KeyPair>,
-	StateKeyRepository: AccessKey<KeyType = Aes> + MutateKey<Aes>,
-	// Constraint StateT = StfState currently necessary because SgxExternalities Encode/Decode does not work.
-	// See https://github.com/integritee-network/sgx-runtime/issues/46.
-	StateHandler: HandleState<StateT = StfState>,
-{
+pub struct SealHandler<ShieldingKeyRepository, StateKeyRepository, StateHandler, LightClientSeal> {
 	state_handler: Arc<StateHandler>,
 	state_key_repository: Arc<StateKeyRepository>,
 	shielding_key_repository: Arc<ShieldingKeyRepository>,
+	light_client_seal: Arc<LightClientSeal>,
 }
 
-impl<ShieldingKeyRepository, StateKeyRepository, StateHandler>
-	SealHandler<ShieldingKeyRepository, StateKeyRepository, StateHandler>
-where
-	ShieldingKeyRepository: AccessKey<KeyType = Rsa3072KeyPair> + MutateKey<Rsa3072KeyPair>,
-	StateKeyRepository: AccessKey<KeyType = Aes> + MutateKey<Aes>,
-	StateHandler: HandleState<StateT = StfState>,
+impl<ShieldingKeyRepository, StateKeyRepository, StateHandler, LightClientSeal>
+	SealHandler<ShieldingKeyRepository, StateKeyRepository, StateHandler, LightClientSeal>
 {
 	pub fn new(
 		state_handler: Arc<StateHandler>,
 		state_key_repository: Arc<StateKeyRepository>,
 		shielding_key_repository: Arc<ShieldingKeyRepository>,
+		light_client_seal: Arc<LightClientSeal>,
 	) -> Self {
-		Self { state_handler, state_key_repository, shielding_key_repository }
+		Self { state_handler, state_key_repository, shielding_key_repository, light_client_seal }
 	}
 }
 
@@ -68,20 +60,24 @@ pub trait SealStateAndKeys {
 	fn seal_state_key(&self, bytes: &[u8]) -> EnclaveResult<()>;
 	fn seal_state(&self, bytes: &[u8], shard: &ShardIdentifier) -> EnclaveResult<()>;
 	fn seal_new_empty_state(&self, shard: &ShardIdentifier) -> EnclaveResult<()>;
+	fn seal_light_client_state(&self, bytes: &[u8]) -> EnclaveResult<()>;
 }
 
 pub trait UnsealStateAndKeys {
 	fn unseal_shielding_key(&self) -> EnclaveResult<Vec<u8>>;
 	fn unseal_state_key(&self) -> EnclaveResult<Vec<u8>>;
 	fn unseal_state(&self, shard: &ShardIdentifier) -> EnclaveResult<Vec<u8>>;
+	fn unseal_light_client_state(&self) -> EnclaveResult<Vec<u8>>;
 }
 
-impl<ShieldingKeyRepository, StateKeyRepository, StateHandler> SealStateAndKeys
-	for SealHandler<ShieldingKeyRepository, StateKeyRepository, StateHandler>
+impl<ShieldingKeyRepository, StateKeyRepository, StateHandler, LightClientSeal> SealStateAndKeys
+	for SealHandler<ShieldingKeyRepository, StateKeyRepository, StateHandler, LightClientSeal>
 where
 	ShieldingKeyRepository: AccessKey<KeyType = Rsa3072KeyPair> + MutateKey<Rsa3072KeyPair>,
 	StateKeyRepository: AccessKey<KeyType = Aes> + MutateKey<Aes>,
 	StateHandler: HandleState<StateT = StfState>,
+	LightClientSeal: LightClientSealing,
+	LightClientSeal::LightClientState: Decode,
 {
 	fn seal_shielding_key(&self, bytes: &[u8]) -> EnclaveResult<()> {
 		let key: Rsa3072KeyPair = serde_json::from_slice(bytes).map_err(|e| {
@@ -109,6 +105,13 @@ where
 		Ok(())
 	}
 
+	fn seal_light_client_state(&self, mut bytes: &[u8]) -> EnclaveResult<()> {
+		let state = <LightClientSeal as LightClientSealing>::LightClientState::decode(&mut bytes)?;
+		self.light_client_seal.seal(&state)?;
+		info!("Successfully sealed light client state");
+		Ok(())
+	}
+
 	/// Seal an empty, newly initialized state.
 	///
 	/// Requires the shielding key to be sealed and updated before calling this.
@@ -123,12 +126,14 @@ where
 	}
 }
 
-impl<ShieldingKeyRepository, StateKeyRepository, StateHandler> UnsealStateAndKeys
-	for SealHandler<ShieldingKeyRepository, StateKeyRepository, StateHandler>
+impl<ShieldingKeyRepository, StateKeyRepository, StateHandler, LightClientSeal> UnsealStateAndKeys
+	for SealHandler<ShieldingKeyRepository, StateKeyRepository, StateHandler, LightClientSeal>
 where
 	ShieldingKeyRepository: AccessKey<KeyType = Rsa3072KeyPair> + MutateKey<Rsa3072KeyPair>,
 	StateKeyRepository: AccessKey<KeyType = Aes> + MutateKey<Aes>,
 	StateHandler: HandleState<StateT = StfState>,
+	LightClientSeal: LightClientSealing,
+	LightClientSeal::LightClientState: Encode,
 {
 	fn unseal_shielding_key(&self) -> EnclaveResult<Vec<u8>> {
 		let shielding_key = self
@@ -148,19 +153,28 @@ where
 	fn unseal_state(&self, shard: &ShardIdentifier) -> EnclaveResult<Vec<u8>> {
 		Ok(self.state_handler.execute_on_current(shard, |state, _| state.state.encode())?)
 	}
+
+	fn unseal_light_client_state(&self) -> EnclaveResult<Vec<u8>> {
+		Ok(self.light_client_seal.unseal()?.encode())
+	}
 }
 
 #[cfg(feature = "test")]
 pub mod test {
 	use super::*;
+	use itc_parentchain::light_client::mocks::validator_mock_seal::LightValidationStateSealMock;
 	use itp_sgx_crypto::mocks::KeyRepositoryMock;
 	use itp_test::mock::handle_state_mock::HandleStateMock;
 
 	type StateKeyRepositoryMock = KeyRepositoryMock<Aes>;
 	type ShieldingKeyRepositoryMock = KeyRepositoryMock<Rsa3072KeyPair>;
 
-	type SealHandlerMock =
-		SealHandler<ShieldingKeyRepositoryMock, StateKeyRepositoryMock, HandleStateMock>;
+	type SealHandlerMock = SealHandler<
+		ShieldingKeyRepositoryMock,
+		StateKeyRepositoryMock,
+		HandleStateMock,
+		LightValidationStateSealMock,
+	>;
 
 	pub fn seal_shielding_key_works() {
 		let seal_handler = SealHandlerMock::default();
diff --git a/enclave-runtime/src/tls_ra/tests.rs b/enclave-runtime/src/tls_ra/tests.rs
index 29d00c67ad..beae945656 100644
--- a/enclave-runtime/src/tls_ra/tests.rs
+++ b/enclave-runtime/src/tls_ra/tests.rs
@@ -26,6 +26,7 @@ use crate::{
 	tls_ra::seal_handler::{SealHandler, SealStateAndKeys, UnsealStateAndKeys},
 };
 use ita_stf::State;
+use itc_parentchain::light_client::mocks::validator_mock_seal::LightValidationStateSealMock;
 use itp_settings::worker_mode::{ProvideWorkerMode, WorkerMode, WorkerModeProvider};
 use itp_sgx_crypto::{mocks::KeyRepositoryMock, Aes};
 use itp_stf_interface::InitState;
@@ -34,7 +35,7 @@ use itp_stf_state_handler::handle_state::HandleState;
 use itp_test::mock::handle_state_mock::HandleStateMock;
 use itp_types::ShardIdentifier;
 use sgx_crypto_helper::{rsa3072::Rsa3072KeyPair, RsaKeyPair};
-use sgx_types::sgx_quote_sign_type_t;
+use sgx_types::{sgx_quote_sign_type_t, sgx_target_info_t};
 use std::{
 	net::{TcpListener, TcpStream},
 	os::unix::io::AsRawFd,
@@ -47,14 +48,18 @@ use std::{
 
 static SIGN_TYPE: sgx_quote_sign_type_t = sgx_quote_sign_type_t::SGX_UNLINKABLE_SIGNATURE;
 static SKIP_RA: i32 = 1;
+static QUOTE_SIZE: u32 = 0;
 
 fn run_state_provisioning_server(seal_handler: impl UnsealStateAndKeys, port: u16) {
 	let listener = TcpListener::bind(server_addr(port)).unwrap();
 
 	let (socket, _addr) = listener.accept().unwrap();
+	let sgx_target_info: sgx_target_info_t = sgx_target_info_t::default();
 	run_state_provisioning_server_internal::<_, WorkerModeProvider>(
 		socket.as_raw_fd(),
 		SIGN_TYPE,
+		Some(&sgx_target_info),
+		Some(&QUOTE_SIZE),
 		SKIP_RA,
 		seal_handler,
 	)
@@ -70,22 +75,28 @@ pub fn test_tls_ra_server_client_networking() {
 	let shielding_key_encoded = vec![1, 2, 3];
 	let state_key_encoded = vec![5, 2, 3, 7];
 	let state_encoded = Vec::from([1u8; 26000]); // Have a decently sized state, so read() must be called multiple times.
+	let light_client_state_encoded = Vec::from([1u8; 10000]); // Have a decently sized state, so read() must be called multiple times.
 
 	let server_seal_handler = SealHandlerMock::new(
 		Arc::new(RwLock::new(shielding_key_encoded.clone())),
 		Arc::new(RwLock::new(state_key_encoded.clone())),
 		Arc::new(RwLock::new(state_encoded.clone())),
+		Arc::new(RwLock::new(light_client_state_encoded.clone())),
 	);
 	let initial_client_state = vec![0, 0, 1];
 	let initial_client_state_key = vec![0, 0, 2];
+	let initial_client_light_client_state = vec![0, 0, 3];
 	let client_shielding_key = Arc::new(RwLock::new(Vec::new()));
 	let client_state_key = Arc::new(RwLock::new(initial_client_state_key.clone()));
 	let client_state = Arc::new(RwLock::new(initial_client_state.clone()));
+	let client_light_client_state =
+		Arc::new(RwLock::new(initial_client_light_client_state.clone()));
 
 	let client_seal_handler = SealHandlerMock::new(
 		client_shielding_key.clone(),
 		client_state_key.clone(),
 		client_state.clone(),
+		client_light_client_state.clone(),
 	);
 
 	let port: u16 = 3149;
@@ -98,9 +109,12 @@ pub fn test_tls_ra_server_client_networking() {
 
 	// Start client.
 	let socket = TcpStream::connect(server_addr(port)).unwrap();
+	let sgx_target_info: sgx_target_info_t = sgx_target_info_t::default();
 	let result = request_state_provisioning_internal(
 		socket.as_raw_fd(),
 		SIGN_TYPE,
+		Some(&sgx_target_info),
+		Some(&QUOTE_SIZE),
 		shard,
 		SKIP_RA,
 		client_seal_handler.clone(),
@@ -111,6 +125,7 @@ pub fn test_tls_ra_server_client_networking() {
 
 	assert!(result.is_ok());
 	assert_eq!(*client_shielding_key.read().unwrap(), shielding_key_encoded);
+	assert_eq!(*client_light_client_state.read().unwrap(), light_client_state_encoded);
 
 	// State and state-key are provisioned only in sidechain mode
 	if WorkerModeProvider::worker_mode() == WorkerMode::Sidechain {
@@ -144,9 +159,12 @@ pub fn test_state_and_key_provisioning() {
 
 	// Start client.
 	let socket = TcpStream::connect(server_addr(port)).unwrap();
+	let sgx_target_info: sgx_target_info_t = sgx_target_info_t::default();
 	let result = request_state_provisioning_internal(
 		socket.as_raw_fd(),
 		SIGN_TYPE,
+		Some(&sgx_target_info),
+		Some(&QUOTE_SIZE),
 		shard,
 		SKIP_RA,
 		client_seal_handler,
@@ -169,5 +187,7 @@ fn create_seal_handler(
 		Arc::new(KeyRepositoryMock::<Rsa3072KeyPair>::new(shielding_key));
 	let state_handler = Arc::new(HandleStateMock::default());
 	state_handler.reset(state, shard).unwrap();
-	SealHandler::new(state_handler, state_key_repository, shielding_key_repository)
+	let seal = Arc::new(LightValidationStateSealMock::new());
+
+	SealHandler::new(state_handler, state_key_repository, shielding_key_repository, seal)
 }
diff --git a/enclave-runtime/src/tls_ra/tls_ra_client.rs b/enclave-runtime/src/tls_ra/tls_ra_client.rs
index 1b7ca3bca8..9eb1546b2a 100644
--- a/enclave-runtime/src/tls_ra/tls_ra_client.rs
+++ b/enclave-runtime/src/tls_ra/tls_ra_client.rs
@@ -22,14 +22,14 @@ use crate::{
 	attestation::create_ra_report_and_signature,
 	error::{Error as EnclaveError, Result as EnclaveResult},
 	initialization::global_components::{
-		EnclaveSealHandler, GLOBAL_SHIELDING_KEY_REPOSITORY_COMPONENT,
+		EnclaveSealHandler, GLOBAL_LIGHT_CLIENT_SEAL, GLOBAL_SHIELDING_KEY_REPOSITORY_COMPONENT,
 		GLOBAL_STATE_KEY_REPOSITORY_COMPONENT,
 	},
 	ocall::OcallApi,
 	tls_ra::seal_handler::SealStateAndKeys,
 	GLOBAL_STATE_HANDLER_COMPONENT,
 };
-use itp_attestation_handler::DEV_HOSTNAME;
+use itp_attestation_handler::{RemoteAttestationType, DEV_HOSTNAME};
 use itp_component_container::ComponentGetter;
 use itp_ocall_api::EnclaveAttestationOCallApi;
 use itp_types::ShardIdentifier;
@@ -74,13 +74,17 @@ where
 	/// We trust here that the server sends us the correct data, as
 	/// we do not have any way to test it.
 	fn read_shard(&mut self) -> EnclaveResult<()> {
+		debug!("read_shard called, about to call self.write_shard().");
 		self.write_shard()?;
+		debug!("self.write_shard() succeeded.");
 		self.read_and_seal_all()
 	}
 
 	/// Send the shard of the state we want to receive to the provisioning server.
 	fn write_shard(&mut self) -> EnclaveResult<()> {
+		debug!("self.write_shard() called.");
 		self.tls_stream.write_all(self.shard.as_bytes())?;
+		debug!("write_all succeeded.");
 		Ok(())
 	}
 
@@ -124,6 +128,7 @@ where
 			Opcode::ShieldingKey => self.seal_handler.seal_shielding_key(&bytes)?,
 			Opcode::StateKey => self.seal_handler.seal_state_key(&bytes)?,
 			Opcode::State => self.seal_handler.seal_state(&bytes, &self.shard)?,
+			Opcode::LightClient => self.seal_handler.seal_light_client_state(&bytes)?,
 		};
 		Ok(Some(header.opcode))
 	}
@@ -155,6 +160,8 @@ where
 pub unsafe extern "C" fn request_state_provisioning(
 	socket_fd: c_int,
 	sign_type: sgx_quote_sign_type_t,
+	quoting_enclave_target_info: Option<&sgx_target_info_t>,
+	quote_size: Option<&u32>,
 	shard: *const u8,
 	shard_size: u32,
 	skip_ra: c_int,
@@ -186,12 +193,30 @@ pub unsafe extern "C" fn request_state_provisioning(
 		},
 	};
 
-	let seal_handler =
-		EnclaveSealHandler::new(state_handler, state_key_repository, shielding_key_repository);
+	let light_client_seal = match GLOBAL_LIGHT_CLIENT_SEAL.get() {
+		Ok(s) => s,
+		Err(e) => {
+			error!("{:?}", e);
+			return sgx_status_t::SGX_ERROR_UNEXPECTED
+		},
+	};
+
+	let seal_handler = EnclaveSealHandler::new(
+		state_handler,
+		state_key_repository,
+		shielding_key_repository,
+		light_client_seal,
+	);
 
-	if let Err(e) =
-		request_state_provisioning_internal(socket_fd, sign_type, shard, skip_ra, seal_handler)
-	{
+	if let Err(e) = request_state_provisioning_internal(
+		socket_fd,
+		sign_type,
+		quoting_enclave_target_info,
+		quote_size,
+		shard,
+		skip_ra,
+		seal_handler,
+	) {
 		error!("Failed to sync state due to: {:?}", e);
 		return e.into()
 	};
@@ -203,12 +228,23 @@ pub unsafe extern "C" fn request_state_provisioning(
 pub(crate) fn request_state_provisioning_internal<StateAndKeySealer: SealStateAndKeys>(
 	socket_fd: c_int,
 	sign_type: sgx_quote_sign_type_t,
+	quoting_enclave_target_info: Option<&sgx_target_info_t>,
+	quote_size: Option<&u32>,
 	shard: ShardIdentifier,
 	skip_ra: c_int,
 	seal_handler: StateAndKeySealer,
 ) -> EnclaveResult<()> {
-	let client_config = tls_client_config(sign_type, OcallApi, skip_ra == 1)?;
+	debug!("Client config generate...");
+	let client_config = tls_client_config(
+		sign_type,
+		quoting_enclave_target_info,
+		quote_size,
+		OcallApi,
+		skip_ra == 1,
+	)?;
+	debug!("Client config retrieved");
 	let (mut client_session, mut tcp_stream) = tls_client_session_stream(socket_fd, client_config)?;
+	debug!("Client sesssion established.");
 
 	let mut client = TlsClient::new(
 		rustls::Stream::new(&mut client_session, &mut tcp_stream),
@@ -222,10 +258,24 @@ pub(crate) fn request_state_provisioning_internal<StateAndKeySealer: SealStateAn
 
 fn tls_client_config<A: EnclaveAttestationOCallApi + 'static>(
 	sign_type: sgx_quote_sign_type_t,
+	quoting_enclave_target_info: Option<&sgx_target_info_t>,
+	quote_size: Option<&u32>,
 	ocall_api: A,
 	skip_ra: bool,
 ) -> EnclaveResult<ClientConfig> {
-	let (key_der, cert_der) = create_ra_report_and_signature(sign_type, skip_ra)?;
+	#[cfg(not(feature = "dcap"))]
+	let attestation_type = RemoteAttestationType::Epid;
+	#[cfg(feature = "dcap")]
+	let attestation_type = RemoteAttestationType::Dcap;
+
+	let (key_der, cert_der) = create_ra_report_and_signature(
+		skip_ra,
+		attestation_type,
+		sign_type,
+		quoting_enclave_target_info,
+		quote_size,
+	)?;
+	debug!("got key_der and cert_der");
 
 	let mut cfg = rustls::ClientConfig::new();
 	let certs = vec![rustls::Certificate(cert_der)];
diff --git a/enclave-runtime/src/tls_ra/tls_ra_server.rs b/enclave-runtime/src/tls_ra/tls_ra_server.rs
index 35a053814f..836b146b9d 100644
--- a/enclave-runtime/src/tls_ra/tls_ra_server.rs
+++ b/enclave-runtime/src/tls_ra/tls_ra_server.rs
@@ -22,13 +22,14 @@ use crate::{
 	attestation::create_ra_report_and_signature,
 	error::{Error as EnclaveError, Result as EnclaveResult},
 	initialization::global_components::{
-		EnclaveSealHandler, GLOBAL_SHIELDING_KEY_REPOSITORY_COMPONENT,
+		EnclaveSealHandler, GLOBAL_LIGHT_CLIENT_SEAL, GLOBAL_SHIELDING_KEY_REPOSITORY_COMPONENT,
 		GLOBAL_STATE_KEY_REPOSITORY_COMPONENT,
 	},
 	ocall::OcallApi,
 	tls_ra::seal_handler::UnsealStateAndKeys,
 	GLOBAL_STATE_HANDLER_COMPONENT,
 };
+use itp_attestation_handler::RemoteAttestationType;
 use itp_component_container::ComponentGetter;
 use itp_ocall_api::EnclaveAttestationOCallApi;
 use itp_settings::worker_mode::{ProvideWorkerMode, WorkerMode, WorkerModeProvider};
@@ -46,14 +47,14 @@ use std::{
 #[derive(Clone, Eq, PartialEq, Debug)]
 enum ProvisioningPayload {
 	Everything,
-	ShieldingKeyOnly,
+	ShieldingKeyAndLightClient,
 }
 
 impl From<WorkerMode> for ProvisioningPayload {
 	fn from(m: WorkerMode) -> Self {
 		match m {
 			WorkerMode::OffChainWorker | WorkerMode::Teeracle =>
-				ProvisioningPayload::ShieldingKeyOnly,
+				ProvisioningPayload::ShieldingKeyAndLightClient,
 			WorkerMode::Sidechain => ProvisioningPayload::Everything,
 		}
 	}
@@ -82,7 +83,10 @@ where
 
 	/// Sends all relevant data of the specific shard to the client.
 	fn write_shard(&mut self) -> EnclaveResult<()> {
+		println!("    [Enclave] (MU-RA-Server) write_shard, calling read_shard()");
 		let shard = self.read_shard()?;
+		println!("    [Enclave] (MU-RA-Server) write_shard, read_shard() OK");
+		println!("    [Enclave] (MU-RA-Server) write_shard, write_all()");
 		self.write_all(&shard)
 	}
 
@@ -90,6 +94,7 @@ where
 	fn read_shard(&mut self) -> EnclaveResult<ShardIdentifier> {
 		let mut shard_holder = ShardIdentifier::default();
 		let shard = shard_holder.as_fixed_bytes_mut();
+		println!("    [Enclave] (MU-RA-Server) read_shard, calling read_exact()");
 		self.tls_stream.read_exact(shard)?;
 		Ok(shard.into())
 	}
@@ -102,9 +107,11 @@ where
 				self.write_shielding_key()?;
 				self.write_state_key()?;
 				self.write_state(shard)?;
+				self.write_light_client_state()?;
 			},
-			ProvisioningPayload::ShieldingKeyOnly => {
+			ProvisioningPayload::ShieldingKeyAndLightClient => {
 				self.write_shielding_key()?;
+				self.write_light_client_state()?;
 			},
 		}
 
@@ -130,6 +137,12 @@ where
 		Ok(())
 	}
 
+	fn write_light_client_state(&mut self) -> EnclaveResult<()> {
+		let state = self.seal_handler.unseal_light_client_state()?;
+		self.write(Opcode::LightClient, &state)?;
+		Ok(())
+	}
+
 	/// Sends the header followed by the payload.
 	fn write(&mut self, opcode: Opcode, bytes: &[u8]) -> EnclaveResult<()> {
 		let payload_length = bytes.len() as u64;
@@ -155,6 +168,8 @@ where
 pub unsafe extern "C" fn run_state_provisioning_server(
 	socket_fd: c_int,
 	sign_type: sgx_quote_sign_type_t,
+	quoting_enclave_target_info: Option<&sgx_target_info_t>,
+	quote_size: Option<&u32>,
 	skip_ra: c_int,
 ) -> sgx_status_t {
 	let _ = backtrace::enable_backtrace("enclave.signed.so", PrintFormat::Short);
@@ -183,12 +198,26 @@ pub unsafe extern "C" fn run_state_provisioning_server(
 		},
 	};
 
-	let seal_handler =
-		EnclaveSealHandler::new(state_handler, state_key_repository, shielding_key_repository);
+	let light_client_seal = match GLOBAL_LIGHT_CLIENT_SEAL.get() {
+		Ok(s) => s,
+		Err(e) => {
+			error!("{:?}", e);
+			return sgx_status_t::SGX_ERROR_UNEXPECTED
+		},
+	};
+
+	let seal_handler = EnclaveSealHandler::new(
+		state_handler,
+		state_key_repository,
+		shielding_key_repository,
+		light_client_seal,
+	);
 
 	if let Err(e) = run_state_provisioning_server_internal::<_, WorkerModeProvider>(
 		socket_fd,
 		sign_type,
+		quoting_enclave_target_info,
+		quote_size,
 		skip_ra,
 		seal_handler,
 	) {
@@ -206,10 +235,18 @@ pub(crate) fn run_state_provisioning_server_internal<
 >(
 	socket_fd: c_int,
 	sign_type: sgx_quote_sign_type_t,
+	quoting_enclave_target_info: Option<&sgx_target_info_t>,
+	quote_size: Option<&u32>,
 	skip_ra: c_int,
 	seal_handler: StateAndKeyUnsealer,
 ) -> EnclaveResult<()> {
-	let server_config = tls_server_config(sign_type, OcallApi, skip_ra == 1)?;
+	let server_config = tls_server_config(
+		sign_type,
+		quoting_enclave_target_info,
+		quote_size,
+		OcallApi,
+		skip_ra == 1,
+	)?;
 	let (server_session, tcp_stream) = tls_server_session_stream(socket_fd, server_config)?;
 	let provisioning = ProvisioningPayload::from(WorkerModeProvider::worker_mode());
 
@@ -217,6 +254,7 @@ pub(crate) fn run_state_provisioning_server_internal<
 		TlsServer::new(StreamOwned::new(server_session, tcp_stream), seal_handler, provisioning);
 
 	println!("    [Enclave] (MU-RA-Server) MU-RA successful sending keys");
+	println!("    [Enclave] (MU-RA-Server) MU-RA successful, calling write_shard()");
 	server.write_shard()
 }
 
@@ -231,10 +269,23 @@ fn tls_server_session_stream(
 
 fn tls_server_config<A: EnclaveAttestationOCallApi + 'static>(
 	sign_type: sgx_quote_sign_type_t,
+	quoting_enclave_target_info: Option<&sgx_target_info_t>,
+	quote_size: Option<&u32>,
 	ocall_api: A,
 	skip_ra: bool,
 ) -> EnclaveResult<ServerConfig> {
-	let (key_der, cert_der) = create_ra_report_and_signature(sign_type, skip_ra)?;
+	#[cfg(not(feature = "dcap"))]
+	let attestation_type = RemoteAttestationType::Epid;
+	#[cfg(feature = "dcap")]
+	let attestation_type = RemoteAttestationType::Dcap;
+
+	let (key_der, cert_der) = create_ra_report_and_signature(
+		skip_ra,
+		attestation_type,
+		sign_type,
+		quoting_enclave_target_info,
+		quote_size,
+	)?;
 
 	let mut cfg = rustls::ServerConfig::new(Arc::new(ClientAuth::new(true, skip_ra, ocall_api)));
 	let certs = vec![rustls::Certificate(cert_der)];
diff --git a/enclave-runtime/src/top_pool_execution.rs b/enclave-runtime/src/top_pool_execution.rs
index cff5971ae7..fbcad96947 100644
--- a/enclave-runtime/src/top_pool_execution.rs
+++ b/enclave-runtime/src/top_pool_execution.rs
@@ -59,7 +59,7 @@ use its_sidechain::{
 };
 use log::*;
 use sgx_types::sgx_status_t;
-use sp_core::Pair;
+use sp_core::{crypto::UncheckedFrom, Pair};
 use sp_runtime::{
 	generic::SignedBlock as SignedParentchainBlock, traits::Block as BlockTrait, MultiSignature,
 };
@@ -213,7 +213,7 @@ where
 		HeaderTrait<ShardIdentifier = H256>,
 	SignedSidechainBlock::Signature: From<Authority::Signature>,
 	Authority: Pair<Public = sp_core::ed25519::Public>,
-	Authority::Public: Encode,
+	Authority::Public: Encode + UncheckedFrom<[u8; 32]>,
 	OCallApi: ValidateerFetch + EnclaveOnChainOCallApi + Send + 'static,
 	NumberFor<ParentchainBlock>: BlockNumberOps,
 	PEnvironment:
diff --git a/local-setup/py/worker.py b/local-setup/py/worker.py
index 3c9697b1f3..e9bf284ed7 100644
--- a/local-setup/py/worker.py
+++ b/local-setup/py/worker.py
@@ -164,9 +164,10 @@ def run_in_background(self, log_file: TextIO, flags: [str] = None, subcommand_fl
                                         'its_consensus_aura=trace,'
                                         'itc_parentchain_block_importer=debug,'
                                         'ita_stf=debug')
-
+        worker_cmd = self._assemble_cmd(flags=flags, subcommand_flags=subcommand_flags)
+        print("worker command is "+ str(worker_cmd))
         return Popen(
-            self._assemble_cmd(flags=flags, subcommand_flags=subcommand_flags),
+            worker_cmd,
             env=env,
             stdout=log_file,
             stderr=STDOUT,
diff --git a/samples/teeracle/README.md b/samples/teeracle/README.md
new file mode 100644
index 0000000000..05758f7d09
--- /dev/null
+++ b/samples/teeracle/README.md
@@ -0,0 +1,58 @@
+# Teeracle install into Securitee's kubernetes cluster
+
+This example is about to install [Integritee's Teeracle](https://docs.integritee.network/3-our-technology/3.5-use-cases/3.5.3-teeracle-oracle-framework).
+
+*Prerequisites:*
+
+* Ensure you have access to a Kubernetes cluster with SGX-enabled nodes and kubectl installed and configured. The easiest way to get started is to order Kubernetes from Securitee [Securitee Kubernetes](https://securitee.tech/products/), which offers SGX-enabled nodes.
+* You have [Helm](https://helm.sh/docs/intro/install/) installed
+
+## Kubernetes deployment walkthrough
+
+We are now installing Teeracle
+
+### Install steps
+
+
+* Edit the configuration values in file [kubernetes/values.yaml](kubernetes/values.yaml)
+    ```yaml
+    app:
+      url: "wss://rococo.api.integritee.network"
+      interval: "2m"
+    ```
+* Install the Teeracle into the cluster
+
+    ```bash
+    helm install -f ./kubernetes/values.yaml teeracle ./kubernetes --create-namespace -n teeracle
+    or run
+    ./install-teeracle.sh
+    ```
+
+
+## Misc.
+
+### SGX Plugin
+
+If you are running in simulation mode, or are using a different plugin please edit the [kubernetes/templates/teeracle.yaml](kubernetes/templates/teeracle.yaml)
+  ```yaml
+    limits:
+      sgx.intel.com/epc: "10Mi"
+      sgx.intel.com/enclave: 1
+      sgx.intel.com/provision: 1
+  ```
+
+### PCCS server
+
+The DCAP attestation requires a running PCCS server - which is provided by Securitee by default that's why we need to mount the ```/etc/sgx_default_qcnl.conf``` config file
+see [kubernetes/templates/teeracle.yaml](kubernetes/templates/teeracle.yaml)
+  ```yaml
+          volumeMounts:
+          - name: qcnl
+          mountPath: /etc/sgx_default_qcnl.conf
+          ...
+      volumes:
+      - name: qcnl
+        hostPath:
+          path: /etc/sgx_default_qcnl.conf
+
+  ```
diff --git a/samples/teeracle/install-teeracle.sh b/samples/teeracle/install-teeracle.sh
new file mode 100755
index 0000000000..dbc21bc2b4
--- /dev/null
+++ b/samples/teeracle/install-teeracle.sh
@@ -0,0 +1,7 @@
+#!/bin/env bash
+
+namespace=teeracle
+helm uninstall -n $namespace teeracle
+
+helm install -f ./kubernetes/values.yaml teeracle ./kubernetes --create-namespace -n $namespace
+
diff --git a/samples/teeracle/kubernetes/Chart.yaml b/samples/teeracle/kubernetes/Chart.yaml
new file mode 100644
index 0000000000..d1f3a9a7f8
--- /dev/null
+++ b/samples/teeracle/kubernetes/Chart.yaml
@@ -0,0 +1,7 @@
+apiVersion: v2
+name: teeracle
+description: teeracle dcap
+
+type: application
+version: 0.1.0
+appVersion: 1.0.0
\ No newline at end of file
diff --git a/samples/teeracle/kubernetes/templates/teeracle.yaml b/samples/teeracle/kubernetes/templates/teeracle.yaml
new file mode 100644
index 0000000000..130ad79cb4
--- /dev/null
+++ b/samples/teeracle/kubernetes/templates/teeracle.yaml
@@ -0,0 +1,73 @@
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: teeracle
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: teeracle-main
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: teeracle
+    role: main
+    tier: backend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: teeracle
+      role: main
+      tier: backend
+  template:
+    metadata:
+      labels:
+        app: teeracle
+    spec:
+      serviceAccountName: teeracle
+      containers:
+      - image: {{ .Values.image }}
+        imagePullPolicy: {{ .Values.imagePullPolicy }}
+
+        args: [
+          "-p", "443",
+          "-u", {{ .Values.app.url }},
+          "--enable-metrics",
+          "--data-dir", "/opt/teeracle",
+          "run",
+          "--teeracle-interval", {{ .Values.app.interval }}
+        ]
+        name: teeracle
+
+        resources:
+          # Resource request to use Intel SGX Device Plugin
+          # If you are running in simulation mode, or are using a different plugin,
+          # update these values accordingly
+          limits:
+            sgx.intel.com/epc: "10Mi"
+            sgx.intel.com/enclave: 1
+            sgx.intel.com/provision: 1
+
+        volumeMounts:
+        - name: aesmd-socket
+          mountPath: /var/run/aesmd
+        - name: data-dir
+          mountPath: /opt/teeracle
+        - name: qcnl
+          mountPath: /etc/sgx_default_qcnl.conf
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+      - name: aesmd-socket
+        hostPath:
+          path: /var/run/aesmd
+      - name: data-dir
+        hostPath:
+          path: /opt/teeracle
+      - name: qcnl
+        hostPath:
+          path: /etc/sgx_default_qcnl.conf
+
diff --git a/samples/teeracle/kubernetes/values.yaml b/samples/teeracle/kubernetes/values.yaml
new file mode 100644
index 0000000000..8a423ee3ab
--- /dev/null
+++ b/samples/teeracle/kubernetes/values.yaml
@@ -0,0 +1,14 @@
+imagePullSecrets:
+  - name: regcred
+
+imagePullPolicy: IfNotPresent
+
+image: integritee/teeracle:v0.12.2-dev
+
+# 
+# To get more insights run:
+# docker run integritee/teeracle:v0.12.2-dev --help
+#
+app:
+  url: "wss://rococo.api.integritee.network"
+  interval: "2m"
\ No newline at end of file
diff --git a/service/Cargo.toml b/service/Cargo.toml
index 98f2f21417..0ecd12edbe 100644
--- a/service/Cargo.toml
+++ b/service/Cargo.toml
@@ -63,6 +63,7 @@ its-storage = { path = "../sidechain/storage" }
 my-node-runtime = { package = "integritee-node-runtime", git = "https://github.com/integritee-network/integritee-node.git", branch = "polkadot-v0.9.42" }
 sgx-verify = { git = "https://github.com/integritee-network/pallets.git", branch = "polkadot-v0.9.42" }
 # `default-features = false` to remove the jsonrpsee dependency.
+enclave-bridge-primitives = { git = "https://github.com/integritee-network/pallets.git", branch = "polkadot-v0.9.42" }
 substrate-api-client = { default-features = false, features = ["std", "ws-client"], git = "https://github.com/scs/substrate-api-client.git", branch = "polkadot-v0.9.42-tag-v0.10.0" }
 teerex-primitives = { git = "https://github.com/integritee-network/pallets.git", branch = "polkadot-v0.9.42" }
 
@@ -83,7 +84,7 @@ offchain-worker = ["itp-settings/offchain-worker"]
 production = ["itp-settings/production"]
 teeracle = ["itp-settings/teeracle"]
 dcap = []
-attesteer = []
+attesteer = ["dcap"]
 
 [dev-dependencies]
 # crates.io
diff --git a/service/src/account_funding.rs b/service/src/account_funding.rs
index 68c2585019..331a174deb 100644
--- a/service/src/account_funding.rs
+++ b/service/src/account_funding.rs
@@ -16,7 +16,6 @@
 */
 
 use crate::error::{Error, ServiceResult};
-use codec::Encode;
 use itp_node_api::api_client::{AccountApi, ParentchainApi, ParentchainExtrinsicSigner};
 use itp_settings::worker::{
 	EXISTENTIAL_DEPOSIT_FACTOR_FOR_INIT_FUNDS, REGISTERING_FEE_FACTOR_FOR_INIT_FUNDS,
@@ -30,7 +29,7 @@ use sp_core::{
 use sp_keyring::AccountKeyring;
 use sp_runtime::MultiAddress;
 use substrate_api_client::{
-	extrinsic::BalancesExtrinsics, GetBalance, GetTransactionPayment, SubmitAndWatch, XtStatus,
+	extrinsic::BalancesExtrinsics, GetBalance, GetTransactionPayment, SubmitAndWatchUntilSuccess,
 };
 
 /// Information about the enclave on-chain account.
@@ -135,14 +134,12 @@ fn bootstrap_funds_from_alice(
 	funding_amount: u128,
 ) -> Result<(), Error> {
 	let alice = AccountKeyring::Alice.pair();
-	info!("encoding Alice's public 	= {:?}", alice.public().0.encode());
 	let alice_acc = AccountId32::from(*alice.public().as_array_ref());
-	info!("encoding Alice's AccountId = {:?}", alice_acc.encode());
 
 	let alice_free = api.get_free_balance(&alice_acc)?;
-	info!("    Alice's free balance = {:?}", alice_free);
+	trace!("    Alice's free balance = {:?}", alice_free);
 	let nonce = api.get_nonce_of(&alice_acc)?;
-	info!("    Alice's Account Nonce is {}", nonce);
+	trace!("    Alice's Account Nonce is {}", nonce);
 
 	if funding_amount > alice_free {
 		println!(
@@ -155,18 +152,17 @@ fn bootstrap_funds_from_alice(
 	let mut alice_signer_api = api.clone();
 	alice_signer_api.set_signer(ParentchainExtrinsicSigner::new(alice));
 
-	println!("[+] bootstrap funding Enclave from Alice's funds");
+	println!("[+] send extrinsic: bootstrap funding Enclave from Alice's funds");
 	let xt = alice_signer_api
 		.balance_transfer_allow_death(MultiAddress::Id(accountid.clone()), funding_amount);
-	let xt_report = alice_signer_api.submit_and_watch_extrinsic_until(xt, XtStatus::InBlock)?;
+	let xt_report = alice_signer_api.submit_and_watch_extrinsic_until_success(xt, false)?;
 	info!(
-		"[<] Extrinsic got included in a block. Extrinsic Hash: {:?}\n",
-		xt_report.extrinsic_hash
+		"[<] L1 extrinsic success. extrinsic hash: {:?} / status: {:?}",
+		xt_report.extrinsic_hash, xt_report.status
 	);
-
 	// Verify funds have arrived.
 	let free_balance = alice_signer_api.get_free_balance(accountid);
-	info!("TEE's NEW free balance = {:?}", free_balance);
+	trace!("TEE's NEW free balance = {:?}", free_balance);
 
 	Ok(())
 }
diff --git a/service/src/enclave/tls_ra.rs b/service/src/enclave/tls_ra.rs
index c618c78ef9..cc07e3f4e9 100644
--- a/service/src/enclave/tls_ra.rs
+++ b/service/src/enclave/tls_ra.rs
@@ -14,7 +14,11 @@
 	limitations under the License.
 
 */
-use itp_enclave_api::{error::Error, remote_attestation::TlsRemoteAttestation, EnclaveResult};
+use itp_enclave_api::{
+	error::Error,
+	remote_attestation::{RemoteAttestation, TlsRemoteAttestation},
+	EnclaveResult,
+};
 use itp_types::ShardIdentifier;
 use log::*;
 use sgx_types::*;
@@ -26,6 +30,8 @@ use std::{
 pub fn enclave_run_state_provisioning_server<E: TlsRemoteAttestation>(
 	enclave_api: &E,
 	sign_type: sgx_quote_sign_type_t,
+	quoting_enclave_target_info: Option<&sgx_target_info_t>,
+	quote_size: Option<&u32>,
 	addr: &str,
 	skip_ra: bool,
 ) {
@@ -45,6 +51,8 @@ pub fn enclave_run_state_provisioning_server<E: TlsRemoteAttestation>(
 				let result = enclave_api.run_state_provisioning_server(
 					socket.as_raw_fd(),
 					sign_type,
+					quoting_enclave_target_info,
+					quote_size,
 					skip_ra,
 				);
 
@@ -62,7 +70,7 @@ pub fn enclave_run_state_provisioning_server<E: TlsRemoteAttestation>(
 	}
 }
 
-pub fn enclave_request_state_provisioning<E: TlsRemoteAttestation>(
+pub fn enclave_request_state_provisioning<E: TlsRemoteAttestation + RemoteAttestation>(
 	enclave_api: &E,
 	sign_type: sgx_quote_sign_type_t,
 	addr: &str,
@@ -72,5 +80,31 @@ pub fn enclave_request_state_provisioning<E: TlsRemoteAttestation>(
 	info!("[MU-RA-Client] Requesting key provisioning from {}", addr);
 
 	let stream = TcpStream::connect(addr).map_err(|e| Error::Other(Box::new(e)))?;
-	enclave_api.request_state_provisioning(stream.as_raw_fd(), sign_type, shard, skip_ra)
+
+	let quoting_enclave_target_info = if !skip_ra {
+		match enclave_api.qe_get_target_info() {
+			Ok(quote_size) => Some(quote_size),
+			Err(e) => return Err(e),
+		}
+	} else {
+		None
+	};
+
+	let quote_size = if !skip_ra {
+		match enclave_api.qe_get_quote_size() {
+			Ok(quote_size) => Some(quote_size),
+			Err(e) => return Err(e),
+		}
+	} else {
+		None
+	};
+
+	enclave_api.request_state_provisioning(
+		stream.as_raw_fd(),
+		sign_type,
+		quoting_enclave_target_info.as_ref(),
+		quote_size.as_ref(),
+		shard,
+		skip_ra,
+	)
 }
diff --git a/service/src/main.rs b/service/src/main.rs
index 3b52652718..cab77e7230 100644
--- a/service/src/main.rs
+++ b/service/src/main.rs
@@ -72,17 +72,19 @@ use log::*;
 use my_node_runtime::{Hash, Header, RuntimeEvent};
 use sgx_types::*;
 use substrate_api_client::{
-	rpc::HandleSubscription, GetHeader, SubmitAndWatchUntilSuccess, SubscribeChain, SubscribeEvents,
+	api::XtStatus, rpc::HandleSubscription, GetHeader, SubmitAndWatch, SubscribeChain,
+	SubscribeEvents,
 };
+use teerex_primitives::AnySigner;
 
 #[cfg(feature = "dcap")]
 use sgx_verify::extract_tcb_info_from_raw_dcap_quote;
 
+use enclave_bridge_primitives::ShardIdentifier;
 use sp_core::crypto::{AccountId32, Ss58Codec};
 use sp_keyring::AccountKeyring;
-use sp_runtime::traits::Header as HeaderTrait;
+use sp_runtime::MultiSigner;
 use std::{str, sync::Arc, thread, time::Duration};
-use teerex_primitives::ShardIdentifier;
 
 mod account_funding;
 mod config;
@@ -174,6 +176,21 @@ fn main() {
 		enclave_metrics_receiver,
 	)));
 
+	let quoting_enclave_target_info = match enclave.qe_get_target_info() {
+		Ok(target_info) => Some(target_info),
+		Err(e) => {
+			warn!("Setting up DCAP - qe_get_target_info failed with error: {:#?}, continuing.", e);
+			None
+		},
+	};
+	let quote_size = match enclave.qe_get_quote_size() {
+		Ok(size) => Some(size),
+		Err(e) => {
+			warn!("Setting up DCAP - qe_get_quote_size failed with error: {:#?}, continuing.", e);
+			None
+		},
+	};
+
 	if let Some(run_config) = config.run_config() {
 		let shard = extract_shard(run_config.shard(), enclave.as_ref());
 
@@ -203,6 +220,8 @@ fn main() {
 			node_api,
 			tokio_handle,
 			initialization_handler,
+			quoting_enclave_target_info,
+			quote_size,
 		);
 	} else if let Some(smatches) = matches.subcommand_matches("request-state") {
 		println!("*** Requesting state from a registered worker \n");
@@ -231,7 +250,7 @@ fn main() {
 			enclave.dump_dcap_ra_cert_to_disk().unwrap();
 		}
 	} else if matches.is_present("mrenclave") {
-		println!("{}", enclave.get_mrenclave().unwrap().encode().to_base58());
+		println!("{}", enclave.get_fingerprint().unwrap().encode().to_base58());
 	} else if let Some(sub_matches) = matches.subcommand_matches("init-shard") {
 		setup::init_shard(
 			enclave.as_ref(),
@@ -243,6 +262,8 @@ fn main() {
 			enclave_run_state_provisioning_server(
 				enclave.as_ref(),
 				sgx_quote_sign_type_t::SGX_UNLINKABLE_SIGNATURE,
+				quoting_enclave_target_info.as_ref(),
+				quote_size.as_ref(),
 				&config.mu_ra_url(),
 				sub_matches.is_present("skip-ra"),
 			);
@@ -277,6 +298,8 @@ fn start_worker<E, T, D, InitializationHandler, WorkerModeProvider>(
 	node_api: ParentchainApi,
 	tokio_handle_getter: Arc<T>,
 	initialization_handler: Arc<InitializationHandler>,
+	quoting_enclave_target_info: Option<sgx_target_info_t>,
+	quote_size: Option<u32>,
 ) where
 	T: GetTokioHandle,
 	E: EnclaveBase
@@ -303,8 +326,8 @@ fn start_worker<E, T, D, InitializationHandler, WorkerModeProvider>(
 	}
 	// ------------------------------------------------------------------------
 	// initialize the enclave
-	let mrenclave = enclave.get_mrenclave().unwrap();
-	println!("MRENCLAVE={}", mrenclave.to_base58());
+	let mrenclave = enclave.get_fingerprint().unwrap();
+	println!("MRENCLAVE={}", mrenclave.0.to_base58());
 	println!("MRENCLAVE in hex {:?}", hex::encode(mrenclave));
 
 	// ------------------------------------------------------------------------
@@ -317,6 +340,8 @@ fn start_worker<E, T, D, InitializationHandler, WorkerModeProvider>(
 		enclave_run_state_provisioning_server(
 			enclave_api_key_prov.as_ref(),
 			sgx_quote_sign_type_t::SGX_UNLINKABLE_SIGNATURE,
+			quoting_enclave_target_info.as_ref(),
+			quote_size.as_ref(),
 			&ra_url,
 			skip_ra,
 		);
@@ -405,6 +430,8 @@ fn start_worker<E, T, D, InitializationHandler, WorkerModeProvider>(
 		.unwrap(),
 	);
 	let last_synced_header = parentchain_handler.init_parentchain_components().unwrap();
+	trace!("last synched parentchain block: {}", last_synced_header.number);
+
 	let nonce = node_api.get_nonce_of(&tee_accountid).unwrap();
 	info!("Enclave nonce = {:?}", nonce);
 	enclave
@@ -449,27 +476,31 @@ fn start_worker<E, T, D, InitializationHandler, WorkerModeProvider>(
 	// clones because of the move
 	let enclave2 = enclave.clone();
 	let node_api2 = node_api.clone();
+	#[cfg(feature = "dcap")]
+	enclave2.set_sgx_qpl_logging().expect("QPL logging setup failed");
 	#[cfg(not(feature = "dcap"))]
 	let register_xt = move || enclave2.generate_ias_ra_extrinsic(&trusted_url, skip_ra).unwrap();
 	#[cfg(feature = "dcap")]
 	let register_xt = move || enclave2.generate_dcap_ra_extrinsic(&trusted_url, skip_ra).unwrap();
 
+	let tee_accountid_clone = tee_accountid.clone();
 	let send_register_xt = move || {
-		send_extrinsic(register_xt(), &node_api2, &tee_accountid.clone(), is_development_mode)
+		println!("[+] Send register enclave extrinsic");
+		send_extrinsic(register_xt(), &node_api2, &tee_accountid_clone, is_development_mode)
 	};
 
-	let register_enclave_block_hash = send_register_xt();
+	let register_enclave_block_hash = send_register_xt().unwrap();
 
 	let register_enclave_xt_header =
-		node_api.get_header(register_enclave_block_hash).unwrap().unwrap();
+		node_api.get_header(Some(register_enclave_block_hash)).unwrap().unwrap();
 
 	let we_are_primary_validateer =
-		we_are_primary_validateer(&node_api, &register_enclave_xt_header).unwrap();
+		we_are_primary_worker(&node_api, shard, &tee_accountid).unwrap();
 
 	if we_are_primary_validateer {
-		println!("[+] We are the primary validateer");
+		println!("[+] We are the primary worker");
 	} else {
-		println!("[+] We are NOT the primary validateer");
+		println!("[+] We are NOT the primary worker");
 	}
 
 	initialization_handler.registered_on_parentchain();
@@ -561,10 +592,15 @@ fn spawn_worker_for_shard_polling<InitializationHandler>(
 
 		loop {
 			info!("Polling for worker for shard ({} seconds interval)", POLL_INTERVAL_SECS);
-			if let Ok(Some(_)) = node_api.worker_for_shard(&shard_for_initialized, None) {
+			if let Ok(Some(enclave)) =
+				node_api.primary_worker_for_shard(&shard_for_initialized, None)
+			{
 				// Set that the service is initialized.
 				initialization_handler.worker_for_shard_registered();
-				println!("[+] Found `WorkerForShard` on parentchain state");
+				println!(
+					"[+] Found `WorkerForShard` on parentchain state: {:?}",
+					enclave.instance_signer()
+				);
 				break
 			}
 			thread::sleep(Duration::from_secs(POLL_INTERVAL_SECS));
@@ -597,43 +633,68 @@ fn print_events(events: Vec<Event>) {
 			RuntimeEvent::Teerex(re) => {
 				debug!("{:?}", re);
 				match &re {
-					my_node_runtime::pallet_teerex::Event::AddedEnclave {
+					my_node_runtime::pallet_teerex::Event::AddedSgxEnclave {
 						registered_by,
 						worker_url,
 						..
 					} => {
 						println!("[+] Received AddedEnclave event");
 						println!("    Sender (Worker):  {:?}", registered_by);
-						println!("    Registered URL: {:?}", str::from_utf8(worker_url).unwrap());
+						println!(
+							"    Registered URL: {:?}",
+							str::from_utf8(&worker_url.clone().unwrap_or("none".into())).unwrap()
+						);
+					},
+					_ => {
+						trace!("Ignoring unsupported pallet_teerex event");
 					},
-					my_node_runtime::pallet_teerex::Event::Forwarded(shard) => {
+				}
+			},
+			RuntimeEvent::EnclaveBridge(re) => {
+				debug!("{:?}", re);
+				match &re {
+					my_node_runtime::pallet_enclave_bridge::Event::IndirectInvocationRegistered(
+						shard,
+					) => {
 						println!(
 							"[+] Received trusted call for shard {}",
 							shard.encode().to_base58()
 						);
 					},
-					my_node_runtime::pallet_teerex::Event::ProcessedParentchainBlock(
-						sender,
+					my_node_runtime::pallet_enclave_bridge::Event::ProcessedParentchainBlock {
+						shard,
 						block_hash,
-						merkle_root,
+						trusted_calls_merkle_root,
 						block_number,
-					) => {
+					} => {
 						info!("[+] Received ProcessedParentchainBlock event");
-						debug!("    From:    {:?}", sender);
+						debug!("    for shard:    {:?}", shard);
 						debug!("    Block Hash: {:?}", hex::encode(block_hash));
-						debug!("    Merkle Root: {:?}", hex::encode(merkle_root));
+						debug!("    Merkle Root: {:?}", hex::encode(trusted_calls_merkle_root));
 						debug!("    Block Number: {:?}", block_number);
 					},
-					my_node_runtime::pallet_teerex::Event::ShieldFunds(incognito_account) => {
+					my_node_runtime::pallet_enclave_bridge::Event::ShieldFunds {
+						shard,
+						encrypted_beneficiary,
+						amount,
+					} => {
 						info!("[+] Received ShieldFunds event");
-						debug!("    For:    {:?}", incognito_account);
+						debug!("    for shard:    {:?}", shard);
+						debug!("    for enc. beneficiary:    {:?}", encrypted_beneficiary);
+						debug!("    Amount:    {:?}", amount);
 					},
-					my_node_runtime::pallet_teerex::Event::UnshieldedFunds(incognito_account) => {
+					my_node_runtime::pallet_enclave_bridge::Event::UnshieldedFunds {
+						shard,
+						beneficiary,
+						amount,
+					} => {
 						info!("[+] Received UnshieldedFunds event");
-						debug!("    For:    {:?}", incognito_account);
+						debug!("    for shard:    {:?}", shard);
+						debug!("    beneficiary:    {:?}", beneficiary);
+						debug!("    Amount:    {:?}", amount);
 					},
 					_ => {
-						trace!("Ignoring unsupported pallet_teerex event");
+						trace!("Ignoring unsupported pallet_enclave_bridge event");
 					},
 				}
 			},
@@ -641,39 +702,39 @@ fn print_events(events: Vec<Event>) {
 			RuntimeEvent::Teeracle(re) => {
 				debug!("{:?}", re);
 				match &re {
-					my_node_runtime::pallet_teeracle::Event::ExchangeRateUpdated(
-						source,
-						currency,
-						new_value,
-					) => {
+					my_node_runtime::pallet_teeracle::Event::ExchangeRateUpdated {
+						data_source,
+						trading_pair,
+						exchange_rate,
+					} => {
 						println!("[+] Received ExchangeRateUpdated event");
-						println!("    Data source:  {}", source);
-						println!("    Currency:  {}", currency);
-						println!("    Exchange rate: {:?}", new_value);
+						println!("    Data source:  {}", data_source);
+						println!("    trading pair:  {}", trading_pair);
+						println!("    Exchange rate: {:?}", exchange_rate);
 					},
-					my_node_runtime::pallet_teeracle::Event::ExchangeRateDeleted(
-						source,
-						currency,
-					) => {
+					my_node_runtime::pallet_teeracle::Event::ExchangeRateDeleted {
+						data_source,
+						trading_pair,
+					} => {
 						println!("[+] Received ExchangeRateDeleted event");
-						println!("    Data source:  {}", source);
-						println!("    Currency:  {}", currency);
+						println!("    Data source:  {}", data_source);
+						println!("    trading pair:  {}", trading_pair);
 					},
-					my_node_runtime::pallet_teeracle::Event::AddedToWhitelist(
-						source,
-						mrenclave,
-					) => {
+					my_node_runtime::pallet_teeracle::Event::AddedToWhitelist {
+						data_source,
+						enclave_fingerprint,
+					} => {
 						println!("[+] Received AddedToWhitelist event");
-						println!("    Data source:  {}", source);
-						println!("    Currency:  {:?}", mrenclave);
+						println!("    Data source:  {}", data_source);
+						println!("    fingerprint:  {:?}", enclave_fingerprint);
 					},
-					my_node_runtime::pallet_teeracle::Event::RemovedFromWhitelist(
-						source,
-						mrenclave,
-					) => {
+					my_node_runtime::pallet_teeracle::Event::RemovedFromWhitelist {
+						data_source,
+						enclave_fingerprint,
+					} => {
 						println!("[+] Received RemovedFromWhitelist event");
-						println!("    Data source:  {}", source);
-						println!("    Currency:  {:?}", mrenclave);
+						println!("    Data source:  {}", data_source);
+						println!("    fingerprint:  {:?}", enclave_fingerprint);
 					},
 					_ => {
 						trace!("Ignoring unsupported pallet_teeracle event");
@@ -682,13 +743,15 @@ fn print_events(events: Vec<Event>) {
 			},
 			#[cfg(feature = "sidechain")]
 			RuntimeEvent::Sidechain(re) => match &re {
-				my_node_runtime::pallet_sidechain::Event::ProposedSidechainBlock(
-					sender,
-					payload,
-				) => {
-					info!("[+] Received ProposedSidechainBlock event");
-					debug!("    From:    {:?}", sender);
-					debug!("    Payload: {:?}", hex::encode(payload));
+				my_node_runtime::pallet_sidechain::Event::FinalizedSidechainBlock {
+					shard,
+					block_header_hash,
+					validateer,
+				} => {
+					info!("[+] Received FinalizedSidechainBlock event");
+					debug!("    for shard:    {:?}", shard);
+					debug!("    From:    {:?}", hex::encode(block_header_hash));
+					debug!("    validateer: {:?}", validateer);
 				},
 				_ => {
 					trace!("Ignoring unsupported pallet_sidechain event");
@@ -770,8 +833,8 @@ fn register_collateral(
 	skip_ra: bool,
 ) {
 	//TODO generate_dcap_ra_quote() does not really need skip_ra, rethink how many layers skip_ra should be passed along
-	let dcap_quote = enclave.generate_dcap_ra_quote(skip_ra).unwrap();
 	if !skip_ra {
+		let dcap_quote = enclave.generate_dcap_ra_quote(skip_ra).unwrap();
 		let (fmspc, _tcb_info) = extract_tcb_info_from_raw_dcap_quote(&dcap_quote).unwrap();
 		println!("[>] DCAP setup: register QE collateral");
 		let uxt = enclave.generate_register_quoting_enclave_extrinsic(fmspc).unwrap();
@@ -786,23 +849,28 @@ fn register_collateral(
 fn send_extrinsic(
 	extrinsic: Vec<u8>,
 	api: &ParentchainApi,
-	accountid: &AccountId32,
+	fee_payer: &AccountId32,
 	is_development_mode: bool,
 ) -> Option<Hash> {
-	// Account funds
-	if let Err(x) = setup_account_funding(api, accountid, extrinsic.clone(), is_development_mode) {
-		error!("Starting worker failed: {:?}", x);
+	// ensure account funds
+	if let Err(x) = setup_account_funding(api, fee_payer, extrinsic.clone(), is_development_mode) {
+		error!("Ensure enclave funding failed: {:?}", x);
 		// Return without registering the enclave. This will fail and the transaction will be banned for 30min.
 		return None
 	}
 
-	println!("[>] send extrinsic");
+	info!("[>] send extrinsic");
+	trace!("  encoded extrinsic: 0x{:}", hex::encode(extrinsic.clone()));
 
-	match api.submit_and_watch_opaque_extrinsic_until_success(extrinsic.into(), true) {
+	// fixme: wait ...until_success doesn't work due to https://github.com/scs/substrate-api-client/issues/624
+	// fixme: currently, we don't verify if the extrinsic was a success here
+	match api.submit_and_watch_opaque_extrinsic_until(extrinsic.into(), XtStatus::Finalized) {
 		Ok(xt_report) => {
-			let register_qe_block_hash = xt_report.block_hash;
-			println!("[<] Extrinsic got finalized. Block hash: {:?}\n", register_qe_block_hash);
-			register_qe_block_hash
+			info!(
+				"[+] L1 extrinsic success. extrinsic hash: {:?} / status: {:?}",
+				xt_report.extrinsic_hash, xt_report.status
+			);
+			xt_report.block_hash
 		},
 		Err(e) => {
 			error!("ExtrinsicFailed {:?}", e);
@@ -847,11 +915,35 @@ fn enclave_account<E: EnclaveBase>(enclave_api: &E) -> AccountId32 {
 }
 
 /// Checks if we are the first validateer to register on the parentchain.
-fn we_are_primary_validateer(
+fn we_are_primary_worker(
 	node_api: &ParentchainApi,
-	register_enclave_xt_header: &Header,
+	shard: &ShardIdentifier,
+	enclave_account: &AccountId32,
 ) -> Result<bool, Error> {
-	let enclave_count_of_previous_block =
-		node_api.enclave_count(Some(*register_enclave_xt_header.parent_hash()))?;
-	Ok(enclave_count_of_previous_block == 0)
+	// are we registered? else fail.
+	node_api
+		.enclave(enclave_account, None)?
+		.expect("our enclave should be registered at this point");
+	trace!("our enclave is registered");
+	match node_api.primary_worker_for_shard(shard, None).unwrap() {
+		Some(enclave) =>
+			match enclave.instance_signer() {
+				AnySigner::Known(MultiSigner::Ed25519(primary)) =>
+					if primary.encode() == enclave_account.encode() {
+						debug!("We are primary worker on this shard adn we have been previously running.");
+						Ok(true)
+					} else {
+						debug!("The primary worker is {}", primary.to_ss58check());
+						Ok(false)
+					},
+				_ => {
+					warn!("the primary worker is of unknown type");
+					Ok(false)
+				},
+			},
+		None => {
+			debug!("We are the primary worker on this shard and the shard is untouched");
+			Ok(true)
+		},
+	}
 }
diff --git a/service/src/ocall_bridge/worker_on_chain_ocall.rs b/service/src/ocall_bridge/worker_on_chain_ocall.rs
index c5b780010f..1dfea987cf 100644
--- a/service/src/ocall_bridge/worker_on_chain_ocall.rs
+++ b/service/src/ocall_bridge/worker_on_chain_ocall.rs
@@ -88,7 +88,7 @@ where
 			let api = self.node_api_factory.create_api()?;
 			for call in extrinsics.into_iter() {
 				if let Err(e) = api.submit_opaque_extrinsic(call.encode().into()) {
-					error!("Could not send extrsinic to node: {:?}", e);
+					error!("Could not send extrsinic to node: {:?}, error: {:?}", call, e);
 				}
 			}
 		}
diff --git a/service/src/parentchain_handler.rs b/service/src/parentchain_handler.rs
index cebe19eed2..b0a9c44395 100644
--- a/service/src/parentchain_handler.rs
+++ b/service/src/parentchain_handler.rs
@@ -176,6 +176,7 @@ where
 	}
 
 	fn trigger_parentchain_block_import(&self) -> ServiceResult<()> {
+		trace!("trigger parentchain block import");
 		Ok(self.enclave_api.trigger_parentchain_block_import()?)
 	}
 
@@ -184,10 +185,16 @@ where
 		last_synced_header: &Header,
 		until_header: &Header,
 	) -> ServiceResult<Header> {
+		trace!(
+			"last synched block number: {}. synching until {}",
+			last_synced_header.number,
+			until_header.number
+		);
 		let mut last_synced_header = last_synced_header.clone();
 
 		while last_synced_header.number() < until_header.number() {
 			last_synced_header = self.sync_parentchain(last_synced_header)?;
+			trace!("synched block number: {}", last_synced_header.number);
 		}
 		self.trigger_parentchain_block_import()?;
 
diff --git a/service/src/setup.rs b/service/src/setup.rs
index 9cd6418122..6535091f26 100644
--- a/service/src/setup.rs
+++ b/service/src/setup.rs
@@ -17,6 +17,7 @@
 */
 
 use crate::error::{Error, ServiceResult};
+use base58::ToBase58;
 use codec::Encode;
 use itp_enclave_api::{enclave_base::EnclaveBase, Enclave};
 use itp_settings::files::{
@@ -54,10 +55,10 @@ pub(crate) fn initialize_shard_and_keys(
 pub(crate) fn init_shard(enclave: &Enclave, shard_identifier: &ShardIdentifier) {
 	match enclave.init_shard(shard_identifier.encode()) {
 		Err(e) => {
-			println!("Failed to initialize shard {:?}: {:?}", shard_identifier, e);
+			println!("Failed to initialize shard {:?}: {:?}", shard_identifier.0.to_base58(), e);
 		},
 		Ok(_) => {
-			println!("Successfully initialized shard {:?}", shard_identifier);
+			println!("Successfully initialized shard {:?}", shard_identifier.0.to_base58());
 		},
 	}
 }
diff --git a/service/src/sync_state.rs b/service/src/sync_state.rs
index 0a924662ba..6c70a5379e 100644
--- a/service/src/sync_state.rs
+++ b/service/src/sync_state.rs
@@ -22,7 +22,10 @@ use crate::{
 };
 use futures::executor;
 use itc_rpc_client::direct_client::{DirectApi, DirectClient as DirectWorkerApi};
-use itp_enclave_api::{enclave_base::EnclaveBase, remote_attestation::TlsRemoteAttestation};
+use itp_enclave_api::{
+	enclave_base::EnclaveBase,
+	remote_attestation::{RemoteAttestation, TlsRemoteAttestation},
+};
 use itp_node_api::api_client::PalletTeerexApi;
 use itp_settings::worker_mode::{ProvideWorkerMode, WorkerMode};
 use itp_types::ShardIdentifier;
@@ -30,7 +33,7 @@ use sgx_types::sgx_quote_sign_type_t;
 use std::string::String;
 
 pub(crate) fn sync_state<
-	E: TlsRemoteAttestation + EnclaveBase,
+	E: TlsRemoteAttestation + EnclaveBase + RemoteAttestation,
 	NodeApi: PalletTeerexApi,
 	WorkerModeProvider: ProvideWorkerMode,
 >(
@@ -72,9 +75,10 @@ async fn get_author_url_of_last_finalized_sidechain_block<NodeApi: PalletTeerexA
 	shard: &ShardIdentifier,
 ) -> Result<String> {
 	let enclave = node_api
-		.worker_for_shard(shard, None)?
+		.primary_worker_for_shard(shard, None)?
 		.ok_or_else(|| Error::NoWorkerForShardFound(*shard))?;
-	let worker_api_direct = DirectWorkerApi::new(enclave.url);
+	let worker_api_direct =
+		DirectWorkerApi::new(String::from_utf8(enclave.instance_url().unwrap()).unwrap());
 	Ok(worker_api_direct.get_mu_ra_url()?)
 }
 
@@ -85,12 +89,13 @@ async fn get_enclave_url_of_first_registered<NodeApi: PalletTeerexApi, EnclaveAp
 	node_api: &NodeApi,
 	enclave_api: &EnclaveApi,
 ) -> Result<String> {
-	let self_mr_enclave = enclave_api.get_mrenclave()?;
+	let self_mr_enclave = enclave_api.get_fingerprint()?;
 	let first_enclave = node_api
 		.all_enclaves(None)?
 		.into_iter()
-		.find(|e| e.mr_enclave == self_mr_enclave)
+		.find(|e| e.fingerprint() == self_mr_enclave)
 		.ok_or(Error::NoPeerWorkerFound)?;
-	let worker_api_direct = DirectWorkerApi::new(first_enclave.url);
+	let worker_api_direct =
+		DirectWorkerApi::new(String::from_utf8(first_enclave.instance_url().unwrap()).unwrap());
 	Ok(worker_api_direct.get_mu_ra_url()?)
 }
diff --git a/service/src/tests/mock.rs b/service/src/tests/mock.rs
index 664005eaa1..f6581090c6 100644
--- a/service/src/tests/mock.rs
+++ b/service/src/tests/mock.rs
@@ -15,38 +15,66 @@
 
 */
 
+use codec::Encode;
 use itp_node_api::api_client::{ApiResult, PalletTeerexApi};
-use itp_types::{Enclave, ShardIdentifier, H256 as Hash};
+use itp_types::{
+	AccountId, MultiEnclave, SgxBuildMode, SgxEnclave, SgxReportData, SgxStatus, ShardIdentifier,
+	H256 as Hash,
+};
 
 pub struct TestNodeApi;
 
 pub const W1_URL: &str = "127.0.0.1:22222";
 pub const W2_URL: &str = "127.0.0.1:33333";
 
-pub fn enclaves() -> Vec<Enclave> {
+pub fn enclaves() -> Vec<MultiEnclave<Vec<u8>>> {
 	vec![
-		Enclave::new([0; 32].into(), [1; 32], 1, format!("wss://{}", W1_URL)),
-		Enclave::new([2; 32].into(), [3; 32], 2, format!("wss://{}", W2_URL)),
+		MultiEnclave::from(
+			SgxEnclave::new(
+				SgxReportData::default(),
+				[1; 32],
+				[1; 32],
+				1,
+				SgxBuildMode::Production,
+				SgxStatus::Ok,
+			)
+			.with_url(format!("wss://{}", W1_URL).encode()),
+		),
+		MultiEnclave::from(
+			SgxEnclave::new(
+				SgxReportData::default(),
+				[2; 32],
+				[2; 32],
+				2,
+				SgxBuildMode::Production,
+				SgxStatus::Ok,
+			)
+			.with_url(format!("wss://{}", W2_URL).encode()),
+		),
 	]
 }
 
 impl PalletTeerexApi for TestNodeApi {
-	fn enclave(&self, index: u64, _at_block: Option<Hash>) -> ApiResult<Option<Enclave>> {
-		Ok(Some(enclaves().remove(index as usize)))
+	fn enclave(
+		&self,
+		_account: &AccountId,
+		_at_block: Option<Hash>,
+	) -> ApiResult<Option<MultiEnclave<Vec<u8>>>> {
+		Ok(Some(enclaves().remove(0)))
 	}
 	fn enclave_count(&self, _at_block: Option<Hash>) -> ApiResult<u64> {
 		unreachable!()
 	}
 
-	fn all_enclaves(&self, _at_block: Option<Hash>) -> ApiResult<Vec<Enclave>> {
+	fn all_enclaves(&self, _at_block: Option<Hash>) -> ApiResult<Vec<MultiEnclave<Vec<u8>>>> {
 		Ok(enclaves())
 	}
 
-	fn worker_for_shard(
+	fn primary_worker_for_shard(
 		&self,
 		_: &ShardIdentifier,
 		_at_block: Option<Hash>,
-	) -> ApiResult<Option<Enclave>> {
+	) -> ApiResult<Option<MultiEnclave<Vec<u8>>>> {
 		unreachable!()
 	}
 	fn latest_ipfs_hash(
diff --git a/service/src/tests/mocks/enclave_api_mock.rs b/service/src/tests/mocks/enclave_api_mock.rs
index f32176332c..21a64323be 100644
--- a/service/src/tests/mocks/enclave_api_mock.rs
+++ b/service/src/tests/mocks/enclave_api_mock.rs
@@ -17,6 +17,7 @@
 
 use codec::{Decode, Encode};
 use core::fmt::Debug;
+use enclave_bridge_primitives::EnclaveFingerprint;
 use frame_support::sp_runtime::traits::Block as ParentchainBlockTrait;
 use itc_parentchain::primitives::{
 	ParentchainInitParams,
@@ -80,8 +81,8 @@ impl EnclaveBase for EnclaveMock {
 		unreachable!()
 	}
 
-	fn get_mrenclave(&self) -> EnclaveResult<[u8; MR_ENCLAVE_SIZE]> {
-		Ok([1u8; MR_ENCLAVE_SIZE])
+	fn get_fingerprint(&self) -> EnclaveResult<EnclaveFingerprint> {
+		Ok([1u8; MR_ENCLAVE_SIZE].into())
 	}
 }
 
diff --git a/service/src/utils.rs b/service/src/utils.rs
index c936665350..fd0b60fe82 100644
--- a/service/src/utils.rs
+++ b/service/src/utils.rs
@@ -33,8 +33,8 @@ pub fn extract_shard<E: EnclaveBase>(
 			shard.into()
 		},
 		_ => {
-			let mrenclave = enclave_api.get_mrenclave().unwrap();
-			info!("no shard specified. using mrenclave as id: {}", mrenclave.to_base58());
+			let mrenclave = enclave_api.get_fingerprint().unwrap();
+			info!("no shard specified. using mrenclave as id: {}", mrenclave.0.to_base58());
 			ShardIdentifier::from_slice(&mrenclave[..])
 		},
 	}
diff --git a/service/src/worker.rs b/service/src/worker.rs
index 18e67d82eb..a052245a14 100644
--- a/service/src/worker.rs
+++ b/service/src/worker.rs
@@ -149,8 +149,8 @@ where
 		let mut peer_urls = Vec::<String>::new();
 		for enclave in enclaves {
 			// FIXME: This is temporary only, as block broadcasting should be moved to trusted ws server.
-			let enclave_url = enclave.url.clone();
-			let worker_api_direct = DirectWorkerApi::new(enclave.url);
+			let enclave_url = String::from_utf8(enclave.instance_url().unwrap()).unwrap();
+			let worker_api_direct = DirectWorkerApi::new(enclave_url.clone());
 			match worker_api_direct.get_untrusted_worker_url() {
 				Ok(untrusted_worker_url) => {
 					peer_urls.push(untrusted_worker_url);
diff --git a/sidechain/block-verification/Cargo.toml b/sidechain/block-verification/Cargo.toml
index 20728928d7..376d1267fd 100644
--- a/sidechain/block-verification/Cargo.toml
+++ b/sidechain/block-verification/Cargo.toml
@@ -4,7 +4,7 @@ description = "Verification logic for sidechain blocks"
 version = "0.9.0"
 authors = ["Integritee AG <hello@integritee.network>"]
 homepage = "https://integritee.network/"
-repository = "https://github.com/integritee-network/pallets/"
+repository = "https://github.com/integritee-network/worker/"
 license = "Apache-2.0"
 edition = "2021"
 
diff --git a/sidechain/consensus/aura/src/block_importer.rs b/sidechain/consensus/aura/src/block_importer.rs
index 15d7217fb5..d336ba98f7 100644
--- a/sidechain/consensus/aura/src/block_importer.rs
+++ b/sidechain/consensus/aura/src/block_importer.rs
@@ -37,7 +37,7 @@ use its_primitives::traits::{
 };
 use its_validateer_fetch::ValidateerFetch;
 use log::*;
-use sp_core::Pair;
+use sp_core::{crypto::UncheckedFrom, Pair};
 use sp_runtime::{
 	generic::SignedBlock as SignedParentchainBlock,
 	traits::{Block as ParentchainBlockTrait, Header},
@@ -85,7 +85,7 @@ impl<
 		ParentchainBlockImporter,
 	> where
 	Authority: Pair,
-	Authority::Public: std::fmt::Debug,
+	Authority::Public: std::fmt::Debug + UncheckedFrom<[u8; 32]>,
 	ParentchainBlock: ParentchainBlockTrait<Hash = H256>,
 	SignedSidechainBlock: SignedBlockTrait<Public = Authority::Public> + 'static,
 	<<SignedSidechainBlock as SignedBlockTrait>::Block as SidechainBlockTrait>::HeaderType:
@@ -170,7 +170,7 @@ impl<
 		ParentchainBlockImporter,
 	> where
 	Authority: Pair,
-	Authority::Public: std::fmt::Debug,
+	Authority::Public: std::fmt::Debug + UncheckedFrom<[u8; 32]>,
 	ParentchainBlock: ParentchainBlockTrait<Hash = H256>,
 	SignedSidechainBlock: SignedBlockTrait<Public = Authority::Public> + 'static,
 	<<SignedSidechainBlock as SignedBlockTrait>::Block as SidechainBlockTrait>::HeaderType:
diff --git a/sidechain/consensus/aura/src/lib.rs b/sidechain/consensus/aura/src/lib.rs
index adfe9f22e0..0c52803086 100644
--- a/sidechain/consensus/aura/src/lib.rs
+++ b/sidechain/consensus/aura/src/lib.rs
@@ -41,7 +41,7 @@ use its_primitives::{
 	types::block::BlockHash,
 };
 use its_validateer_fetch::ValidateerFetch;
-use sp_core::ByteArray;
+use sp_core::crypto::UncheckedFrom;
 use sp_runtime::{
 	app_crypto::{sp_core::H256, Pair},
 	generic::SignedBlock as SignedParentchainBlock,
@@ -124,6 +124,7 @@ impl<AuthorityPair, ParentchainBlock, SignedSidechainBlock, E, OcallApi, ImportT
 	for Aura<AuthorityPair, ParentchainBlock, SignedSidechainBlock, E, OcallApi, ImportTrigger>
 where
 	AuthorityPair: Pair,
+	AuthorityPair::Public: UncheckedFrom<[u8; 32]>,
 	// todo: Relax hash trait bound, but this needs a change to some other parts in the code.
 	ParentchainBlock: ParentchainBlockTrait<Hash = BlockHash>,
 	E: Environment<ParentchainBlock, SignedSidechainBlock, Error = ConsensusError>,
@@ -145,9 +146,14 @@ where
 	fn epoch_data(
 		&self,
 		header: &ParentchainBlock::Header,
+		shard: ShardIdentifierFor<Self::Output>,
 		_slot: Slot,
 	) -> Result<Self::EpochData, ConsensusError> {
-		authorities::<_, AuthorityPair, ParentchainBlock::Header>(&self.ocall_api, header)
+		authorities::<_, AuthorityPair, SignedSidechainBlock, ParentchainBlock::Header>(
+			&self.ocall_api,
+			header,
+			shard,
+		)
 	}
 
 	fn authorities_len(&self, epoch_data: &Self::EpochData) -> Option<usize> {
@@ -235,20 +241,23 @@ fn proposing_remaining_duration<ParentchainBlock: ParentchainBlockTrait>(
 	std::cmp::min(slot_remaining, proposing_duration)
 }
 
-fn authorities<ValidateerFetcher, P, ParentchainHeader>(
+fn authorities<ValidateerFetcher, P, SignedSidechainBlock, ParentchainHeader>(
 	ocall_api: &ValidateerFetcher,
 	header: &ParentchainHeader,
+	shard: ShardIdentifierFor<SignedSidechainBlock>,
 ) -> Result<Vec<AuthorityId<P>>, ConsensusError>
 where
 	ValidateerFetcher: ValidateerFetch + EnclaveOnChainOCallApi,
 	P: Pair,
+	P::Public: UncheckedFrom<[u8; 32]>,
 	ParentchainHeader: ParentchainHeaderTrait<Hash = H256>,
+	SignedSidechainBlock: its_primitives::traits::SignedBlock,
 {
 	Ok(ocall_api
-		.current_validateers(header)
+		.current_validateers::<ParentchainHeader, SignedSidechainBlock>(header, shard)
 		.map_err(|e| ConsensusError::CouldNotGetAuthorities(e.to_string()))?
-		.into_iter()
-		.filter_map(|e| AuthorityId::<P>::from_slice(e.pubkey.as_ref()).ok())
+		.iter()
+		.map(|account| P::Public::unchecked_from(*account.as_ref()))
 		.collect())
 }
 
@@ -256,14 +265,14 @@ where
 mod tests {
 	use super::*;
 	use crate::test::{
-		fixtures::{types::TestAura, validateer, SLOT_DURATION},
+		fixtures::{types::TestAura, SLOT_DURATION},
 		mocks::environment_mock::EnvironmentMock,
 	};
 	use itc_parentchain_block_import_dispatcher::trigger_parentchain_block_import_mock::TriggerParentchainBlockImportMock;
 	use itc_parentchain_test::{ParentchainBlockBuilder, ParentchainHeaderBuilder};
 	use itp_test::mock::onchain_mock::OnchainMock;
 	use itp_types::{
-		Block as ParentchainBlock, Enclave, Header as ParentchainHeader,
+		AccountId, Block as ParentchainBlock, Header as ParentchainHeader, ShardIdentifier,
 		SignedBlock as SignedParentchainBlock,
 	};
 	use its_consensus_slots::PerShardSlotWorkerScheduler;
@@ -300,8 +309,8 @@ mod tests {
 		vec![Keyring::Alice.public(), Keyring::Bob.public(), Keyring::Charlie.public()]
 	}
 
-	fn create_validateer_set_from_publics(authorities: Vec<Public>) -> Vec<Enclave> {
-		authorities.iter().map(|a| validateer(a.clone().into())).collect()
+	fn create_validateer_set_from_publics(authorities: Vec<Public>) -> Vec<AccountId> {
+		authorities.iter().map(|a| AccountId::from(a.clone())).collect()
 	}
 
 	fn onchain_mock(
@@ -309,7 +318,8 @@ mod tests {
 		authorities: Vec<Public>,
 	) -> OnchainMock {
 		let validateers = create_validateer_set_from_publics(authorities);
-		OnchainMock::default().add_validateer_set(parentchain_header, Some(validateers))
+		let shard = ShardIdentifier::default();
+		OnchainMock::default().add_validateer_set(parentchain_header, shard, Some(validateers))
 	}
 
 	fn onchain_mock_with_default_authorities_and_header() -> OnchainMock {
@@ -478,9 +488,14 @@ mod tests {
 			Keyring::Bob.public(),
 			Keyring::Charlie.public(),
 		]);
+		let shard = ShardIdentifier::default();
 		let onchain_mock = OnchainMock::default()
-			.add_validateer_set(&already_imported_parentchain_header, Some(validateer_set_one))
-			.add_validateer_set(&latest_parentchain_header, Some(validateer_set_two));
+			.add_validateer_set(
+				&already_imported_parentchain_header,
+				shard,
+				Some(validateer_set_one),
+			)
+			.add_validateer_set(&latest_parentchain_header, shard, Some(validateer_set_two));
 
 		let mut aura = get_aura(onchain_mock, parentchain_block_import_trigger.clone());
 
@@ -513,9 +528,14 @@ mod tests {
 			Keyring::Bob.public(),
 			Keyring::Charlie.public(),
 		]);
+		let shard = ShardIdentifier::default();
 		let onchain_mock = OnchainMock::default()
-			.add_validateer_set(&already_imported_parentchain_header, Some(validateer_set_one))
-			.add_validateer_set(&latest_parentchain_header, Some(validateer_set_two));
+			.add_validateer_set(
+				&already_imported_parentchain_header,
+				shard,
+				Some(validateer_set_one),
+			)
+			.add_validateer_set(&latest_parentchain_header, shard, Some(validateer_set_two));
 
 		let mut aura = get_aura(onchain_mock, parentchain_block_import_trigger.clone());
 
diff --git a/sidechain/consensus/aura/src/test/block_importer_tests.rs b/sidechain/consensus/aura/src/test/block_importer_tests.rs
index 9ec2e05bd9..db11810a1d 100644
--- a/sidechain/consensus/aura/src/test/block_importer_tests.rs
+++ b/sidechain/consensus/aura/src/test/block_importer_tests.rs
@@ -15,7 +15,7 @@
 
 */
 
-use crate::{block_importer::BlockImporter, test::fixtures::validateer, ShardIdentifierFor};
+use crate::{block_importer::BlockImporter, ShardIdentifierFor};
 use codec::Encode;
 use core::assert_matches::assert_matches;
 use itc_parentchain_block_import_dispatcher::trigger_parentchain_block_import_mock::TriggerParentchainBlockImportMock;
@@ -78,7 +78,8 @@ fn test_fixtures(
 	let top_pool_author = Arc::new(TestTopPoolAuthor::default());
 	let ocall_api = Arc::new(OnchainMock::default().add_validateer_set(
 		parentchain_header,
-		Some(vec![validateer(Keyring::Alice.public().into())]),
+		shard(),
+		Some(vec![Keyring::Alice.public().into()]),
 	));
 	let state_key_repository = Arc::new(TestStateKeyRepo::new(state_key()));
 
diff --git a/sidechain/consensus/aura/src/test/fixtures/mod.rs b/sidechain/consensus/aura/src/test/fixtures/mod.rs
index 54d47324fa..8a2b0463be 100644
--- a/sidechain/consensus/aura/src/test/fixtures/mod.rs
+++ b/sidechain/consensus/aura/src/test/fixtures/mod.rs
@@ -17,11 +17,6 @@
 
 pub mod types;
 
-use itp_types::{AccountId, Enclave};
 use std::time::Duration;
 
 pub const SLOT_DURATION: Duration = Duration::from_millis(300);
-
-pub fn validateer(account: AccountId) -> Enclave {
-	Enclave::new(account, Default::default(), Default::default(), Default::default())
-}
diff --git a/sidechain/consensus/aura/src/verifier.rs b/sidechain/consensus/aura/src/verifier.rs
index 15526f0a74..205549bb17 100644
--- a/sidechain/consensus/aura/src/verifier.rs
+++ b/sidechain/consensus/aura/src/verifier.rs
@@ -15,7 +15,7 @@
 
 */
 
-use crate::{authorities, EnclaveOnChainOCallApi};
+use crate::{authorities, EnclaveOnChainOCallApi, ShardIdentifierFor};
 use core::marker::PhantomData;
 use its_block_verification::verify_sidechain_block;
 use its_consensus_common::{Error as ConsensusError, Verifier};
@@ -24,6 +24,7 @@ use its_primitives::{
 	types::block::BlockHash,
 };
 use its_validateer_fetch::ValidateerFetch;
+use sp_core::crypto::UncheckedFrom;
 use sp_runtime::{app_crypto::Pair, traits::Block as ParentchainBlockTrait};
 use std::{fmt::Debug, time::Duration};
 
@@ -57,7 +58,7 @@ impl<AuthorityPair, ParentchainBlock, SignedSidechainBlock, Context>
 	for AuraVerifier<AuthorityPair, ParentchainBlock, SignedSidechainBlock, Context>
 where
 	AuthorityPair: Pair,
-	AuthorityPair::Public: Debug,
+	AuthorityPair::Public: Debug + UncheckedFrom<[u8; 32]>,
 	// todo: Relax hash trait bound, but this needs a change to some other parts in the code.
 	ParentchainBlock: ParentchainBlockTrait<Hash = BlockHash>,
 	SignedSidechainBlock: SignedSidechainBlockTrait<Public = AuthorityPair::Public> + 'static,
@@ -72,10 +73,15 @@ where
 		&self,
 		signed_block: SignedSidechainBlock,
 		parentchain_header: &ParentchainBlock::Header,
+		shard: ShardIdentifierFor<SignedSidechainBlock>,
 		ctx: &Self::Context,
 	) -> Result<Self::BlockImportParams, ConsensusError> {
-		let authorities =
-			authorities::<_, AuthorityPair, ParentchainBlock::Header>(ctx, parentchain_header)?;
+		let authorities = authorities::<
+			_,
+			AuthorityPair,
+			SignedSidechainBlock,
+			ParentchainBlock::Header,
+		>(ctx, parentchain_header, shard)?;
 
 		Ok(verify_sidechain_block::<AuthorityPair, ParentchainBlock, SignedSidechainBlock>(
 			signed_block,
diff --git a/sidechain/consensus/common/src/block_import.rs b/sidechain/consensus/common/src/block_import.rs
index 24a3a745c3..567728bce2 100644
--- a/sidechain/consensus/common/src/block_import.rs
+++ b/sidechain/consensus/common/src/block_import.rs
@@ -136,6 +136,7 @@ where
 			verifier.verify(
 				signed_sidechain_block.clone(),
 				&peeked_parentchain_header,
+				shard,
 				self.get_context(),
 			)
 		})?;
diff --git a/sidechain/consensus/common/src/lib.rs b/sidechain/consensus/common/src/lib.rs
index c6a708c9e1..fa2104186f 100644
--- a/sidechain/consensus/common/src/lib.rs
+++ b/sidechain/consensus/common/src/lib.rs
@@ -68,6 +68,7 @@ where
 		&self,
 		block: SignedSidechainBlock,
 		parentchain_header: &ParentchainBlock::Header,
+		shard: ShardIdentifierFor<SignedSidechainBlock>,
 		ctx: &Self::Context,
 	) -> Result<Self::BlockImportParams>;
 }
diff --git a/sidechain/consensus/common/src/test/mocks/verifier_mock.rs b/sidechain/consensus/common/src/test/mocks/verifier_mock.rs
index 6e104574ea..e6d8cbeb0e 100644
--- a/sidechain/consensus/common/src/test/mocks/verifier_mock.rs
+++ b/sidechain/consensus/common/src/test/mocks/verifier_mock.rs
@@ -15,7 +15,7 @@
 
 */
 
-use crate::{Result, Verifier};
+use crate::{Result, ShardIdentifierFor, Verifier};
 use itp_types::H256;
 use its_primitives::traits::SignedBlock as SignedSidechainBlockTrait;
 use sp_core::Pair;
@@ -54,6 +54,7 @@ where
 		&self,
 		_block: SignedSidechainBlock,
 		_parentchain_header: &ParentchainBlock::Header,
+		_shard: ShardIdentifierFor<SignedSidechainBlock>,
 		_ctx: &Self::Context,
 	) -> Result<Self::BlockImportParams> {
 		todo!()
diff --git a/sidechain/consensus/slots/src/lib.rs b/sidechain/consensus/slots/src/lib.rs
index 1f1b000ebe..cff263fa60 100644
--- a/sidechain/consensus/slots/src/lib.rs
+++ b/sidechain/consensus/slots/src/lib.rs
@@ -137,6 +137,7 @@ pub trait SimpleSlotWorker<ParentchainBlock: ParentchainBlockTrait> {
 	fn epoch_data(
 		&self,
 		header: &ParentchainBlock::Header,
+		shard: ShardIdentifierFor<Self::Output>,
 		slot: Slot,
 	) -> Result<Self::EpochData, ConsensusError>;
 
@@ -214,7 +215,7 @@ pub trait SimpleSlotWorker<ParentchainBlock: ParentchainBlockTrait> {
 			},
 		};
 
-		let epoch_data = match self.epoch_data(&latest_parentchain_header, slot) {
+		let epoch_data = match self.epoch_data(&latest_parentchain_header, shard, slot) {
 			Ok(epoch_data) => epoch_data,
 			Err(e) => {
 				warn!(
@@ -271,7 +272,7 @@ pub trait SimpleSlotWorker<ParentchainBlock: ParentchainBlockTrait> {
 		if !timestamp_within_slot(&slot_info, &proposing.block) {
 			warn!(
 				target: logging_target,
-				"⌛️ Discarding proposal for slot {}, block number {}; block production took too long", 
+				"⌛️ Discarding proposal for slot {}, block number {}; block production took too long",
 				*slot, proposing.block.block().header().block_number(),
 			);
 
diff --git a/sidechain/consensus/slots/src/mocks.rs b/sidechain/consensus/slots/src/mocks.rs
index ea6e4d4d6c..6664351160 100644
--- a/sidechain/consensus/slots/src/mocks.rs
+++ b/sidechain/consensus/slots/src/mocks.rs
@@ -60,7 +60,12 @@ where
 		"test"
 	}
 
-	fn epoch_data(&self, _header: &B::Header, _slot: Slot) -> Result<Self::EpochData> {
+	fn epoch_data(
+		&self,
+		_header: &B::Header,
+		_shard: ShardIdentifierFor<Self::Output>,
+		_slot: Slot,
+	) -> Result<Self::EpochData> {
 		todo!()
 	}
 
diff --git a/sidechain/peer-fetch/src/untrusted_peer_fetch.rs b/sidechain/peer-fetch/src/untrusted_peer_fetch.rs
index 7ff9434103..cfdabbfbf4 100644
--- a/sidechain/peer-fetch/src/untrusted_peer_fetch.rs
+++ b/sidechain/peer-fetch/src/untrusted_peer_fetch.rs
@@ -50,10 +50,15 @@ where
 		let node_api = self.node_api_factory.create_api()?;
 
 		let validateer = node_api
-			.worker_for_shard(shard, None)?
+			.primary_worker_for_shard(shard, None)?
 			.ok_or_else(|| Error::NoPeerFoundForShard(*shard))?;
 
-		let trusted_worker_client = DirectWorkerApi::new(validateer.url);
+		let trusted_worker_client = DirectWorkerApi::new(
+			validateer
+				.instance_url()
+				.map(|url| String::from_utf8(url).unwrap_or_default())
+				.ok_or_else(|| Error::NoPeerFoundForShard(*shard))?,
+		);
 		Ok(trusted_worker_client.get_untrusted_worker_url()?)
 	}
 }
diff --git a/sidechain/primitives/Cargo.toml b/sidechain/primitives/Cargo.toml
index e93e3d9719..45844541a2 100644
--- a/sidechain/primitives/Cargo.toml
+++ b/sidechain/primitives/Cargo.toml
@@ -3,16 +3,16 @@ name = "its-primitives"
 version = "0.1.0"
 authors = ["Integritee AG <hello@integritee.network>"]
 homepage = "https://integritee.network/"
-repository = "https://github.com/integritee-network/pallets/"
+repository = "https://github.com/integritee-network/worker/"
 license = "Apache-2.0"
 edition = "2021"
 
 [dependencies]
 codec = { package = "parity-scale-codec", version = "3.0.0", default-features = false, features = ["derive", "full"] }
+itp-types = { path = "../../core-primitives/types", default-features = false }
 scale-info = { version = "2.0.1", default-features = false, features = ["derive"] }
 serde = { version = "1.0.13", default-features = false }
 
-
 # substrate dependencies
 sp-core = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
 sp-io = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
@@ -29,6 +29,7 @@ std = [
     "codec/std",
     "scale-info/std",
     "serde/std",
+    "itp-types/std",
     # substrate
     "sp-core/std",
     "sp-io/std",
diff --git a/sidechain/primitives/src/types/header.rs b/sidechain/primitives/src/types/header.rs
index a4289193f8..962917f534 100644
--- a/sidechain/primitives/src/types/header.rs
+++ b/sidechain/primitives/src/types/header.rs
@@ -26,7 +26,7 @@ use sp_std::prelude::*;
 #[cfg(feature = "std")]
 use serde::{Deserialize, Serialize};
 
-pub type ShardIdentifier = H256;
+pub use itp_types::ShardIdentifier;
 
 #[derive(PartialEq, Eq, Clone, Encode, Decode, Debug, Copy, Default, TypeInfo)]
 #[cfg_attr(feature = "std", derive(Serialize, Deserialize))]
diff --git a/sidechain/state/src/impls.rs b/sidechain/state/src/impls.rs
index 99825f5642..669d4d3b2a 100644
--- a/sidechain/state/src/impls.rs
+++ b/sidechain/state/src/impls.rs
@@ -17,10 +17,9 @@
 
 //! Implement the sidechain state traits.
 
-use core::fmt::Debug;
-
 use crate::{Error, SidechainState, StateUpdate};
 use codec::{Decode, Encode};
+use core::fmt::Debug;
 use frame_support::ensure;
 use itp_sgx_externalities::{SgxExternalitiesTrait, StateHash};
 use itp_storage::keys::storage_value_key;
diff --git a/sidechain/test/Cargo.toml b/sidechain/test/Cargo.toml
index f6f8fbfc72..002349141f 100644
--- a/sidechain/test/Cargo.toml
+++ b/sidechain/test/Cargo.toml
@@ -3,7 +3,7 @@ name = "its-test"
 version = "0.9.0"
 authors = ["Integritee AG <hello@integritee.network>"]
 homepage = "https://integritee.network/"
-repository = "https://github.com/integritee-network/pallets/"
+repository = "https://github.com/integritee-network/worker/"
 license = "Apache-2.0"
 edition = "2021"
 
diff --git a/sidechain/validateer-fetch/Cargo.toml b/sidechain/validateer-fetch/Cargo.toml
index dba26b3189..01988d59ce 100644
--- a/sidechain/validateer-fetch/Cargo.toml
+++ b/sidechain/validateer-fetch/Cargo.toml
@@ -7,6 +7,7 @@ edition = "2021"
 [dependencies]
 codec = { package = "parity-scale-codec", version = "3.0.0", default-features = false, features = ["derive", "chain-error"] }
 derive_more = "0.99.16"
+log = "0.4"
 thiserror = "1.0.26"
 
 # substrate deps
@@ -16,10 +17,12 @@ sp-runtime = { default-features = false, git = "https://github.com/paritytech/su
 sp-std = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
 
 # local deps
+itp-enclave-bridge-storage = { path = "../../core-primitives/enclave-bridge-storage", default-features = false }
 itp-ocall-api = { path = "../../core-primitives/ocall-api", default-features = false }
 itp-storage = { path = "../../core-primitives/storage", default-features = false }
 itp-teerex-storage = { path = "../../core-primitives/teerex-storage", default-features = false }
 itp-types = { path = "../../core-primitives/types", default-features = false }
+its-primitives = { path = "../primitives", default-features = false }
 
 [features]
 default = ["std"]
@@ -31,6 +34,8 @@ std = [
     "itp-types/std",
     "itp-storage/std",
     "itp-ocall-api/std",
+    "its-primitives/std",
+    "itp-enclave-bridge-storage/std",
 ]
 
 [dev-dependencies]
diff --git a/sidechain/validateer-fetch/src/validateer.rs b/sidechain/validateer-fetch/src/validateer.rs
index c35b22c442..3f0c099917 100644
--- a/sidechain/validateer-fetch/src/validateer.rs
+++ b/sidechain/validateer-fetch/src/validateer.rs
@@ -16,89 +16,108 @@
 */
 
 use crate::error::{Error, Result};
-use frame_support::ensure;
+use itp_enclave_bridge_storage::{EnclaveBridgeStorage, EnclaveBridgeStorageKeys};
 use itp_ocall_api::EnclaveOnChainOCallApi;
-use itp_teerex_storage::{TeeRexStorage, TeerexStorageKeys};
-use itp_types::Enclave;
+use itp_types::{parentchain::AccountId, ShardSignerStatus};
+use its_primitives::traits::{Block as SidechainBlockTrait, Header as HeaderTrait, SignedBlock};
+use log::trace;
 use sp_core::H256;
 use sp_runtime::traits::Header as HeaderT;
 use sp_std::prelude::Vec;
 
+type ShardIdentifierFor<SignedSidechainBlock> =
+<<<SignedSidechainBlock as SignedBlock>::Block as SidechainBlockTrait>::HeaderType as HeaderTrait>::ShardIdentifier;
+
 pub trait ValidateerFetch {
-	fn current_validateers<Header: HeaderT<Hash = H256>>(
+	fn current_validateers<
+		Header: HeaderT<Hash = H256>,
+		SignedSidechainBlock: its_primitives::traits::SignedBlock,
+	>(
+		&self,
+		latest_header: &Header,
+		shard: ShardIdentifierFor<SignedSidechainBlock>,
+	) -> Result<Vec<AccountId>>;
+	fn validateer_count<
+		Header: HeaderT<Hash = H256>,
+		SignedSidechainBlock: its_primitives::traits::SignedBlock,
+	>(
 		&self,
 		latest_header: &Header,
-	) -> Result<Vec<Enclave>>;
-	fn validateer_count<Header: HeaderT<Hash = H256>>(&self, latest_header: &Header)
-		-> Result<u64>;
+		shard: ShardIdentifierFor<SignedSidechainBlock>,
+	) -> Result<u64>;
 }
 
 impl<OnchainStorage: EnclaveOnChainOCallApi> ValidateerFetch for OnchainStorage {
-	fn current_validateers<Header: HeaderT<Hash = H256>>(
+	fn current_validateers<
+		Header: HeaderT<Hash = H256>,
+		SignedSidechainBlock: its_primitives::traits::SignedBlock,
+	>(
 		&self,
 		header: &Header,
-	) -> Result<Vec<Enclave>> {
-		let count = self.validateer_count(header)?;
-
-		let mut hashes = Vec::with_capacity(count as usize);
-		for i in 1..=count {
-			hashes.push(TeeRexStorage::enclave(i))
-		}
-
-		let enclaves: Vec<Enclave> = self
-			.get_multiple_storages_verified(hashes, header)?
-			.into_iter()
-			.filter_map(|e| e.into_tuple().1)
-			.collect();
-		ensure!(
-			enclaves.len() == count as usize,
-			Error::Other("Found less validateers onchain than validateer count")
-		);
-		Ok(enclaves)
-	}
-
-	fn validateer_count<Header: HeaderT<Hash = H256>>(&self, header: &Header) -> Result<u64> {
-		self.get_storage_verified(TeeRexStorage::enclave_count(), header)?
+		shard: ShardIdentifierFor<SignedSidechainBlock>,
+	) -> Result<Vec<AccountId>> {
+		let shard_status: Vec<ShardSignerStatus> = self
+			.get_storage_verified(
+				EnclaveBridgeStorage::shard_status::<ShardIdentifierFor<SignedSidechainBlock>>(
+					shard,
+				),
+				header,
+			)?
 			.into_tuple()
 			.1
-			.ok_or_else(|| Error::Other("Could not get validateer count from chain"))
+			.ok_or_else(|| Error::Other("Could not get validateer count from chain"))?;
+		trace!("fetched {} validateers for shard {:?}", shard_status.len(), shard);
+		Ok(shard_status.iter().map(|sss: &ShardSignerStatus| sss.signer.clone()).collect())
+	}
+
+	fn validateer_count<
+		Header: HeaderT<Hash = H256>,
+		SignedSidechainBlock: its_primitives::traits::SignedBlock,
+	>(
+		&self,
+		header: &Header,
+		shard: ShardIdentifierFor<SignedSidechainBlock>,
+	) -> Result<u64> {
+		Ok(self.current_validateers::<Header, SignedSidechainBlock>(header, shard)?.len() as u64)
 	}
 }
 
 #[cfg(test)]
 mod tests {
 	use super::*;
-	use codec::Encode;
+
 	use itc_parentchain_test::ParentchainHeaderBuilder;
 	use itp_test::mock::onchain_mock::{validateer_set, OnchainMock};
-	use std::string::ToString;
+	use itp_types::ShardIdentifier;
 
 	#[test]
 	pub fn get_validateer_count_works() {
 		let header = ParentchainHeaderBuilder::default().build();
-		let mock = OnchainMock::default().add_validateer_set(&header, None);
-		assert_eq!(mock.validateer_count(&header).unwrap(), 4u64);
+		let shard = ShardIdentifier::default();
+		let mock = OnchainMock::default().add_validateer_set(&header, shard, None);
+		assert_eq!(
+			mock.validateer_count::<itp_types::Header, its_primitives::types::SignedBlock>(
+				&header, shard
+			)
+			.unwrap(),
+			4u64
+		);
 	}
 
 	#[test]
 	pub fn get_validateer_set_works() {
 		let header = ParentchainHeaderBuilder::default().build();
-		let mock = OnchainMock::default().add_validateer_set(&header, None);
+		let shard = ShardIdentifier::default();
+		let mock = OnchainMock::default().add_validateer_set(&header, shard, None);
 
 		let validateers = validateer_set();
 
-		assert_eq!(mock.current_validateers(&header).unwrap(), validateers);
-	}
-
-	#[test]
-	pub fn if_validateer_count_bigger_than_returned_validateers_return_err() {
-		let header = ParentchainHeaderBuilder::default().build();
-		let mut mock = OnchainMock::default().add_validateer_set(&header, None);
-		mock.insert_at_header(&header, TeeRexStorage::enclave_count(), 5u64.encode());
-
 		assert_eq!(
-			mock.current_validateers(&header).unwrap_err().to_string(),
-			"Found less validateers onchain than validateer count".to_string()
+			mock.current_validateers::<itp_types::Header, its_primitives::types::SignedBlock>(
+				&header, shard
+			)
+			.unwrap(),
+			validateers
 		);
 	}
 }