TEE

last updated 2026-05-04 · +1 sources in last 30d

Physics / mechanism

A Trusted Execution Environment is a hardware-isolated compute enclave running alongside the main OS, enforcing confidentiality and integrity of code and data even against a privileged attacker. Implemented via dedicated silicon — ARM TrustZone partitions the CPU into Normal/Secure worlds; Intel TDX and AMD SEV-SNP extend isolation to full VMs using memory encryption. Key parameters: memory encryption latency overhead (~5–15%), attestation round-trip (<100 ms for remote attestation via ECDSA/DCAP), and TCB surface area (smaller = better; measured in lines of verified firmware). Current SoA: CCA (Confidential Compute Architecture) on ARMv9 introduces Realm Management Extensions, enabling dynamic realm creation without OEM key dependency.

Competitive landscape

Competing approaches: homomorphic encryption (HE) handles computation on encrypted data without hardware trust anchors but carries 1,000–10,000× compute overhead — impractical for inference workloads today. Secure multi-party computation (SMPC) distributes trust across parties but requires coordination overhead. RISC-V enclaves (Keystone, Penglai) offer open-source TCB alternatives. The confidential computing stack is increasingly converging around CCA/TDX/SEV-SNP as the hyperscaler-validated trio.

ApproachPerf overheadTrust anchorMaturity
TEE (TDX/SEV)Low (5–15%)HardwareProduction
HEExtreme (>1000×)CryptographicResearch/niche
SMPCMedium-highProtocolLimited deploy

Companies using

Connected ideas

Sources

Frontier (open questions)

Recent mentions

Frontier questions