Dan Goodin (@[email protected])

AMD, Intel and Nvidia have poured untold resources into building on-chip trusted execution environments. These enclaves use encryption to protect data and execution from being viewed or modified. The companies proudly declare that these TEEs will protect data and code even when the OS kernel has been thoroughly compromised. The chipmakers are considerably less vocal about an exclusion that physical attacks, which are becoming increasingly cheap and easy, aren't covered by the threat model These physical attacks use off the shelf equipment and only intermediate admin skills to completely break all TEEs made from these three chipmakers. This shifting Security landscape leaves me asking a bunch of questions. What's the true value of a TEE going forward?. Can governments ever get subpoena rulings ordering a host provider to run this attack on their own infrastructure? Why do the companies market their TEEs so heavily for edge servers when one of the top edge-server threats is physical attacks? People say, "well yes. just run the server in Amazon or another top tier cloud provider and you'll be reasonably safe." The thing is, TEEs can only guarantee to a relying party that the server on the other end isn't infected and couldn't give up data even even if it was. There's no way for the relying party to know if the service is in Amazon or in an attackers's basement. So once again aren't we back to just trusting the cloud, which is precisely the problem TEEs were supposed to solve? https://arstechnica.com/security/2025/10/new-physical-attacks-are-quickly-diluting-secure-enclave-defenses-from-nvidia-amd-and-intel/