CCybersecurity

Is Confidential Computing Safe from Side-Channel Attacks?

Is confidential computing safe from side-channel attacks illustration showing a cracking TEE security shield around a CPU chip representing TEE.Fail vulnerability in Intel SGX and AMD SEV-SNP
Confidential computing uses Trusted Execution Environments to protect data in use. But the TEE.Fail attack in October 2025 showed that physical side-channel attacks can bypass these protections in Intel SGX Intel TDX and AMD SEV-SNP.
0
Shares
0
0
0
0

Is Confidential Computing Safe from Side-Channel Attacks? What You Need to Know in 2026

INTRODUCTION

Is confidential computing safe from side-channel attacks? This question sits at the centre of one of the most urgent cybersecurity debates of 2025 and 2026. Confidential computing promised to solve a longstanding problem: how do you protect sensitive data while a processor is actively working on it? Conventional encryption secures data at rest and in transit but leaves data exposed the moment a CPU begins processing it.

The answer that the technology industry built is the Trusted Execution Environment (TEE). Companies like Intel AMD and NVIDIA embedded hardware-level secure enclaves directly into their chips. Cloud providers including AWS Google and Microsoft deployed these protections across their data centres. Billions of dollars of investment followed.

Then in October 2025 researchers from Georgia Tech and Purdue University published a paper describing an attack called TEE.Fail. They built a device from secondhand components costing under $1000 and used it to extract cryptographic keys from Intel SGX Intel TDX and AMD SEV-SNP systems while those systems were running in a fully trusted and operational state.

This article gives you a complete and honest answer to the central question. You will learn what confidential computing and Trusted Execution Environments actually are how side-channel attacks work what TEE.Fail specifically demonstrated what the vendor responses revealed and most importantly what you should do to protect your systems right now.

What Is Confidential Computing and How Does a Trusted Execution Environment Work

Confidential computing is a hardware-based approach to protecting data while it is in use. Traditional security models protect data in two states: at rest using disk encryption and in transit using TLS or similar protocols. But the moment a CPU starts processing data that data must be decrypted and loaded into memory where it becomes vulnerable to anyone with sufficient system access.

Confidential computing solves this by keeping data encrypted even during processing. It does this through a Trusted Execution Environment (TEE). A TEE is a secure isolated region of a processor that creates a protected boundary around sensitive code and data during execution.

How a TEE Protects Your Data

The TEE works by creating an enclave. Inside that enclave code runs and data processes in a way that even the host operating system the hypervisor the cloud provider and system administrators cannot access. The isolation operates at the hardware level not the software level which means even a fully compromised operating system cannot read what is happening inside the enclave.

Three major implementations dominate the market today. Intel SGX (Software Guard eXtensions) creates isolated memory regions called enclaves at the application level. Intel TDX (Trust Domain Extensions) extends this protection to full virtual machines. AMD SEV-SNP (Secure Encrypted Virtualization with Secure Nested Paging) provides memory encryption across entire virtual machines with protection against hypervisor-level threats.

Cloud providers have deployed all three at scale. Microsoft Azure supports Intel SGX and AMD SEV-SNP. Google Cloud uses AMD SEV across its confidential computing offerings. Amazon Web Services deploys Nitro Enclaves alongside support for both Intel and AMD TEEs.

Why Attestation Matters

TEEs also include a mechanism called attestation. Attestation allows a workload running inside a TEE to prove to an external party that it is genuinely running in a trusted environment and has not been tampered with. The TEE generates a cryptographically signed report using keys embedded in the hardware at manufacture. Any party can verify this report and confirm they are communicating with a genuine protected enclave.

Attestation is critical because it allows organisations to trust that their sensitive AI workloads financial calculations and healthcare data are running inside a genuine protected environment even when they have no physical control over the server hardware. For a full overview of how TEEs function read the
comprehensive confidential computing guide on Medium
which covers all major TEE implementations and cloud deployments in detail.

ALSO READ -  Hackers Gain Unauthorized Access to Anthropic Mythos

What Are Side-Channel Attacks and Why Do They Threaten Confidential Computing

Side-channel attacks do not break encryption directly. Instead they exploit physical or behavioural characteristics of a system to extract secrets indirectly. A side-channel attacker does not need your encryption algorithm or your key. They observe how the system behaves while processing protected data and infer the secrets from those observations.

Common side channels include timing measurements power consumption electromagnetic emissions cache behaviour and memory bus traffic. Each of these channels leaks information about what the processor is doing at any given moment even when the data itself is encrypted.

Classic Side-Channel Attacks You Should Know

Spectre and Meltdown brought side-channel vulnerabilities into mainstream public awareness in 2018. Both exploited speculative execution in modern processors to extract data across security boundaries that should have been impenetrable. They affected virtually every processor manufactured after 1995 and required patches across every major operating system hypervisor and CPU firmware.

Rowhammer attacks exploit physical characteristics of DRAM memory by repeatedly reading memory locations in a way that causes bit flips in adjacent cells. This allows attackers to corrupt memory contents or escalate privileges without ever accessing protected memory directly. The Phoenix rowhammer attack published in June 2025 demonstrated that even DDR5 memory with enhanced protections remains vulnerable.

Cache timing attacks observe how long memory operations take to infer what data is being accessed. Because cached data returns faster than uncached data a timing attacker can reconstruct which memory addresses a victim is accessing and from that infer the underlying data. This attack class has successfully extracted AES keys from multiple cryptographic implementations.

Why TEEs Are Specifically Vulnerable to Side-Channel Attacks

TEEs create a clear target for side-channel attackers. The entire value proposition of a Trusted Execution Environment is that the most sensitive data on a system resides inside it: cryptographic keys attestation credentials patient data financial models and AI intellectual property. A successful side-channel attack against a TEE yields the highest-value data on the entire system in a single operation.

Both AMD and Intel explicitly exclude side-channel attacks from their TEE threat models. Their security guarantees apply to software-based threats. Physical observation of hardware behaviour sits outside the boundary they have defined. This appears in their official documentation. But it is a gap that researchers have now demonstrated they can exploit at low cost with readily available equipment.

Diagram showing how a side-channel attack bypasses a Trusted Execution Environment TEE by intercepting DDR5 memory bus traffic outside the Intel SGX and AMD SEV-SNP normal threat model boundary
TEEs protect against software-based threats including
compromised operating systems and hypervisors shown
blocked in blue. Side-channel attacks shown in red
bypass this protection entirely by observing physical
memory bus traffic outside the TEE boundary.

Is Confidential Computing Safe After TEE.Fail? What the October 2025 Attack Revealed

In October 2025 researchers from Georgia Tech Purdue University and Synkhronix published a paper describing TEE.Fail. This attack demonstrated that an attacker can extract cryptographic keys and forge attestation reports from Intel SGX Intel TDX and AMD SEV-SNP systems using physical hardware costing under $1000 assembled entirely from secondhand components.

The implications shook the confidential computing industry. TEE.Fail did not exploit a software bug. It exploited a fundamental architectural trade-off that Intel and AMD made deliberately to improve performance. And it worked against fully updated systems running in a trusted operational state.

How TEE.Fail Works Step by Step

TEE.Fail exploits how modern server-grade TEEs encrypt memory. Earlier generations of Intel SGX used Merkle tree-based integrity and replay protection. Server-grade TEEs dropped this in favour of deterministic AES-XTS encryption which is faster and supports larger confidential virtual machines but is deterministic: the same physical memory address always produces the same ciphertext given identical content.

The researchers built a custom DDR5 interposer and placed it between the CPU and the DIMM memory modules. This device passively records all traffic flowing between the processor and memory. Because the encryption is deterministic the team built a ciphertext dictionary mapping observed ciphertext patterns to physical addresses and ultimately to plaintext values.

Using this technique the researchers successfully achieved the following results:

  • Extracted ECDSA attestation private keys from Intel’s Provisioning Certification Enclave on fully updated Xeon servers running Intel SGX and TDX
  • Used the extracted keys to forge valid SGX and TDX attestation reports allowing them to impersonate genuine TEE environments
  • Extracted ECDH private keys from AMD SEV-SNP protected virtual machines even with the Ciphertext Hiding security option enabled
  • Extracted signing keys from OpenSSL’s ECDSA implementation running inside AMD SEV-SNP protected machines
  • Demonstrated attacks against real production systems including BUILDERNET a blockchain infrastructure using TDX and SECRET Network using SGX enclaves
  • Extended the attack to NVIDIA Confidential Computing enabling workloads to run outside TEE protections while appearing protected to external verification systems

How Intel AMD and NVIDIA Responded

All three vendors acknowledged the TEE.Fail findings. The researchers disclosed responsibly: to Intel in April 2025 to NVIDIA in June 2025 and to AMD in August 2025.

ALSO READ -  How to Know If Your Android Phone Is Hacked

AMD published a bulletin stating it does not plan to develop mitigations because physical access attacks fall outside its defined threat model for AMD SEV-SNP. Intel issued a similar statement affirming that TEE.Fail is consistent with previously documented out-of-scope limitations. NVIDIA stated it was evaluating its threat model documentation but did not commit to specific mitigations.

This response is technically defensible but practically unsatisfying for any organisation running confidential workloads in environments where physical access is not exclusively controlled. The vendor position does not reduce your actual risk. It simply tells you that closing this gap is your responsibility rather than theirs.

For the full technical reporting read
BleepingComputer’s detailed coverage of the TEE.Fail attack on Intel AMD and NVIDIA CPUs
and the original research as reported by
The Hacker News report on the new TEE.Fail side-channel attack.

How Serious Is the Side-Channel Risk to Confidential Computing in Practice

Evaluating the real risk requires separating the technical severity of the attack from the practical difficulty of executing it in real-world environments. Both dimensions matter and both deserve honest assessment.

The Technical Severity Is High

The consequences of a successful TEE.Fail attack are severe for any workload relying on a compromised TEE. Extracting attestation private keys allows an attacker to forge attestation reports indefinitely. This means they can create fake enclave environments that appear cryptographically genuine to any system relying on attestation to verify trust. An attacker who achieves this can intercept sensitive workloads read confidential data and return manipulated output while every external verification mechanism reports that everything is functioning correctly.

The attack also affects the long-term security of any secrets previously processed inside a compromised TEE. Because the attacker can reconstruct what was in memory during past sessions data that organisations believed was protected may have been observed without detection.

The Practical Difficulty Is Also Real

The attack requires conditions that eliminate remote attackers entirely. Physical access to the specific server hardware is mandatory. The attacker must insert an interposer between the CPU and DIMM slots requiring the server chassis to be opened. Root-level kernel driver modification is needed for the SGX component. These conditions limit the realistic threat actor set to insiders at colocation facilities nation-state supply chain operations and sophisticated physical attackers with sustained hardware access.

For organisations running cloud workloads on hyperscale providers like AWS Google Cloud or Microsoft Azure the physical security controls surrounding data centre hardware make TEE.Fail-class attacks genuinely difficult to execute. For organisations using colocation where physical access is shared with other tenants the risk is materially higher.

The Systemic Risk Matters Most

The most important lesson from TEE.Fail is not about individual attack scenarios. It is about the reliability of the security guarantees that confidential computing products are marketed as providing. Organisations made deployment decisions based on the assumption that TEEs provide strong protection even in physically untrustworthy environments. TEE.Fail demonstrates that this assumption has documented limits that vendors knew about but did not communicate prominently.

Any security architecture built on a foundation of absolute TEE protection needs reassessment. This includes AI model protection strategies healthcare data processing in shared cloud environments financial calculations on colocation hardware and Web3 systems using TEEs to protect smart contract execution.

Risk matrix showing side-channel attack types against confidential computing and Trusted Execution Environments ranked by complexity and impact including TEE.Fail Spectre Meltdown and cache timing attacks
Software privilege escalation attacks shown in green
are effectively blocked by TEEs. Physical side-channel
attacks including TEE.Fail shown in red sit outside
the vendor threat model and require additional
operational and physical security controls.

How to Protect Confidential Computing Systems from Side-Channel Attacks

Understanding the risk is the first step. Acting on it is what protects your organisation. A layered approach combining physical security software mitigations data-oblivious programming and continuous monitoring gives you the strongest practical defence available today.

Strengthen Physical Security Around TEE Hardware

Physical access is the mandatory prerequisite for TEE.Fail and most memory bus side-channel attacks. Physical security controls are therefore the single most impactful mitigation available to you right now. Treat any server running TEE workloads with the same physical access controls you would apply to key management hardware.

Specific measures include using colocation facilities with third-party audited physical access controls requiring multi-person authorisation for any physical server access implementing tamper-evident chassis seals and monitoring chassis intrusion alerts as high-priority security events. Workloads processing the highest sensitivity data should run on hardware where no other tenant has physical access to the same cage or rack.

Implement Data-Oblivious Programming Techniques

Data-oblivious algorithms remove the data-dependent behaviour that most side-channel attacks exploit. A standard algorithm takes different execution paths or accesses different memory locations based on the data it processes. An attacker observing those patterns can infer the data. A data-oblivious algorithm performs identical operations and accesses identical memory locations regardless of input data making observation useless even if the attacker can see the memory bus.

Implementing data-oblivious code requires deliberate engineering effort and carries a performance cost. But it is one of the most effective software-level defences against cache timing attacks power analysis and similar physical side channels.

ALSO READ -  Anthropic Mythos: The AI Model That Changed Cybersecurity Forever

Choose TEE Configurations with Memory Integrity Protection

TEE.Fail exploits the fact that server-grade TEEs use deterministic AES-XTS encryption without integrity or replay protection. Earlier Intel SGX client implementations included Merkle tree-based integrity checking which would have prevented the ciphertext dictionary attack at the heart of TEE.Fail. Where your deployment allows you to select TEE configurations with memory integrity protection enabled this significantly raises the difficulty of memory bus observation attacks.

Watch vendor roadmaps closely. Intel AMD and NVIDIA are actively evaluating updated threat models and potential mitigations in response to TEE.Fail. Future hardware generations may reintroduce integrity protection in a form compatible with larger server-grade confidential virtual machine memory footprints.

Apply Cryptographic Defences for the Highest-Value Workloads

For workloads where even a low-probability TEE compromise would be unacceptable consider complementing TEEs with cryptographic approaches. Homomorphic encryption allows computation on encrypted data without ever decrypting it. Secure Multi-Party Computation distributes computation across multiple parties so no single party ever holds the full plaintext. Both approaches carry significant performance costs but they provide protection guarantees that no physical attack can circumvent.

A hybrid model that uses TEEs for standard workloads and homomorphic encryption for the highest-value operations gives you a layered defence that is both realistic to deploy and significantly more resilient against physical side-channel threats.

Monitor Vendor Advisories and Security Research Continuously

The confidential computing security landscape evolves faster than any point-in-time assessment can capture. Intel AMD and NVIDIA are actively revising their threat models in response to TEE.Fail. New side-channel research appears regularly from academic and commercial security teams. CVEs against specific TEE implementations receive patches on varying timescales.

Assign explicit responsibility within your security team for tracking vendor advisories for Intel TDX SGX and AMD SEV-SNP and for monitoring relevant academic research through venues like IEEE Security and Privacy and USENIX Security.

Frequently Asked Questions About Confidential Computing and Side-Channel Attacks

Is confidential computing safe from side-channel attacks?

Confidential computing is not completely safe from side-channel attacks but it strongly protects against the software-based threats it was designed to address. The TEE.Fail attack in October 2025 showed that physical side-channel attacks can extract cryptographic keys from Intel SGX Intel TDX and AMD SEV-SNP. These attacks require physical hardware access which makes them significantly more difficult to execute than remote exploits. But they represent real threats that organisations should plan for especially in colocation environments where physical access is shared.

What is a Trusted Execution Environment (TEE?)

A Trusted Execution Environment (TEE) is a secure isolated region inside a processor that protects sensitive code and data during execution. It prevents even the host operating system hypervisor cloud provider and system administrators from accessing the protected computation. Major TEE implementations include Intel SGX Intel TDX and AMD SEV-SNP. All three major cloud hyperscalers deploy these technologies to support confidential computing workloads.

What exactly did the TEE.Fail attack demonstrate?

TEE.Fail demonstrated that researchers could extract cryptographic keys and forge attestation reports from Intel SGX Intel TDX and AMD SEV-SNP using a custom DDR5 memory interposer costing under $1000. The attack exploited deterministic AES-XTS encryption in server-grade TEEs which lacks the integrity and replay protection found in older client-grade implementations. Successful exploitation allows an attacker to impersonate genuine TEE environments fool attestation verification and access sensitive data inside confidential virtual machines.

Do Intel and AMD plan to fix the TEE.Fail vulnerability?

Neither Intel nor AMD plans to release firmware mitigations for TEE.Fail because both vendors classify physical access attacks as outside their defined threat model. AMD published a bulletin explicitly stating this position. Intel issued a similar statement affirming that TEE.Fail is consistent with previously documented out-of-scope physical attack limitations. NVIDIA stated it is evaluating its threat model but has not committed to specific mitigations at the time of writing.

How can I protect my organisation from side-channel attacks on TEEs?

Apply a layered defence starting with strict physical security controls around any hardware running confidential workloads. Implement data-oblivious programming techniques in sensitive code. Select TEE configurations with memory integrity protection enabled where available. For the highest-sensitivity workloads consider complementing TEEs with homomorphic encryption or secure multi-party computation. Monitor Intel AMD and NVIDIA security advisories continuously as vendor threat models actively evolve.

Which cloud providers support confidential computing with TEEs?

All three major cloud hyperscalers support confidential computing. Microsoft Azure supports Intel SGX and AMD SEV-SNP. Google Cloud supports AMD SEV and AMD SEV-SNP for confidential VM workloads. Amazon Web Services offers Nitro Enclaves alongside Intel SGX and AMD SEV on select instance types. Each provider implements additional physical and hypervisor-level security controls that raise the difficulty of physical side-channel attacks beyond what standard colocation environments provide.

CONCLUSION

Is Confidential Computing Safe from Side-Channel Attacks

The honest answer to whether confidential computing is safe from side-channel attacks is nuanced but clear. Confidential computing and Trusted Execution Environments (TEEs) provide genuine strong protection against the software-based threats they were designed to address. No privileged software on the host including the operating system the hypervisor or cloud administrator tools can read data inside a properly configured TEE enclave. That protection is real and valuable.

But physical side-channel attacks represent a real and documented gap in that protection. TEE.Fail proved in October 2025 that a motivated attacker with physical access to server hardware and under $1000 in equipment can extract cryptographic keys and forge attestation reports from the most widely deployed TEE implementations on the market. Intel AMD and NVIDIA have acknowledged the findings and declined to provide firmware mitigations because physical attacks fall outside their defined threat model.

What this means for your organisation depends entirely on your deployment environment and risk profile. Organisations running confidential workloads on major cloud hyperscalers benefit from strong physical security controls that make TEE.Fail-class attacks genuinely difficult in practice. Organisations using colocation where physical access is less tightly controlled face a materially higher risk and should apply the physical security and software mitigations described in this guide with urgency.

Confidential computing remains a valuable and important technology. It dramatically reduces the attack surface compared to unprotected cloud processing. But treating it as a complete and unconditional solution creates a dangerous false sense of security. Apply it as one important layer within a broader defence-in-depth strategy and audit your physical security assumptions as the first priority.

Also

For the technical foundation of how to implement these defences read the detailed analysis at
CyberSecureFox’s technical breakdown of the TEE.Fail DDR5 attack on Intel SGX TDX and AMD SEV-SNP
which includes practical organisational recommendations and ongoing vendor response tracking as this situation continues to evolve.

0 Shares:
Share 0
Tweet 0
Pin it 0

Prince Anichi is a creative web designer, graphics designer, and blogger who enjoys bringing ideas to life through technology. He shares insights, explores new trends, and is always learning new ways to improve and grow.

Leave a Reply

Your email address will not be published. Required fields are marked *

— Previous article

Vivo X300 Complete Review
Next article —

What Is Cloud Security And Why Does It Matter

You May Also Like