Introduction

A trusted execution environment (TEE) is a computer system where the hardware attests to the code that's running on a machine. TEEs are used today in a variety of production apps:

• Signal uses them for private contact discovery.
• Turnkey uses them to secure billions of dollars through QuorumOS, a TEE-oriented Linux distribution.
• Flashbots uses them to run the largest Ethereum block builder.
• Phala uses them to provide zero-logging AI inference on OpenRouter.
• Ethereum rollups now use TEE multi-provers, where a TEE is used alongside optimistic fault proofs and zk-proofs to defend against bugs.

Currently, TEEs are primarily used to add confidentiality guarantees to existing applications, e.g., running AI workloads on confidential data. In crypto, stablecoins and private DeFi use TEEs. There are some new “account sovereignty” applications built on TEEs, like an app for auditing crypto market makers' activity by granting access to a Binance sessions in a TEE, and systems for sharing Twitter/X accounts, by storing session secrets in a confidential container.

This document outlines high-level frameworks for people accustomed to cryptographic primitives like signatures, encryption, and zk-proving. Since TEEs are an engineering primitive, not a math-based primitive, we have to think about them differently than signatures, proofs, or other hard cryptographic systems.

Disclaimers

Permissionless TEE operation is an unsolved problem. It is possible to create distributed TEE systems, and even permissionless ones, but only with the risk that private data will be leaked by an actor who joins the network and exploits their TEE with side channels. As a result, most TEEs operate as single-sequencer centralized entities right now, and a few TEE networks operate as proof-of-authority networks; none of them have reached the maturity of even Stage 2 rollups.

TEE vulnerabilities are also a persistent issue. This just means that TEEs are more appropriate for trust delegation (i.e. delegating an application to Google Cloud or AWS to run securely), than hardened applications. TEE vulnerabilities may be held under embargo, and/or patches released with short upgrade windows and/or performance issues on major clouds. This means TEEs are, effectively, centralized services that commit their users to running verifiable code.

On the other hand, these are tradeoffs that the crypto space is more accepting of now, and TEEs are already strictly stronger/ more secure than vanilla cloud hardware.

The TDX VM

The TEE architecture we'll focus on is Intel TDX, the successor to Intel SGX enclaves.

TDX is a server-oriented, "confidential VM" architecture. TDX VMs are started on bare-metal machines by asking CPU-based virtualization to start a virtual machine. TDX VMs operate with hardware isolation, memory encryption, and a different CPU operation mode (”SEAM”).

After a TDX VM is started, it’s still possible for the outside host to interface with it through the hypervisor/virtual machine manager, but the VMM is limited in how it can change the operation of the TDX VM.