Confidential computing security research and tooling to build secure trusted execution environments. Expert security for Intel SGX, TDX, AMD SEV-SNP, ARM TrustZone, and AWS Nitro Enclaves.
Latest blog posts, webinars, and social media updates on Trusted Execution Environments
Comprehensive security review of WhatsApp Private Processing, a confidential computing service using AMD SEV-SNP and NVIDIA confidential computing to enable AI features while preserving privacy guarantees.
Security AuditComprehensive security assessment of MobileCoin's TEE-based cryptocurrency implementation, focusing on Intel SGX enclaves, consensus protocols, and cryptographic security.
Recorded WebinarJoin us for an in-depth discussion of the most common vulnerabilities found in Trusted Execution Environment implementations and learn how to identify and fix them before your security audit.
Critical vulnerabilities discovered in LUKS2 disk encryption that impact confidential VM security. Learn about the attack vectors and how to protect your TEE deployments.
Key insights into AWS Nitro Enclaves image construction and attestation. Learn about enclave identity verification and its security implications.
ResearchBest practices for trust establishment in Intel SGX enclaves. Learn about attestation workflows and techniques for strengthening enclave security guarantees.
Recorded WebinarPhysical attacks on Intel TDX/SGX and AMD SEV-SNP now allow attackers with $50 in hardware to extract attestation keys. Learn what this means for your TEE-based infrastructure.
Right-sized TEE security guidance at every stage of your project
Comprehensive security analysis of TEE architectures and protocols before implementation. We identify cryptographic vulnerabilities, verify security properties, and validate threat models using both manual review and formal verification tools.
Deep security assessment of TEE implementations combining manual code review, static analysis, fuzzing, and dynamic testing. We identify side-channel vulnerabilities, implementation flaws, and entire vulnerability classes.
Comprehensive security program combining multiple assessment types with continuous support. Includes pre-mortem assessments, quarterly consultations, and fix reviews.
Book a free office hours session to discuss your TEE implementation. Get expert guidance on platform selection, architectural trade-offs, and security best practices without any commitment.
Book Office HoursExpert insights on TEE security, vulnerabilities, and implementation best practices
Join us for an in-depth discussion of the most common vulnerabilities found in Trusted Execution Environment implementations and learn how to identify and fix them before your security audit.
Physical attacks on Intel TDX/SGX and AMD SEV-SNP now allow attackers with $50 in hardware to extract attestation keys, view encrypted data, and tamper with confidential workloads. Intel and AMD won't patch these vulnerabilities.
From platform selection guidance to comprehensive security assessments - expert TEE security at every stage
Common questions about TEE security and our services
Our TEE security assessments include:
→ Architecture and threat model review
→ Code-level security analysis of enclave implementations
→ Attestation protocol verification
→ Side-channel attack evaluation
→ Memory safety and isolation testing
→ Key management and cryptographic implementation review
→ Custom tooling development when needed
→ Detailed technical report with remediation guidance
Engagement duration varies based on scope and complexity:
→ Office Hours - 1-2 hour sessions for focused guidance
→ Design Review - 1-2 weeks for architectural assessment
→ Implementation Review - 2-4 weeks for comprehensive code analysis
→ Ongoing Support - Continuous engagement with async communication
We'll work with you to scope the engagement appropriately for your project stage and budget.
Trail of Bits brings unique advantages to TEE security:
→ Active researchers who have discovered and published vulnerabilities in major TEE platforms
→ Deep expertise across all major TEE technologies (SGX, SEV-SNP, TrustZone, Nitro)
→ Custom security tooling development for TEE analysis
→ Multi-methodology approach combining manual review with automated analysis
→ Focus on eliminating vulnerability classes, not just finding individual bugs
→ Knowledge transfer and team training included in all engagements
→ Track record of hundreds of security assessments for leading tech companies
