Trusted execution environments (TEEs), such as Intel's Software Guard Extensions (SGX) and AMD's Secure Encrypted Virtualization (SEV), are designed to create isolated spaces within processors where sensitive code and data can run protected from software attacks, including those from operating systems or hypervisors. These enclaves form the backbone of secure network architectures, enabling features like confidential computing in data centers.

In a study published on September 15, 2025, a team of researchers from the University of California, San Diego, and other institutions revealed that physical attacks can compromise these protections. The attacks exploit hardware weaknesses through techniques like fault injection and side-channel analysis, requiring only brief physical access to the device—such as a few minutes with specialized equipment.

One key method involves inducing faults in the processor's memory controller using electromagnetic pulses or voltage glitches. As lead researcher Daniel Genkin explained, "We were able to extract encryption keys from SGX enclaves by disrupting the enclave's integrity checks during runtime." For AMD's SEV, the team demonstrated how similar physical manipulations could decrypt memory pages, exposing virtual machine data.

The research builds on prior software-based vulnerabilities but emphasizes the novelty of physical exploits. Testing was conducted on off-the-shelf hardware, including Intel Xeon processors with SGX support and AMD EPYC chips running SEV-ES. The attacks succeeded in controlled lab settings, with success rates exceeding 80% after multiple attempts.

Background context traces TEEs' importance to the rise of cloud computing, where providers like AWS and Azure use them to assure clients of data privacy. However, the paper warns that physical access scenarios—possible in supply chain compromises or insider threats—undermine these assurances. "While TEEs protect against remote attacks, they are not impervious to local adversaries," Genkin noted.

Implications extend to network security, where enclaves secure VPNs, firewalls, and secure multi-party computation. The researchers recommend mitigations like enhanced hardware shielding and runtime monitoring, but stress that full fixes may require redesigns from chipmakers. Intel and AMD have acknowledged the findings, stating they are investigating and plan firmware updates, though no patches were available at publication.

This development underscores the ongoing cat-and-mouse game in hardware security, reminding industry that no enclave is truly unbreakable against determined physical foes.