Trusted Execution Environments (TEEs) promise secure computation and data protection even in compromised systems. However, a new academic attack called TEE.fail demonstrates that these guarantees can be defeated through physical interposition on DDR5 memory buses.
The research, led by Jalen Chuang, Alex Seto, Nicolas Berrios, Stephan van Schaik, Christina Garman, and Daniel Genkin, shows that by soldering a low-cost DDR5 interposer, attackers can observe encrypted memory transactions and recover cryptographic keys from Intel TDX and AMD SEV-SNP systems. Extracted attestation keys can even forge Intel TDX quotes and compromise Nvidia’s GPU Confidential Computing stack.
The attack leverages deterministic encryption in TEE memory controllers, enabling comparison-based inference of data equality. Demonstrations include full key extraction from Intel PCE enclaves using off-the-shelf equipment costing under $1000.
The implications are profound — exposing how physical bus attacks can undermine cloud trust models, cryptocurrency processing, and AI workload protections. The authors will present the full paper at the IEEE Symposium on Security and Privacy 2026.
For technical details and demo videos, visit TEE.fail.