Secure Enclave Bypasses
T10 · Integrity & Confidentiality Breach →Secure enclaves (Intel SGX/TDX, AMD SEV-SNP, ARM TrustZone, NVIDIA CC) isolate sensitive ML computations from the untrusted OS and hypervisor. The bypass targets the gap between the enclave's assumed isolation boundary and actual information leakage through physical and microarchitectural channels. Fail (October 2025) demonstrated that a sub-$1,000 DDR5 memory interposition device extracts ECDSA attestation keys from Intel's Provisioning Certification Enclave — completely breaking the attestation chain that proves code runs inside a genuine TEE.
- Hardware integrity monitoring: tamper-evident physical inspection of memory interfaces
- Attestation freshness verification: frequent re-attestation with challenge-response nonces
- Microarchitectural anomaly detection: monitor for cache/timing patterns indicating side-channel attacks
- NVBleed (2025) showed NVLink performance counter monitoring can detect side-channel probing
Attestation bypass (T10-AP-012G) enables all other enclave attacks by allowing operation outside the TEE while claiming to be inside. Enclave compromise feeds T10-AT-001 (Training Data Extraction) in confidential computing environments and enables T10-AT-010 (Federated Learning Exploits) by compromising secure aggregation.