For the 5th session of Proof is in the Pudding, we teamed up with Archetype to whiteboard an introduction to Trusted Execution Environments (TEEs).

In this session, we unpacked the fundamentals of TEEs and their role in confidential computing—focusing on how they protect data while it’s being used, not just at rest or in transit. We explored current technologies like Intel TDX, AMD SEV-SNP, ARM CCA, AWS Nitro Enclaves, and even Nvidia’s approach to secure GPU computing. (BTW check out our audit of Self on their use of Nitro enclaves!)

We also traced the evolution of TEEs: from early enclave models like Intel SGX to today’s Confidential VMs and Confidential Containers. Along the way, we broke down core TEE properties like integrity (ensured through remote attestation) and confidentiality (secure computation on encrypted data). The session didn’t shy away from real-world challenges either—covering attack surfaces, the Trusted Computing Base (TCB), and the complexities of secure system design.

The deep dive concluded with a technical look at Intel TDX, illustrating how it extends existing virtualization layers to enforce strong isolation using memory encryption and cryptographic measurements.