# Trust, But Measure: A Friendly Intro to TEEs with Intel TDX

- **Authors**: ZK/SEC
- **Date**: June 28, 2025
- **Tags**: educative, TEE, security

![whiteboard](https://blog.zksecurity.xyz/posts/pudding-4-TEEs/whiteboard.jpg)

For the 5th session of Proof is in the Pudding, we teamed up with [Archetype](https://www.archetype.fund/) to whiteboard an introduction to **Trusted Execution Environments (TEEs)**.

In this session, we unpacked the fundamentals of TEEs and their role in confidential computing—focusing on how they protect data while it’s being used, not just at rest or in transit. We explored current technologies like **Intel TDX**, AMD SEV-SNP, ARM CCA, AWS Nitro Enclaves, and even Nvidia’s approach to secure GPU computing. (BTW check out [our audit of Self on their use of Nitro enclaves](https://reports.zksecurity.xyz/reports/celo-self-audit/#finding-tee-client-attestation)!)

We also traced the evolution of TEEs: from early enclave models like Intel SGX to today’s Confidential VMs and **Confidential Containers**. Along the way, we broke down core TEE properties like integrity (ensured through remote attestation) and confidentiality (secure computation on encrypted data). The session didn’t shy away from real-world challenges either—covering attack surfaces, the **Trusted Computing Base (TCB)**, and the complexities of secure system design.

The deep dive concluded with a technical look at Intel TDX, illustrating how it extends existing virtualization layers to enforce strong isolation using memory encryption and cryptographic measurements.

---

This article was published on the [ZK/SEC Quarterly](https://blog.zksecurity.xyz) blog by [ZK Security](https://www.zksecurity.xyz), a leading security firm specialized in zero-knowledge proofs, MPC, FHE, and advanced cryptography. ZK Security has audited some of the most critical ZK systems in production, discovered vulnerabilities in major protocols including Aleo, Solana, and Halo2, and built open-source tools like [Clean](https://github.com/Verified-zkEVM/clean) for formally verified ZK circuits. For more articles, see the [full list of posts](https://blog.zksecurity.xyz/llms.txt).