TEE.Fail breaks confidential computing on DDR5 CPUs
🔓 Academic researchers disclosed TEE.Fail, a DDR5 memory-bus interposition side-channel that can extract secrets from Trusted Execution Environments such as Intel SGX, Intel TDX, and AMD SEV-SNP. By inserting an inexpensive interposer between a DDR5 DIMM and the motherboard and recording command/address and data bursts, attackers can map deterministic AES-XTS ciphertexts to plaintext values and recover signing and cryptographic keys. The method requires physical access and kernel privileges but can be implemented for under $1,000; Intel, AMD and NVIDIA were notified and are developing mitigations.
