Overview
- Academic teams from Georgia Tech, Purdue and Synkhronix demonstrated key extraction and attestation forgery against Intel SGX/TDX and AMD SEV‑SNP, including with Ciphertext Hiding enabled.
- Using an off‑the‑shelf DDR5 interposer costing under $1,000, attackers can record DRAM traffic and build ciphertext‑to‑value maps to target enclave cryptography.
- The researchers showed forged TDX attestations on Ethereum BuilderNet, faked Intel and Nvidia attestations, and recovered ECDSA/ECDH keys, including Intel attestation keys from the Provisioning Certification Enclave.
- Exploitation requires physical access and, in some cases, kernel‑level driver modifications, and there is no evidence of in‑the‑wild use reported by the researchers.
- AMD said it has no plans to mitigate because physical bus attacks are out of scope for SEV‑SNP, and Intel similarly stated that TEE.Fail does not alter its position on out‑of‑scope physical attacks.