Back to Home
Confidential computing's core trust mechanism is broken. The fix may not exist

Confidential computing's core trust mechanism is broken. The fix may not exist

T
Techpivo News
·2 min read·0 views
SECURITY Confidential computing's core trust mechanism is broken. The fix may not exist Attested TLS: the handshake that can't prove who's on the other end Kim Loohuis Kim Loohuis Published sat 4 Jul 2026 // 11:03 UTC Vendors are trying to position "confidential computing" as the technical backbone of Europe's sovereign cloud ambitions. But new research shows that a security protocol used to prove cryptographic trust in the system may have a fundamental architectural flaw. Confidential computing rests on a mechanism called remote attestation, in which a server cryptographically proves to a client that it is running inside a genuine, unmodified Trusted Execution Environment (TEE) before any sensitive data changes hands. Intel's product pages promise TDX will "add safeguards to data sovereignty and governance." Google Cloud describes its confidential computing infrastructure as offering "full, auditable control over access to customer data." In May, The Register reported that the chip beneath the chip, the management engines running below the operating system on Intel and AMD silicon, falls outside what European sovereignty frameworks like SecNumCloud actually assess. That left an open question about the layer above the silicon: the protocol meant to prove the chip itself can be trusted. REG AD New, independently verified research answers it, and the answer is not reassuring. REG AD A protocol that promises more than it proves  Muhammad Usama Sardar , a researcher at TU Dresden, has spent the past two years formally verifying whether that protocol, known as attested TLS, actually does what it claims. Using ProVerif, a tool for the symbolic security analysis of protocols, he and his co-authors discovered that it largely does not.  Their recent paper, Identity Crisis in Confidential Computing , published with co-authors Mariam Moustafa and Tuomas Aura and presented at the AsiaCCS 2026 conference, found diversion attacks against two state-of-the-art attested TL

Discussion

We use cookies and similar technologies to improve your experience, analyze traffic, and personalize content. By clicking “Accept All”, you consent to our use of cookies. See our Cookies Policy for details.