How confidential is confidential computing?

In this talk, we will walk through a range of hardware-software vulnerabilities on widely used trusted execution environments, including Intel SGX and AMD SEV-SNP. We particularly look at how fault and side-channel attacks, which were traditionally developed in an embedded context, can be adapted to fully-fledged CPUs. We discuss the commonly assumed threat model of confidential computing (where the adversary includes the cloud provider) and what current technology lacks to uphold this promise. Finally, we consider mitigations and future directions in this field.