Meet Ledger Nano™ Gen5, the most playful signer yet

Discover now

The most playful signer yet

Meet Ledger Nano™ Gen5

Shop now Learn more

Trusted Execution Environment (TEE)

Mar 3, 2026 | Updated Mar 14, 2026
A Trusted Execution Environment (TEE) is a secure area within a device's processor that isolates sensitive data from the main OS.

What Is a Trusted Execution Environment (TEE)?

A Trusted Execution Environment, sometimes called an enclave (like Intel SGX or ARM TrustZone), is a hardware-based security feature found in many modern CPUs. Its primary purpose is to keep sensitive information private and ensure it isn’t tampered with during processing.

A standard operating system like Android, iOS, or Windows is diverse and complex, which makes it a large target for malware. In contrast, the TEE is a stripped-down and highly restricted secure world. In theory, even if a hacker gains full control over your smartphone’s main operating system, they should not be able to peer into the processes happening inside the TEE. This makes it a popular tool for handling biometric data like FaceID or fingerprints.

How Does a TEE Work?

The TEE operates by partitioning the processor into two distinct zones: the Normal World and the Secure World. The TEE uses hardware-level separation to ensure that applications running in the normal world cannot access the memory or data assigned to the secure world. The TEE can then provide a cryptographic proof to an external party that it is running a specific, untampered piece of code, via a process of attestation.

This enables agentic AI to prove it is running approved logic before receiving wallet permissions, creating trustless Machine-to-Machine authorization.

TEE vs. Secure Element (SE)

While TEEs offer significant security, they differ fundamentally from the Secure Element (SE) chips used in Ledger signers (hardware wallets). For one thing, because a TEE is just a partition of a general-purpose processor, it still shares physical resources like power and cache with the Normal World. This shared architecture makes TEEs vulnerable to side-channel attacks like Spectre or Meltdown, which can leak secrets through the processor’s physical behavior.

In contrast, a Secure Element is a standalone, tamper-resistant chip designed exclusively for security. It does not share resources with the main processor, giving it a much smaller attack surface. While TEEs can be useful for some high-performance tasks, Secure Elements remain the gold standard for storing private keys because they offer superior protection against both digital and physical hacks.

For agentic AI, TEEs provide fast computation while SE signers maintain final authority. For example, an autonomous agent can analyze markets in a TEE, but high-value trades still require Secure Screen verification.

For a deeper dive into why trusted doesn’t always mean secure when it comes to TEEs, check out this full analysis from the Ledger Donjon.

Collateralization

Collateralization is the process through which an individual secures a loan using their valuable assets as insurance.

Full definition

Supply Shock

A supply shock is an event that abruptly changes the supply of a product or asset, causing a significant change in its price.

Full definition

Secure Element (SE)

A Secure Element (SE) is a microprocessor chip that facilitates the secure storage and processing of sensitive data. It is commonly used in SIM cards, passports and credit cards.

Full definition

Own your crypto future

Stay informed with security tips, updates, and exclusive offers from Ledger

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time. Learn more

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.