Meet Ledger Nano™ Gen5, the most playful signer yet

Discover now

The most playful signer yet

Meet Ledger Nano™ Gen5

Shop now Learn more

Trusted Execution Environment (TEE)

Mar 3, 2026 | Updated Mar 14, 2026
A Trusted Execution Environment (TEE) is a secure area within a device's processor that isolates sensitive data from the main OS.

What Is a Trusted Execution Environment (TEE)?

A Trusted Execution Environment, sometimes called an enclave (like Intel SGX or ARM TrustZone), is a hardware-based security feature found in many modern CPUs. Its primary purpose is to keep sensitive information private and ensure it isn’t tampered with during processing.

A standard operating system like Android, iOS, or Windows is diverse and complex, which makes it a large target for malware. In contrast, the TEE is a stripped-down and highly restricted secure world. In theory, even if a hacker gains full control over your smartphone’s main operating system, they should not be able to peer into the processes happening inside the TEE. This makes it a popular tool for handling biometric data like FaceID or fingerprints.

How Does a TEE Work?

The TEE operates by partitioning the processor into two distinct zones: the Normal World and the Secure World. The TEE uses hardware-level separation to ensure that applications running in the normal world cannot access the memory or data assigned to the secure world. The TEE can then provide a cryptographic proof to an external party that it is running a specific, untampered piece of code, via a process of attestation.

This enables agentic AI to prove it is running approved logic before receiving wallet permissions, creating trustless Machine-to-Machine authorization.

TEE vs. Secure Element (SE)

While TEEs offer significant security, they differ fundamentally from the Secure Element (SE) chips used in Ledger signers (hardware wallets). For one thing, because a TEE is just a partition of a general-purpose processor, it still shares physical resources like power and cache with the Normal World. This shared architecture makes TEEs vulnerable to side-channel attacks like Spectre or Meltdown, which can leak secrets through the processor’s physical behavior.

In contrast, a Secure Element is a standalone, tamper-resistant chip designed exclusively for security. It does not share resources with the main processor, giving it a much smaller attack surface. While TEEs can be useful for some high-performance tasks, Secure Elements remain the gold standard for storing private keys because they offer superior protection against both digital and physical hacks.

For agentic AI, TEEs provide fast computation while SE signers maintain final authority. For example, an autonomous agent can analyze markets in a TEE, but high-value trades still require Secure Screen verification.

For a deeper dive into why trusted doesn’t always mean secure when it comes to TEEs, check out this full analysis from the Ledger Donjon.

State Channels

A state channel is a two-way communication channel between a user and a service or between two nodes or users away from the main blockchain (off-chain).

Full definition

GameFi

GameFi is a new gaming concept that blends blockchain technology, non-fungible tokens, and game mechanics to create a virtual environment where players can participate and earn rewards.

Full definition

ERC-1155

The ERC-1155 is a multi-token standard that allows for the creation of both fungible and non-fungible tokens within a single smart contract.

Full definition

Own your crypto future

Stay informed with security tips, updates, and exclusive offers from Ledger

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time. Learn more

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.