Ledger Wallet™ just got a major upgrade.

Take control today

A whole new level of choice, clarity and control

Trade different via Ledger Wallet 4.0

Download now Learn more

Trusted Execution Environment (TEE)

Mar 3, 2026 | Updated Mar 14, 2026
A Trusted Execution Environment (TEE) is a secure area within a device's processor that isolates sensitive data from the main OS.

What Is a Trusted Execution Environment (TEE)?

A Trusted Execution Environment, sometimes called an enclave (like Intel SGX or ARM TrustZone), is a hardware-based security feature found in many modern CPUs. Its primary purpose is to keep sensitive information private and ensure it isn’t tampered with during processing.

A standard operating system like Android, iOS, or Windows is diverse and complex, which makes it a large target for malware. In contrast, the TEE is a stripped-down and highly restricted secure world. In theory, even if a hacker gains full control over your smartphone’s main operating system, they should not be able to peer into the processes happening inside the TEE. This makes it a popular tool for handling biometric data like FaceID or fingerprints.

How Does a TEE Work?

The TEE operates by partitioning the processor into two distinct zones: the Normal World and the Secure World. The TEE uses hardware-level separation to ensure that applications running in the normal world cannot access the memory or data assigned to the secure world. The TEE can then provide a cryptographic proof to an external party that it is running a specific, untampered piece of code, via a process of attestation.

This enables agentic AI to prove it is running approved logic before receiving wallet permissions, creating trustless Machine-to-Machine authorization.

TEE vs. Secure Element (SE)

While TEEs offer significant security, they differ fundamentally from the Secure Element (SE) chips used in Ledger signers (hardware wallets). For one thing, because a TEE is just a partition of a general-purpose processor, it still shares physical resources like power and cache with the Normal World. This shared architecture makes TEEs vulnerable to side-channel attacks like Spectre or Meltdown, which can leak secrets through the processor’s physical behavior.

In contrast, a Secure Element is a standalone, tamper-resistant chip designed exclusively for security. It does not share resources with the main processor, giving it a much smaller attack surface. While TEEs can be useful for some high-performance tasks, Secure Elements remain the gold standard for storing private keys because they offer superior protection against both digital and physical hacks.

For agentic AI, TEEs provide fast computation while SE signers maintain final authority. For example, an autonomous agent can analyze markets in a TEE, but high-value trades still require Secure Screen verification.

For a deeper dive into why trusted doesn’t always mean secure when it comes to TEEs, check out this full analysis from the Ledger Donjon.

Permissioned Blockchain

A permissioned blockchain is a distributed ledger with limited accessibility. Only certain authorized individuals can access it.

Full definition

Futures

Crypto futures contracts are a derivative in which traders agree to either buy or sell an asset on a specific date at a predetermined price.

Full definition

Satoshi Nakamoto

Satoshi Nakamoto is the pseudonym founder(s) who invented Bitcoin and authored its whitepaper.

Full definition

Own your crypto future

Stay informed with security tips, updates, and exclusive offers from Ledger

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time. Learn more

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.