Confidential Computing: Protecting Customer Data in the Cloud
Jordan Mecom
BSidesSF 2025 — Here Be Dragons · Day 2 · Main
Confidential computing uses hardware-backed Trusted Execution Environments (TEEs) combined with remote attestation to cryptographically prove how customer data is processed — shifting trust away from cloud service providers and into hardware manufacturers like AMD and Intel. Jordan Mecom, a security engineer at Block working on Bitcoin security, delivered a comprehensive technical breakdown of AMD SEV-SNP, AWS Nitro Enclaves, and Intel TDX, explaining how each technology works at the memory encryption and attestation level, and where the technology does and does not provide protection. ---
AI review
Technically dense and well-structured breakdown of AMD SEV-SNP, Intel TDX, and AWS Nitro — with the critical caveat that Nitro Enclaves don't actually shift trust away from your cloud provider. Mecom knows the material and the XEX cipher mode explanation alone is worth the runtime for anyone doing hardware security.