Trusted Execution Environment (TEE).

A Trusted Execution Environment is a CPU-enforced runtime that runs in parallel with the normal "rich" environment and is protected by hardware mechanisms such as memory encryption, page-table isolation, and measured boot. A TEE provides three guarantees: only authorized code can run inside, that code can prove its identity through remote attestation, and its memory is shielded from privileged software outside. TEEs underpin confidential computing in the cloud, secure mobile keystores, payment tokenization, biometric processing, and DRM. In multi-tenant clouds they let customers run workloads on shared infrastructure without trusting the operator, supporting use cases like federated analytics, cross-organization ML, and sovereign data processing. Examples include Intel SGX, Intel TDX, AMD SEV-SNP, Arm TrustZone, and AWS Nitro Enclaves.