Secure enclave explained: How it keeps your data private

Sensitive information isn't only at risk when it's stored or transmitted. Data can also become vulnerable while it's actively being processed, especially if attackers gain access to the OS or other privileged system components. Modern devices and systems address these risks by using secure enclaves, which help keep sensitive operations isolated.

This guide explores secure enclaves, including how they protect sensitive data, where they're used, and how they compare with other security technologies.

What is a secure enclave?

A secure enclave is a protected area within a processor that functions as a type of trusted execution environment (TEE). It is sealed off from the main OS, applications, and everything else running on the same chip, including privileged processes like the OS kernel itself.

In simple terms, only code running inside the enclave can access the data stored there, so even if an attacker compromises the OS or gains root-level access to a device, the enclave's contents remain inaccessible.

Note: The terms “secure enclave” and “TEE” are often used interchangeably to describe protected areas within a processor. However, “Secure Enclave” can also refer to Apple’s branded term for its own TEE implementation.

How secure enclaves function as TEEs

A secure enclave functions as a TEE by acting as a hardened, hardware-isolated region within the processor that protects code and data while they’re being processed. Code and data running inside the secure enclave are isolated from the rest of the system, preventing unauthorized access or modification by the OS, hypervisor, and other privileged components.

Why secure enclaves matter

Secure enclaves are important cybersecurity technologies because they help protect data in use. By isolating sensitive code and data within protected CPU regions, they help prevent unauthorized access from threats such as malware infections, zero-day exploits and vulnerabilities, and compromised privileged software or system components.

Secure enclaves benefit both consumers and businesses. For individuals, they strengthen digital privacy by ensuring sensitive information can be processed locally without unnecessarily exposing raw data. For organizations, they support zero-trust architecture, help protect sensitive workloads in remote and cloud-based environments, reduce the exposure of critical data, and support regulatory compliance.

How secure enclaves protect sensitive data

A secure enclave typically relies on three main mechanisms to protect code and data in use: hardware-based isolation, memory encryption and secure key storage, and remote attestation. The sections below discuss each security mechanism in detail.

Hardware-based isolation

Secure enclaves typically rely on hardware-enforced mechanisms to create isolated execution environments within the processor. In simple terms, the processor uses built-in hardware controls to restrict access to enclave memory and resources. If software or system components outside the enclave attempt unauthorized access, the processor blocks or rejects those requests.

Memory encryption and secure key storage

Depending on the implementation, a secure enclave may use dedicated hardware mechanisms to encrypt enclave memory, code, and data. If an unauthorized component or someone with direct access to a device attempts to read encrypted enclave data, they would only see unreadable ciphertext rather than usable information.

Secure enclaves may also rely on authentication mechanisms and access controls to maintain isolation. These security measures help verify the integrity of data and ensure that only authorized components can interact with protected resources.

To encrypt and decrypt data locally, secure enclaves typically use hardware-rooted cryptographic keys. These keys are usually generated, stored, or protected within secure processor components and are designed to remain isolated from the rest of the system.

Remote attestation

Assuming a secure enclave is trustworthy by default can create security risks, as an attacker could theoretically create a system that imitates a legitimate TEE. Because of this, systems need a way to verify that an enclave is genuine before sharing sensitive data with it.

This is exactly what remote attestation achieves. The secure enclave generates signed evidence based on its code, configuration, and state. External services can verify this information to confirm the enclave's authenticity and integrity. If verification succeeds, the remote system can establish a secure communication channel and safely exchange sensitive data with the enclave.

Where secure enclaves are used today

Secure enclaves are used across consumer devices and enterprise systems. Common use cases include protecting biometric and payment-related information, supporting cryptocurrency wallets, and isolating sensitive workloads in cloud environments.

The following sections cover common use cases for consumers and businesses.

On personal devices

Many devices use secure enclaves to process, store, and protect sensitive information such as biometric data, including fingerprints and facial recognition data. Devices may also use secure enclaves to safeguard disk encryption keys, store payment tokens without exposing them to the OS, and support passwordless authentication, which often relies on biometrics or device-stored credentials.

Consumers also interact with secure enclaves when using hardware- or software-based cryptocurrency wallets. Many mobile crypto wallets use built-in secure enclaves on iOS and Android devices to help protect private keys. Dedicated hardware wallets may also use secure hardware components to isolate and protect cryptographic keys.

Some individuals also encounter secure enclaves when using privacy-focused services. For example, some virtual private networks (VPNs) may use secure enclave technologies to protect sensitive processing tasks and reduce exposure to the underlying host system. Similarly, ExpressAI uses secure enclaves on its own servers to process user inputs and outputs within hardware-isolated environments, keeping that processing separate from the broader server infrastructure.

In enterprise and cloud environments

Secure enclaves are used across business networks and cloud environments to support confidential computing, a privacy-enhancing technology (PET) that helps protect data while it’s being processed. For AI services, this can mean isolating prompts, model interactions, and other sensitive workload data from the broader infrastructure they run on.

Common enterprise use cases include:

• Finance: Financial institutions use secure enclaves to securely share and analyze sensitive data for fraud detection and risk analysis. Payment systems may also use them to isolate sensitive transaction processing and payment information.
• AI: Organizations can use secure enclaves to help protect sensitive AI workloads, including large language model (LLM) inference and machine learning (ML) processing. For example, ExpressAI processes user prompts inside isolated secure enclaves as part of its confidential-computing architecture, so conversations are separated from other workloads and not exposed to the underlying infrastructure in the same way they would be in a standard cloud setup.
• Data sharing: Organizations may use secure enclave technology to securely collaborate on and analyze sensitive datasets without unnecessarily exposing raw information.
• Blockchain: Developers and exchanges may use secure enclaves to isolate sensitive processes, such as transaction validation, key management, and certain off-chain operations.
• Healthcare: Healthcare organizations can use secure enclaves to securely process, analyze, and share patient information while helping maintain privacy and regulatory compliance.

Secure enclaves and other security measures

Secure enclaves are often compared with other security technologies, such as trusted platform modules (TPMs), hardware security modules (HSMs), and traditional software-level protections. The sections below explain how secure enclaves differ from these technologies and how they work together to strengthen overall security.

Secure enclave vs. TPM

A TPM is a hardware-based security component that can exist as a dedicated chip or an integrated processor feature.

Both TPMs and secure enclaves are hardware-backed security technologies, but they serve different primary purposes. TPMs mainly focus on secure key storage, authentication, and platform integrity. By contrast, secure enclaves are designed to isolate and protect code and data while they’re being processed.

Secure enclave vs. HSM

An HSM is a hardware-based security device designed to securely generate, store, and manage cryptographic keys. When an application requests a cryptographic operation, the HSM performs the task internally while keeping the keys protected within its tamper-resistant environment.

Applications can use HSMs for operations such as encryption, decryption, digital signing, and key management. Rather than exposing the underlying keys, the HSM typically performs the requested action internally and returns only the result.

Both secure enclaves and HSMs use hardware-based security mechanisms to protect sensitive assets. However, they serve different purposes.

HSMs are primarily used for enterprise-grade key management and cryptographic operations, often as dedicated devices or cloud-based services. Secure enclaves, by contrast, are isolated regions within processors that focus on protecting code and data while they’re being processed.

Secure enclave vs. traditional software security

Traditional software security typically refers to software-level security mechanisms that rely on OS protections, such as access controls, application sandboxing, authentication systems, encryption mechanisms, and built-in security software, like antivirus tools.

Secure enclaves, by contrast, use hardware-backed isolation to protect sensitive code and data while they’re being processed within protected regions of the processor. This can include assets such as cryptographic keys, authentication data, and other sensitive information.

Secure enclaves and traditional software security are designed to work together rather than replace one another. Software-level protections generally serve as the first line of defense against threats such as malware and unauthorized access. Secure enclaves provide an additional layer of protection by isolating sensitive operations and reducing exposure to compromised software components.

How these security technologies work together

Secure enclaves, TPMs, HSMs, and software-based security mechanisms are generally designed to complement each other rather than replace one another. Each technology protects different parts of a system and addresses different security requirements.

Consumers already benefit from a combination of software-level protections and hardware-backed security features on many modern devices. These technologies often operate in the background to help protect sensitive information, verify system integrity, and secure authentication processes.

For businesses, the approach is similar. Organizations often combine multiple security technologies based on their requirements. Larger enterprises that manage high-value cryptographic assets or large-scale sensitive workloads may also deploy HSMs alongside existing hardware and software protections for additional security and centralized key management.

FAQ: Common questions about secure enclaves