SGX
Intel Software Guard Extensions. The first widely-deployed TEE technology, introduced in 2015. SGX creates encrypted memory regions (enclaves) where code and data are protected from the operating system and the machine's owner.
Also known as: Intel SGX, Software Guard Extensions
SGX was Intel’s first attempt at hardware-secured execution and shipped in consumer Skylake CPUs starting in 2015. The design was innovative for its time: a small region of memory (originally 128MB, later expanded) where code could run in an enclave that was inaccessible to the operating system, the hypervisor, or even system administrators with full root access. Combined with remote attestation, this let applications run sensitive logic on untrusted servers and prove to remote users that the right code was running.
The good news is that SGX worked as designed for many years and powered real privacy-preserving applications, including the Signal messenger’s contact discovery service, several secure database products, and early privacy-focused crypto projects like Secret Network. The bad news is that SGX has had a steady stream of security vulnerabilities over the past decade. Foreshadow (2018), SGAxe (2020), CacheOut (2020), Plundervolt (2019), and several other attacks broke various aspects of the SGX security model. Each break required microcode patches or new hardware to fix.
Intel deprecated SGX on consumer CPUs starting with the 11th generation Core line (2021), keeping it only in Xeon server processors. The replacement is TDX (Trust Domain Extensions), which provides VM-scale enclaves rather than process-scale and learned from SGX’s security mistakes. SGX is still in production use on older Xeon hardware but is being phased out in favour of TDX over time. New DeAI projects looking at TEEs should generally pick TDX or AMD SEV-SNP for forward compatibility.
In OYM project reviews, SGX appears as a legacy technology. Oasis Network’s Sapphire runtime uses SGX. Some early Phala designs used SGX before transitioning to newer hardware. Secret Network was historically SGX-based. The OYM Data Sovereignty dimension treats SGX-only privacy as weaker than TDX or NVIDIA Confidential Computing because of the documented attack history, even though projects using SGX in 2026 typically have all known patches applied. The honest framing is that SGX worked but its successor technologies are stronger.