Sovereignty in the Cloud is an Illusion
For years, the tech industry has sold Confidential Computing as the ultimate shield for data sovereignty and cloud security.
For years, the tech industry has sold Confidential Computing as the ultimate shield for data sovereignty and cloud security. By using hardware-isolated Trusted Execution Environments (TEEs), organizations—especially in Europe—believed they could finally process highly sensitive data in public clouds without fearing prying eyes, malicious hypervisors, or foreign intelligence agencies.
That promise just broke. The Register reports:
New academic research out of TU Dresden has formally verified that the cryptographic protocol underpinning Confidential Computing’s trust guarantees is fundamentally broken. The flaw, tracked as CVE-2026-33697 with a CVSS severity score of 7.5, reveals a systemic failure in how these "secure bubbles" prove their identity to the outside world.
Worse still? A permanent fix within current architectures may not even exist. See 'IETF post-handshake' and 'OpenTitan' below.
The Flaw: Attested TLS Falls Apart under Formal Verification
At the heart of the issue is attested TLS—the mechanism designed to ensure that when a client connects to a cloud application, it is talking to a genuine, uncompromised TEE.
Led by researcher Muhammad Usama Sardar, the TU Dresden team used ProVerif, an automated cryptographic protocol verifier, to audit real-world implementations. The results were alarming: all seven examined "intra-handshake" attestation binding mechanisms failed to prevent relay and diversion attacks.
In a classic relay attack, a client thinks it is verifying and communicating with a genuine TEE, but it is actually handing its encrypted data directly to a malicious machine. According to the findings, the protocol is fundamentally "a protocol that promises more than it proves."
The fallout isn't theoretical; it directly impacts production systems deployed at massive scale, including:
- Meta’s WhatsApp Private Processing
- Edgeless Systems’ Contrast
- Cocos AI
The Politics of Disclosure
The discovery has triggered friction between the academic community and the tech industry. While groups like the Confidential Computing Consortium (CCC) are heavily backed by giants like Intel, Google, and AMD, the research exposes uncomfortable architectural truths. Reports note that "vendor-dominated CCC working groups delayed publishing the vulnerability artifacts for over ten days despite repeated requests" from the researchers, highlighting the tension between market readiness and mathematical certainty.
This architectural failure strikes a blow to the European Union’s constant push for digital sovereignty. For years, EU policymakers championed sovereign clouds to escape U.S. jurisdictional control under the CLOUD Act. However, as critics note, Europe "built sovereign clouds to escape US control. Then forgot about the processors." If the silicon-level trust mechanism fails, the entire stack collapses.
Germany's Federal Office for Information Security (BSI) independently reviewed the issue, reaching the same conclusion. The agency confirmed that despite marketing pushes, confidential computing falls short of true digital sovereignty claims. The structural vulnerability is "acknowledged everywhere except the sales pitch."
Can It Be Fixed?
The architectural problem lies in the binding levels of the handshake. The best available remediations achieve only "level-two binding." This means the system can prove the TEE's identity at the very start of the handshake, but cannot bind that identity to the actual data transmission phase.
To secure application traffic, "level-three binding" is required. However, the TU Dresden researchers warn that achieving level-three security "may be architecturally impossible within intra-handshake attestation."
The Road Ahead
With intra-handshake methods fundamentally flawed, the researchers strongly recommend abandoning them entirely. Instead, the industry must pivot toward post-handshake attestation—verifying the environment after the secure tunnel is built, rather than trying to bake it into the TLS negotiation itself.
The security community is taking the threat seriously. The Internet Engineering Task Force (IETF)’s SEAT working group has already shifted gears, formally incorporating rigorous verification requirements into its charter to prevent flaws like CVE-2026-33697 from being baked into future internet standards. Until these new standards are finalized and deployed, however, the "secure cloud" remains far more fragile than advertised.
OpenTitan: Is it the Foundation of the Solution?
Launched in 2019, OpenTitan is the world's first open-source silicon Root of Trust (RoT) project. It was created to address the exact black-box problem exposed by architectural failures in confidential computing. Rather than relying blindly on proprietary, closed-source security processors designed behind closed doors by chip manufacturers, OpenTitan uses an open-source, community-governed approach.
How it Works to Begin Trust at the Hardware Level:
- Open-Source Silicon Design: The project provides transparent, peer-reviewed building blocks and logical designs (RTL written in SystemVerilog) for a secure hardware chip. Anyone can inspect, audit, and verify the blueprint down to the silicon level.
- Independent Foundation: Stewarded by the not-for-profit organization lowRISC, it brings together academic and commercial giants (including Google, Western Digital, Seagate, and ETH Zürich) to prevent single-vendor dominance.
- Cryptographic Anchor: At the device level, OpenTitan provides a cryptographically unique machine identity, verified boot functions, and physical security features (like resistance to side-channel or physical tampering).
By establishing a transparent, uncompromised baseline right at the processor boot stage, OpenTitan aims to ensure that the initial links in the cryptographic chain of trust are auditable by the entire security community.
Another notable, purely open-source project building secure hardware enclaves inside the main processor architecture itself is Keystone which focuses on open-source TEEs built on the RISC-V architecture. (Confidential Computing Consortium, under The Linux Foundation)
Talk to us (https://dyanet.com/contact/) about AI and RAG architecture in the cloud that will give you as close as you can get to the confidential component of data and compute sovereignty in the cloud.