1/ Side-channel attacks: when isolation isn't enough We've covered TrustZone, SGX, and SEV—all provide strong hardware isolation to protect secrets. But there's a catch: even when an attacker can't directly read your data, they can sometimes infer it by watching how the hardware behaves. Welcome to the world of side-channel attacks—the art of learning secrets without breaking the locks.