Spent the last month running a simple local AI agent in three different trusted execution environments (TEEs) on my home lab cluster. Goal was to see which one I could actually live with for a self-hosted, regulated workload. Used a Raspberry Pi 4 as my control plane.
Tested:
* **Intel TDX** on an Intel NUC 13 Pro
* **AMD SEV-SNP** on a Mini PC with Ryzen 7 7840U
* **AWS Nitro Enclaves** via an EC2 instance (t4g.small, ARM)
Quick takeaways:
**Security & Isolation:**
* SEV-SNP and TDX both felt robust for my use case. The memory encryption is a real comfort.
* Nitro is great, but you're trusting AWS's hardware root of trust. Different model.
* Biggest practical difference? Attestation. TDX's MbedTLS setup was more fiddly. SEV-SNP with the AMD kernel module was simpler for me.
**Operational Reality:**
* Nitro wins on tooling. Launching an enclave with `nitro-cli` is straightforward.
* The x86 TEEs required custom kernel builds and fighting with firmware versions. My Pi handled the attestation checks fine, but this isn't for beginners.
* TDX had the most mysterious crashes. SEV-SNP ran the full 30 days without a hiccup.
**Where I'd use each:**
* **SEV-SNP:** My choice for a permanent, on-prem agent node. Once set up, it just runs.
* **TDX:** If I was already in an Intel ecosystem with good vendor support.
* **Nitro:** For a cloud burst or when I need to deploy fast and can accept the cloud trust model.
For a regulated deployment, I'd want SEV-SNP on my own hardware. The open-source tooling is improving, and you own the full stack. Nitro is a very close second if cloud is acceptable.
Happy to share my Ansible playbooks for the attestation verifier. They're rough, but they work.
No cloud, no problem.