Threat Models

All Digital State Observer(ADSO):

An ADSO adversary can monitor all digital states within a processor, including all intermediate states within enclaves, which may be exposed through known or even yet undiscovered side channels.

Abstract TEE model:

The threats that the abstract TEE model are robust against include basically everything outside the CPU chip packaging boundary. Adversaries are allowed to have control of the operating system (and hypervisor, if used)—even the boot ROMs—and could read and write the contents of DRAM at will while the CPU is executing. The adversaries are not, however, allowed access to the CPU’s internal state: register values, architectural or otherwise; branch prediction table contents; on-chip cache contents; etc