A TEE is a secure part of the CPU, or you may envision it as a coprocessor. It manages its own cryptographic keys, where the hardware manufacturer guarantees by the design that nobody, not even the system administrator or the OS, have access to those keys of the TEE or can read its memory. These characteristics allow completely confidential and untampered execution of software. It is commonly used to store secrets like fingerprints in encrypted form.