This is an interesting work.

The idea of GPU record and replay combining with TEE can be trace back to 2021 from an arxiv paper: Safe and Practical GPU Acceleration in TrustZone. This should be the arxiv version of the ASPLOS'22 paper GPUReplay: a 50-KB GPU stack for client ML.