Quote of the week

The 900 pound primate in the room, that no one is acknowledging, is that this technology [Intel's SGX] was designed to not allow the operating system to have any control over what it is doing. In the mindset of kernel developers, the operating system is the absolute authority on security, so we find ourselves in a situation where the kernel needs to try and work around this fact so any solutions will be imperfect at best.

As I've noted before, this is actually a primary objective of enclave authors, since one of the desires for 'Confidential Computing' is to hide things like proprietary algorithms from the platform owners.