Intel SGX

Intel Software Guard Extensions (SGX) provide enclave-based isolation for protecting code and data from a privileged but untrusted system stack.

When evaluating SGX, the main questions are the threat model, enclave memory limitations, attestation, and the side-channel surface.