Software Guard Extension or SGX If you don't trust the VMM, Intel produced Software Guard Extensions (SGX). SGX lets you make a region of addresses into an **enclave** which is protected from the VMM, guest OS, and applications outside of the enclave. Only when you are within the enclave range of the address space, can you go to EPC. ![[attachments/Pasted image 20230528104523.png]]