From <https://arstechnica.com/gadgets/2017/09/azure-confidential-computing-will-keep-data-secret-even-from-microsoft/>: The SGX mode uses processor features to carve out a TEE within a regular process—no virtual machines necessary. The processor itself will encrypt and decrypt data from memory, such that the data is only decrypted when it's within the processor itself. With this mode, even Hyper-V's security isn't important; the only thing that an application has to trust is the processor and its implementation of SGX. With SGX enclaves, nobody—not even Microsoft—can see the data in the TEE. So we only have to trust Intel...