[crypty]

My point is that it is impossible to know where the next code chunk is if it is properly encrypted. How does the page fault handler know which block to decrypt next without first decrypting the whole code module, where module is a closed piece of code without jumps outside.

In my opinion every scheme to enable that will cripple the encryption.

[TickleSteve]

the code is decrypted into internal SRAM. executed normally. then an entirely normal page-fault happens at which point the hypervisor catches the trap and decrypts the data again into internal SRAM and maps it appropriately then allows the access to continue.

[walterbell]

Will SGX help this feature?