[tptacek]

Secure enclaves are very useful tools for OS design, but that's not the kind of security we're talking about here. Enterprises can't easily exploit processor protected VMs and address spaces to, say, prevent PII from leaking. By and large, companies aren't losing data to VMWare jailbreaks; they're losing it to much, much more prosaic attacks.

[walterbell]

If every endpoint could support at least two isolated enclaves, it would be feasible for enterprises to isolate some high-value info assets to an internal VPN that is isolated to one of the enclaves, with the other exposed to risky public channels and attacks.