This is true, but you can’t put a VM in SGX without massive software hackery. Also, SGX has been broken so many times in the last couple years that it’s silly.
SGX has been broken by totally new classes of attacks and has been successfully renewed via microcode patches every time.
SEV was broken once, completely (at least on EPYC) in such a way that it could not be fixed. From what I understand.
So I'll give Intel a break here. Their performance is much better than AMDs.
The whole point of SGX is that people tried making an entire VM the security surface. That was the prior generation of tech (Intel LaGrande/TXT) and it didn't work. There's far too much code in an entire OS like Linux to make it secure or auditable (and without auditing none of these schemes mean anything).
Enclaves are a design idea that says, shrink the amount of code you have to trust and read to the smallest size possible. Only then do you have a chance of security.
It's unfortunate that this lesson has been learned and is now being lost again.
