It does this by protecting private regions of memory called enclaves.
How it works is SGX encrypts a portion of memory called the enclave.
Data and code from the enclave are decrypted on the fly inside the CPU, preventing it being read by other code. This can be used for protecting proprietary algorithms and encryption keys.
In 2021 this became deprecated for Intel Cores but still valid for Intel Xeon for cloud and enterprise use.
Microsoft Azure makes available confidential computing VMs based on SGX technology.
