I have a question about enforcing execute-only memory inside SGX enclaves. What I am trying to do is to mark an enclave page as executable and non-readable. The XnR memory has been used by Readactor (link) to protect against return-oriented programming attacks.
As far as I know Intel provides the Extended Page Tables (EPTs) to translate guest physical memory to real physical memory, and it enables execute-only code pages in the guest address space. As both the guest operating system and the VMM are untrusted, I am curious about whether it's possible inside SGX enclaves.