Does any solution for dealing such situation??
if EADD be hooked by attackers, how can we ensure the code it should be added into enclave page cache will not be leak?
EADD operations are done on the Enclave DLL (and are measured via EEXTEND) as part of loading the enclave into EPC.
The Enclave DLL is not encrypted and can be analyzed even without the help of EADD.