In the document Software Guard Extension Programming Reference is written "The SGX1 extensions allow an application to instantiate a protected container, referred to as an enclave. An enclave is a protected area in the application’s address space (see Figure 1-1), which provides confidentiality and integrity even in the presence of privileged malware. ". However, figure 1-1 does not reflect what is written in the text above. What really happens with the enclave? It sits within the memory space of the application, or it sits in a separate memory space of the application in main memory?