Inaugural secure enclave platforms operate at the single user process level (e.g. SGX), meaning a single address space with potentially multiple threads, with a standard OS outside the enclave responsible for resource management and scheduling. More recent platforms (AMD SEV, Intel TDX, AWS Nitro Enclaves) operate at the VM level. This provides significant new capabilities for multi-process abstractions such as mmap and fork, which will be beneficial for enclavizing legacy software. However, taking a VM image and running it in an enclave is not great from a TCB minimization standpoint. For platforms where there's currently no alternative (AMD, AWS), how can we build--with a minimal TCB--an abstraction that's similar to single-process enclaves? Of course you can “just run Linux” with a single process but this again is clearly suboptimal. We'll explore the solution space in this interactive session.