Enforcing strong memory isolation is essential to the
private execution model, not only for protecting the virtual
address space of a private process, but also for preventing the
disclosure of PEKs. To this end, PRIVEXEC takes measures
to enforce process and kernel isolation boundaries against
unprivileged users for private processes, in particular by
disallowing standard exceptions to system isolation policies
that would otherwise be allowed. This includes disabling features such as debugging facilities or disallowing unprivileged
access to devices that expose the kernel virtual memory or
physical memory.