I found the side channel protection and CPU/L1 isolation between customers to be particularly interesting.<p>Very cool to see the physical hardware interconnects for resetting the system. Also the PCI bus as one of the isolating boundaries.<p>I have worked on an open source project for managing Nitro Enclaves (<a href="https://github.com/edgebitio/enclaver" rel="nofollow">https://github.com/edgebitio/enclaver</a>), so it is cool to see how these build on this foundation to provide even more protection.