Re: @Mark 85
You need only be able to have a vulnerability so that you can inject your code in. This can be triggered when you, for example, visit a malicious website or have a spearfishing email. Just one of the few examples. Moreover, most trusted enclaves run code in the processor's internal static ram and reference data (including keys) in the static ram itself. In theory external code can't see the internals of this static ram. That section of static ram is not cached out to the general CPU cache. These researchers found a way to cross the wall because of speculative instruction execution.