The idea is to put your decryption code in the enclave and then then send encrypted text and a description of the operation you want to perform to the enclave.
The unencrypted data never leaves the enclave, not even the hypervisor sees the unencrypted data.
E.g. to search encrypted data in sql server
What I do not get is how you get the decryption keys into the enclave securely!
"The client driver sends the column encryption keys required for the operations to the secure enclave (over a secure channel)."
What secure channel which the hypervisor cannot see? Hmmm..